Privacy policy - Processing of personal data

Who is the personal data controller?

The data controller for the processing of personal data described below is Cybercom Group AB, a Swedish company with registration number 556544-6522, or such Cybercom member company, listed under this link, that is a contracting party for the purposes of providing or receiving services or the entity you have contacted with or is contacting you ("Cybercom", "we", "us" or "our").” You can find contact details at the bottom of this policy.

The web site

Cybercom cares about the privacy of those who visit the site. We are responsible for ensuring that personal data collected by us on this site is used only for its intended purpose. We protect it from unauthorized access and use.

What personal data do we process and why when you visit our website?

When you visit our website your IP address and other identifiers and information collected with the use of cookies and other similar technologies are automatically collected and then used to:

(a) to provide our website services consisting in making available to you the content of the website – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) letter b) of the GDPR);
(b) to measure traffic patterns and statistics on the website – then the legal basis for processing is our legitimate interest consisting in conducting analyzes of users' activity, as well as their preferences in order to improve the functionalities and services provided (Article 6 (1) letter f) of the GDPR);
(c) to determine claims or defend against them – the legal basis for processing is a legitimate interest of the controller consisting in the protection of its rights (Article 6 (1) letter f) of the GDPR.

For more information about our use of cookies, please see “Cookies”.

We also collect and process personal data, based on your consent, when you voluntarily complete surveys. When you complete surveys, we will process your personal data disclosed therein to analyze the responses/results and to improve our services on the basis of such responses/results. When you provide personal data for us to answer a question or fulfill a request via Contact Us tool, we will process your data to answer or to fulfill your request. For us to be able to answer a question or to fulfill a request from you, you sometimes need to provide personal data, such as your name, address, email address and telephone number. This information is used to contact you. When you voluntarily provide information, you consent to our usage of your personal data for the mentioned purpose.

Personal data submitted by you under the tab Events is used to administer the event subscriptions and for sending out invitations to future events. You may provide notice in writing if you no longer wish to receive such invitations. When you provide personal data under the tab Events, we will process your personal data to administer the event subscriptions and for sending out invitations to future events.

When you sign in to receive our Newsletter, we will process your data to send you information about our activity and news that may be of interest for you. We will keep your data for this purpose until you withdraw your consent, which can be made anytime.

Personal data submitted under the tab Jobs (via our recruitment tool Teamtailor) or when you send us directly your job application, is used for recruitment. For more information about our use of data contained in your job application, please see “Recruitment data”.

Business contact details

Cybercom processes personal data regarding contact persons and representatives of potential, current and former customers and other Cybercom contractors, in the scope including, in particular, name, surname, position, name and contact details of the person representing given entity, business telephone number and business e-mail address as well as information on contacts or relationships with Cybercom ("business contact details").

We can obtain business contact details directly from the person concerned (e.g. by sending us an e-mail or in the form of a business card), as well as by the represented entity or obtained from publicly available sources (e.g. companies’ registers, professional profiles such as LinkedIn™ or the website of the represented entity). Business contact details are processed primarily to maintain and develop business relationships with the represented entity, as well as other purposes that constitute legitimate interests of Cybercom, in accordance with Article 6 (1) letter f) of the GDPR (such as business correspondence, taking necessary actions to conclude or necessary to perform the contract with the entity that the person represents, internal reporting and evaluation and optimization of the quality of services, assessment and development of sales opportunities, analysis of client’s satisfaction), as well as to fulfilling legal obligations for us (e.g. to issue invoices, document the services provided, proper identification of the represented entity, prevention of violations and corruption). The business contact details can be processed by Cybercom also on the basis of a separate consent granted by a given person (e.g. in order to receive from us ordered marketing materials). In such cases, personal data is processed on the basis of this consent, to the extent and for the purpose set out in it. Business contact details will be processed for a period necessary to achieve the goals described above (for example in the scope of contract conclusion and implementation - for a period until the conclusion of the contract or its implementation, and after that for the period and to the extent required by law or for achieving by Cybercom of its legitimate interest as the data controller).

In order to fulfill your rights related to the processing of your personal data by us (including the right to object to the processing or withdrawal of your consent), please contact us at If you have any comments regarding the processing of personal data, for example if you believe that we do not exercise your rights as a data subject, you have the right to lodge a complaint with the supervisory authority. More details about how to exercise your rights and contact details of the supervisory authorities can be found in the section "How to use the rights related to personal data".

Social media

Cybercom processes personal data of users visiting Cybercom profiles carried out in social media (LinkedinTM, FacebookTM). These data are processed only in connection with running a profile, including to inform users about the activity of Cybercom and to promote various types of events, services and products. The legal basis for the processing of personal data for this purpose by Cybercom is its legitimate interest (Article 6 (1) letter f) of the GDPR to promote Cybercom’s own brand.

