Valid from May 25th, 2018
You can find the complete and updated text of the General Data Protection Regulation here:
Personal data as defined in this privacy statement includes all information relating to you, e.g. your name, address, e-mail and IP address, user behaviour.
Through the data-protection information outlined below, we inform you about our processing of your personal data and provide an overview of your privacy rights. The precise data that are processed and the way in which these data will be used in individual cases essentially depend on the services used, applied or agreed.
1 Controller and Data Protection Officer
The controller under Art. 4 (7) of the General Data Protection Regulation (GDPR) is:
The Data Protection Officer of Phono-Press International srl is:
2 Source of personal data
We process personal data that we collect when you visit our website or contact us by e-mail or that you submit to us in a contact form.
3 Categories of personal data processed by us:
(1) If you only visit or use our website for the purpose of informing yourself, i.e. if you do not register or otherwise submit information, we only collect the personal data transmitted by your browser to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and ensure its stability and security:
Browser type and version
Operating system used
Host name of the computer accessing our site
Date and time of server enquiry
These data are used exclusively for internal statistical purposes.
(2) In addition to the above data, we store cookies on your computer when you use our website. Cookies are small text files which are placed on your computer, assigned to your web browser and send specific information back to the originating website. Cookies cannot execute programs or infect your computer with malware. Their purpose is to improve the usability and effectiveness of the overall Internet presence.
(4) Most browser settings automatically accept cookies. You can disable cookies in your browser at any time or change your browser settings to receive notification whenever cookies are sent to your device. However, please note that in this case you may not be able to use the full range of functions offered by this website.
(5) The data collected are stored separately from any further data that you may have provided. In particular, data from cookies are not linked to any further data.
4 External hosting
This website is hosted by an external service provider (host). The personal data recorded on this website are stored on the host servers. These data mainly include IP addresses, contact enquiries, meta and communication data, contract data, contact data, names, website hits and other data that are generated via a website.
A host is used for the purposes of execution of a contract with prospective and existing customers (Art. 6 (1) lit. b GDPR) and the legitimate interests of secure, fast and efficient provision of our online offering by a professional provider (Art. 6 (1) lit. f GDPR).
Our host will only process your data to the extent necessary for performance of its contractual obligations and will comply with our instructions in relation to these data.
5 Other features and offerings on our website
(1) In addition to use of our website purely for information purposes, from time to time we might offer various services which you can use if so interested. To do so, you generally need to submit further personal data, which we use to provide the requested service and which are governed by the above data protection principles.
(2) When you contact us by e-mail or using a contact form, we will store the data provided by you (your e-mail address, your first and last names, your address and any further personal data provided voluntarily) in order to answer your questions. Given this, processing of any data entered in the contact form is exclusively based on your consent (Art. 6 (1) lit. a GDPR). We will not share this data without your consent. We will erase any data collected in this context as soon as their storage is no longer required, you request us to erase such data, or you withdraw your consent to our storage of such data by sending us an informal e-mail in this respect. Or we restrict processing if we are required by law to retain data. Withdrawal of your consent will not affect the lawfulness of data processing up to your withdrawal.
(3) We offer you the possibility to submit product enquiries through our website. To do so, you must provide the following personal data: Your first and last names, your e-mail address, your phone number and your postcode. You can also provide further personal data on a voluntary basis.
Many processing operations require your explicit consent. You have the right to withdraw your consent at any time by simply sending us an informal e-mail in this respect. Withdrawal of consent will not affect the lawfulness of data processing up to the time of withdrawal.
Right to object to data collection on grounds relating to a particular situation and for direct marketing purposes (Art. 21 GDPR)
If data processing is based on Art. 6 (1) lit. e or f GDPR, you are entitled to object at any time to the processing of your personal data on grounds relating to your particular situation; the same applies to profiling based on those provisions. The legal basis for processing is provided in this privacy statement. If you object to data processing, we will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for data processing which override your interests, rights and freedoms, or unless processing is for the establishment, exercise or defence of legal claims (objection according to Art 21 (1) GDPR).
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing, your personal data will no longer be processed for such purposes (objection according to Art. 21 (2) GDPR).
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as purchase orders or enquiries, which you send to us in our capacity as website operator. If the website connection is encrypted, the address bar of your browser changes from “http://” to “https://” and a padlock icon is displayed in the bar.
When SSL and/or TLS encryption are activated, third parties cannot decipher the information that you transmit to us.
Enquiries by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry, including all personal data contained therein (name, enquiry message) will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.
