Punkt. Data Protection Policy

Valid from the 14th of November 2023

Punkt. is committed to protecting and respecting your privacy; for this reason, we collect and manage your personal data carefully and take specific measures to keep it safe.
We have updated our privacy policy; below you will find information on how we collect, gather and use your personal data in relation to your browsing of or purchasing via our website www.punkt.ch.
We also provide information about your rights with reference to the specific processing of your personal data.
Supplementary or additional statements and other legal acts such as the Terms and Conditions of Sale apply to individual or additional offers and services.
This policy, based on our core business, is subject to Swiss data protection law and any other applicable foreign data protection law, in particular the European Union (EU), namely the General Data Protection Regulation (GDPR). It also ensures that Swiss data protection law guarantees a high standard of data protection

1. Data controller

Punkt Tronics AG
Via Losanna 4, 6900 Lugano, Switzerland
+41 91 924 9003
customercare@punkt.ch
VAT ID: CHE-114.634.022 IVA
Company registration number: CH-501.3.011.937-5

2. Definitions

Personal data means all information concerning a specific or determinable person. The individual concerned is the person whose personal data are processed.
Personal data worthy of special protection are data concerning religious, philosophical, political or trade union opinions or activities, data concerning health, the intimate sphere or membership of a race or ethnic group, genetic data, biometric data that uniquely identify a natural person, data concerning administrative and criminal prosecutions and sanctions, and data concerning social welfare measures;
Processing includes any processing of personal data, irrespective of the means and methods used, storage, disclosure, obtaining, deletion, recording, modification, deletion, and use of personal data.
Communication shall mean the transmission of personal data or the act of making them accessible to third parties.
Profiling means the automated processing of personal data consisting of the use of such data to evaluate certain personal aspects of a natural person, to analyse or predict aspects of that person's professional performance, economic situation, health, preferences, interests, reliability, behaviour, whereabouts and movements. High-risk profiling means profiling which entails a high risk to the personality or fundamental rights of the individual concerned because it involves a connection between data which makes it possible to assess essential aspects of the personality of a natural person.
The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the handling of personal data as the processing of personal data.

3. Legal and regulatory basis

We process personal data in accordance with Swiss Data Protection law, in particular the Federal Data Protection Act (FADP) and the Ordinance on the Federal Data Protection Act (DPO).
For the most part (and to the greatest extent possible) data are processed in Switzerland.
As far as the applicability of the GDPR is concerned, the data is processed according to the following legal bases, specifically:

  1. Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with you and for the implementation of pre-contractual measures.
  2. Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data for the protection of our own or third parties' legitimate interests, unless your freedoms, rights and fundamental interests prevail. Legitimate interests are in particular our interest in being able to provide our services permanently, intuitively, securely, and reliably and to advertise them, if necessary, the security of information and protection against misuse and unauthorised use, the enforcement of our legal rights and compliance with Swiss law.
  3. Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data for the fulfilment of a legal obligation to which we are subject under the applicable law of the member states in the European Economic Area (EEA).
  4. Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task in the public interest.
  5. Art. 6 para. 1 lit. a GDPR for the processing of personal data with your consent.
  6. Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data for the protection of your or another natural person’s vital interests.

4. Information we collect

The categories of personal data that Punkt. collects and processes when you browse or purchase via punkt.ch, are:

  1. Given name and surname, email address, delivery address, billing address, phone number and the payment details that are necessary for the purchase and delivery of our products via punkt.ch;
  2. Your email address when you subscribe to our Newsletter service;
  3. The personal data you provide when you contact our customer service department;
  4. Upon consent, we collect and use your personal data for marketing purposes;
  5. For your account registration, we collect your name and surname, email address, password and date of birth. If you are a registered user, we collect information about your access to the reserved area of the site. Upon your consent, by analysing your personal data, we can process information regarding your interests and preferences with respect to our products and services, in order to customize proposals and offers in line with your interests;
  6. We collect information on your browsing on punkt.ch, such as the pages you visit and how you interact with the single page and save this information on our servers to improve the process;
  7. Punkt. does not process personal data relating to minors. By accessing punkt.ch and using the services offered by Punkt. you are declaring that you are of legal age.

5. How we use personal information

Your personal data is collected and processed by Punkt. for the following purposes:

