Data Privacy Statement

This Data Privacy Statement will explain the type, extent and purpose of processing of personal data (hereinafter simply referred to as “data”) in our online offer and its associated websites, functions and content, as well as external online presences such as our social media profile (hereinafter referred to collectively as “online offer”). We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) in respect of terminology, e.g. “personal data” or its “processing”.
Phoenix Italia

Via S. Andrea 11/B
20008 Bareggio, Milano, Italia
Phone: +39 02 9036 0778
Commercial Registry No.:
Managing Director Paolo Marcello Albertoni and Paolo Giorgio Lupoli
VAT-No.: IT 10564770963

Data Protection Officer:
You can contact the Data Protection Officer and the Company at the following e-mail address:
Types of data processed:
Inventory data (e.g. names, addresses).
Contact data (e.g. e-mail, telephone numbers).
Content data (e.g. text input, photos, videos).
Contract data (e.g. subject matter of contract, term, customer category).
Usage data (e.g. websites visited, interest in content, access times).
Meta/communication data (e.g. data on devices, IP addresses).

Processing of special categories of data (Art. 9 Para. 1 GDPR):
No special data categories will in principle be processed, unless such data are submitted by users for processing, e.g. entered in online forms.

Categories of persons affected by processing:
Customers / interested parties / suppliers.
Visitors and users of the online offer.

Such affected persons will hereinafter be referred to as “users”.

Purpose of processing:
Making available the online offer, its content and functions.
Provisioning of contractual performances and services and customer care.
Response to contact requests and communication with users.
Marketing, advertising and market research.
Security measures.

1. Definitive legal bases
Pursuant to Art. 13 GDPR, we hereby inform you of the legal bases of our data processing. The following shall apply unless the legal basis is named in the Data Privacy Statement: The legal basis for obtainment of consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR; the legal basis for processing to allow us to perform our services and carry out contractual tasks, also to respond to requests, is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to allow us to fulfil our legal obligations is Art. 6 Para. 1 lit. c GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. Should the vital interests of the affected person or another natural person require processing of personal data, then Art. 6 Para. 1 lit. d GDPR shall serve as the legal basis.

2. Changes and updating of the Data Privacy Statement
We request you to keep abreast of the content of our Data Privacy Statement. We reserve the right to adapt the Data Privacy Statement as demanded by changes to our data processing. We will inform you as soon as changes require your cooperation (e.g. consent) or if another specific notification is required.

3. Security measures

We will take appropriate technical and organisational measures as required by Art. 32 GDPR, taking into account technical options, the cost of implementation and the type, extent, circumstances and purposes of processing, also the likelihood of occurrence and severity of risks to the rights and freedoms of natural persons, in order to guarantee a reasonable level of risk protection. Measures will in particular include the assurance of confidentiality, integrity and availability of data based on control of physical access to data including control of associated data availability, input, disclosure and separation. We have furthermore introduced processes to ensure that the rights of persons concerned, appropriate deletion of data and response to risks to the data are observed. We also take into consideration the protection of personal data during the development phase already, i.e. in the selection of hardware, software and processes, in compliance with the principle of data protection through technical design and data protection by default (Art. 25 GDPR).Security measures include especially encryption of data transmitted between your browser and our server.

4. Cooperation with order processors and third parties
To the extent that we disclose or pass on data to other persons and companies (order processors or third parties) or allow other entities to access data within the framework of processing, this shall be contingent upon regulatory stipulations (e.g. when passing on of data to third parties such as providers of payment services is required under the contract, pursuant to Art. 6 Para. 1 lit. b GDPR), upon your consent, upon mandatory disclosure or when required based on our legitimate interests (e.g. when deploying representatives, Web hosts, etc.).Insofar as we commission third parties with data processing under a so-called “Order processing agreement”, this will be in compliance with Art. 28 GDPR.

5. Transfer to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if such processing involves utilising the services of third parties or disclosure or transfer of data to third parties, this will be contingent upon fulfilment of our (pre)contractual obligations, upon your consent, upon regulatory obligations or upon our legitimate interests. We will, in the absence of legal or contractual permissions, never process data or have data processed in a third country unless the special prerequisites under Art. 44 et seq. GDPR are satisfied. Processing will therefore depend on special guarantees such officially approved compliance with an EU data protection level (e.g. the US Privacy Shield), for instance, or on compliance with officially recognised special contractual obligations (so-called “Standard contract clauses”).

