InTheCyber Group SA (hereinafter ITC Group SA) firmly believes that the privacy of its website users is very important and therefore undertakes to comply with it in accordance with the terms of the Swiss Data Protection Legislation (hereinafter DPL).

In general, ITC Group SA does not process personal data that fall within the scope of European Regulation 2016/679 (hereinafter GDPR), but if this is applicable, all the protections provided therein will be granted to data subjects.

In accordance with art.3, GDPR applies in the case of activities concerning:

  1. a) the supply of goods and services to Union data subjects;
  2. b) Union data subjects behaviour monitoring.

Hereby, ITC Group SA provides some information to website users as data subjects interested in the processing of personal data, about the purposes and use of data, according to Article 19 of the DPL and in order to pursue lawful processing in accordance with the bona fides and proportionality principles.


The Controller of data processing (hereinafter Data Controller) is InTheCyber Group SA, with headquarters in Via Vegezzi, 4 – 6900 Lugano, Switzerland.

Tel: +41 91 911 73 01
email: [email protected]

The Data Controller, as a legal entity established in Switzerland, processes users personal data in accordance with the DPL.

ITC Group SA is a leading company in the field of Cybersecurity and has several companies which operate in the European Union in the field of Cyber Defense and Intelligence. In addition, ITC Group SA is GDPR compliant and is ISO9001, ISO27001 and CREST certified.

Through this website, the Data Controller processes personal data in accordance with the provisions of the DPL and if the Regulation is exceptionally applicable, ITC Group SA grants to data subjects the protections provided by art. 12 and 13 GDPR. GDPR text can be consulted at the following link: uri=Celex%3A32016R0679



With Personal Data is intended any type of information regarding an identified or identifiable person (Personal Data). Sensitive information such as the one concerning the intimate sphere, social assistance measures, racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or health data, mental or physical state, as well as data relating to criminal convictions and crimes or related security measures are considered personal data worthy of particular protection.

The Data Controller does not need or requires the provision of personal data deserving particular protection. The user is therefore advised not to spontaneously transmit information of this nature through the site and related resources (e-mail, contact form and online application).

The Data Controller collects and processes the personal data needed to optimize and make navigation on the website possible.

Data includes information regarding the use of the website, such as the IP address of the user’s device, the user location, the user’s mobile identification code, the dwell time on the website, links activated, browser features (type, language, plug-in installed, cookies, etc.). These data are processed in an automated manner exclusively to allow navigation on the website, evaluate the introduction of new features, improve the quality of offered services, measure and optimize the use of the website.

The website processes personal data transmitted by the user, in particular through an online form or e-mail, for the purpose of communication or to make the information requested by the user available.

The website does not process, nor transmit content or advertising based on the user behaviour, neither profile the user, and does not monitor the use of web resources or e-mail. The website does not sell, rent, trade and/ or lend personal data to third parties.

It is recommended not to send information and/or documents containing personal and/or confidential information by e-mail (in particular: medical information), because it is an insecure means of communication which does not guarantee the protection of confidentiality. The website owner is available to provide secure means of electronic communication to transmit sensitive data, if requested by the user.



The owner processes personal data in relation to the purposes summarized in the following table:

Purpose of treatmentLegal basisData retention time
Navigation on the websiteLegitimate interest
Fulfilment of contractual obligations
Up to 1 year
Contact request or information requestLegitimate interest
interested request
1 year
Direct marketingLegitimate interest2 years
Organizational, administrative and user data management activitiesLegitimate interest and/or fulfilment of contractual obligationsThe time required by the legislation applied
Detection and identification of authors of any computer fraud related to the use of the siteLegitimate interestThe time required by the legislation applied


Apart from what is specified for navigation data, the user is free to provide personal data.

The provision of data is optional or requested depending on the specific purpose for which data are treated. The absence of the requested data will not allow the permission to obtain what requested and to use the services offered by the Data Controller.



Personal Data provided by the user may be communicated to the recipients who will process them as data processors and/or as natural persons acting under the authority of the owner or manager. When operating independently, the subjects assume the position of distinct data controllers.

Despite data transmissions required by law, all data may be communicated to recipients who belong to the following categories:

  1. A) individuals who provide services for the information and telecommunications systems management used by the Data Controller in order to make the website available and also to organize, program, implement and execute activities related to the website;
  1. B) companies and freelancers which provide services to the Data Controller (e.g. referring to fields such as law, accounting, administration and taxes).

In relation to the website and other resources management (in particular: e-mailing, back-up, web-design, graphics, maintenance, translation, hosting and Internet access), ITC Group SA relies on external suppliers established and active in Switzerland or in the European Union (EU).


ITC Group SA provides its professional activity in the field of Intelligence and Cyber-Defense, collaborating with international organizations and country members of the European Union. ITC Group SA may transfer acquired data gained with the users navigation on the website to the companies belonging to the Group and in particular to ITC Srl, that shall be in charge of marketing activities by sending informative material relating to the cybersecurity services offered by the Data Controller, ensuring full compliance with the DPL applied and the obligations imposed by the GDPR, where applicable.


There are several rights that can be exercised by data subjects, in particular:

Right of access: the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed according to art. 25 DPL, and therefore request further information.

Right to data portability: the right to have personal data delivered or to have it transmitted to third parties, when certain conditions are met by art.28 LPD.

Right to rectification: the right to rectification of personal data when proved that they are being processed inaccurately, according to art. 32 DPL.

Right to erasure: the right to request the erasure of stored personal data when certain conditions are present, according to art. 32 DPL.

Right to restriction of processing: the right to request that processing of personal data is prohibited in certain conditions, according to art. 32 DPL.

In case the processing of data falls within the scope of territorial application referred to art.3 GDPR, the data subject can exercise the rights set out in art. 15-21 GDPR.

For further information or to exercise these rights you can send an email to: [email protected]

In addition, the data subject may always exercise a right to lodge a complaint with the Data Protection Authority, i.e. the Swiss Federal Data Protection and Information Commissioner (FDPIC).



The legal relationship between the user and the Data Controller in reference to the access and use of the website is governed by Swiss law.

Any dispute arising out of such use of the website is subject to the competent court of Pretura di Lugano.