Ultimo aggiornamento: 11.03.2026
Envestis SA ("we", "our", "us", "Envestis", or the "Company") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains in detail how we collect, use, store, disclose, and safeguard your personal data when you visit or interact with the website envestis.ch (the "Website"). This policy is designed to comply with the Swiss Federal Act on Data Protection (nFADP/DSG), the EU General Data Protection Regulation (GDPR - Regulation (EU) 2016/679), and the California Consumer Privacy Act (CCPA/CPRA).
Envestis SA
Via Pretorio 13A
6900 Lugano
Canton Ticino, Switzerland
Email (legal inquiries): legal@envestis.ch
Email (general inquiries): info@envestis.ch
Website: envestis.ch
Envestis SA is the data controller responsible for the processing of your personal data as described in this Privacy Policy. If you have any questions regarding data protection, wish to exercise your rights, or have concerns about how your data is being processed, please contact us at legal@envestis.ch.
When you submit our contact form to request a free security audit or make a general inquiry, we collect the following data:
This data is transmitted securely via Brevo (Sendinblue SAS, France) to our email inbox. We use this information solely to respond to your inquiry, evaluate your request, and - where applicable - to prepare and deliver the requested security audit or other services.
When you visit our Website, certain technical data is automatically collected through our hosting and content delivery infrastructure. This includes:
Our Website is hosted on Cloudflare Pages. Cloudflare processes this data as a data processor acting on our behalf under its Data Processing Addendum (DPA). This processing is necessary for the delivery, optimization, and security of the Website. For full details, see Cloudflare's Privacy Policy.
With your consent, we use Cloudflare Web Analytics, a privacy-focused, cookieless analytics service. Cloudflare Web Analytics:
No personal data is transmitted to third parties for analytics purposes. You may withdraw your consent for analytics at any time through the cookie consent banner or by contacting us.
We use Cloudflare Turnstile to protect our contact form and other interactive elements from automated abuse, spam, and bot attacks. Turnstile may process:
This processing is based on our legitimate interest in maintaining the security and integrity of our Website and preventing spam and abuse (GDPR Art. 6(1)(f)). Turnstile is designed to be privacy-preserving and does not use cookies for tracking purposes.
Our Website uses Google Fonts served via Google's Content Delivery Network (CDN). When you visit our Website, your browser establishes a connection to Google's servers to retrieve font files. In this process, your IP address is transmitted to Google LLC. Google's use of this data is governed by Google's Privacy Policy.
We use a minimal number of cookies, strictly limited to those necessary for the functioning and security of our Website. We do not use advertising cookies, tracking pixels, social media plugins, or cross-site tracking technologies of any kind.
| Name | Type | Purpose | Duration | Provider |
|---|---|---|---|---|
| envestis_consent | Strictly Necessary | Stores your cookie consent preferences (categories: necessary, analytics). Required for us to respect your privacy choices. | 1 year | Envestis SA (first-party) |
| cf_clearance | Strictly Necessary / Security | Set by Cloudflare after a security challenge is successfully completed. Verifies you are a legitimate visitor and not a bot. | Session (up to 30 minutes) | Cloudflare, Inc. |
Cookieless analytics: Cloudflare Web Analytics operates entirely without cookies. No analytics cookies are placed on your device at any time.
You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of our Website, or by adjusting your browser settings. Please note that disabling strictly necessary cookies may impair the functionality of the Website.
