Data Privacy Policy

1. Introduction

At ITpoint Systems AG (“we”, “us”, “ITpoint”), we take your privacy seriously.

This privacy notice explains how ITpoint collects and uses personal data and describes the rights you have with respect to your personal data.

As a responsible organisation, we have implemented numerous technical and organisational measures to ensure the most complete protection of any personal data processed by us, in order to meet the requirements of the General Data Protection Regulation (“GDPR”), the Swiss Federal Data Protection Act (“FADP”) and in accordance with any country-specific data protection regulations.

ITpoint processes personal data for a variety of purposes. We collect this data directly from you, for example, if you engage us to provide services directly to you, or we may also obtain your personal data from publicly available sources (e.g., LinkedIn), or process your data in the context of providing services to your employer (as our customer).

This privacy notice is intended to cover all aspects and scenarios of how ITpoint processes personal data and it is further supplemented by more specific privacy notices, which are provided to you at the time your personal data is collected, where appropriate.

2. Name und Address of the Data Controller

The data controller for the purposes of the GDPR and FADP, other data protection laws applicable in Switzerland and Member states of the European Union and other provisions related to data protection is:

ITpoint Systems AG
Phone: +41 41 798 80 80
Email: [email protected] (for Data Protection Enquiries)

ITpoint Systems AG is a subsidiary of Sharp Electronics (Europe) GmbH. Please note that each Sharp organisation within Europe is a Data Controller in its own right and you should check the Privacy Policy on the local country website domain (e.g.,,, which you are accessing or where you reside.

As a data controller we are responsible for deciding how we hold, use and keep personal data secure. It also means we are responsible for responding to requests you make in relation to how your personal data is used. If you have any questions about the way your personal data is processed, you can contact us on these details:

Email: [email protected]

You may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

3. Data Protection Representative

Article 27 of the General Data Protection Regulation (GDPR) requires organizations that are not established in the European Union (EU) to designate a representative in the EU if they are subject to the GDPR.

ITpoint Systems AG may undertake processing activities to which the GDPR applies. For that reason, ITpoint Systems AG has appointed a representative in accordance with the GDPR to act on their behalf if, and when, they undertake data processing activities to which the GDPR applies, in accordance with Articles 13 and 14 of the GDPR. Such appointment is not intended to be an acknowledgement that the GDPR is applicable to any of their processing activities.

The Data Protection Representative of the Controller is:

Sharp Electronics (Europe) Ltd. Sucursal en España, incorporated in Spain whose registered office is at WTC Almeda Park, Plaça de la Pau s/n, Edificio-6, Planta-4, 08940 Cornellà de Llobregat, Barcelona, Spain E-Mail: [email protected]

Sharp Electronics Europe Ltd, 4 Furzeground Way, Stockley Park, Uxbridge, UB11 1EZ, United Kingdom E-Mail: [email protected]

4. Personal data

This privacy notice covers any personal data processed by ITpoint. “Personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.

It also includes sensitive personal data (special category data as referenced in the GDPR), including:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Membership of a trade union
  • Genetic data
  • Biometric data
  • Physical or mental health or condition
  • Sex life or sexual orientation

Sensitive personal data also includes personal data relating to criminal convictions and offenses.

5. What data is processed

We will collect personal data when you set up an account with us, purchase products or services from us, complete forms we provide to you, make a report or notification about our products or services, contact us by phone, email or communicate with us directly in some other way.

Below we define types of personal data processed by us depending on the circumstances in which personal data is collected. We collect the following types of personal data from you:

5.1 Visitors to our website

Personal data we collect about you when you visit our site falls into two categories.

A. Information provided directly by you:
We collect personal data that you provide voluntarily through our site, for example, when completing online forms to contact us, subscribing to a newsletter, using one of our online services, subscribing to receive marketing communications from us, participating in surveys or registering for events that we are organizing. The information we collect about you includes the following:

  • Name
  • Job title, job level or function, role
  • Company or organization
  • Company data
  • Contact information, including primary email, email address and telephone numbers
  • Demographic information, such as industry, country, postcode, preferences and interests
  • Other information relevant to client surveys or similar research
  • Information pertinent to fulfilling our services to you
  • Any other personal data that you voluntarily choose to provide to us

We do not intentionally collect sensitive category data, unless you provide us with such data. While there may be free text boxes on the site where you are able to enter any information, we do not intend to process sensitive information and you should therefore refrain from providing any such data. If you choose to provide any sensitive personal information in this manner, you acknowledge you consent to the collection and processing of this sensitive information.