6. Rights of affected persons
You have a right to demand confirmation of processing of the specific data and to demand information about these data, also additional information and copies of the data, pursuant to Art. 15 GDPR.You are entitled pursuant to Art. 16 GDPR to demand completion of your personal data or correction to errors in such data.Pursuant to Art. 17 GDPR you are entitled to request immediate deletion of relevant data, or - pursuant to Art. 18 GDPR - alternatively request limited data processing.Art. 20 GDPR states that you are entitled to request that the data you provided us be returned and to demand their transfer to other responsible entities.Art. 77 GDPR states that you are also entitled to lodge a complaint with the responsible regulatory authority.

7. Right of revocation
Art. 7 Para. 3 GDPR states that you also have the right to revoke a consent you may have given.

8. Right of objection
Art. 21 GDPR also states that you may at any time object to processing of your data in future. Your objection may in particular also be to processing for the purpose of direct advertising.

9. Cookies and the right of objection to direct advertising
We make use of temporary and permanent cookies, i.e. small files stored on the user’s devices (see the last section of this Data Privacy Statement for explanation of terminology and function). Cookies may serve to enhance security, are required for the functionalities of our online offer (e.g. to display the website) and also store the user’s preferences when confirming the cookie banner. Our technology partners furthermore use cookies to measure the reach and for marketing purposes; users will be informed about this in the Data Privacy Statement.Show cookie information and settings for this websiteMany services allow you to state your general objection to the use of cookies for online marketing purposes via the US website or the EU website, especially in respect of tracking. The storage of cookies may furthermore be prevented by blocking this in the browser settings. Please note that some functionality in the online offer may then be disabled.

10. Deletion of data
We will delete the processed data or limit processing pursuant to Art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Data Privacy Statement, our stored data will be deleted when they are no longer needed for their designated purpose, unless such deletion is in breach of legal obligations to retain the data. Data processing will be limited should the data need to be retained for other purposes permitted by law. The data will thus be blocked for processing for other purposes. This will apply to data that must be stored for commercial or fiscal purposes, for instance.

11. Contacting us
When contacting us (via contact form / download form, live chat or e-mail) the information provided by the user will be processed according to Art. 6 para. 1 lit. b) GDPR in order to handle and fulfill the contact request.User information may be stored in our Customer Relationship Management System and Marketing Automation Platform ("CRM & Marketing System") or similar request organization.We use the CRM-, sign-up- and marketing automation system “HubSpot” provided by HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA), with offices in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Unter den Linden 26, 10117 Berlin) on the basis of our legitimate interests (efficient and fast processing of user inquiries, applications and optimization of our online offers). For this purpose, we have entered into a contract with HubSpot with so-called standard contractual clauses, in which HubSpot commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. HubSpot is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation ( Learn more about HubSpots privacy policy here: https: // sign-up service allows visitors on our website to learn more about our business, download content, and provide their contact information and other demographic information. This information is stored on servers of our software partner HubSpot. They can be used by us to connect with visitors on our website and to determine what services of our company are interesting for them. All information we collect is subject to this Privacy Policy. We use all collected information solely to optimize our marketing.We delete inquiries if they are no longer required. We check the requirement every two years; inquiries from customers who have a customer account are stored permanently and refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

12. Comments and contributions in the Blog
Our legitimate interests in terms of Art. 6 Para. 1 lit. f. GDPR allow us to store user comments or other contributions for 7 days. This is for our safety in case someone submits comments and contributions with unlawful content (libel, prohibited political propaganda, etc.). Since we may in such cases be held liable for such comments or contributions we need to know the author’s identity.

13. Recording of access data and log files
Our legitimate interests in terms of Art. 6 Para. 1 lit. f. GDPR, allow us to collect data on every access to the server that provides this service (server log files). Access data includes the name of the website called up, the file, date and time of access, the transferred volume of data, a message about successful access, the browser type and version, the user’s operating system, the referring URL (previous page visited), the IP address and the requesting provider. Log file information will be stored for up to seven days for safety (e.g. clearing up cases of abuse or fraud), before subsequent deletion. Data required for verification purposes will not be deleted until final clarification of the relevant incident.