We process your personal data only when we have a valid legal basis under the GDPR. The specific legal basis depends on the processing activity:
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Contact form submissions | Consent (Art. 6(1)(a)) and Pre-contractual measures (Art. 6(1)(b)) | You voluntarily submit your data to request our services. Processing is necessary to respond to your inquiry and, where applicable, to take steps prior to entering into a contract. |
| Analytics (Cloudflare Web Analytics) | Consent (Art. 6(1)(a)) | Analytics data is only collected after you provide explicit consent via our cookie banner. |
| Website hosting and delivery (Cloudflare Pages) | Legitimate interest (Art. 6(1)(f)) | Necessary for the operation, performance, and delivery of the Website. Our legitimate interest is to provide a fast, reliable, and accessible website. |
| Security measures (Cloudflare WAF, DDoS protection) | Legitimate interest (Art. 6(1)(f)) | Necessary to protect the Website and its visitors from cyber threats, attacks, and unauthorized access. |
| Bot protection (Cloudflare Turnstile) | Legitimate interest (Art. 6(1)(f)) | Necessary to prevent automated abuse, spam submissions, and bot-driven attacks on our forms. |
| Web fonts (Google Fonts CDN) | Legitimate interest (Art. 6(1)(f)) | Necessary for the consistent visual presentation of the Website. We rely on the CDN for performance optimization. |
| Transactional email (Brevo) | Consent (Art. 6(1)(a)) and Contract performance (Art. 6(1)(b)) | Processing is necessary to deliver your submitted form data to our team and to communicate with you regarding your inquiry. |
| Cookie consent storage | Legal obligation (Art. 6(1)(c)) | We are legally required to obtain, record, and respect your consent preferences under GDPR and the Swiss nFADP. |
Where we rely on legitimate interest as the legal basis, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time (see Section 8).
We engage a limited number of third-party service providers to operate and maintain our Website. Each provider has been selected for its strong privacy practices and compliance with applicable data protection laws.
| Service | Provider | Purpose | Data Processed | Location | Legal Basis |
|---|---|---|---|---|---|
| Cloudflare Pages | Cloudflare, Inc. (USA) | Website hosting, CDN, DDoS protection, WAF | IP address, HTTP request headers, request metadata | Global CDN (company HQ: USA) | Legitimate interest (Art. 6(1)(f)) |
| Cloudflare Web Analytics | Cloudflare, Inc. (USA) | Privacy-focused, cookieless website analytics | Aggregated, non-personal metrics only | Global CDN (company HQ: USA) | Consent (Art. 6(1)(a)) |
| Cloudflare Turnstile | Cloudflare, Inc. (USA) | Bot protection for forms | IP address, browser environment, interaction signals | Global CDN (company HQ: USA) | Legitimate interest (Art. 6(1)(f)) |
| Brevo (Sendinblue) | Sendinblue SAS (France) | Transactional email delivery for contact form | Name, email address, phone (if provided), company (if provided), website URL (if provided), message content | France / EU | Consent (Art. 6(1)(a)) / Contract (Art. 6(1)(b)) |
| Google Fonts | Google LLC (USA) | Web font delivery via CDN | IP address (transmitted when fonts are loaded) | Global CDN (company HQ: USA) | Legitimate interest (Art. 6(1)(f)) |
We have entered into Data Processing Agreements (DPAs) or verified the existence of appropriate safeguards with all processors that handle personal data on our behalf.
Some of our third-party service providers are based in or process data in countries outside of Switzerland and the European Economic Area (EEA), particularly the United States. We ensure that all international data transfers are conducted in compliance with Chapter V of the GDPR (Articles 44-49) and Chapter 2 of the Swiss nFADP. The following safeguards are in place:
You may request a copy of the relevant safeguards by contacting legal@envestis.ch.
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our specific retention periods are:
| Data Type | Retention Period | Notes |
|---|---|---|
| Contact form submissions | Maximum 2 years from submission | Retained to process your inquiry and for follow-up. You may request earlier deletion at any time by contacting legal@envestis.ch. |
| Email correspondence | Maximum 2 years from last communication | Retained for the duration of the business relationship and a reasonable period thereafter for reference. |
| Consent preferences (envestis_consent cookie) | 1 year | Stored locally in your browser. Automatically expires after 1 year, at which point consent will be requested again. |
| Cloudflare security logs (CDN/WAF) | Maximum 72 hours | Retained by Cloudflare for security monitoring and threat analysis. Automatically purged thereafter. |
| Cloudflare Web Analytics data | 6 months (aggregated) | Aggregated, non-personal data retained by Cloudflare. No individual-level data is stored. |
| Security audit engagement data | 5 years from project completion | Retained to fulfill legal obligations under Swiss commercial law (CO/OR Art. 958f) and for professional liability purposes. |
When personal data is no longer required, it is securely deleted or irreversibly anonymized. We conduct periodic reviews of retained data to ensure compliance with these retention periods.
