Data Protection Policy – MP02

Punkt. is committed to protecting and respecting the User’s Privacy Rights.
This document has been drawn up in compliance with art. 13 of EU Regulation 679/2016 (hereinafter "Regulation"), for users (hereinafter "Users" or "User") of products and services owned by Punkt Tronics AG, Vat Id CHE-114.634.022 VAT, Reg. No. CH-501.3.011.937-5, with headquarters in Via Losanna 4, 6900 Lugano, Switzerland, which acts as the Data Controller of personal data (hereinafter “Data Controller”).

The document details how your personal information is managed when you use the MP02 telephone or any associated applications developed by Punkt., as well as allowing you to give consent, in the event that it is required, to process your personal data by these applications or other features that require access and interaction.

We would like to remind you that, in the relevant sections of the Punkt. website where your personal data is collected, you will find specific information, pursuant to art. 13 of EU Regulation 2016/679, for your acknowledgment and acceptance, before submitting any data requested.

Any information and personal data provided by you or otherwise acquired in the context of various Punkt. services, will be processed in compliance with the key principles: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality.

  1. The personal data being processed

The MP02 is a device which aims to protect privacy and personal information of the user and was designed accordingly, based on the principles of privacy by design and by default.

With the MP02 users can store, transmit and manage personal data; the functions of the device allow you to create a contact list with name, surname, and telephone numbers, messages, chats, electronic communications, log files, play and transfer multimedia content, access calendars and make notes with reminders.

Furthermore, the user can enable the GPS function which would allow location data to be transmitted in the event of an emergency call. Note: this service may not be supported by your network provider.

Punkt. recognises the importance and necessity for users to store data safely and communicate securely. To this end:

However, for technical reasons relating to the configuration and maintenance of the product’s security, Punkt. may have to process location and usage data which is generated by the device when it interacts with Punkt.’s infrastructure reachable through the network. This is because the MP02 to gain connectivity must be associated with a unique address whose transmission is implicit in the use of communication protocols. The information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the telephone operating system and the user's IT environment. These data are usually used for the sole purpose of obtaining anonymous statistical information on the use of accessible resources and to check their correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical IT crimes against third parties.

In Punkt.’s case, the data processed are:

  1. How we use personal information

The Data Controller advises that the data will be processed lawfully pursuant to art. 6 of the Regulation, and with your explicit consent where necessary, exclusively for the following purposes:

The Owner processes Personal Data relating to the User if one of the following conditions exists:

You have the right to ask the Data Controller to clarify the concrete legal basis of all data in which one is involved.

The provision of personal data by the User is always optional, but it is essential to conclude a purchase agreement or to guarantee access to additional services such as the management of your customer service requests following updates to the Software or applications. Any refusal, albeit legitimate, to provide all or part of the requested data, may make it impossible for Punkt. to carry out the regular provision of the requested services.

  1. Who is your Data is processed by?

Your Personal Data that will be processed by staff specifically trained by Punkt. pursuant to art. 29 GDPR. Your personal data may also be transmitted to third parties that have been appropriately selected and are certified as GDPR-compliant for the sole purposes stated in the previous art. 3.

These third parties have been appointed as data controllers and carry out their activities according to the instructions issued by Punkt. and under its control.
More specifically, the Personal Data of Users may be disclosed to third parties for the following purposes, strictly necessary for the provision of the requested services:

The list of external managers is available upon written request to our email address:

  1. Where your data is stored

The Data is processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, contact the Data Controller at the following email address

  1. Extra-EU Data Transfer

Personal Data, collected exclusively for technical purposes related to the execution of specific activities aimed at the correct functioning of the telephone device and for related assistance services, could be transferred to non-EU countries, is stored in compliance with Chapter V of the GDPR.

The personal data that could be transferred are:

In order for the transfer to third countries to be carried out, Punkt. verifies the presence of adequate safeguards such as:

The lack of an adequate decision or a situation of presumed substantial equivalence generates risks for the interested party, who may not enjoy, the same protection of his personal data in the third country (e.g., due to the absence of supervisory authorities or due to the greater interference of the public authority that could request its transmission).
In these cases, if the transfer is absolutely necessary for technical purposes, as in the case of transfer of the IP address of the telephone device to servers located in the USA, for the technical purpose of updating the System Software, Punkt. will request the explicit consent of the interested party, pursuant to art. 49 paragraph 1, letter a) of the GDPR.
It is not possible, in fact, to waive the transfer of the IP address is not, as it is implicitly necessary for the operation of the internet transport protocols to uniquely identify the communication actors (in this case the device to be updated and the server that must distribute the update); however, the interested party is granted the possibility of not giving consent to the transfer, or to revoke it at any time, yet still being able to use the telephone device without updates.
Further information is available from the Data Controller.

  1. Processing methods and security measures

The processing of Personal Data is carried out using IT and / or telematic tools, using organizational methods and with logic strictly related to the purposes indicated, without profiling characteristics.

The processing is carried out according to methods and with suitable tools to ensure the security and confidentiality of the data in accordance with the provisions of art. 32 of the 2016/679 European Regulation.
In carrying out the processing operations, all technical, IT, organizational, logistical, and procedural security measures will always be adopted so that the adequate level of data protection required by law is guaranteed.

  1. How long is your data retained?

The Data Controller will process Personal Billing Data for the time necessary to fulfil the purposes related to the execution of a contract between the Data Controller and the User and, in any case, not longer than 10 years from the termination of the relationship with the User.
Device usage and navigation data, related to resources and support services for system software updates and application functionalities (download, update, maintenance) and related log data will be kept for 60 months.
Personal Data collected for the pursuit of a legitimate interest of the Data Controller, the Personal Data will be retained until such interest is satisfied.
Personal Data may be kept for a longer period if necessary to comply with a legal obligation or by order of an authority.
All Personal Data will be deleted upon expiry of the retention period. At the end of this term, the right of access, cancellation, rectification, and the right to data portability can no longer be exercised.

  1. Your rights

Users can exercise certain rights at any time with reference to the specific processing of personal data by Punkt.:

To exercise your rights as described above, you can contact us by writing to us at Requests are made free of charge and processed by the Data Controller as soon as possible, in any case within 30 days.

Last updated: April 22, 2022