Legal Information

Legal · Privacy · Terms

Legal Notice

Jurisdiction note Sonvidas S.R.L. is incorporated and registered in Paraguay. The company has no registered branch, subsidiary, or permanent establishment in the European Union. EU Impressum obligations (TMG §5) are not applicable. This notice is provided voluntarily for transparency.

Company

Sonvidas S.R.L.
PC3C+VX4, Av. República Argentina
Asunción, Paraguay
Incorporated: 2015

Registration & Tax

Company registration number: Registered company in Paraguay with full commercial capacity (Registro Público Nº 341471
RUC (Registro Único del Contribuyente): 80090103-7
Tax authority: Subsecretaría de Estado de Tributación (SET), Paraguay
VAT: Not applicable — company established outside the European Union.

Management

Managing Directors: Natalia Riveros, Mike Ziegler

Contact

Email: contact@sonvidas.com
Response time: within 2 business days

Professional Liability

All security testing engagements are conducted under a signed Scope of Work (SoW) with explicit client authorisation. Sonvidas S.R.L. maintains professional indemnity coverage for all active engagements. Certificate of insurance available on request.

Regulatory Compliance

All engagements are conducted in accordance with applicable laws including GDPR (EU) 2016/679 for data encountered during testing, and local cybersecurity regulations relevant to the client's jurisdiction.

Liability for Content

Website content is provided for informational purposes only and does not constitute legal, compliance, or security advice. No liability is accepted for decisions made based on website content alone.

Copyright

All content on this website is the intellectual property of Sonvidas S.R.L. unless otherwise stated. Reproduction requires prior written consent.

Privacy Policy

Short version Sonvidas S.R.L. does not use tracking cookies, analytics platforms, or advertising networks on this website. Personal data is processed only when you actively contact us or request a scoping call. No data is sold or shared with third parties for commercial purposes.

Controller

Sonvidas S.R.L.
PC3C+VX4, Av. República Argentina, Asunción, Paraguay
Email: privacy@sonvidas.com

Data Collected and Purpose

  • Scoping call booking: Name, email, company name, and voluntarily provided information. Used solely to conduct the booked session.
  • Email enquiries: Name and email address. Used to respond to your enquiry.
  • Server logs: IP address, browser type, access time. Retained temporarily by the hosting provider for security purposes only.
  • Engagement data: Data collected during security assessments is governed by the signed SoW, not this policy.

Legal Basis (GDPR)

Consent (Art. 6(1)(a)) for voluntary enquiries. Contract performance (Art. 6(1)(b)) for booked sessions. Legitimate interests (Art. 6(1)(f)) for server security logs.

Booking Tool

Scoping calls are booked via [BOOKING TOOL NAME]. By booking, you accept that service's privacy policy. Name, email, and timezone may be processed. No payment data is stored on this website.

Hosting

Hosted on a dedicated server operated by Netcup GmbH, Daimlerstr. 25, 76185 Karlsruhe, Germany. Access logs retained maximum 7 days for security purposes.

Data in Security Engagements

Personal data encountered during authorised security testing is handled per GDPR Art. 32. No data exfiltrated during testing is retained beyond 30 days after report delivery. No client data is disclosed to third parties under any circumstances.

Data Retention

Engagement correspondence and deliverables: retained 3 years after engagement close. Server logs: maximum 7 days. You may request deletion at any time.

Your Rights

  • Access, rectification, erasure, restriction, portability, and objection rights under GDPR
  • Right to withdraw consent at any time without affecting prior processing
  • Right to lodge a complaint with your national data protection authority

Contact: privacy@sonvidas.com

No Cookies / No Tracking

This website uses no cookies, tracking pixels, or third-party analytics. Google Fonts are loaded for typography and may process your IP address per Google's privacy policy.

Last updated: April 2026

Terms of Service

Important All security engagements are governed by a signed Scope of Work (SoW). These Terms apply to use of this website and initial enquiries. Binding contractual terms for specific engagements are set out in the SoW. No testing begins without written authorisation.

Service Provider

Sonvidas S.R.L., Asunción, Paraguay
RUC: 80090103-7

Services

Offensive security assessments (WiFi, RFID, IoT, network pentesting, red team), compliance advisory (NIS2, ISO 27001, ISO 42001, DORA), managed security device retainer, and in-house security training. All services are provided under a signed SoW.

Authorisation Requirement

  • All testing activities require prior written authorisation from the client.
  • The signed SoW constitutes that authorisation when executed by both parties.
  • No testing is conducted outside defined scope without written approval.
  • If a critical vulnerability is discovered posing immediate risk, client is notified within 4 hours and further exploitation is paused.

Payment Terms

  • Scoping call: payment due before confirmation of session.
  • Fast-close assessments: 100% upfront or 50/50 on agreement.
  • Project engagements: 50% on SoW signature, 50% on report delivery.
  • Retainer services: monthly in advance.
  • International bank transfer (IBAN). Invoice issued upon engagement confirmation.
  • All prices are net. VAT not applicable — company outside EU.

Data Handling during Engagements

  • No data exfiltrated during testing retained beyond 30 days post-delivery.
  • No findings disclosed to third parties without written client consent.
  • Activity logs maintained for full duration of testing.
  • Excluded by default: DoS/DDoS, destructive payloads, ransomware simulation.

Deliverables

  • Executive summary (non-technical, max 3 pages) — 5 days after test end.
  • Technical report with CVSS scores and remediation checklist — 7 days after test end.
  • One re-test round for High/Critical findings — within 30 days, no extra charge.

Confidentiality

Both parties agree to maintain strict confidentiality of all findings, methods, and client data for a minimum of 3 years after engagement close. Sonvidas S.R.L. will not publish, present, or reference any client engagement without explicit written consent.

Limitation of Liability

Sonvidas S.R.L. holds no liability for disruption resulting from authorised testing conducted within agreed scope and hours. Maximum liability for any single engagement is limited to the fees paid for that engagement. Advisory services do not guarantee regulatory compliance outcomes.

Intellectual Property

Deliverables become client property upon full payment. Testing methodologies, tools, and proprietary frameworks remain the intellectual property of Sonvidas S.R.L.

Governing Law

These terms are governed by the laws of the Republic of Paraguay. Mandatory consumer protection provisions of the client's EU member state apply additionally where legally required.

Dispute Resolution

Disputes shall first be addressed through direct negotiation (30 days). If unresolved, mediation before any legal proceedings. Jurisdiction: Asunción, Paraguay unless otherwise agreed in the SoW.

Contact

Email: contact@sonvidas.com

Last updated: April 2026