B. Automatically collected information:

When you visit our site, we collect certain personal data automatically from your device, such as your IP address, device type, unique device identification number, browser type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect information on how you and your device interacted with the content on our site e.g. links clicked, information accessed. We collect this information to gain better understanding of the visitors to our site, where they come from and what content on our sites is of interest to them. This information may further be used for analytics and quality purposes. Further information on how ITpoint uses automatically collected data, including cookies and other similar tracking technology, is explained in our Cookie Policy.

Our site also uses various social media plugins, please refer to section 4.6 for further information on their use.

5.2 Customers

When you engage us to provide services to you, we collect and use personal data for valid business purposes in the context of providing services to you. As part of any such service, ITpoint may also process personal data of individuals who are not directly our customers (for example, employees, customers or suppliers of our customers).

The majority of the personal data we collect and use to provide our services is supplied voluntarily by our customers. Where such data may concern individuals who are not ITpoint’s direct customers, we obtain a confirmation from our customer confirming they have the authority to pass the data to us for lawful onward processing.  

 We process the following types of personal data:

  • Basic information, such as your name, the company you work for, your position and your relationship to a person
  • Contact information, such as your postal address, email address and telephone numbers
  • Financial information, including any information to facilitate payments between the parties
  • Any other personal data relating to you or other third parties which you provide to us for the purpose of receiving our services

5.3 Contacts in our CRM systems

We process personal data about our business contacts (e.g. existing, former or prospective customers, including any individuals employed by them and other business contact) in our Customer Relationship Management (CRM) systems.

Our CRM systems provide support to the business and facilitate our marketing operations. ITpoint uses the information recorded on such systems to share with contacts information about ITpoint products, marketing materials, surveys and invitations to events, and for general customer relationship administration purposes.

We process the following categories of personal data in our CRM systems:

  • Name, job title, address, email address, phone and fax numbers
  • Name of employer or organization the individual is associated with
  • Marketing preferences
  • Invitation responses and event attendance confirmations
  • Any other information voluntarily provided by in the course of our business relationship

We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies), if you attend one of our events. Collection of any such data will be subject to specific privacy notices, relevant to the event your are attending.

5.4 Participants in ITpoint events

We process personal data about participants in events organised by ITpoint including meetings, conferences, learning sessions and webinars. We may use various applications and online platforms to manage event registration processes. Please take note of their own privacy notices and read them carefully when you provide your personal data for the purposes of event participation.

We process the following categories of personal data (to the extent they apply a specific event):

  • Name, age or date of birth
  • Client personnel information (home, office and business information)
  • Credit or debit card number
  • Customer information (home, office and business information)
  • Email address
  • Gender
  • Home or other physical address
  • Names of employers
  • Role (job title)
  • Passport number
  • Telephone or fax numbers

We do not intentionally collect sensitive category data, unless you provide us with such data (for example, special dietary requirements which reveal your religious affiliation or any food allergies or other data relating to your health necessary to provide support to participants and facilitate their attendance in ITpoint run events).

ITpoint may take photographs and audio or video recordings in public areas of the ITpoint events. Following the event, recordings may be further edited before they are published or distributed for marketing purposes.

5.5 Individuals who use our platforms and applications

We provide external users, including our customers and their end users, access to various applications managed by us such as our partner service portal. Any personal data collected via these applications (e.g. name, email address, data and time of registration) is captured to provide the individuals with this service, verify their identity and to provide them with a secure log in to a protected web environment. It also enables ITpoint to provide access or deny access due to misuse of service. Any third-party applications provided by ITpoint are subject to their own privacy notices. Please familiarise yourself with their content and read them carefully when you use our platforms and applications.

5.6 Individuals who visit our social media sites and interact with our social media tools

Social media sites
ITpoint uses various social media platforms for recruitment, marketing and business development purposes. We use social media to advertise recruitment opportunities with ITpoint and to promote products, services and brand.

Please note that while ITpoint is responsible for the content it publishes using social media platforms, ITpoint will not be responsible for the management and administration of any social media platforms.  You should always familiarize yourself and read carefully any legal and privacy terms imposed by these social media platforms. If you have any questions on how the social media platform uses your data, you should contact the platform provider directly.

