This document was drawn up in accordance with article 13 of Regulation (EU) 2016/679 (hereinafter “Regulation”), for users (hereinafter “Users” or “User”) of the products and services owned by Punkt Tronics AG VAT ID CHE-114.634.022 IVA, Reg. No. CH-501.3.011.937-5, with registered office in Via Losanna 4, 6900 Lugano, Switzerland, in its capacity as Controller of the personal data (hereinafter “Controller”).
This document will explain how your personal information is managed when you use the Pigeon Application created specially for the MP02 telephone, and, if necessary, to enable you to give your express, informed consent to your personal data being processed for other apps or functions that require access and interaction.
Specific information is provided in the various sections of the website www.punkt.ch pursuant to article 13 of Regulation (EU) 2016/679 which you will have to review before providing the data requested.
The information and data that you provide or that is otherwise acquired when using the various punkt.ch services will be processed in accordance with the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimisation, accuracy, integrity and confidentiality.
The personal data is collected in order to distribute, maintain and update the Pigeon application.
Even though the entire focus of the MP02 telephone has always been to protect the privacy and personal domain of the User, Pigeon is an application specifically developed to permit the phone to interact with Signal, an instant messaging application where the contents of communications are end-to-end encrypted.
The end-to-end encryption of the data means that communications connected to the Signal account cannot be decoded by the platform managers and information that has to be shared for technical standpoint purposes is also used to the minimum extent possible, with said use informed by the principles of proportionality and necessity.
Communications are designed to be kept confidential throughout their entire life cycle in the MP02 – Pigeon – Signal circuit.
The MP02 phone encrypts data in the device, Pigeon maintains the security and integrity of the data during transmission and the Signal system provides end-to-end encryption. This system allows the user to exchange synchronous and asynchronous confidential communication safely while always maintaining their own privacy and the privacy of others.
Pigeon makes the MP02 phone compatible with the Signal secure communication system. By giving permission when you register, you give Pigeon permission to access your MP02 Contacts list, use and record audio, view SMS messages, access photos/media/files and make/manage phone calls. You may also deny permission. However, the permission is requested to enable certain features from Pigeon to Signal such as finding contacts, reading, receiving and sending messages, and making calls through secure end-to-end encryption communication on Pigeon.
The information and personal data processed to download and install the basic functions of Pigeon are as follows:
The optional information and personal data that can be processed for Pigeon to work at an advanced level are as follows:
The Controller would like to inform you that the data collected will be processed lawfully in accordance with article 6 of the Regulation, for the following purposes only:
The Controller shall process Personal Data relating to the User if one of the following conditions are met:
In any case, the Controller can always be asked to clarify the legal basis behind any processing that is carried out on his or her data.
The User will always have the option to decide whether or not to provide his or her personal data, but it has to be given to ensure access to certain services such as downloading the application or assistance if any faults arise. Any refusal, even though legitimate, to provide the data required in whole or in part, may make it impossible for Punkt to provide the services requested on a standard basis.
Employees and business partners of the Controller may be aware of and use the Personal Data that will be provided. These employees and business partners shall be authorised in accordance with article 29 of the GDPR for the sole purpose of performing the activities strictly related to achieving the purposes declared in paragraph 2 above.
The Personal Data may also be disclosed to third parties engaged to carry out the lawful processing on behalf of the Controller in their capacity as Processors.
More specifically, the Personal Data of the Users may be disclosed to third parties for the following purposes, strictly necessary to provide the services requested:
A simple request can be addressed to the Controller to obtain the list of any Data Processors engaged to process the data.
The Data are processed at the workplaces of the Controller and in any other place where the parties involved in the processing are located.
The personal data may be transferred to the processors located in Switzerland exclusively for the purposes listed in paragraph 2, in full compliance with Chapter V of the GDPR which requires adequate guarantees with regard to transfers, with Switzerland currently offering an adequate level of protection. There is more information available at the offices of the Controller.
The Personal Data is processed using computer and/or online instruments, with organisational mechanisms and methods that are strictly related to the purposes indicated and without any profiling being carried out.
The Processing is carried out in accordance with mechanisms and instruments that can guarantee the security and confidentiality of the data in accordance with the provisions of article 32 of Regulation (EU) 2016/679.
When the data is being processed, all technical, computer, organisational, logistical and procedural security measures will always be implemented to ensure an adequate level of protection of the data as required by law.
The data will only be processed for the time necessary to fulfil the purposes for which they are requested.
The browsing and use data implicitly collected when the application is downloaded and installed, with the associated logs, will be stored for a maximum period of 60 days for the exclusive purpose of security and the prevention of fraudulent conduct.
The Personal Data may be stored for a longer period if required to fulfil legal obligations or by order of the authorities.
All the Personal Data will be deleted upon expiry of the storage period. At the end of said time period, the rights of access, erasure, rectification and the right to data portability may no longer be exercised.
The data subjects may exercise certain rights with reference to the Data processed by the Controller. More specifically, the right to:
A request can be sent to the following email address to exercise these rights: firstname.lastname@example.org Requests are made on a gratuitous basis and followed up by the Controller in the shortest time possible, and in any case within 30 days.
Most recent update: 25 February 2021