14. Online presences in social media
We maintain an online presence via social networks and platforms for communication with their active clients, interested parties and users and to inform these about our services. The terms and conditions and data processing guidelines of the operators of networks and platforms you may visit will apply when you access them.Unless otherwise stipulated within the framework of our Data Privacy Statement, we will process the data of users communicating with us via social networks and platforms typically by, for instance, writing contributions on our online presences or by sending us messages.

15. Cookies & reach measurement
Cookies are information transferred from our or third party Web servers to the Web browsers of users, where they will be stored for later use. Cookies may be small files or other types of stored information.We use session cookies that are stored only for the duration of the visit to our online presence (e.g. to allow storage of your login status and use of our online offer). A randomly generated unique identification number will be stored in a session cookie - the session ID. A cookie also contains data about its origin and storage time. These cookies cannot store other data. Session cookies are erased as soon as your visit to our website ends, i.e. when you log out or close your browser.Users will within the framework of this Data Privacy Statement be informed about the use of cookies for pseudonymous reach measurements.Users who do not wish to have cookies stored on their computer are advised to deactivate the relevant option in the system settings of their browser. Stored cookies may also be erased in the browser system settings. The functions of this website may be restricted when cookies are blocked.You may object to the use of cookies for reach measurement and advertising via the deactivation page of the network advertising initiative also via the US website the European website
16. Google Analytics
Our legitimate interests (i.e. interest in analysis, optimisation and commercial operation of our online offer pursuant to Art. 6 Para. 1 lit. f. GDPR) allow us to use Google Analytics, a Web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information the cookie collects on the user’s use of the online offer will normally be sent to a Google server in the US and stored there.Google’s certification under the Privacy Shield Agreement guarantees compliance with the European Data Privacy Law have commissioned Google to use this information to evaluate the usage of our website by users, to compile reports on website activities within the online offer and to provide us with further services related to the usage of this online offer and the Internet. The processed data may be used to compile pseudonymous profiles of utilisation by users.We use Google Analytics to restrict adverts placed by advertising services of Google and its partners to users who are interested in our online offer or who have certain traits (e.g. interest in certain topics or products established via the visited websites) that we pass on to Google (“Remarketing” or “Google Analytics audiences”). Remarketing Audiences also helps us to ensure that our adverts will match a user’s potential interest and not annoy him.We use Google Analytics exclusively with IP anonymisation activated. This means the IP address of a user will, within the EU member states or in other signatories of the Treaty on the European Economic Area, be abbreviated by Google. Only by exception will a full IP address be transmitted to a Google server in the US for abbreviation.The IP address transmitted by the user’s browser will not be linked to other Google data. Users may block the storage of cookies via a setting in their browser software; users may also download and install the browser plugin available under the link below to prevent the cookie from collecting data related to their use of the online offer and transmitting these data to Google for processing: further information on data usage by Google, settings and options for objection, please refer to Google websites: (“Data usage by Google when you use our partners websites or Apps”), (“Data usage for advertising purposes”), (“Administrating information Google uses to display advertising to you”).