In some circumstances, ITpoint may obtain aggregated data from these social media platform providers, e.g. number of “likes” in response to ITpoint published content and posts, number of visitors who engage with our posts or information on links clicked and downloaded content.

Social media plugins
Social media plugins are also implemented on our site e.g. specific button which enables the site to establish a direct connection with the relevant social media platform server. As a result of such direct connection, the social media provider will be informed of the relevant page on our site which triggered such link. If you wish to prevent such sharing, you should review your settings within your social media accounts prior to visiting our website as ITpoint has no influence on how the data is collected using social media plugins.

Our site uses the following plugins and widgets:

  • X (formerly Twitter)
    Functions of the X service have been integrated into our site. When you use X and the “retweet” function, the websites you visit are connected to your X account and made known to other users. If you are not yet logged into your X account, clicking a X button will show you the X login page for you to enter your login credentials. In doing so, data will also be transferred to X. We would like to point out that we have no knowledge of the content of the data transmitted or how it will be used by X. For more information, see X privacy policy.
  • YouTube
    Our site uses plugins from YouTube, which is operated by Google. If you visit one of our pages featuring a YouTube plugin, it is a connection to the YouTube servers. Here, the YouTube server is informed about which pages you have visited.

    If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. If you are not yet logged in, clicking a YouTube button will show you the YouTube login page for you to enter your login credentials. For more information, see Google’s privacy policy.
  • LinkedIn Lead Gen Forms
    ITpoint uses LinkedIn Lead Gen Forms for ITpoint sponsored content, and sponsored LinkedIn InMails for recruitment, business development and marketing campaigns. Once LinkedIn members click on ITpoint advertisement, they will see a form that is pre-filled with information from their LinkedIn profile, such as their name, contact information, company name, seniority, job title and location. As soon as a LinkedIn member submits a lead form, they will be connected to ITpoint. Please click here for LinkedIn’s privacy policy.
  • Google Maps
    Our site uses the Google Maps map service via an application programming interface (API).

    To use Google Maps, it is necessary to save your IP address. This information is generally translated to a Google server in the United States and stored there. We have no influence on this data transfer. For more information, see Google’s privacy policy.

5.7 Individuals who correspond with ITpoint via email

ITpoint uses a variety of tools to maintain the security of our IT infrastructure, including our email facilities. Examples of such tools are:

  • Systems that scan incoming emails to ITpoint recipients for suspicious attachments and URLs, in order to prevent malware attacks
  • Tools that provide end-point threat detection to detect malicious attacks
  • Tools that block certain content or websites

If you correspond via email with a ITpoint recipient, your emails will be scanned by the tools ITpoint operates to maintain the security of its IT infrastructure, which could result in content being read by authorized ITpoint personnel other than the intended recipient.

5.8 Job applicants

We process personal data for recruitment purposes, to facilitate the administration of our available employment opportunities and to match your skills, experience and education with specific roles offered by ITpoint. Any such data may be collected directly from the candidate or from other third parties, about the candidate.

In general terms, we collect the following types of personal data:

  • CVs/resumes
  • identification documents
  • academic records
  • work history
  • employment information and references

This information is passed to the relevant hiring managers and persons involved in the recruitment process to decide whether to invite you for an interview. ITpoint will collect further information if you are invited to the interview (or equivalent) stage and onward. Such information includes interview notes, assessment results, feedback and offer details.

As part of our recruitment process, we may also collect special category data from candidates where we have an employment law obligation to do so. This information is relevant to their future working environment at ITpoint or the future provision of employment benefits, or with the individual’s explicit consent, where collecting such information is permitted by law.

Our recruitment tools and websites contain their own privacy notices explaining why and how personal data is collected and processed by those applications. We encourage individuals using our recruitment tools and websites to refer to the privacy notices available on those tools and websites.

5.9 Suppliers

We process personal data about our suppliers (including subcontractors, and individuals associated with our suppliers) in order to manage our relationship and contract, and to receive services from our suppliers.

The personal data we process is generally limited to contact information (name, name of employer, phone, email and other contact details) and financial information, including payment-related information.

5.10 Visitors to ITpoint offices

When you visit an ITpoint office, we process your personal data in order to provide you with certain facilities (such as access to our buildings and conference rooms or Wi-Fi), to control access to our buildings, and to protect our offices, personnel, goods and confidential information (for example, by using CCTV).

