Independent guide to Regulation (EU) 2024/2847 · Status: in force
Legal

Privacy policy

How cyberresilienceact.eu collects, uses and protects personal data, and the rights you have under the General Data Protection Regulation (GDPR).

Last updated: 5 June 2026

Who we are

This website, cyberresilienceact.eu ("the site"), is operated by i46 s.r.o. ("i46", "we", "us"), the data controller responsible for personal data processed through it.

Data controller: i46 s.r.o.
Registered office: Drtinova 557/10, Smíchov, 150 00 Praha, Czech Republic
Company ID (IČO): 17614911
Privacy contact: legal@i46.cz

The site is an independent informational guide to the EU Cyber Resilience Act (Regulation (EU) 2024/2847). It is not operated by, or affiliated with, the European Union or its institutions.

What we collect

We keep data collection to the minimum needed to run the site and respond to you. We process the following:

  • Contact and tool-submission enquiries. When you use the contact form, we collect your name, email address, the purpose of your enquiry and the message you write. We use these only to read and reply to your enquiry, or to evaluate a tool you submit for listing.
  • Resource downloads. When you unlock a downloadable resource (for example the compliance-matrix export or the SBOM guide), we collect your email address to deliver the file and, where you have agreed, to send you occasional CRA updates. You can unsubscribe at any time.
  • Usage and analytics data. When you browse the site we collect technical and usage information through the analytics services described below.

We do not ask for, and you should not send us, special-category data, financial-account details or passwords through this site.

Analytics & cookies

We use two analytics services to understand how the site is used and to improve it:

  • Google Analytics 4 (provided by Google Ireland Limited). It sets cookies and collects identifiers, your truncated IP address, device and browser information, the pages you view and how you interact with them. Property ID: G-Z8J9DKQT09.
  • Microsoft Clarity (provided by Microsoft). It collects similar usage data and may record anonymised interaction sessions (mouse movement, clicks and scrolling) to produce heatmaps. It does not capture form-field contents.

These services use cookies and similar technologies. You can control or delete cookies through your browser settings, and you can opt out of Google Analytics using the Google opt-out browser add-on ↗. Blocking these cookies does not affect your access to the site or its tools.

Legal bases

ProcessingLegal basis (GDPR Art. 6)
Replying to your enquiry or evaluating a submitted toolOur legitimate interest in responding to you, or taking steps at your request prior to any agreement
Sending the resource you requested and CRA updatesYour consent, which you can withdraw at any time
Analytics and site improvementYour consent and/or our legitimate interest in operating and improving the site

Who we share data with

We do not sell personal data. We share it only with service providers ("processors") that help us run the site, and only as needed:

  • Google and Microsoft: analytics, as described above.
  • Formspree: processes contact-form and download submissions and forwards them to us (including a notification to our internal team workspace).
  • No third-party CDNs: all technical assets — fonts, scripts and the spreadsheet-export library — are served directly from this domain. No external content-delivery network receives your IP address or browser string when a page loads.
  • Our hosting and email providers, to store and deliver the site and our replies.

Some of these providers may process data outside the European Economic Area. Where that happens, the transfer is covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

The site also links to a separate tool, the i46 SBOM Analyzer ↗. When you visit it you leave this site; that service has its own privacy terms.

How long we keep it

We keep enquiry correspondence for as long as needed to handle your request and for a reasonable period afterwards for our records. Newsletter contacts are kept until you unsubscribe. Analytics data is retained for the period set in each analytics service (typically up to 14 months for Google Analytics). We delete or anonymise personal data when it is no longer needed.

Your rights

Under the GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to its processing, to data portability, and to withdraw consent at any time. To exercise any of these rights, contact us using the details above.

You also have the right to lodge a complaint with a supervisory authority. In the Czech Republic this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, uoou.cz ↗).

Changes

We may update this policy from time to time. We will change the "last updated" date above when we do, and significant changes will be highlighted on the site.

Contact

For any privacy question or request, contact i46 s.r.o. at legal@i46.cz.