  1. To fulfil a purchase contract for goods on punkt.ch with the collection of data such as payment, anti-fraud checks (in case of payment by credit or debit card), billing, shipment of the product and if applicable, its return;
  2. Registration to the site and use of services reserved for registered users. Registration on the site is possible through the submission of some personal information necessary to ensure your identification and the execution of services reserved for registered users;
  3. Punkt. Customer Services. To carry out Customer Care activity in the best possible way Punkt. requires, in relation to each service and its characteristics, the personal data necessary for the execution of the service you requested;
  4. Employment application form and CV. We shall use the information contained in your CV for evaluation for an open position application. Your CV will be kept for a maximum period of six months, after which it will be deleted;
  5. Statistical analysis and surveys. We use some information about your use of the Site to perform statistical analysis and surveys in order to improve our offer and our services, the data is processed in anonymised aggregate form;
  6. Marketing contact: sending commercial and promotional communications following the purchase of one of our products;
  7. Only with your consent, we may use the contact details you have provided, for commercial communications on our products and services, in order to update you on news, new arrivals, exclusive products, our offers and promotions and we may use your contact information as part of market researches and satisfaction surveys for the sole purpose of improving our services and the relationship with our Users. These communications will take place exclusively through the means chosen by you (email or telephone)
  8. Only with your consent, Punkt. can personalise your experience as a registered user on the site, proposing news and offers in line with your taste and sending you commercial communications tailored to your interests, these communications will take place exclusively through the means chosen by you (email or telephone). The customisation will be done by analysing your previous purchases.

If you wish to authorise the activities referred to in points 5g. and 5h. and subsequently you no longer wish to receive further communications from Punkt. or you want to limit the means by which you are contacted, you can stop these communications at any time by simply clicking on the "unsubscribe" link present at the bottom of each communication, or by contacting Punkt. through Customer Services or through the email address specified in this document.
In relation to all the activities indicated above, we shall process your personal data mainly using IT and electronic tools; the tools we use guarantee high safety standards in full compliance with current legislation. If you transfer us personal data relating to third parties, you shall be obliged to ensure data protection with regards to such third parties and to ensure the accuracy of such personal data. We also process personal data that we receive from third parties, that we obtain from publicly accessible sources or that we collect in the course of providing our services, if and insofar as such processing is permitted by law.

6. How and why we use your personal information

We use your personal data only in the presence of one of the conditions provided for by the law in force, and specifically:

  1. For the conclusion and execution of a contract to which you are a party.
    When we process your data for the conclusion of the purchase agreement of which you are a part, we ensure that we exclusively use the minimum information necessary for the execution of this.
    This basis legitimises the processing of personal data that takes place in the following activities:
    • Conclusion and execution of a purchase agreement for the products offered on punkt.ch;
    • Registration to the site and use of services reserved for registered Users;
    • Management of your requests by our customer service department.

The contribution of your personal data to these activities is a contractual obligation. You are free to communicate your data or not, but in the absence of the requested data, it will not be possible to conclude or execute the agreement and your requests. This means that you will not be able to purchase the products and you will not be able to use the Punkt. and its affiliated partners’services and that we shall not be able to handle your requests;

  1. Comply with a legal obligation.
    In the event of the conclusion of an agreement for the purchase of goods on punkt.ch, the processing of the user's data will take place in order to fulfil the legal obligations in accordance with relevant tax regulations;
  2. For our legitimate interests.
    If you purchase products on punkt.ch by credit or debit card, some of your personal data may be processed to carry out anti-fraud activities: we have a legitimate interest in carrying out this activity to prevent and pursue any fraudulent activity;
  3. Based on your consent.
    We shall carry out the following only if you have given us your express consent:
    • Carrying out marketing activities, conducting opinion polls and for market research;
    • Analysis of your browsing and purchasing activities in the context of your Punkt. profile, in order to personalise your experience on our Site.
  4. Providing your personal data for these activities is absolutely optional.

7. Who your data is processed by

Your personal data will be processed by staff specifically trained by Punkt.
Your personal data will also be transmitted to third parties that we use to provide our services; these third parties have been appropriately selected and are certified as GDPR-compliant. These third parties have been appointed as data controllers and carry out their activities according to the instructions given by Punkt. and under its control. The third parties in question belong to the following categories: banking operators, internet providers, companies specialised in IT and telematics; couriers; companies that carry out marketing activities; companies specialised in market research and data processing.
The list of external managers is available upon written request to our email address: customercare@punkt.ch
Your data may be transmitted to police and judicial and administrative authorities, in accordance with the law, for the detection and prosecution of crimes, the prevention and protection from threats to public security, to allow Punkt. to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.

8. Extra-EU data transfer

Some of the third parties may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission.

9. How long do we retain your data?

We retain your personal data for a limited period of time, which is different depending on the type of activity that involves the processing of your personal data.
After this period, your data will be permanently erased or otherwise rendered anonymous in an irreversible way.
Your personal data is stored in compliance with the following terms and criteria:

  1. Data collected to conclude and execute agreements for the purchase of goods on the site: until the administrative and accounting formalities have been completed. The billing data will be kept for ten years from the billing date;
  2. Data of the registered user: the data will be stored until you request the cancellation of your Punkt. profile;
  3. Data relating to the payment: up to the certification of the payment and the conclusion of the related administrative and accounting formalities resulting from the expiration of the right of withdrawal and the terms applied for the contestation of the payment;
  4. Data collected in the context of the use of services offered on the site: this data is retained until the termination of service or cancellation of the subscription to the service by the user;
  5. Data related to user requests to our customer service department: the data useful for assisting you will be kept until your request is met;
  6. CV: six months from receipt;
  7. Data used for commercial communication activities regarding Users who purchase products on punkt.ch: this data is kept until the termination of service or the exercise of the opposition by unsubscription by the user;
  8. Data used for carrying out market research and surveys for satisfaction surveys: up to the request by the user to interrupt the activity. In any case, for technical reasons, the termination of the processing and the subsequent ultimate cancellation or irreversible anonymisation of the related personal data will be finalised within thirty days from the terms specified above.