In as far as your enquiry is related to the performance of a contract or the implementation of pre-contractual measures, these data will be processed on the basis of Art 6 (1) lit. b GDPR. In all other cases, processing will be based on your consent (Art. 6 (1) lit. a GDPR) and/or our legitimate interests (Art. 6 (1) lit. f GDPR), since we have a legitimate interest in ensuring effective processing of all enquires transmitted to us.
We will store all personal data submitted to us by means of contact enquiries until you request the erasure of such data or withdraw your consent to the storage of such data or until the purpose of storage of such data no longer applies (e.g. after completion of processing of your request). Mandatory legal obligations, particularly statutory retention periods, will remain unaffected.
6 Google Web Fonts
7 Use of our online shop
(1) To order from our online shop, you must provide the personal data we need to conclude a contract with you and process your order. All mandatory details that are necessary for the processing of the contracts are marked as such; all other details are voluntary. We use the data submitted by you to process your order. To do so, we may share your payment information with our house bank.
We may also process the data submitted by you to inform you about other interesting products in our portfolio or send you e-mails containing technical information.
(2) Under commercial and tax regulations, we are under the obligation to store your address, payment and order details for a period of ten years. However, after two years we will restrict processing of these data, i.e. from then on the data will only be retained for compliance with legal requirements.
(3) To prevent unauthorised access of your personal data, in particular financial data, by third parties, the order process is encrypted using TLS technology.
8 Use of our supplier portal
(1) If you wish to use our portal, you need to register by entering the following personal details:
Password of your choice
We use a double-opt-in registration process, i.e. your registration is only complete when you have confirmed it by clicking the link in the confirmation e-mail sent to you for this purpose. If you fail to confirm your registration within 24 hours, it will be automatically erased from our database. Entry of the above data is mandatory; submission of all other data is voluntary and can be made by using our portal.
(2) When you use our portal, we will store all data necessary for contract performance, including any information relating to your payment method, until you permanently erase your account. We will also store the voluntary data provided by you for as long as you use our portal, unless you erase them beforehand. All information can be managed and changed in the protected customer area.
(3) To prevent unauthorised third parties from accessing your personal data, particularly your financial data, the connection is encrypted using TLS technology.
9 Categories of recipients of personal data
(1) We commission carefully selected service providers to carry out individual processes and services from the foregoing in compliance with the data-protection regulations. These external service providers must follow our instructions and are checked at regular intervals. They will not disclose your data to any third parties.
(2) We will only disclose your information to other recipients where this is required to comply with a legal obligation, where you have given your consent or where we are authorised to disclose your information. If these criteria are fulfilled, potential recipients of personal data include, but are not limited to:
Public bodies and institutions (e.g. financial authorities, law enforcement authorities) in case of a statutory or regulatory obligation.
Other companies or similar institutions to which we transmit your personal data on the basis of our business relations.
10 Purposes and legal grounds for the processing of personal data
We process your personal data in compliance with the applicable legal data-protection regulations. Processing is lawful if the following conditions have been fulfilled:
Consent (Art. 6 (1) lit. a GDPR)
Processing of personal data is lawful if the data subject has consented to processing for specified purposes (e.g. processing of your enquiry, use of data for marketing purposes) etc. Data subjects can withdraw their consent at any time with future effect. This also applies to the withdrawal of consent provided to us before 25 May 2018, i.e. before applicability of the GDPR.
For performance of a contract (Art. 6 (1) lit. b GDPR)
We process personal data to perform our contractual duties or implement pre-contractual measures which are required in connection with an enquiry or use of our webshop. The purposes of data processing result primarily from your enquiry or order.
For compliance with legal obligations (Art. 6 (1) lit. c GDPR)
Phono-Press International srl is subject to various legal obligations. These include, but are not limited to:
Retention obligations established by tax law and commercial law, compliance with control and reporting duties as defined in tax law.
Within the scope of balancing of interests (Art. 6 (1) lit. f GDPR).
We process your personal data beyond the extent required to fulfil our obligations under the contract where this is necessary to pursue our legitimate interests or the legitimate interests of third parties. Examples:
Assertion of legal claims and defence in legal disputes
Guaranteeing of IT security and IT operation
Analysis and improvement of the use of our website
11 Intention to transfer personal data to a third country or an international organisation
Personal data are only actively transferred to a third country if this has been expressly indicated within the scope of the above services.
12 Criteria for defining the period for which the personal data will be stored
(1) The data will be stored according to the legal regulations for data processing, taking legal retention periods into account. We exclusively process and use your data for the purposes for which you have given your consent and for as long as these data will be needed for these purposes.
