In this Website we collect Browsing Data (e.g. IP addresses and/or the domain names
of the computers and terminal equipment used by any user, the URI/URL addresses of
the requested resources, the time of such requests, the method used for submitting a
given request to the server, returned file size, a numerical code relating to server
response status, and other parameters related to the user’s operating system and
Normally, collection of this Data does not imply processing of Personal Data, as we
cannot identify you through those data; in any case, Browsing Data are erased
immediately after being aggregated (except if judicial authorities need such data
for establishing the commission of criminal offences).
Who we are? (Data Controller)
Cyberarmor sagl, a company existing and organised under the laws of Switzerland,
with registered offices in Castel San Pietro
Why are we processing Personal Data? (Purposes)
In order to 1.allow you to navigate the website; 2.send you our newsletter; 3.allow
you to contact us via webform; 4.comply with legal obligations to which the
Controller is subject.
Why are we allowed to process your Personal Data? (Legal Basis)
Processing of your Personal Data may be based on your freely given and specific
consent (purpose n. 2 above); in the legitimate interests pursued by the Controller,
which is not overridden by your interests or fundamental rights; necessary for
compliance with a legal obligation to which the Joint Controllers are subject
(purpose n.4 above).
To whom do we transfer your Personal Data?(Categories of Recipients)
In the minimum necessary extent in relation to the above purposes the Controller may
disclose your Personal Data to 1. service providers (e.g. IT) who carry out
processing on our behalf, acting as Data Processors; 2. persons who, under the direct
authority of the Joint Controllers, are authorised to process Personal Data; public
Authorities and Agencies, if required to do so by law or in response to their valid
How long do we retain your Personal Data?
The Controller will store your Personal Data only for as long as is necessary for the
above purposes and to comply with its legal obligations, resolve disputes and enforce
legal agreements and policies.
Browsing Data is generally retained for a shorter period of time, except when this
data is used to strengthen the security or to improve the functionality of the
Service, or we are legally obligated to retain this data for longer time periods.
Do we transfer Personal Data outside the European Economic Area (EEA) or to
Personal Data may be transferred to – and maintained on – computers and persons
outside the EEA.
We will take all steps reasonably necessary to ensure that your data is treated
Data will take place to an organization or a country unless it is based adequacy
decision by the Commission or other appropriate or suitable safeguards.
Do we do Profiling?
No, we actually don’t profile our users.
Yes, we do, as the following:
Session Identification: Identifies the user’s http session. Common to all web
applications to identify user requests during a session.
Google Analytics: Make it possible to monitor the website using the Google Analytics,
a service provided by Google to obtain information about user access to websites.
Some of the data saved for subsequent analysis are the number of times a user visits
the website, the date they visited the website for the first time and the last time,
the duration of their visits, from which other page the user accessed the website,
which search engine the user used to reach the website or on which link they clicked,
from which part of the world they are connecting, etc. The configuration of these
cookies is predetermined by the service offered by Google, as a result of which we
recommend consulting the privacy page of Google Analytics at
http://www.google.com/intl/es/analytics/privacyoverview.ht ml, for further
information on the cookies used and how to disable them (taking into account the fact
that we are not liable for the content or the accuracy of third party websites)
Coockies related to www.cyberarmor.ch
Are you obliged to provide your Personal Data?
You can instruct your browser to refuse all cookies or to indicate when a cookie is
being sent, except Session Identification- cookies (n. 1 above), which are temporary
maintained, only during the session.
What happens if you don’t provide your Personal Data?
You may disable, restrict or delete the cookies from this website at any time by
changing the configuration of your browser.
Which are your rights?
You have the right to:1. request the access to the data we hold about you and have a
copy of them;2. request the rectification of incomplete or inaccurate data; 3.
request the erasure of the information we have on you; 4. request the restriction of
processing; 5. object to the processing of your Personal Data, on grounds relating to
your particular situation; 6. where the processing is based on your consent, withdraw
it at any time, without affecting the lawfulness of processing based on consent
before its withdrawal; 7. request data portability in a structured, commonly used and
machine-readable format, where technically feasible; lodge a complaint with a
Supervisory Authority, in particular, under the GDPR, in the EU Member State of your
habitual residence, place of work or place of the alleged infringement, if you
consider that the processing infringes the Regulation. Without prejudice to any
available administrative or non-judicial remedy you also have the right to an
effective judicial remedy before the courts of the Member State where the Joint
Controllers have an establishment or, alternatively, where you have your habitual
How you can contact us?
If you have any questions about the processing of your Personal Data, or you want to
exercise your rights, please contact the Controller at email@example.com
List of definitions
“Applicable Regulations”: any provision of law, independently of its ranking,
belonging to the legal systems of the European Union, which is in any way applicable
to the Agreement.
“Authorised”: the individual who, under the supervision of the Company, is
instructed by the latter in relation to the Processing of Personal Data as per art.
“Authority”: the entity or organisation, whether private or public, entrusted with
the judiciary, administrative, disciplinary, surveillance and police powers.
“Committee” or “EDPB” the European Committee for the protection of personal data,
as established by art. 68 GDPR and regulated in arts. 68 to 76 GDPR, which
substitutes WP29 from 25 May 2018.
“Communication”: “the providing of information concerning personal data to one or
more subjects other than the data subject, as operated by a representative of the
Controller in the territory of the European Union, by the Processor or its
representatives in the territory of the European Union, by those who are Authorised
to the processing of personal data in light of art. 2-quaterdecies under the direct
supervision of the controller or the processor, independently of the modalities of
the processing, even by making the information concerning the personal data
available, consultable or reachable by interconnection” (as set forth in art.
