Find out more about the current security level of your IT landscape!

Privacy Policy itesys AG

The controller under data protection legislation, particularly the EU General Data Protection Regulation (GDPR), is:

itesys AG

Kai Siers

Langfeldstrasse 53a

8500 Frauenfeld


Phone: +41 (0)716701780



Based on Article 13 of the Swiss Federal Constitution and the Confederation’s data protection provisions (Federal Act on Data Protection (FADP)), every person has the right to protection of their privacy, as well as protection against misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and according to the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as well as possible from unauthorised access, loss, misuse or falsification.

We would like to point out that online data transfer (e.g. in the case of email communication) may be vulnerable to security breaches. Data cannot be completely protected against access by third parties.

By using this website, you consent to data collection, processing and use as described below. This website can generally be visited without any need to register. During visits to the website, data such as pages accessed or the name of the file retrieved, the date and the time are stored on the server for statistical purposes without this data being directly related to you as a person. Personal data – in particular your name, postal address or email address – is collected on a voluntary basis as far as possible. Your data will not be disclosed to third parties without your consent.

Personal data processing

Personal data is all the information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, erasure, storage, modification, destruction and use of personal data.

We process personal data in accordance with Swiss data protection legislation. Additionally, we process personal data – insofar as and to the extent that the European GDPR is applicable – in accordance with the following legal bases in connection with Art. 6 (1) of the GDPR:

  • Consent (Art. 6 (1) sentence 1 (a) of the GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • Performance of a contract and pre-contractual requests (Art. 6 (1) sentence 1 (b) of the GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6 (1) sentence 1 (c) of the GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Protection of vital interests (Art. 6 (1) sentence 1 (d) of the GDPR) – Processing is necessary to protect the vital interests of the data subject or of another natural person.

  • Legitimate interests (Art. 6 (1) sentence 1 (f) of the GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  • Application process as part of a pre-contractual or contractual relationship (Art. 9 (2) (b) of the GDPR) – Insofar as special categories of personal data under Art. 9 (1) of the GDPR (e.g. health data, such as severe disability status or ethnic origin) are requested from applicants in the context of the application process so that the controller or the data subject can exercise the rights they are entitled to under labour law and social security and social protection law and fulfil their obligations in this respect, they are processed in accordance with Art. 9 (2) (b) of the GDPR, in the case of the protection of vital interests pursued by the applicants or other persons in accordance with Art. 9 (2) (c) of the GDPR or for the purposes of preventive healthcare or occupational medicine, for the assessment of the employee’s fitness for work, for medical diagnostics, care or treatment in the healthcare or social sector or for the management of systems and services in the healthcare or social sector in accordance with Art. 9 (2) (h) of the GDPR. If special categories of data are communicated based on voluntary consent, processing of the same is based on Art. 9 (2) (a) of the GDPR.

We process personal data for the period of time required for the relevant purpose(s). We restrict processing accordingly in the case of longer-term retention obligations due to legal and other obligations that we are subject to.

Relevant legal bases

We inform you of the legal bases of our data processing operations in accordance with Art. 13 of the GDPR. The following applies if the legal basis is not stated in the privacy policy: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 of the GDPR; the legal basis for processing to provide our services, implement contractual measures and respond to enquiries is Art. 6(1) (b) of the GDPR; the legal basis for processing to meet our legal obligations is Art. 6 (1) (c) of the GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) of the GDPR. In cases where the vital interests of the data subject or another natural person necessitate processing of personal data, Art. 6 (1) (d) of the GDPR shall apply as the legal basis.

Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing operations, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures particularly include ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure that data subjects can exercise their rights, data can be erased and measures can be taken in response to data being compromised. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection by design and data protection by default.

Transferring personal data

In the context of our personal data processing operations, the data may be transferred to or disclosed to other authorities, companies, legally independent organisational units or persons. The recipients of this data may include the likes of service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or processing takes place in the context of use of third-party services or the disclosure or transfer of data to other persons, authorities or companies, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process the data in third countries that have a recognised level of data protection, contractual obligation through what are known as the European Commission’s ‘standard contractual clauses’, available certifications or binding internal data protection regulations (Arts. 44 to 49 of the GDPR; the European Commission’s information page:

Privacy policy for cookies

This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after their visit to a website. Stored information may include the likes of language settings on a website, login status, a shopping basket or where a video was watched. The term ‘cookies’ also includes other technologies that perform the same functions as cookies (e.g. where user details are stored using pseudonymous online identifiers, also known as ‘user IDs’)

A distinction is made between the following types of cookie and functions:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted after a user has left a website and closed their browser at the latest.

  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be stored, or preferred content can be displayed directly when the user visits a website again. Likewise, users’ interests used for reach measurement or marketing purposes may be stored in such a cookie.

  • First-party cookies: First-party cookies are set by ourselves.

  • Third-party cookies: Third-party cookies are mainly used by advertisers (‘third parties’) to process user information.