If you are located in the European Union or the European Economic Area, you have the following rights under the GDPR:
Swiss residents have equivalent data protection rights under the revised Swiss Federal Act on Data Protection (nFADP/DSG), which entered into force on 1 September 2023. These include:
The competent supervisory authority for data protection in Switzerland is:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Website: www.edoeb.admin.ch
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Categories of personal information collected in the preceding 12 months: Identifiers (name, email address, IP address), Internet or electronic network activity information (browsing history on our Website, interaction with our Website), and professional or employment-related information (company name, if provided).
We do not sell personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
To exercise your CCPA/CPRA rights, contact us at legal@envestis.ch. We will verify your identity before processing your request and will respond within 45 days.
To exercise any of the rights described above, please contact us at:
Email: legal@envestis.ch
Subject line: "Data Protection Request"
We will acknowledge your request within 5 business days and provide a substantive response within 30 days (GDPR/nFADP) or 45 days (CCPA/CPRA). If your request is complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it. We may ask you to verify your identity before processing your request to protect your data from unauthorized disclosure.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Our Website and services are not directed at children under 16 years of age. We do not knowingly collect, solicit, or process personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete such data. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at legal@envestis.ch.
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals (GDPR Art. 22). The bot protection mechanism (Cloudflare Turnstile) performs automated analysis of visitor behavior solely for the purpose of distinguishing human visitors from bots, and does not produce decisions that have legal or similarly significant effects on you.
Our Website respects Do Not Track (DNT) browser signals. When we detect a DNT signal, we do not load analytics scripts. Additionally, since Cloudflare Web Analytics is cookieless and does not track individual users, our analytics approach is inherently privacy-respecting regardless of DNT settings.
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data protection practices, please contact us:
Envestis SA
Via Pretorio 13A
6900 Lugano, Switzerland
Email (legal/privacy): legal@envestis.ch
Email (general): info@envestis.ch
We aim to resolve all complaints and disputes regarding data protection in a timely and fair manner. If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority (see Section 8).
These Terms of Service ("Terms", "Agreement") constitute a legally binding agreement between you ("you", "your", "User", "Client") and Envestis SA ("Envestis", "we", "us", "our", the "Company"), a company registered in Lugano, Canton Ticino, Switzerland. These Terms govern your access to and use of the envestis.ch website (the "Website") and any professional services provided by Envestis.
By accessing, browsing, or using the Website or engaging our services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree with any part of these Terms, you must discontinue use of the Website immediately.
For the purposes of these Terms, the following definitions apply:
Envestis SA provides professional cyber security services, including:
The Website provides general information about our Services and allows visitors to contact us via a contact form to request information, schedule consultations, or request a free security audit. The provision of specific Services is subject to a separate engagement agreement or statement of work agreed upon by both parties.
You may access and browse the Website for informational purposes. By using the Website, you agree to the following rules of conduct. You shall not:
Envestis reserves the right to restrict or terminate access to the Website for any User who violates these rules, without prior notice and without liability.
By submitting the contact form on our Website, you:
The following terms apply to all security audit reports, assessments, and deliverables produced by Envestis:
All content on the Website, including but not limited to text, articles, graphics, logos, icons, images, audio clips, video clips, data compilations, page layouts, underlying code, and software, is the exclusive property of Envestis SA or its licensors and is protected by Swiss and international copyright, trademark, patent, and other intellectual property laws.
Additionally, all methodologies, tools, frameworks, techniques, processes, and proprietary know-how developed or used by Envestis in the delivery of its Services remain the exclusive Intellectual Property of Envestis, unless explicitly stated otherwise in a written engagement agreement.
No part of the Website or its content may be reproduced, distributed, modified, displayed, published, transmitted, or used in any form or by any means without the prior written consent of Envestis SA. You are granted a limited, non-exclusive, non-transferable, revocable license to access and view the Website content for personal, non-commercial informational purposes only.
