1. Information about the collection of personal data
In the following, we inform you about the collection of personal data upon use of this website. Personal data are defined as all data which can be attributed to your person, e.g. name, address, email address, user behavior.
The Controller in terms of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
Tel: 0049 821 90786150 (no product support under this number)
Fax: 0049 82190786159
When you contact us by email or via the contact form, the data you have provided (your email address and, where applicable, your name and your telephone number) will be stored by us for the purpose of responding to your enquiry. The data collected in this context are deleted once storage is no longer required; if there is a statutory duty to retain the data, processing will be restricted.
If we wish to use commissioned subcontractors for individual functions of this service or to use your data for commercial purposes, detailed information about the respective processes is provided below. The fixed criteria for storage periods are likewise stated below.
2. Your rights
You have the following rights in your relationship with us with regard to the personal data concerning your person:
- Right of access,
- Right of rectification or erasure,
- Right restriction of processing,
- Right to object,
- Right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The designated data protection supervisory authority is
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach, Germany
Telephone: 0049 (0) 981 53 1300
Fax: 0049 (0) 981 53 98 1300
3. Collection of personal data upon visiting our website
If you are using the website only on an informational basis, i.e. you do not register or otherwise transmit information to us, we will only collect the personal data transmitted to the server by your browser. If you wish to view the website, we collect the following data, which are technically required in order to display this website to you and ensure stability and security (the legal basis is Article 6 (1) (f) GDPR); In the following we will detail the data that is being recorded at each access:
- anonymized IP address
- date and time of access
- requested pate/name of requested URL
- amount of data transferred
- type of browser and version
- Operating system
- notice, if access was successful.
In addition to the aforementioned data, cookies are stored on your computer when you use this website. Cookies are small text files which are stored on your hard drive and allocated to the browser used by you and through which the agency which sets the cookie (in this case us) is provided with particular pieces of information. Cookies cannot execute applications or transfer viruses to your computer. Their purpose is to make the online service generally more user-friendly and effective.
This website uses the following types of cookies, the scope and functioning of which are explained below:
- Transient cookies (see 3.2)
- Persistent cookies (see 3.3).
Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a so-called session ID, through which different requests by your browser may be allocated to a single session. This enables your computer to be recognized when you return to this website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a pre-set period, which may differ depending on the type of cookie. You may at any time delete cookies in your browser's security settings.
You may configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies. This may mean that you will not be able to use all functions of this website.
4. Further functions and services of our website
Alongside the purely informational use of our website, we offer a number of different services which you may use if they are of interest to you. For this purpose, you will normally have to supply some additional personal data which we will use to provide the respective service and to which the aforementioned principles of data processing apply. In order to use Boxcryptor you need to create a user account. For this we will gather personal data such as email address, name, last name and country, and store it. Furthermore, we will store the data necessary for the encryption, especially the public and private keys (the private keys are stored encrypted, for us it is not possible to decrypt any private key).
The aforementioned data will only be used to fulfil the contract.
We use external service providers for some parts of the processing of your data. These providers have been carefully selected and engaged by us, are bound to instructions and are monitored regularly.
If these service providers or associates are domiciled in a state outside the European Economic Area (EEA), we will inform you of the consequences of this fact in the service description.
5. Objection or revocation of consent to the processing of your data
If you have given your consent for your data to be processed, you may revoke it at any time. Such a revocation affects the lawfulness of processing of your personal data once you have declared it to us.
If the processing of your personal data is based on a weighing up of interests, you may object to the processing. This is the case particularly if the processing is not required to fulfil a contract with you, which we will explain in the following with each description of functions. If you wish to declare such an objection, we request that you stipulate the reasons why you wish no processing of your personal data to take place. In the event of a justified objection, we will investigate the circumstances and either cease or adjust data processing, or notify you of mandatory reasons meriting protection, due to which the processing must be continued.
You may, of course, at any time object to the processing of your personal data for the purposes of advertising and data analysis. Please use the following contact details to inform us of your objection to advertising:
Tel: 0049 821 90786150 (no product support under this number)
Fax: 0049 82190786159
6. Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "Cookies", which are text files placed on your computer, to allow the website operator to analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed further in a shortened version, which excludes the possibility of attribution to a particular individual. If the data collected about you is attributable to your person, this attribution is therefore immediately excluded and the personal data therefore immediately deleted.