17. Google Re/Marketing services

Our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer pursuant to Art. 6 Para. 1 lit. f. GDPR) allow us to make use of the Marketing and Remarketing services (“Google Marketing Services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”).Google’s certification under the Privacy Shield Agreement guarantees compliance with the European Data Privacy Law Marketing Services allow us to target advertisements for and on our website more specifically in order to ensure that users will only be shown adverts that are of potential interest to them. When a user is, for instance, shown adverts for products he showed an interest in on other websites, this is then referred to as "Remarketing". When our and other websites with active Google Marketing Services are called up, Google will thus directly generate a code and (Re)marketing tags (hidden graphics or codes also referred to as "Web beacons") will be integrated into the website. This will be used to store an individual cookie, i.e. a small file on the user’s device (similar technologies may also be used instead of cookies). The cookies may be placed by different domains, among other by,,,, or This file records the websites a user visits, the content he is interested in and the offers he has clicked on, also technical information on the browser and operating system, referring websites, time of visits and other information for use of the online offer. The users’ IP address will also be recorded, but the IP address will, within the Google Analytics framework, be abbreviated within EU member states or other signatories to the Treaty on the European Economic Area and will be transmitted unabbreviated to a Google server in the US for shortening there only in exceptional cases. The IP address will not be linked to user data within other Google offers. Google may also link the aforementioned information with such information from other sources. Advertisements of interest to the user may then be displayed on other websites he may subsequently visit.Google Marketing Services will process user data pseudonymized. Google will thus for instance not store and process the user’s name or e-mail address but only relevant cookie-related data within pseudonymized user profiles. From the Google perspective, the adverts will thus not be processed and displayed to a specific identified person but to the owner of the cookie, irrespective of who this owner may be. This will not apply if a user explicitly allows Google to process the data without pseudonymization. The user information collected by Google Marketing Services will be transmitted to Google and stored on Google’s servers in the US.The Google Marketing Services we use includes the online advertising programme “Google AdWords”, among other. For Google AdWords, each AdWords client will receive an own “Conversion Cookie”. Cookies can thus not be tracked via the AdWords client websites. Information collected via cookies is used to compile Conversion Statistics for AdWords clients who opted for Conversion Tracking. AdWords clients will be informed of the total number of users who clicked on their advertisement and were navigated to a Web page with a Conversion Tracking tag. They will not, however, receive any information allowing personal identification of a user.We may also use the “Google Optimizer” service. Based on “A/B Testing”, Google Optimizer helps us understand the effect of various website changes (e.g. changing the input fields, designs, etc.). Cookies will be stored on user devices for the purpose of such tests. Only pseudonymized user data will be processed.We may furthermore also use the “Google Tag Manager” to integrate the Google Analysis and Marketing Services into our website and administrate this.Please visit the overview page for further information on Google’s use of data for marketing purposes:, Google’s Data Privacy Statement can be found under refer to the Setting and Opt-out options offered by Google to object to interest-based advertising by Google Marketing Services:
18. Newsletter
The content of our Newsletter is described below as well as registration, dispatch and statistical evaluation and your right of objection. By subscribing to our Newsletter, you agree to its receipt and with the procedures described.Content of the Newsletter: We will not send out Newsletters, e-mails and other electronic notifications containing promotional information (hereinafter referred to as “Newsletter”) unless with the consent of the recipients or with legal permission. Insofar as the content of the Newsletter is clearly described on registration, this shall be deemed agreed to by the user. Our Newsletters will for the rest contain information about our products, offers, campaigns and our company.Double Opt-In and logging: Registration for our Newsletter is always via a Double Opt-In procedure. After registering, you will therefore receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent someone else registering with false e-mail addresses. Registrations for the Newsletter will be logged to verify registration, pursuant to regulatory requirements. This includes storage of the time of registration and confirmation and the IP address. Changes to your data as stored at the mail service provider will also be logged.Mail service provider: Newsletters are dispatched via Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, hereinafter referred to as “mail service provider”. The Data Privacy Regulations of the mail service provider are available at: mail service provider furthermore states that he uses these data under a pseudonym, i.e. with no user named, to optimise or improve his own services, e.g. for technical optimisation of dispatch and presentation of the newsletters or for statistical purposes, to establish the countries of the recipients. The mail service provider will not, however, use data of our Newsletter recipients to correspond with them directly or pass on the data to third persons.Registration data: Your e-mail address will suffice when you register for the Newsletter. We also request you to voluntarily furnish a name, company name and address and your line of business for purposes of addressing you personally and reflecting relevancies in the Newsletter.Performance measurement: The Newsletters contain web beacons, i.e. a pixel-sized file called up by the mail service provider server when the Newsletter is opened. This process initially collects technical information such as browser and system data as well as your IP address and the time of access. This information is used for technical improvement of services based on technical data or target groups and their reading habits, based on the locations (definable via the IP addresses) and times of access. Statistical data also comprises information on if and when the Newsletters are opened and which links are clicked. Although this information is for technical reasons assignable to individual Newsletter recipients, neither us nor the mail service provider intend to observe individual users. The analyses rather serve to enable us to identify the reading habits of our users in order to adapt our content accordingly or to offer different content depending on the interest of our users.Bluhm Systeme GmbH in Germany: Mailing of the Newsletter and the performance measurement are subject to the consent of the recipient, pursuant to Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG [German Fair Trade Law] or subject to legal permission as per § 7 Para. 3 UWG.Bluhm Systeme GmbH in Austria: Mailing of the Newsletter and the performance measurement are subject to the consent of the recipient, pursuant to Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 Para. 2 TKG [Austrian Telecommunications Act] or subject to legal permission as per § 107 Para. 2 and 3 TKG.The registration process will be logged based on our legitimate interests as per Art. 6 Para. 1 lit. f GDPR and serves to verify your consent to receipt of the Newsletter.Cancellation/Revocation: You may cancel receipt of our Newsletter at any time, i.e. you may revoke your consent. Every Newsletter has a link for cancellation at its end. The personal data of users will be deleted if they have registered for the Newsletter only and cancel registration.