Envestis provides its professional Services based on industry-recognized best practices, established methodologies (including OWASP, NIST, and ISO 27001 frameworks), and the professional expertise of its team. However, you acknowledge and agree that:
Both parties agree to maintain the confidentiality of all Confidential Information received from the other party in connection with the use of the Website or the provision of Services. Specifically:
Website: The Website, including all content, features, and functionality, is provided on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, whether express, implied, or statutory. To the fullest extent permitted by applicable law, Envestis expressly disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and completeness. We do not warrant that the Website will be uninterrupted, error-free, secure, or free from harmful components (including viruses or malware).
Professional Services: Professional Services are provided with reasonable skill, care, and diligence consistent with generally accepted industry standards and practices in the field of cyber security. This constitutes the sole and exclusive warranty with respect to our Services. Except for this professional standard, all other warranties - whether express, implied, or statutory - are expressly disclaimed to the maximum extent permitted by law.
Information on Website: The information published on the Website (including blog posts, articles, and general security advice) is provided for general informational and educational purposes only. It does not constitute professional security advice, legal advice, or a recommendation for any specific security measure. You should not rely on Website content as a substitute for professional consultation.
To the maximum extent permitted by Swiss law and applicable international law, the following limitations apply:
Some jurisdictions do not allow the exclusion or limitation of certain types of damages. In such jurisdictions, our liability shall be limited to the maximum extent permitted by applicable law. Nothing in these Terms shall exclude or limit liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded or limited under applicable law.
You agree to defend, indemnify, and hold harmless Envestis SA, its directors, officers, employees, agents, contractors, and affiliates from and against any and all claims, demands, actions, liabilities, damages, losses, costs, and expenses (including reasonable legal fees and court costs) arising out of or related to:
This indemnification obligation shall survive the termination of these Terms.
These Terms are effective as long as you use the Website. We may, at our sole discretion and without prior notice:
Termination of specific Service engagements is governed by the applicable engagement agreement or statement of work. In the absence of a separate agreement, either party may terminate a Service engagement by providing 30 days' written notice to the other party.
The following sections shall survive termination of these Terms: Intellectual Property, Confidentiality Obligations, Disclaimer of Warranties, Limitation of Liability, Indemnification, Governing Law and Jurisdiction, and any other provisions that by their nature should survive termination.
Neither party shall be liable for any failure or delay in the performance of its obligations under these Terms (other than payment obligations) to the extent that such failure or delay is caused by a Force Majeure Event. The affected party shall promptly notify the other party of the Force Majeure Event and use reasonable efforts to mitigate its effects. If a Force Majeure Event continues for more than 60 consecutive days, either party may terminate the affected engagement by written notice.
These Terms are governed by and shall be construed in accordance with the substantive laws of Switzerland, without regard to its conflict of law principles and excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).
Any dispute, controversy, or claim arising out of or relating to these Terms, or the breach, termination, or invalidity thereof, shall be subject to the exclusive jurisdiction of the competent courts of Lugano, Canton Ticino, Switzerland. Notwithstanding the foregoing, Envestis reserves the right to seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information.
If any provision of these Terms is found by a competent court to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid and enforceable. If modification is not possible, the provision shall be deemed severed from these Terms. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect.
These Terms, together with our Privacy Policy, constitute the entire agreement between you and Envestis with respect to your use of the Website. These Terms supersede all prior or contemporaneous communications, proposals, and representations - whether oral or written - with respect to the Website.
For professional Services, these Terms are supplemented by the applicable engagement agreement, statement of work, or service contract. In the event of a conflict between these Terms and a specific engagement agreement, the engagement agreement shall prevail with respect to the specific Services covered therein.
The failure of Envestis to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by an authorized representative of Envestis. A waiver of any right or provision on one occasion shall not be deemed a waiver of such right or provision on any subsequent occasion.
You may not assign or transfer these Terms, or any rights or obligations hereunder, without the prior written consent of Envestis. Envestis may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, without your consent. Subject to the foregoing, these Terms shall bind and inure to the benefit of the parties and their respective successors and permitted assigns.
We reserve the right to modify, amend, or replace these Terms at any time at our sole discretion. Changes take effect upon publication on this page with a revised "Last updated" date. For material changes, we will provide reasonable notice via a prominent notice on the Website at least 30 days before the changes take effect. Your continued use of the Website after any modification constitutes your acceptance of the revised Terms. If you do not agree with the modified Terms, you must discontinue use of the Website.