We use Google Analytics in order to be able to analyse use of and continually improve this website. The statistics gained enable us to improve our services and design them in a manner which is of more interest to you as the user. For the exceptional cases in which personal data is transferred to the USA applies: An appropriate level of protection for the transfer of data is assured by the conclusion of the EU standard data protection clauses (available at https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1487055654356&uri=CELEX:32010D0087).. The legal basis for the use of Google Analytics is Article 6 (1) (f) GDPR.
7. Use of Social Media Plugins
In addition to this website, we maintain social media sites on Twitter, Instagram and LinkedIn, which you can reach via the corresponding buttons on our website. If you visit one of these presences, personal data may be transmitted to the provider of the social network. We draw your attention to the fact that user data may be transferred to a server in a third-party country and may therefore be processed outside the European Union. An appropriate level of protection for the transfer of data is assured by the conclusion of the EU standard data protection clauses (available at https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1487055654356&uri=CELEX:32010D0087).
In addition to the storage of the specific data you have entered in this social medium, further information may also be processed by the provider of the social network. If you are logged into the network with your personal user account while visiting the corresponding website, this network can assign the visit to this account. The purpose and scope of the data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, can be found in the respective provisions of the respective person responsible, e.g. below:
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA):
- Privacy statement: https://twitter.com/en/privacy
- Opt-Out possibility: https://twitter.com/personalization
- An appropriate level of protection for the transfer of data is assured by the conclusion of the EU standard data protection clauses (available at https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1487055654356&uri=CELEX:32010D0087).
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
- Privacy statement/ Opt-Out possibility: http://instagram.com/about/legal/privacy/
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
- Privacy statement/Opt-Out possibility: https://privacy.xing.com/en
8. Integration of Services and Contents of Third Parties
Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the DSGVO) content or service offers from third parties in order to integrate their content and services (hereinafter uniformly referred to as “content”). It is necessary that these third parties may use your IP address because they would not be able to send the content to your browser without the IP address.
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited:
Google Ireland Limited,
Gordon House, Barrow Street,
Dublin 4, Ireland
We also use the services of third-party provider Contentful:
Ritterstraße 12 - 14
10969 Berlin, Germany
In addition, we use Zoom, a service of the US provider Zoom Video Communications, Inc. for our webinars:
Zoom Video Communications
San Jose Headquarters
55 Almaden Boulevard, 6th Floor
San Jose, CA 95113
The legal basis for the processing of data with Zoom is Art. 6 Para. 1 lit. b) GDPR, as we hereby provide contractual services.
8.1 Transfer of Data to Third Parties
The data submitted in the context of an application is transmitted using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software. In this context, Personio is our contract processor according to Art. 28 GDPR. The basis for the processing is a contract for order processing between us as the responsible body and Personio. Find out more: Personio
For handling customer inquiries, we use the support widget from Zendesk, a customer service platform of Zendesk Inc. 109 Market Street San Francisco, CA 94103 USA. For this, necessary data, such as the surname, first name and email address, are collected via our website to process your inquiries. If you contact us by email or form, we will only use the provided personal data to process your specific inquiry.
The purpose of the transmission is to be able to answer your requests fast and efficiently. Here also lies our rightful interest in the process of the mentioned data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. By contacting us, you consent to the transfer of the above-mentioned data to Zendesk.
On this website, we use HubSpot for online marketing activities. HubSpot is a software company from the USA (HubSpot, Inc. 25 First Street Cambridge, MA 02141 USA) with a subsidiary in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland).
HubSpot is an integrated software solution with which we cover various aspects of our online marketing activities. These include contact management via the CRM system and the pop-up news on our website. In addition, to improve the user experience on our website, we use HubSpot’s live chat service “Messages” to send and receive messages on some sub-pages. Upon consent and use of this feature, the following information is transmitted to HubSpot’s servers:
- Content of all sent and received chat messages
- Context information (e.g. page on which the chat was used)
- Optional: The user’s email address (if provided by the user via chat function)
The legal basis for the use of the services of HubSpot is our rightful interest according to art. 6 I f GDPR due to the optimization of our marketing measures and the improvement of our service quality on the website.
Boxcryptor for Microsoft Teams
If you use Microsoft Teams, you can securely exchange sensitive information via an integration of Boxcryptor using end-to-end encryption with zero-knowledge standard. Unauthorized third parties, in particular the provider Microsoft Corporation (One Microsoft Way, Redmond, USA), will no longer be able to access data and documents that is exchanged with the Boxcryptor integration. We do not process any personal data in this process.