Recruitment data

By clicking the "Apply" or "Submit" button in our recruitment tool, i.e. Teamtailor, or otherwise sending a job application to Cybercom, you agree to the processing by Cybercom of your personal data contained in the application form and attached documents in order to recruit for the position indicated in the announcement in accordance with the conditions described below.

Personal data provided to us will be processed for recruitment to which you apply. If we have chosen another person in the recruitment process, your personal data will be deleted. However, if you have given additional consent to use your data in future recruitment processes carried on by Cybercom, we will retain your data for a period of 2 years from submitting the application (unless you withdraw your consent beforehand). You can express your consent for participation in future recruitment at the time of first registration in our recruitment system by selecting the appropriate consent box. You can also give your consent for the above by indicating the below in your CV:
"I agree to the processing by Cybercom of my personal data contained in the job application form, in the attached CV and made available to Cybercom in a different way during the recruitment process, for future recruitment conducted by Cybercom within two years from the day of submitting the application. "

If in the recruitment process you applied for, we decided to choose another person, we will send you a message about the possibility of staying in our recruitment database and we will ask you to give us permission to process your data in future Cybercom recruitment processes. If you do not give your consent within 14 days of sending such a message, your data will be permanently deleted from our database.

The controller of your personal data will be such Cybercom member company that runs a recruitment you decided to apply for or you consented to participate in future recruitment. The basis for the processing of personal data is your consent. Your consent is always voluntary and may be withdrawn at any time by sending a declaration to:, but this does not affect the legality of the processing of your data.

Providing personal data is voluntary, but necessary in order to participate in our recruitment processes. At any time, you have the right to access the data, the right to rectify it, the right to delete data, the right to limit processing and the right to transfer data. Please see more at “What rights do I have as an individual?”

The recipients of personal data processed by us will be the entities providing and supporting Cybercom systems and IT tools. In case of joint management of recruitment processes in the Cybercom Group, your personal data may be available to persons authorized from other companies belonging to the Cybercom Group, i.e .: Cybercom Group AB based in Stockholm, Cybercom Finland OY based in Tampere, Cybercom AS based in Copenhagen.
Cybercom does not intend to transfer your data to a third country (outside the European Economic Area) or to international organizations. Your personal data may exceptionally be transferred to third countries in the event that Cybercom uses, within the framework of its activity, entities that process data for us, and which have their headquarters or data centers in these countries. In this case, we take steps to ensure that the transfer of data takes place in accordance with the law, while maintaining appropriate safeguards.
Cybercom does not take automated decisions, including decisions resulting from profiling in relation to job candidates.


We use cookies on our websites. A cookie is a small text file that is placed on your computer, mobile phone, or other devices when you visit a website. The cookie will help the website providers to recognise your device next time you visit their website. Cookies may include personal data.

Most web browsers accept cookies automatically, but you can change the settings for this. If you do not want your personal data to be stored by cookies, you can configure your browser so that it notifies you whenever a cookie is received. This way you can decide each time to accept cookies or not. If you do not consent to the use of cookies, at all you can set your browser so that you automatically deny the storage of cookies. However, please be aware that the use of cookies may be necessary to provide certain features and choosing to reject cookies may reduce the functionality of our website.

Your browser should include precise instructions explaining how to control the acceptance of cookies.

We use two types of cookies. The first saves a file for a long time on the user's computer. It is used, for example, for functions that tell the user what is new since their last visit to the site. The second type of cookie is called a session cookie and is temporarily stored in the user's computer's memory during the time the user is surfing the site. Session cookies are deleted when the browser is closed or shortly thereafter.

Our website also uses cookies that are generated by third-party products and services used on the site, including the following tools and products.

Google Analytics:
Cybercom uses Google Analytics as a web statistics tool. This feature stores cookies on your computer. Data collected by Google Analytics is used to better understand our visitors and how they use the site.

Google Analytics cookies, domain:

Use this link for more information about cookies set by Google External link, opens in new window.

The site displays videos from Cybercom's YouTube channel. The videos are displayed using YouTube's movie player, and cookies are used when the videos are played.

YouTube cookies, domain:

Use this link for more information about cookies from YouTube (Google): External link, opens in new window.

Cybercom uses a social plugin from Facebook on some pages.
If you visit a page with a Facebook plugin, a link is made to the Facebook server and the plug-in sends information to the browser. In this way, information is sent to the Facebook server, such as which of our web pages you have visited. If you are logged into Facebook, Facebook will add this information to your Facebook account.

If as a visitor you have previously received a cookie from Facebook, either because you have an account there, or have visited, information about this cookie is sent to Facebook when you visit a web page with a Facebook plugin.

Use this link for more information about cookies from Facebook: External link, opens in new window.