(2) If your personal data are no longer necessary for this purpose or to comply with legal requirements, they are generally erased unless their temporary and, if necessary, restricted processing is required for the following purposes:
Compliance with retention duties under commercial and tax law: Examples in this context include the Italian Commercial Code and the Tax Code, which require retention and documentation periods of up to ten years.
Retention of evidence in line with the legal statutes of limitation: Under Art. 195 et seq. of the Italian Civil Code (BGB), the regular period of limitation is three years but can be up to 30 years under exceptional circumstances.
13 Your data-protection rights
(1) Every data subject has the right of access in accordance with Art. 15 GDPR and the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object as set forth in Art. 21 GDPR and the right to data portability defined in Art. 20 GDPR. In addition, data subjects have the right to lodge a complaint with the competent data supervisory authority (Art. 77 GDPR in conjunction with Art. 19 GDPR).
(2) You have the right to withdraw your consent to the processing of your personal data provided to us at any time with future effect. This also applies to the withdrawal of consent provided to us before 25 May 2018, i.e. before the application date of the General Data Protection Regulation.
(3) You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 (1) lit. e GDPR (processing for a task carried out in the public interest) and Art. 6 (1) lit. f GDPR (data processing based on a balancing of interests).
If you object to data processing, we will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for data processing which override your interests, rights and freedoms, or unless processing is for the establishment, exercise or defence of legal claims.
The objection to processing can be informal and should be addressed to:
14 Obligation to provide personal data and possible consequences of non-provision of personal data
When using our offers, you need to provide the personal data necessary to fulfil the relevant purpose or which we are legally required to collect. Without these data, we will generally not be able to conclude or execute our contract with you.
15 Automated decision-making, including profiling
We do not generally make use of automated decision-making as set forth in Art. 22 GDPR with the purpose of establishing and implementing the business relationship. Should we make use of automated decision-making in individual cases, we will inform you separately of this fact where required by law to do so.
16 Amendment of privacy statement
Our services are continually developed and improved. Given this, new features may be added. Should this influence the processing of your personal data, we will provide timely information in our privacy statement.
17 Own services
On our website, we also offer you the possibility to apply for a job with us (e.g. by e-mail or regular post service or using our online recruitment form). Below we inform you of the scope, purpose and use of your personal data collected in connection with the job application process. We assure you that our collection, processing and use of your data is in compliance with the applicable data-protection law and all other legal regulations and that we will keep your data strictly confidential.
Scope and purpose of the collection of data
If you submit a job application, we process all associated personal data (e.g. your contact and communication data, application documents, notes made in connection with job interviews etc.) in as far as necessary for decision-making about employment. The legal basis for this is Art. 6 (1) lit. b GDPR (general initiation of a contract) and – in as far as you have given your consent – Art. 6 (1) lit. a GDPR. Your consent can be withdrawn at any time. Your personal data will only be transferred to people inside our company who are involved in the processing of your job application.
If your job application is successful, the data you have submitted will be stored in our data processing systems on the basis of Art. 26 BDSG-neu and Art. 6 (1) lit. b GDPR for the purpose of executing the employment relationship.
Data retention period
If we cannot offer you a job or if you reject our job offer or withdraw your application, we reserve the right to store the data submitted by you for a period of 6 months from the end of the application process (rejection or withdrawal of application) on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR). On expiry of this period, the data will be erased and any physical application documents destroyed. Retention primarily serves the purpose of evidence in case of a legal dispute. If it becomes clear that the data will still be required after expiry of the 6-month period (e.g. on the grounds of impending or pending legal action), erasure will not take place until the purpose of continued retention no longer applies.
Your data may also be retained for a longer period if you have given us your consent (Art 6 (1) lit. a GDPR) or if legal obligations of retention prevent the erasure of such data.
Inclusion in the pool of candidates
If we do not offer you a job, there may still be the possibility of inclusion in our pool of candidates. In this case all documents and data from your application will be transferred to the pool of candidates so that we can contact you if the right vacancy opens up.
Inclusion in the pool of candidates is based exclusively on your express consent (Art. 6 (1) lit. a GDPR). Your consent is voluntary and bears no relation to the ongoing job application process. Data subjects can withdraw their consent at any time. In this case, their data will be irrevocably erased from the pool of candidates unless there are legal grounds for retention.
Your data will be irrevocably erased from the pool of candidates two years after giving your consent at the latest.