In this Website we collect Browsing Data (e.g. IP addresses and/or the domain names of the computers and
terminal equipment used by any user, the URI/URL addresses of the requested resources, the time of such
requests, the method used for submitting a given request to the server, returned file size, a numerical
code relating to server response status, and other parameters related to the user’s operating system and
computer environment). Normally, collection of this Data does not imply processing of Personal Data, as we
cannot identify you through those data; in any case, Browsing Data are erased immediately after being
aggregated (except if judicial authorities need such data for establishing the commission of criminal
Who we are? (Data Controller)
Cyberarmor sagl, a company existing and organised under the laws of Switzerland, with registered offices
in Castel San Pietro
Why are we processing Personal Data? (Purposes)
In order to 1.allow you to navigate the website; 2.send you our newsletter; 3.allow you to contact us via
webform; 4.comply with legal obligations to which the Controller is subject.
Why are we allowed to process your Personal Data? (Legal Basis)
Processing of your Personal Data may be based on your freely given and specific consent (purpose n. 2
above); in the legitimate interests pursued by the Controller, which is not overridden by your interests
or fundamental rights; necessary for compliance with a legal obligation to which the Joint Controllers are
subject (purpose n.4 above).
To whom do we transfer your Personal Data?(Categories of Recipients)
In the minimum necessary extent in relation to the above purposes the Controller may disclose your
Personal Data to 1. service providers (e.g. IT) who carry out processing on our behalf, acting as Data
Processors; 2. persons who, under the direct authority of the Joint Controllers, are authorised to process
Personal Data; public Authorities and Agencies, if required to do so by law or in response to their valid
How long do we retain your Personal Data?
The Controller will store your Personal Data only for as long as is necessary for the above purposes and
to comply with its legal obligations, resolve disputes and enforce legal agreements and policies. Browsing
Data is generally retained for a shorter period of time, except when this data is used to strengthen the
security or to improve the functionality of the Service, or we are legally obligated to retain this data
for longer time periods.
Do we transfer Personal Data outside the European Economic Area (EEA) or to international organisation?
Personal Data may be transferred to – and maintained on – computers and persons outside the EEA. We will
take all steps reasonably necessary to ensure that your data is treated securely and in accordance with
unless it is based adequacy decision by the Commission or other appropriate or suitable safeguards.
Do we do Profiling?
No, we actually don’t profile our users.
Yes, we do, as the following:
Session Identification: Identifies the user’s http session. Common to all web applications to identify
user requests during a session.
Google Analytics: Make it possible to monitor the website using the Google Analytics, a service provided
by Google to obtain information about user access to websites. Some of the data saved for subsequent
analysis are the number of times a user visits the website, the date they visited the website for the
first time and the last time, the duration of their visits, from which other page the user accessed the
website, which search engine the user used to reach the website or on which link they clicked, from which
part of the world they are connecting, etc. The configuration of these cookies is predetermined by the
service offered by Google, as a result of which we recommend consulting the privacy page of Google
Analytics at http://www.google.com/intl/es/analytics/privacyoverview.ht ml, for further information on the
cookies used and how to disable them (taking into account the fact that we are not liable for the content
or the accuracy of third party websites)
Coockies related to www.cyberarmor.ch
Are you obliged to provide your Personal Data?
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent,
except Session Identification- cookies (n. 1 above), which are temporary maintained, only during the
What happens if you don’t provide your Personal Data?
You may disable, restrict or delete the cookies from this website at any time by changing the
configuration of your browser.
Which are your rights?
You have the right to:1. request the access to the data we hold about you and have a copy of them;2.
request the rectification of incomplete or inaccurate data; 3. request the erasure of the information we
have on you; 4. request the restriction of processing; 5. object to the processing of your Personal Data,
on grounds relating to your particular situation; 6. where the processing is based on your consent,
withdraw it at any time, without affecting the lawfulness of processing based on consent before its
withdrawal; 7. request data portability in a structured, commonly used and machine-readable format, where
technically feasible; lodge a complaint with a Supervisory Authority, in particular, under the GDPR, in
the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you
consider that the processing infringes the Regulation. Without prejudice to any available administrative
or non-judicial remedy you also have the right to an effective judicial remedy before the courts of the
Member State where the Joint Controllers have an establishment or, alternatively, where you have your
How you can contact us?
If you have any questions about the processing of your Personal Data, or you want to exercise your rights,
please contact the Controller at firstname.lastname@example.org
List of definitions
“Applicable Regulations”: any provision of law, independently of its ranking, belonging to the legal
systems of the European Union, which is in any way applicable to the Agreement.
“Authorised”: the individual who, under the supervision of the Company, is instructed by the latter in
relation to the Processing of Personal Data as per art. 29 GDPR.
“Authority”: the entity or organisation, whether private or public, entrusted with the judiciary,
administrative, disciplinary, surveillance and police powers.
“Committee” or “EDPB” the European Committee for the protection of personal data, as established by art.
68 GDPR and regulated in arts. 68 to 76 GDPR, which substitutes WP29 from 25 May 2018.
“Communication”: “the providing of information concerning personal data to one or more subjects other than
the data subject, as operated by a representative of the Controller in the territory of the European
Union, by the Processor or its representatives in the territory of the European Union, by those who are
Authorised to the processing of personal data in light of art. 2-quaterdecies under the direct supervision
of the controller or the processor, independently of the modalities of the processing, even by making the
information concerning the personal data available, consultable or reachable by interconnection” (as set
forth in art. 2-ter, comma 4 lett. a of the Privacy Code).