9. Personal Data and the Use of Boxcryptor
When and if you use our product, we store your data necessary for the fulfillment of the contract, as well as information regarding the payment method, until you definitely delete your account. Additionally, we store the data you voluntarily gave us for the time of your use of the product if you do not delete them before. You can administer and amend all information in your protected user area. Legal basis is Art. 6 (1) s. 1 f GDPR.
Furthermore, the data necessary for the encryption, especially the public and private key, will be stored with us (the private key in encrypted form, not decryptable for Secomba). The aforementioned data will exclusively be used to enable the use of Boxcryptor.
All confidential information that the Boxcryptor Key Server stores, are or encrypted (as e.g. private RSA-keys) or protected otherwise (as password hashes). In order to additionally increase the safety all personal data (such as email-addresses) will be encrypted before they are being stored in databases.
In the event of a crash, crash logs are collected on all platforms and evaluated by a third-party provider in order to analyze malfunctions of the software. For this purpose, we use the Visual Studio App Center solution from Microsoft on macOS, iOS and Android. Furthermore, our software reads and evaluates the cookies set by our website when using the software (e.g. account creation).
With your consent, you may subscribe to our newsletter. The goods and services advertised are specified in the declaration of consent.
For newsletter subscription, we use the opt-in procedure. You enter your email address and confirm the subscription by klicking the assigned button. We store the IP addresses used by you in each case, and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and investigate and solve any potential misuse of your personal data. If we receive your e-mail address, either because you have become a customer or because we have been conducting a free webinar for you, we reserve the right to send you regular offers for our own similar goods or services by email. According to § 7 Abs. 3 UWG, we do not have to obtain separate consent for this. In this respect, data processing is carried out solely on the basis of a justified interest in personalized direct advertising pursuant to Art. 6 para. 1 sentence 1 lit. f) EU-GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time, with effect for the future, by notifying us. You will only be charged with transmission costs according to the basic tariffs, for the delivery of the objection. Upon receipt of an objection, the use of this email address for advertising purposes will be discontinued immediately.
The only mandatory information for the sending of the newsletter is your email address. Where applicable, the provision of further, separately marked details is voluntary and is used to enable us to address you personally. Following your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis for this is Article 6 (1) (a) GDPR.
You may at any time revoke your consent for the newsletter to be sent and unsubscribe from the newsletter. You may declare revocation by clicking on the link provided in each newsletter email or sending a message to the contact information included in the Legal Notice.
The sending of the newsletter takes place using the technical service provider The Rocket Service Group, LLC c/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA (http://www.mailchimp.com/) to which we transmit the data you have provided us with when subscribing for the newsletter. This transmission takes place according to Art. 6 (1) f GDPR and serves to our legitimate interests to use a newsletter system that is safe and user-friendly as well as effective in advertising. Your data will be transmitted to a server from MailChimp in the USA and stored there. MailChimp uses this information to send and statistically analyse the Newsletter on our behalf. For the analysis the sent emails contain so-called web-beacons or tracking pixels respectively that represent one-pixel-image files that are being stored on our website. Thus we can determine if a newsletter message has been opened and which links have been clicked, if so. Furthermore, technical information will be gathered (e.g. time of demand, IP address, browser type and operating system). The data will only be gathered pseudonymized and will not be attached to your further personal data, a direct identifiability is excluded. These data only serve for the statistical analysis of newsletter campaigns. The results of the analysis can be used in order to better adapt future newsletter to the interests of the addressee. If you wish to object to the analysis of your data for statistical reasons you have to unsubscribe the newsletter. Furthermore, MailChimp can use these data according to Art. 6 (1) f GDPR for own reasons due to its legitimate interest to develop and optimize its service as well as for market research reasons, e.g. in order to determine from which countries the addressees come. Nevertheless, MailChimp does not use the data of our newsletter addressees to send own mailings to the or to transmit them to thirds. In order to protect your data in the USA we have concluded a controller-processor-agreement with MailChimp based on the standard contractual clauses of the European Commission in order to make the transmission of your personal data to MailChimp possible. This Controller to processor agreement can be reviewed under the following internet address: http://mailchimp.com/legal/forms/data-processing-agreement/. An appropriate level of protection for the transfer of data is assured by the conclusion of the EU standard data protection clauses (available at https://eur-lex.europa.eu/legal-content/DE/TXT/?qid=1487055654356&uri=CELEX:32010D0087). You can review MailChimps data protection policy here: https://mailchimp.com/legal/privacy/.