The storage period

The data storage period depends on the type of service provided and the purpose of the processing. As a rule, the website user's data is processed while using the website. Where the data is processed based on the legitimate interest of Cybercom, it will be erased after achieving such legitimate interest or until receiving an effective objection to the processing of data. Where the data is processed based on the consent, the processing takes place until its withdrawal. In the scope of a contract performance, the data is processed for a period until the conclusion of the contract and after that for a period and to the extent required by law or for achieving by Cybercom of its legitimate interest as the data controller.

The data storage period may be extended if the processing is necessary to identify potential defenses or defend against them, and after that time if and to the extent required by law.

To which recipients do we transfer personal data?

To achieve the purposes, we may share your personal data with our sub-processors. Such sub-processor provide storage services, advertising services and services for troubleshooting and correction of any defects in our website and other IT tools we use. Personal data submitted under the tab Jobs is used for recruitment. Teamtailor AB is a sub-processor to Cybercom for the processing of personal data in the recruitment service and a special privacy notice is found in the service.

Cybercom uses SiteVision as supplier for the hosting. SiteVision AB is a sub-processor to Cybercom for personal data in the hosting service.

Personal data may also be disclosed to subcontractors that Cybercom engages to perform a service, i.e. the dispatch of invitations.

Personal data may be transferred to companies within the Cybercom Group.

Personal data may be disclosed to the police or other authority provided that Cybercom is required to disclose the information by law or by the ruling of an authority.Some of our sub-processors may process your personal data outside the European Economic Area (EEA). However, a transfer will only occur, if there is a legal ground for the transfer, e.g. by (i) executing EU standard data protection clauses with the recipient of the personal data, or (ii) ensuring that the country has an adequate level of protection of personal data, as decided by the EU Commission, or (iii) for transfers to and processing in the USA, ensuring that the recipient holds self-certifying registrations under the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce's International Trade Administration.

Please note that as the provider of IT services we use is also a non-EU entity, i.e. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, with whom we have concluded EU-approved standard contract clauses, thus providing the required protection measures.

Data security

In order to keep your personal data secure, we have implemented a number of technical and organizational security measures. For example, we maintain high levels of technical security in all systems (including traceability, disaster recovery, access limitations etc.) and we have adopted policies to ensure that our employees only access personal data on a need-to-know basis.

Personal Data about Children

Our website is not directed towards data subjects under the age of sixteen (16) and we request that such individuals do not provide personally data information through our website. If we detect that personal information has been collected from a data subject under 16 years of age on or through our website Cybercom will take the appropriate steps to cause this information to be deleted.

What rights do I have as an individual?

Generally, you are entitled to the following basic rights under applicable laws:

  • The right to access: you may at any time request to access your personal data.
  • The right to rectification: you are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
  • The right to erasure ("right to be forgotten"): under certain circumstances (including processing on the basis of your consent), you may request us to delete your User Data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.
  • The right to object: to certain processing activities conducted by us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes.
  • The right to restriction of processing: you may under certain circumstances request from us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not lead to an action from us.

The right to data portability: you are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.

How to exercise your rights as a data subject

You may wish to exercise your rights as a data subject. These rights are not absolute and therefore a request to exercise certain rights will not always result in the requested action.

A request for records or other request related to personal data being processed by Cybercom, must be made in writing, by using the below form Please make sure to fill in correctly, print and sign it. You may then either scan the form and email it to or post the form to: Cybercom Group AB, Att. Data Protection Manager (DPM), Box 7574, 103 93 Stockholm, Sweden.

Form in English for Sweden: Request form Word, 27 kB, opens in new window.
Form in English for Finland: Request form Word, 27.1 kB, opens in new window.
Form in Polish for Poland: Formularz żądania Word, 26.8 kB, opens in new window.
Form in English for Denmark: Request form Word, 22.5 kB, opens in new window.

If you have questions concerning this privacy policy, please email Cybercom’s Data Protection Manager at

We would appreciate if you informed us if there is anything that you are not satisfied with when it comes to processing of personal data. If you have complaints about our processing of personal data, for example, if you do not think we fulfill your rights as a data subject, you are entitled to contact the supervisory authorities.

You may contact the supervisory authority using the following contact data:

Box 8114, 104 20 Stockholm, Sweden
Phone: +46 (0)8 657 61 00 External link.

Tietosuojavaltuutetun toimisto
PL 800, 00521 Helsinki, Finland External link, opens in new window.

Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa External link, opens in new window.

Borgergade 28, 5.
1300 København K External link, opens in new window.

You may also contact the supervisory authority in other EU country where you have your habitual residence or your place of work or at the place of the alleged infringement, on the conditions stipulated by law.

Changes to this Privacy Policy

The Policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from May 1, 2019.

Richard Brolin

General Counsel

Make sure all fields are filled with valid information

Thank you, your message has been sent