  • Necessary (also known as essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to store login credentials or other user inputs, or for security reasons).

  • Statistics, marketing and customisation cookies: Furthermore, cookies are usually also used in the context of reach measurement and when a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual web pages are stored in a user profile. Such profiles are used to show users content that matches their potential interests, for example. This process is also known as ‘tracking’, i.e. following users’ potential interests. Insofar as we use cookies or ‘tracking’ technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

  • Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is your declared consent. Otherwise, the data processed with the help of cookies is processed based on our legitimate interests (e.g. operating and improving our website for business purposes) or if the use of cookies is necessary to meet our contractual obligations.

  • Storage period: If we do not provide you with explicit information about the storage period of permanent cookies (e.g. in the context of a ‘cookie opt-in procedure’), please assume that the storage period may be up to two years.

  • General information about revocation and objection (‘opting out’): Depending on whether processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data using cookie technologies (collectively referred to as ‘opting out’). You can initially declare your objection by means of your browser settings, e.g. by disabling the use of cookies (although doing so may restrict our website’s functionality). You can also declare your objection to the use of cookies for online marketing purposes by means of a variety of services, especially in the case of tracking, using the and websites. You can also receive further instructions on how to object in the context of the information about the service providers and cookies used.

  • Processing cookie data based on consent: We use a cookie consent management procedure under which users’ consent to the use of cookies, or to the processing and providers mentioned in the cookie consent management procedure, can be obtained, as well as managed and revoked by users. In this regard, the declaration of consent is stored so that it does not have to be repeated and the consent can be proven in accordance with the legal obligation. Storage can take place on the server side and/or in a cookie (‘opt-in cookie’ or with the help of comparable technologies) so that the consent can be assigned to a user or their device. The following information applies subject to individual information about the providers of cookie management services: Consent may be stored for up to two years. Here, a pseudonymous user identifier is created and stored along with the time that consent is given, information about the scope of consent (e.g. which categories of cookies and/or service providers), as well as information about the browser, system and terminal device used.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Legal bases: Consent (Art. 6 (1) sentence 1 (a) of the GDPR), legitimate interests (Art. 6 (1) sentence 1 (f) of the GDPR).

Third-party services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services provided by the American company Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, although we assume that no personal tracking takes place in this context solely through the use of our website.

Google has committed to ensuring adequate data protection in accordance with the US/EU and US/Swiss Privacy Shield Frameworks.

Further information can be found in Google’s privacy policy.

Privacy policy for the contact form

If you send us enquiries using the contact form, we will save your information from the enquiry form including the contact details you specified there for the purpose of processing the enquiry and in the event of any follow-up questions. We will not disclose this data to others without your consent.

Privacy policy for newsletter data

If you would like to receive the newsletter offered on this website, we require a valid email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receiving the newsletter. No more data is collected. We use this data exclusively for sending the requested information and do not disclose it to third parties.

You may revoke your consent relating to the storage of your data and your email address and relating to use of the same for the purpose of sending newsletters at any time using the likes of the ‘Unsubscribe’ link in the newsletter.

Privacy policy for Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the data controller on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as ‘Google’.

The statistics acquired allow us to improve our website and to design it in a way that is more interesting to you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. If you have a Google user account, you can disable the cross-device analysis of your usage in the settings there under ‘My data’ > ‘Personal data’.

The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 (f) of the GDPR. The IP address transferred by your browser in the context of Google Analytics is not associated with any other data held by Google. We would like to point out that Google Analytics has been expanded to include the code ‘._anonymizeIp();’ on this website, so as to guarantee anonymised collection of IP addresses. This further processes IP addresses in truncated form, so they cannot be directly attributed to a person. Insofar as the data collected about you makes you personally identifiable, this is therefore immediately excluded and the personal data is thus immediately deleted.

Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activities and providing the website operator with other services relating to website and internet use. For the exceptional situations where personal data is transferred to the USA, Google has subjected itself to the EU/US Privacy Shield Framework:

Google Analytics uses cookies. The information generated by the cookie about your use of this website is generally transferred to and stored on a Google server in the USA. You can prevent the storage of cookies by changing the relevant setting in your browser software; however, please note that if you do so, you may be unable to use all of this website’s functions in full. Furthermore, you can prevent Google’s collection and processing of the data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: Disable Google Analytics.

You can also prevent use by Google Analytics by clicking on the following link: Disable Google Analytics. This saves what is known as an ‘opt-out cookie’ on your data carrier, which prevents Google Analytics’ processing of personal data. Please note that if you delete all the cookies on your terminal device, these opt-out cookies will be deleted too. In other words, you will have to set the opt-out cookies again if you wish to continue preventing this form of data collection. The opt-out cookies are set for each browser and computer / terminal device and must therefore be enabled separately for each browser, computer or other terminal device.