The personal data we collect is generally limited to your name, contact information, location, and the time you enter and leave our office.

  • Visitor records and access badges
    We require visitors to our offices to sign in at reception and we keep that record of visitors for a short period of time. Visitors to our offices are provided with a temporary access badge to access our offices. Our visitor records will be used to verify that access badges are returned, to look into a security incident and for emergency purposes (for example, if an office needs to be evacuated).
  • Wi-Fi
    We monitor and log traffic on our Wi-Fi networks. This allows us to see limited information about a user’s network behaviour but will also include being able to see at least the source and destination addresses the user is connecting from and to.
  • CCTV
    ITpoint uses CCTV monitoring where permitted by law. CCTV images are securely stored and only accessible on a need-to-know basis (for example, to look into an incident).

We limit the collection of personal data to only that which is absolutely necessary to carry out our legal or business obligations. In some cases, however the provision of personal data may be partly required by law (e.g. tax regulations), is needed as part of contractual negotiations, or as part of providing a service. Below, we describe:

  • the purposes we collect your personal data for and;
  • the legal basis that allows us to process your personal data
Type of dataPurposes for processingLegal grounds for processing

Visitors to

– To administer and manage our site, including to confirm and authenticate your identity, and prevent unauthorized access to restricted areas of our site
– To personalize and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you
– To analyse the data of visitors to our site
– To determine the company, organization, institution or agency that you work for or with which you are otherwise associated
– To develop our business and services
– To provide you with marketing communications
– To conduct benchmarking and data analysis (for example, regarding usage of our site and demographic analyses of visitors of our site)
– To understand how visitors use the features and functions of our site
– To monitor and enforce compliance with applicable terms of use
– To conduct quality and risk management reviews
– Any other purpose for which you provided information to ITpoint
– Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses
– Our legitimate interest in developing and improving our site, and your user experience
– Explicit consent of the visitor



– To provide services to you
– To administer our relationship and maintain contractual relations
– For accounting and tax purposes 
– For marketing and business development
– To comply with our legal and regulatory obligations
– To establish, exercise or defend legal rights
– For historical and statistical purposes
– Performance of a contract
– Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses
– Our legitimate interest in fulfilling a contract between you and ITpoint


Contacts in our CRM systems

– To provide you with information about our products and services
– For marketing and business development
– To administer our relationship and maintain contractual relations
– Explicit consent of the business contact
– Our legitimate interest in managing the relationship with our business contacts and providing information about ITpoint, our services and events we organize

Participants in ITpoint events

– To provide you with information about our products and services
– For marketing and business development
– To administer the participation in the event and its facilitation

– Explicit consent of the participant
– Our legitimate interest in organizing events and managing the registration process for such events.
– Our legitimate interest in protecting our people, assets and information, and to prevent unauthorized people gaining access to off-site ITpoint events.
– Our legitimate interest in providing information about ITpoint, our services and events we organize

Individuals who use our platforms and applications

– To administer our relationship and maintain contractual relations
– To facilitate access to our platforms and applications

– Our legitimate interest in the effective delivery of information and services to you, and the effective and lawful operation of our businesses
– Our legitimate interest in fulfilling a contract between you and ITpoint
– Explicit consent of the platform/application end user

Individuals who visit our social media sites, social media plugins and tools

– To provide you with information about our products and services
– For marketing and business development
– For recruitment
– Our legitimate interest in promoting services
– Our legitimate interest in attracting, identifying and sourcing talent
– Our legitimate interest to improve your website experience and to optimize our services

Individuals who correspond with ITpoint via email
– To provide you with a resolution of your query or request
– For information security purposes
– Our legitimate interest in protecting our IT infrastructure against unauthorized access or data leakage
– Our legitimate interest in analysing email traffic

Job applicants

– For recruitment and talent sourcing purposes
– To facilitate selection and onboarding of job candidates
– To comply with our legal and regulatory obligations
– To establish, exercise or defend legal rights
– To administer your account throughout the application process including performance of any background checks, where applicable
– For statistical purposes