If you have any questions about these Terms, please contact us:
Envestis SA
Via Pretorio 13A
6900 Lugano, Switzerland
Email: legal@envestis.ch
Website: envestis.ch
Envestis SA
Via Pretorio 13A
6900 Lugano
Canton Ticino, Switzerland
Legal form: Societa Anonima (SA)
Registered office: Lugano, Canton Ticino
UID/IDI: CHE-339.253.743
CH-ID: CH-501-3019175-3
Commercial Register of the Canton of Ticino
Email (legal inquiries): legal@envestis.ch
Email (general inquiries): info@envestis.ch
Website: envestis.ch
Managing Director
Envestis SA
Via Pretorio 13A
6900 Lugano, Switzerland
Responsible for the content of this website pursuant to applicable Swiss media and telecommunications law.
Envestis SA is a corporation (Aktiengesellschaft / Societe Anonyme) registered in the Commercial Register of the Canton of Ticino under UID CHE-339.253.743, operating under Swiss commercial law - specifically the Swiss Code of Obligations (CO/OR, Obligationenrecht). The company provides professional cyber security consulting, security auditing, secure web development, and security awareness training services.
Envestis SA is not a regulated financial institution and does not require a license from the Swiss Financial Market Supervisory Authority (FINMA). The company operates in full compliance with applicable Swiss federal and cantonal laws, including but not limited to the Swiss Federal Act on Data Protection (nFADP/DSG), the Swiss Code of Obligations (CO/OR), and the Swiss Federal Act on Unfair Competition (UWG).
UID/IDI: CHE-339.253.743
VAT registration information is available upon request. Please contact legal@envestis.ch for details.
Envestis SA maintains professional liability insurance appropriate to the nature and scope of its services. As a provider of professional cyber security services, Envestis adheres to industry-recognized standards and best practices, including but not limited to OWASP, NIST Cybersecurity Framework, and ISO/IEC 27001 guidelines. All services are delivered with reasonable skill, care, and diligence consistent with the standards expected of qualified cyber security professionals.
The engagement of Envestis for professional services does not create an implied guarantee of absolute security. Cyber security assessments and audits are point-in-time evaluations, and the security landscape evolves continuously. Clients remain responsible for the ongoing maintenance of their security posture.
Envestis SA is committed to resolving disputes in a fair, efficient, and amicable manner. If you have a complaint or concern regarding our Website or Services, we encourage you to contact us first at legal@envestis.ch so that we may attempt to resolve the matter directly.
While Envestis SA is not obligated to participate in dispute resolution proceedings before a consumer arbitration board, we are willing to engage in good-faith negotiations to seek an amicable resolution.
If a dispute cannot be resolved amicably, it shall be subject to the exclusive jurisdiction of the competent courts of Lugano, Canton Ticino, Switzerland, in accordance with Swiss law.
This Website may contain hyperlinks to external third-party websites. These links are provided solely for your convenience and reference. Envestis SA has no control over the content, availability, privacy practices, or security of external websites and assumes no responsibility or liability for:
The inclusion of any link does not imply endorsement, affiliation, sponsorship, or approval by Envestis SA of the linked website or its operator. We recommend that you review the terms of service and privacy policy of any external website before providing personal data or engaging with its content.
All content on this Website - including text, images, graphics, logos, icons, layout, and underlying source code - is the intellectual property of Envestis SA or its licensors and is protected by Swiss and international copyright laws. Unauthorized reproduction, distribution, modification, or use of any content from this Website is strictly prohibited without prior written consent from Envestis SA.
© 2024 - 2026 Envestis SA. All rights reserved.
The information provided on this Website is for general informational and educational purposes only. It does not constitute and should not be construed as legal, financial, technical, or professional advice. While we strive to ensure the accuracy and timeliness of the information presented, Envestis SA makes no representations or warranties - express or implied - regarding the completeness, accuracy, reliability, or suitability of the information for any particular purpose. Any reliance you place on the information on this Website is strictly at your own risk.