“Controller”: “the natural or legal person, public authority, agency or other body which, alone or jointly
with others, determines the purposes and means of the processing of personal data”, as defined in art. 4,
subparagraph 1, no. 7, GDPR.
“Supervisory Authority”: the independent public authority of a Member State of the European Union or of
the European Union itself that in entrusted with the task of assessing the application of Privacy
“Data”: one or more categories indicated as Personal Data or Special Data.
“Database”: group of Data and/or Information which is homogenous in relation to its content and format, as
owned by each of the Parties and sent to the other Party for the purpose of signing and/or performing the
“Data Subject”: “an identified or identifiable natural person”, as defined in art. 4, subparagraph 1, no.
1, of EU Regulation no. 2016/679 (“GDPR”).
“Director”: the individual provided with the powers to legally represent a Party or a Third Party.
“Employee”: natural person who carries out work under the supervision of one of the Parties or the
Commercial Contract, independently of the type of the formal contractual relationship with them.
“GDPR”: EU Regulation no. 2016/679 concerning “the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation)”;
“Information” o “Confidential Information”: the data or information (of any nature, whether technical,
productive, financial, commercial, operative, accountancy-related or economical etc.), as well as the
documents, declarations, and generally any piece of information concerning, by way of example, the
know-how, processes, results, milestones, draft, specifications, forecasts, business plans, also in the
form of memos, figures, internal communications, studies, reports, lists, data, tables, forms, security
infrastructures, clients and/or suppliers, exchanged among the Parties and/or made available to each of
the Parties for the purpose of the signing or performance of the Agreement, or developed by the other
Party in relation to the Opportunity, independently of their format (oral, electronic or in writing),
which is labelled as “confidential” or anyway regarded as such by the Party that submits it.
“Lead”: the individual or entity who is potentially interested in the possibility of entering into an
agreement with one of the Parties, as well as with their Directors, Employees or agents.
“Marketing”: indicates singularly or collectively the submission of advertising, marketing, sale and
market research materials.
“Personal Data”: “any information relating to an identified or identifiable natural person (‘data
subject’); an identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person”, a defined in art. 4, subsection 1, no. 1,
“Privacy Regulations”: EU Regulation no. 2016/679 (“GDPR”) and further applicable Regulations,
independently of their legal rank, thus including the opinions of WP29 and, from 25 May 2018, of the
“Processing”: “any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination, restriction, erasure or
destruction”, as defined in art. 4, subparagraph 1, no. 2, GDPR.
“Processor”: “a natural or legal person, public authority, agency or other body which processes personal
data on behalf of the controller”, as defined in art. 4, subparagraph 1, no. 8, GDPR.
“Profiling”: “any form of automated processing of personal data consisting of the use of personal data to
evaluate certain personal aspects relating to a natural person, in particular to analyse or predict
aspects concerning that natural person’s performance at work, economic situation, health, personal
preferences, interests, reliability, behaviour, location or movements”, as defined in art. 4, subparagraph
1, no. 4, GDPR
“Prospect”: the individual or entity who is actually interested in entering into an agreement with any of
the Parties, thus including their Directors, Employees and agents.
“Recipient”: “a natural or legal person, public authority, agency or another body, to which the personal
data are disclosed, whether a third party or not”, a defined in art. 4, subparagraph 1, no. 9, GDPR.
“Restriction of the processing”: “the marking of stored personal data with the aim of limiting their
processing in the future”, as defined in art. 4, subparagraph 1, no. 3, GDPR.
“Services”: the work of any kind (e.g. supply of goods/services) as performed by each of the Parties.
“Special Data”: Personal Data that “reveal racial or ethnic origin, political opinions, religious or
philosophical beliefs, or trade union membership, […] concerning […] a natural person’s sex life or sexual
orientation” (art. 9.1 GDPR), “concerning health” (“personal data related to the physical or mental health
of a natural person, including the provision of health care services, which reveal information about his
or her health status”, as defined in art. 4, subparagraph 1, no. 15, GDPR) and the “data relating to
criminal convictions and offences or related security measures” (art. 10 GDPR), as well as “genetic data”
(“personal data relating to the inherited or acquired genetic characteristics of a natural person which
give unique information about the physiology or the health of that natural person and which result, in
particular, from an analysis of a biological sample from the natural person in question”, as defined in
art. 4, subparagraph 1, no. 13, GDPR); “biometric data” (“personal data resulting from specific technical
processing relating to the physical, physiological or behavioural characteristics of a natural person,
which allow or confirm the unique identification of that natural person, such as facial images or
dactyloscopic data”, as defined in art. 4, subparagraph 1, no. 14, GDPR).
“Spreading”: “providing information in relation to the personal data to unidentified subjects, in any
format, also by making them available or consultable” (as defined in art. 2-ter, comma 4, lett. b of the
“Supplier”: the individual or entity that submits a commercial offer to any of the Parties or to the
Commercial Contract (independently of their acceptance), as well as to their Directors, Employees or
“Third Party”: anyone who is not a Party.
“WP29”: the Working Group for the protection of individuals with regard to the processing of personal
data, as established by art. 29 Directive 95/46/CE, whose tasks were established by art. 30 of Directive
95/46/CE and by art. 15 of Directive 2002/58/CE.