InTheCyber Srl Privacy Policy

Art.13 EU Regulation n. 679/2016

InTheCyber Srl confers great importance to the privacy of the users of its website and undertakes to respect it within the terms established by the EU Regulation n.679/2016.

InTheCyber Srl below provides some information to users of its site, as interested in the processing of personal data, about the purposes and use of the data.


1. Data controller

InTheCyber Srl, VAT no. 06160080963, with Headquarters in Piazza Ernesto De Angeli, 3 – 20146 Milan, Italy, is the Data Controller, pursuant art. 24 of EU Regulation n. 679/2016, for the processing of your personal data. The Data Controller informs you therefore that the personal data acquired are subject to processing in compliance with the above mentioned legislation.


2. Personal data collected

Personal data means any information concerning an identified or identifiable natural person.

The personal data collected are essentially related to:

  • Identifying data (name, surname and telephone of natural persons)
  • The personal data necessary to make it possible and respectively to optimize navigation on the site. These data include information concerning the use of the website, such as the IP address of the user’s device, the location of the user, the unique identifier of the user’s mobile device, the duration of the stay on the website, the links activated, the characteristics of the browser (type, language, installed plug-ins, cookies, etc.). These data are processed in an automated manner exclusively to allow navigation on the Site, evaluate the introduction of new features, improve the quality of the services offered, measure the use of the Site and optimize its usability.

Some personal data deserving of particular protection in particular sensitive information such as that relating to the intimate sphere, social assistance measures, racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or health data, status psychic, mental or physical, as well as data relating to criminal convictions and offenses or related security measures.

The Data Controller does not need or require the provision of personal data deserving of particular protection. The user is therefore advised not to spontaneously transmit information of this nature through the site and related resources (e-mail, contact form and online application).


3. Purpose of treatment, legal basis and data retention time

The owner processes personal data in relation to the purposes summarized in the following table:

Purpose of treatmentLegal basisData retention time
Navigation on the websiteLegitimate interest
Fulfillment of contractual obligations
Up to 1 year
Contact request or information requestLegitimate interest
interested request
1 year
Direct marketingLegitimate interest2 years
Organizational, administrative and user data management activitiesLegitimate interest and/or fulfillment of contractual obligationsThe time required by the legislation applied
Detection and identification of authors of any computer fraud related to the use of the siteLegitimate interestThe time required by the legislation applied


4. Mode of treatment

The personal data you provide will be stored by InTheCyber Srl and processed by employees and/or external professionals expressly designated by the Controller, who perform these activities under his direct supervision and responsibility.

The data may be transmitted to external subjects who perform functions closely related and instrumental to the operation of the service.

The data are stored in compliance with the minimum security measures required by law to prevent data loss, illicit or incorrect use and unauthorized access.


5. Nature of data provision

Apart from that specified for navigation data, the user is free to provide personal data.

The provision of data is optional or necessary depending on the specific purpose for which the

Data is processed. Failure to provide the requested data will make it impossible to obtain what is requested or to use the services of the Data Controller.


6. Scope of communication and dissemination of data

In relation to the indicated purpose, the data may be communicated to the following subjects and/or categories of subjects indicated below, or they may be communicated to third parties for activities such as the maintenance and management of the website and more generally to all employees, including those of third parties (service providers, IT infrastructures and similar) who deal with the management and supervision of the same and duly appointed as data processors. In this case, the use by third parties will take place in full compliance with the principle of correctness and lawfulness.

The data will not be subject to disclosure.

For the sake of clarity, their different types are indicated:

– Companies that collaborate with the Controller;

– Competent authorities and/or supervisory bodies for the fulfilment of legal obligations;

– Public administrations for their institutional purposes;

– Professionals qualified for the resolution of any legal and contractual problems;

– Suppliers involved in the management and maintenance of the website

The list of External Processors, including further data useful for identification, is available at the registered office of the Controller.


7. Data transfer

InTheCyber Srl is part of InTheCyber Group, leading organization in the field of CyberDefence and Intelligence, collaborates in projects with international organizations and foreign countries and may transfer the data acquired from browsing the site to companies belonging to the Group.

During the performance of its business, the Data Controller does not transfer the personal data of its customers/users to non-EU countries. If this opportunity arises, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments set out in Chapter V of the GDPR will be applied.


8. Rights of data subjects

In relation to the aforesaid processing, you may exercise the rights referred to in Chapter III of EU Regulation n. 679/2016 in art. 15 – 21, which include:

  1. Obtain confirmation of the existence or otherwise of data concerning you;
  2. Know the origin of the data, the logic and the purpose on which the processing is based;
  3. Obtain access, cancellation, transformation into anonymous form or blocking of data processed unlawfully, updating, limitation, rectification, revocation, portability and integration of data;
  4. Oppose, for legitimate reasons, the processing of data.

Furthermore, the interested party can always exercise a right of complaint against the Guarantor Authority for the protection of personal data.

If you would like to exercise any of these rights, please contact InTheCyber Srl, VAT n. 06160080963, with Headquarters in Piazza Ernesto De Angeli, 3, Milan, Italy, telephoning +39 02 48013067or sending an email to the address [email protected]

Further information regarding the processing and communication of data provided directly or otherwise acquired may be requested at the addresses above.