2-ter, comma 4 lett. a of the Privacy Code).
“Controller”: “the natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data”, as defined in art. 4, subparagraph 1, no. 7,
“Supervisory Authority”: the independent public authority of a Member State of the
European Union or of the European Union itself that in entrusted with the task of
assessing the application of Privacy Regulations.
“Data”: one or more categories indicated as Personal Data or Special Data.
“Database”: group of Data and/or Information which is homogenous in relation to its
content and format, as owned by each of the Parties and sent to the other Party for
the purpose of signing and/or performing the Agreement.
“Data Subject”: “an identified or identifiable natural person”, as defined in art.
4, subparagraph 1, no. 1, of EU Regulation no. 2016/679 (“GDPR”).
“Director”: the individual provided with the powers to legally represent a Party or
a Third Party.
“Employee”: natural person who carries out work under the supervision of one of the
Parties or the Commercial Contract, independently of the type of the formal
contractual relationship with them.
“GDPR”: EU Regulation no. 2016/679 concerning “the protection of natural persons
with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation)”;
“Information” o “Confidential Information”: the data or information (of any nature,
whether technical, productive, financial, commercial, operative,
accountancy-related or economical etc.), as well as the documents, declarations,
and generally any piece of information concerning, by way of example, the know-how,
processes, results, milestones, draft, specifications, forecasts, business plans,
also in the form of memos, figures, internal communications, studies, reports,
lists, data, tables, forms, security infrastructures, clients and/or suppliers,
exchanged among the Parties and/or made available to each of the Parties for the
purpose of the signing or performance of the Agreement, or developed by the other
Party in relation to the Opportunity, independently of their format (oral,
electronic or in writing), which is labelled as “confidential” or anyway regarded
as such by the Party that submits it.
“Lead”: the individual or entity who is potentially interested in the possibility
of entering into an agreement with one of the Parties, as well as with their
Directors, Employees or agents.
“Marketing”: indicates singularly or collectively the submission of advertising,
marketing, sale and market research materials.
“Personal Data”: “any information relating to an identified or identifiable natural
person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier or to
one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person”, a defined in art. 4,
subsection 1, no. 1, GDPR).
“Privacy Regulations”: EU Regulation no. 2016/679 (“GDPR”) and further applicable
Regulations, independently of their legal rank, thus including the opinions of WP29
and, from 25 May 2018, of the Committee.
“Processing”: “any operation or set of operations which is performed on personal
data or on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, restriction, erasure or
destruction”, as defined in art. 4, subparagraph 1, no. 2, GDPR.
“Processor”: “a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller”, as defined in art. 4,
subparagraph 1, no. 8, GDPR.
“Profiling”: “any form of automated processing of personal data consisting of the
use of personal data to evaluate certain personal aspects relating to a natural
person, in particular to analyse or predict aspects concerning that natural
person’s performance at work, economic situation, health, personal preferences,
interests, reliability, behaviour, location or movements”, as defined in art. 4,
subparagraph 1, no. 4, GDPR
“Prospect”: the individual or entity who is actually interested in entering into an
agreement with any of the Parties, thus including their Directors, Employees and
“Recipient”: “a natural or legal person, public authority, agency or another body,
to which the personal data are disclosed, whether a third party or not”, a defined
in art. 4, subparagraph 1, no. 9, GDPR.
“Restriction of the processing”: “the marking of stored personal data with the aim
of limiting their processing in the future”, as defined in art. 4, subparagraph 1,
no. 3, GDPR.
“Services”: the work of any kind (e.g. supply of goods/services) as performed by
each of the Parties.
“Special Data”: Personal Data that “reveal racial or ethnic origin, political
opinions, religious or philosophical beliefs, or trade union membership, […]
concerning […] a natural person’s sex life or sexual orientation” (art. 9.1 GDPR),
“concerning health” (“personal data related to the physical or mental health of a
natural person, including the provision of health care services, which reveal
information about his or her health status”, as defined in art. 4, subparagraph 1,
no. 15, GDPR) and the “data relating to criminal convictions and offences or
related security measures” (art. 10 GDPR), as well as “genetic data” (“personal
data relating to the inherited or acquired genetic characteristics of a natural
person which give unique information about the physiology or the health of that
natural person and which result, in particular, from an analysis of a biological
sample from the natural person in question”, as defined in art. 4, subparagraph 1,
no. 13, GDPR); “biometric data” (“personal data resulting from specific technical
processing relating to the physical, physiological or behavioural characteristics
of a natural person, which allow or confirm the unique identification of that
natural person, such as facial images or dactyloscopic data”, as defined in art. 4,
subparagraph 1, no. 14, GDPR).
“Spreading”: “providing information in relation to the personal data to
unidentified subjects, in any format, also by making them available or consultable”
(as defined in art. 2-ter, comma 4, lett. b of the Privacy Code).
“Supplier”: the individual or entity that submits a commercial offer to any of the
Parties or to the Commercial Contract (independently of their acceptance), as well
as to their Directors, Employees or agents.
“Third Party”: anyone who is not a Party.
“WP29”: the Working Group for the protection of individuals with regard to the
processing of personal data, as established by art. 29 Directive 95/46/CE, whose
tasks were established by art. 30 of Directive 95/46/CE and by art. 15 of Directive