19. Linking of third party services and content
We will, based on our legitimate interests (i.e. interest in analysis, optimisation and commercial operation of our online offer in terms of Art. 6 Para. 1 lit. f. GDPR), make use of and link third party content or services such as videos or fonts (hereinafter referred to collectively as “content”). This always implies that the third party owners of such content must know the users’ IP addresses, since they need this to send content to their browsers. The IP address is thus necessary for presentation of such content. We endeavour to use only suppliers who will use the IP address exclusively for delivery of content. Third party suppliers may also use pixel tags (hidden graphics, also called “Web beacons”) for statistical or marketing purposes. Pixel tags may be used to assess visitor traffic on the pages of this website. Cookies may furthermore store the pseudonymized information on the users’ devices, containing, among other, technical information on the browser and operating system, referring websites, visiting times and other information on the use of our online offer and may also be linked to such information from other sources.The figure below gives an overview of third party suppliers and their content, also links to their data privacy statements containing further information on data processing and, as already mentioned, options for objection (Opt-Out):Cookie consent management with Our website uses the cookie consent technology from to obtain the legally required consent for the use of cookies. In this context, your browser may transmit personal data to The legal basis for this is Article 6, Paragraph 1, Sentence 1, Letter c GDPR. The provider of this technology is Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter When you enter our website, a cookie from is stored in your browser, in which the consent you have given or the revocation of this consent is saved. The collected data is stored until you ask us to delete it or delete the cookie from yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by can be found at: Google fonts by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland., (“Google Fonts”). Google fonts are linked via a Google server (normally in the US). Data privacy statement:, Opt-Out:“Google Maps” service by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy statement:, Opt-Out: service functions have been integrated into our online offer. These functions are provided by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You may click on the Google+ button when logged onto your Google+ account to link the content of our Web page to your Google+ profile. Google will then be able to assign your visit to our Web pages to your user account. We must point out that we, as the operator of the Web pages, will have no information about the transmitted data or their use by Google+. Data privacy statement:, Opt-Out:“YouTube” platform videos by third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy statement:, Opt-Out:“Vimeo” platform videos by third party provider Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. Data privacy statement: make use of the marketing functions (“LinkedIn Insight tag”) of the LinkedIn network in our online offer. The operator is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A link to LinkedIn servers will be created each time one of our websites with a LinkedIn function is accessed. LinkedIn will be notified that your IP address visited our Web pages. The LinkedIn Insight tag enables us in particular to analyse the success of our campaigns within LinkedIn or to identify target groups for our campaigns based on user interaction. Your registration with LinkedIn will allow the latter to assign your interaction with our online offer to your user account. LinkedIn will also be able to link your visit to our website to your LinkedIn user account if you are logged in at LinkedIn and click the Recommend button. LinkedIn is certified under the Privacy Shield Agreement and compliance with the European Data Privacy Law is in this way guaranteed ( Data privacy statement:, Opt-Out: online offer may have links to Twitter platform functions (hereinafter referred to as “Twitter”). Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions comprise presentation of our Twitter contributions in our online offer, linking to our Twitter profile and the ability to interact with Twitter contributions and functions; also to assess whether users reach our online offer via the advertising we place with Twitter (conversion measurement). Twitter is certified under the Privacy Shield Agreement and compliance with the European Data Privacy Law is in this way guaranteed ( Data privacy statement:, Opt-Out: JavaScript framework “jQuery” code provided by third party provider jQuery Foundation,

Let us help you!
Our experts are ready to help you find the most efficient solution for your label application needs, showing you photos, videos, brochures during a personalized consultancy.