– Explicit consent of the candidate
– Our legitimate interest in attracting, identifying and sourcing talent
– Our legitimate interest to process and manage applications for roles at ITpoint, including the screening and selecting of candidates
– Our legitimate interest to hire and onboard candidates by making an offer to successful candidates, and carrying out pre-employment screening checks
– Our legitimate interest to manage our career websites (including conducting statistical analyses)
– Compliance with a legal or regulatory obligation (when carrying out background checks to warrant a candidate is eligible to work)


– For management of our relationship and contract including administration of payments and debt recovery
– To comply with our legal and regulatory obligations
– To establish, exercise or defend legal rights

– Performance of a contract
– Compliance with a legal or regulatory obligation
– Our legitimate interest in managing payments, fees and charges, and to collect and recover money owed to ITpoint
– Our legitimate interest in safeguarding against ITpoint inadvertently dealing with the proceeds of criminal activities or assist in any other unlawful or fraudulent activities

Visitors to ITpoint offices

– For administration of visitor access to ITpoint premises
– For protecting and safeguarding our premises, employees and information
– To comply with our legal and regulatory obligations
– To establish, exercise or defend legal rights
– Our legitimate interest in protecting our offices, personnel, goods and confidential information
– Our legitimate interest in preventing and detecting crime, and establishing, exercising and defending legal claims

We share your personal information with the following:

  • Our staff: Your personal data will be accessed by our staff but only where this is necessary for their job role.
  • Companies in the same group of companies as us: For the purpose of providing a service to you.
  • Partners and Dealers: For the purpose of answering queries you have about products and services not directly provided by ITpoint.
  • External service providers: ITpoint uses external service providers to assist with, for example, information technology and other administrative support services. Our service providers are contractually bound to maintain appropriate levels of security and data protection
  • Law enforcement and regulatory agencies: If we are required to disclose or share your Personal Data in order to comply with any legal obligation or any regulatory requirement.

We may transfer, sell or assign any of the information described in this Privacy Policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business. Where we are involved in a merger, acquisition or sales of assets, we will always process your data in line with your rights and freedoms and subject to confidentiality agreements between the parties.

9. Transfers of personal data

Sharp group companies operate in various locations across the globe. Some parts of our internal infrastructure are centralised which includes provision of information technology services. We may also transfer personal data to third parties (and their affiliates) which provide the above-mentioned ancillary services to ITpoint or Sharp group.

Therefore, your personal data will sometimes be transferred outside of the jurisdiction in which it was collected and stored. This includes countries outside of Switzerland, the European Economic Area (EEA) and the United Kingdom (UK). Where such a transfer is required, we put in place appropriate security and legal measures to safeguard the safety and security of personal data. ITpoint and Sharp group has implemented appropriate intragroup data transfer agreements, providing for a legally binding and enforceable commitment to protect any personal data within the Sharp company group. Where personal data is transferred to a third party service provider, we also ensure legally binding contractual protections are in place, consistent with the GDPR, FADP and any other applicable data protection laws.

10. Your rights

You have the following rights in relation to your personal data:

  • To access the personal data held by ITpoint about you
  • To have your personal data corrected, for example, if it is incomplete or incorrect
  • To opt out of receiving marketing communications at any time
  • To restrict or object to the processing of personal data or request erasing personal data (in certain circumstances and subject to applicable law)
  • To receive a copy of the personal data which you have provided to ITpoint, in a structured, commonly used and machine-readable format (known as “data portability”), subject to applicable laws
  • Where you have provided personal data voluntarily, or otherwise consented to its use, the right to withdraw your consent
  • The right to complain to a data protection authority

To exercise your rights to any of the above or to lodge a complaint about an alleged breach of data protection law, please contact us via [email protected]

11. Security

ITpoint has implemented appropriate organisational and technical controls to protect the confidentiality and security of information it obtains in the course of its business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse and improper disclosure.

12. Retention

Our policy is to retain personal data only for as long as it is needed for the purposes described in the section 5 of this Privacy Policy “Purposes and legal grounds for processing”. Note that retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.

13. Updates to this Policy

We may update this privacy policy from time to time to reflect changes in the way we process personal data (e.g. if we implement new systems or processes that involve the new uses of personal data) or to clarify information we have provided in this notice. Our changes will be in accordance with applicable data protection laws.

We recommend that you check for updates to this notice from time to time but we will notify you directly about changes to this notice or the way we use your personal data when we are legally required to do so.

ITpoint Data Privacy Policy
Version: 2.0 | October 2023