10. Your rights

We guarantee you all the rights under the FADP. In particular, you can exercise your rights at any time with reference to the specific processing of your personal data by Punkt.:

  1. Access your data and modify it: you have the right to access your personal data and to request that it be corrected, modified or integrated with other information. Upon your request, we shall provide you with a copy of your data in our possession.
    b) Revoke your consent: you can revoke the consent you have given for the processing of your personal data in relation to any activity for marketing purposes at any time. In this regard, we remind you that marketing activities are considered as the sending of commercial and promotional communications, the conduct of market research and satisfaction surveys for the customization of the website and commercial offers according to your interests. Once we receive your request, we undertake to promptly cease to use your personal data based on this consent, while different usage or that which is based on other grounds, will continue to be carried out in full compliance with the provisions in force.
  2. Opposition to the processing of your data: you have the right to object at any time to the processing of your personal data made on the basis of our legitimate interest, explaining the reasons that justify your request; before accepting it, we shall have to evaluate the reasons for your request.
  3. Delete your data ("right to be forgotten"): you may request the cancellation of your personal data in the cases provided for by current legislation. Once your request has been received and examined and if it is legitimate, it will be our duty to promptly cease to process your personal data and to delete it.
  4. Request that the processing of your personal data is temporarily limited: in this case Punkt. will continue to retain your personal data but will not use it, unless otherwise specified by you, and subject to the exceptions established by law.
  5. The request of your data or data transfer to other parties than Punkt. ("right to data portability"). You can ask to receive your data that we process based on your consent or on the basis of an agreement with you in a standard format. If you wish, where technically possible, we may transfer at your request your data directly to a third party that you indicate.
    In order to exercise any of your rights described above you can contact us by calling the following number +41 91 924 9003 or writing to us at customercare@punkt.ch (please enter “Privacy” in the subject field), or by writing to the Data Controller at the above physical address.

We may suspend, limit or refuse the exercise your rights to the extent permitted by law. We may draw your attention to any requirements that must be met in order to exercise your rights under the FADP. For example, we may refuse to provide information, in whole or in part, with regard to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations.
When you request information or assert other rights we are obliged to take reasonable measures to identify you. You are obliged to cooperate.

11. Security measures

We protect your personal data with specific technical and organisational security measures, aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures that guarantee: the pseudo-anonymisation or the encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach. However, despite these measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security. Access to our website is via transfer encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark the transfer encryption with a padlock in the address bar. Access to our website is subject - as it is basically the case for all Internet surfing - to constant and suspicion-free sweeping and other checks by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the proper handling of personal data by intelligence services, police forces and other security authorities.

12. Complaints

If you believe that the processing of your personal data has been carried out unlawfully, you can lodge a complaint to one of the supervisory authorities responsible for compliance with the rules on personal data protection. The data protection supervisory authority for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). You have the right - if and insofar as the GDPR applies - to lodge a complaint with a competent European data protection supervisory authority.

13. Remote Communication Software

We may use specialised audio and video conferencing services to communicate online. For participation in audio and video conferences, the legal provisions of each individual services, such as data protection policies and conditions of use, also apply. Depending on the situation, we recommend deactivating the microphone by default when participating in audio or video conferences, as well as blurring the background or imposing a virtual background. We use in particular:
Microsoft Skype: among others; provider: Microsoft; specific information on Skype: 'Microsoft Privacy Statement’

14. Klarna payments

In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.
Billpay’s/Klarna’s payment options: In order to be able to offer you Klarna’s payment options and to assess whether you qualify for their payment options and tailor the payment options for you, we might in the checkout pass your personal data in the form of contact and order details to Klarna and Billpay. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s [de, fr, it or en versions] and Billpay’s [de, fr, it or en versions] privacy notices.

15. Legislative references and useful links

The processing of your personal data is carried out by Punkt. in full compliance with the regulations on the matter pursuant to the Federal Data Protection Act and the Regulation (EU) 2016/679 General Data Protection Regulation. 
The full version of the Punkt mobile devices End-user Licence Agreement (EULA) can be accessed here, please read this before Punkt. Mobile devices.
The full MP02 Disclaimer is available here.
The full Punkt mobile devices Data Protection Policy is available here.
The full Pigeon Data Protection Policy is available here.
The Cookie Policy is available here.

16. Final provisions

We reserve the right to adapt and supplement this Data Protection Policy at any time. We will provide information on such adaptations and supplements in an appropriate form, by publishing the updated version of the Data Protection Policy on our website.