Google Tag Manager

Google Tag Manager is a solution that we can use to manage what are known as ‘website tags’ via an interface and thus integrate e.g. Google Analytics as well as other Google marketing services into our website. The tag manager itself, which implements the tags, does not process any of the users’ personal data. Reference is made to the following information about Google services with regard to the processing of users’ personal data. Use policy:

Privacy policy for Friendly

Our website uses Friendly, a marketing automation software provided by Friendly GmbH, Switzerland. The software helps us to analyse the use of our portal. We use cookies for this purpose.

Certain usage data is linked to you personally (e.g. after you enter it in a registration form) and stored in our CRM system. This enables us to send you information and offers that are tailored specifically to your interests.

We use the software to provide you with information and offers that are tailored to your needs. Accordingly, we have a legitimate interest in such processing under Art. 6 (1) (f) of the General Data Protection Regulation. The legal basis for our processing of your personal data in connection with using the software is Art. 6 (1) (f) of the General Data Protection Regulation.

In the context of use, we store your personal data for as long as is necessary to provide you with information and offers that are tailored to your needs.

The provision of personal data collected via Friendly is not required by law or under a contract or necessary for the conclusion of a contract. If you do not provide us with this data, we be unable to provide you with information and offers that are tailored to your needs.

For more information about how Friendly uses data, please refer to the privacy policy at:

Privacy policy for Facebook

This website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you access our pages featuring Facebook plugins, a connection is established between your browser and the Facebook servers. Data is transferred to Facebook during this process. This data can be linked to your Facebook account if you have one. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions – particularly the use of a comments function or clicking on a ‘Like’ or ‘Share’ button – are also forwarded to Facebook. You can find out more at

Privacy policy for LinkedIn

We use the marketing services of the social network LinkedIn provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (‘LinkedIn’) within our website.

They use cookies, i.e. text files that are stored on your computer. This enables us to analyse how you use the website. For example, we can measure how successful our ads are and show users products they were previously interested in.

This includes the likes of information about the operating system, the browser, the web page you visited previously (referrer URL), which web pages the user visited, which offers the user clicked on, and the date and time of your visit to our website.

The information generated by the cookie about your use of this website is transferred to and stored on a Google server in the USA in pseudonymised form. So LinkedIn does not store the respective user’s name or email address. Rather, the above-mentioned data is only assigned to the person the cookie was generated for. This does not apply if the user has allowed LinkedIn to process without pseudonymisation or has a LinkedIn account.

You can prevent the storage of cookies by changing the relevant setting in your browser software; however, please note that if you do so, you may be unable to use all of this website’s functions in full. You can also object to the use of your data directly on LinkedIn:

We use LinkedIn Analytics to analyse how our website is used and improve it on a regular basis. The statistics acquired allow us to improve our website and to design it in a way that is more interesting to you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the USA and Singapore that is necessary for developing, implementing and maintaining the services takes place in a lawful manner. If we ask users for consent, the legal basis for processing is Art. 6 (1) (a) of the GDPR. Otherwise, the legal basis for using LinkedIn Analytics is Art. 6 (1) sentence 1 (f) of the GDPR.

Information about the third-party service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland User Agreement and Privacy Policy.

Privacy policy for YouTube

Functions of the ‘YouTube’ service are integrated on our website. ‘YouTube’ is owned by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, that provides the services in the European Economic Area and Switzerland.

Your legal agreement with ‘YouTube’ consists of the terms and conditions found at the following link: These terms and conditions constitute a legally binding agreement between you and ‘YouTube’ with respect to the use of the services. Google’s privacy policy explains how ‘YouTube’ handles your personal data and protects your data when you use the service.


The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The copyright holder’s written consent must be obtained in advance for the reproduction of all files.

Anyone who commits a copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly to damages.

General disclaimer

All the information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, accurate and complete. Nevertheless, we cannot completely rule out the occurrence of errors, which means that we cannot guarantee the completeness, accuracy and topicality of information, including of a journalistic and editorial nature. Liability claims relating to damages of a material or immaterial nature caused by the use of any information provided will be rejected insofar as there is no demonstrable fault of an intentional or grossly negligent nature.

The publisher may change or delete texts at its own discretion and without notice and is not obligated to update any contents of this website. The visitor uses or accesses this website at their own risk. The publisher, its clients or partners are not responsible for any damages, such as direct, indirect, incidental, consequential or special damages, alleged to have been caused by the use of this website and consequently assume no liability for such damages.

The publisher also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed using external links on this website. Only the operators of linked pages are responsible for the content of the same. The publisher thus expressly distances itself from all third-party content that may be relevant under criminal or liability law or that may offend common decency.


We may amend this privacy policy at any time without notice. The current version published on our website shall apply. Where the privacy policy forms part of an agreement with you, we will notify you of the modification by email or other appropriate means in the event of an update.

Questions for the data protection officer

If you have any questions about data protection, please write us an email or contact the person listed at the start of this privacy policy as our organisation’s data protection officer directly.