Privacy Policy
Last updated: February 5, 2026
Pursuant to Regulation (EU) 2016/679 (“GDPR”).
Ares Cyber S.r.l., with registered office in Via Cassia 1170, 00189, Rome, Italy, VAT Number 18398781007 (hereinafter, the “Company” or “Controller”), as the Data Controller, informs You, pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter, “GDPR”), that Your personal data will be processed in the manner and for the purposes indicated below.
1. Types of data processed
Depending on the interaction with You, the Company may process:
- Identification and personal data (e.g., name, surname, email address, telephone number, image).
- Professional data (e.g., company, role, professional contact details).
- Navigation and technical data (e.g., IP address, browser type, pages visited, access time) collected during the use of our website: www.ares-cyber.ai.
- Data relating to applications (CV, cover letters, information on educational and professional background).
- Other data voluntarily provided by You (e.g., content of contact requests via forms).
2. Purposes and legal basis for processing
| Purpose | Legal basis (ex Art. 6 GDPR) | Retention period |
|---|---|---|
| A) Performance of contracts and provision of services (e.g., managing relationships with clients/suppliers, technical support). | Performance of a contract or compliance with pre-contractual measures. | For the entire duration of the contractual relationship and subsequently for 10 years (statute of limitations for civil rights). |
| B) Compliance with legal obligations (e.g., accounting, taxation, workplace safety). | Legal obligation to which the Controller is subject. | For the period required by the specific legislation (e.g., 10 years for tax documents). |
| C) Direct marketing (newsletters, commercial communications about services similar to those already used, promotional material). | Legitimate interest of the Controller (ex Art. 130, paragraph 4, of the Italian Privacy Code). | Until the data subject objects or withdraws consent. |
| D) Promotional marketing (marketing communications about new services, market research) and profiling cookies. | Freely given, specific and informed consent of the data subject. | Until consent is withdrawn. |
| E) Management of applications (evaluating CVs, interviews). | Performance of pre-contractual measures at the request of the data subject. | Maximum 24 months from receipt, unless specific consent is given for longer storage. |
| F) Security and fraud prevention (managing access, monitoring website traffic). | Legitimate interest of the Controller to protect its assets and information systems. | For the time strictly necessary for the purpose. |
| G) Exercise of rights in legal proceedings. | Legitimate interest of the Controller for legal defense. | For the duration of any legal proceedings. |
3. Processing methods
Data processing will be carried out using IT and/or paper tools, with logics strictly related to the purposes themselves, and in compliance with the security measures required by the GDPR to prevent loss, illicit or unauthorized use, and unauthorized access.
4. Data communication and dissemination
Your data may be processed by:
- Employees and collaborators of the Company, acting as persons authorized to process data.
- Service providers (e.g., hosting providers, cloud management systems, consultants) appointed as Data Processors (Art. 28 GDPR).
- Public or private entities to whom communication is mandatory by law (e.g., Revenue Agency, Law Enforcement).
The data will not be disseminated (i.e., made known to indeterminate subjects).
5. Rights of data subjects
As a data subject, You have the right to request from the Controller:
- Access to Your data (Art. 15).
- Rectification or integration of inaccurate data (Art. 16).
- Erasure (“Right to be Forgotten”) in the cases provided for (Art. 17).
- Restriction of processing in the cases provided for (Art. 18).
- Data portability in a structured format (Art. 20).
- Objection to processing for legitimate reasons (Art. 21).
To withdraw consent (where processing is based on it) or exercise Your rights, You can write to [email protected] or by registered mail to: Ares Cyber S.r.l., Via Cassia 1170, 00189, Rome, attn. Data Protection Officer (DPO) / Privacy.
You also have the right to lodge a complaint with the supervisory authority, the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it.
6. Changes to this policy
The most up-to-date version will always be available on our website at www.ares-cyber.ai.