In the following, we inform you about the collection of personal data when using our website and our products. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
A. GENERAL INFORMATION
I. Responsible Body
The responsible body as defined in Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
phone: 0049 821 90786150 (no product support under this number)
fax: 0049 82190786159
II. Contact Details of the Data Protection Officer
Our data protection officer can be reached at the e-mail address firstname.lastname@example.org or at the above-mentioned postal address with the endorsement “FAO Data Protection Officer “.
III. Legal Basis for the Processing of Personal Data
Your data will only be processed if there is a legal basis mentioned in Art. 6 (1) GDPR, in particular
- in the presence of your granted consent pursuant to Art. 6 (1) lit. a GDPR,
- for the performance of a contract or for the implementation of a pre-contractual measure pursuant to Art. 6 (1) lit. b GDPR. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
- for the fulfilment of a legal obligation to which our company is subject pursuant to Art. 6 (1) lit. c GDPR,
- for protecting a legitimate interest of our company or a third party pursuant to Art. 6 (1) lit. f GDPR to the extent that the interests, fundamental rights, and freedoms of the data subject do not override the former interest.
IV. Data Transfer, Transfer to Other Countries
- Disclosure of data to processors and third parties
If, in the framework of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant these parties access to such data, this will only be done on the basis of a statutory permission, in particular if
- you have expressly consented to this,
- a transfer of data to third parties, such as payment service providers, is necessary for the performance of the contract or for the implementation of pre-contractual measures according to Art. 6 (1) lit. b GDPR
- this is provided for in a legal obligation according to Art. 6 (1) lit. c GDPR,
- the disclosure is necessary to protect our legitimate interests (e.g., when deploying agents, web hosts, CMS, etc.) as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
If we commission third parties with the processing of data on the basis of a so-called "Data Processing Agreement", this based on the provisions in Art. 28 GDPR.
- Transfers to third countries
If we lawfully process data in a third country (i.e., a country outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur in presence of the specific requirements of Art. 44 et seq. GDPR. The processing is particularly carried out on the basis of special guarantees, such as the officially acknowledged determination of a level of data protection that corresponds to the data protection level of the European Union or the conclusion of EU standard data protection clauses.
V. Rights of the Data Subjects
As a data subject, you have the following rights with respect to us regarding the personal data concerning you:
- Right to information,
- right to rectification or erasure,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
Pursuant to Art. 77 GDPR, you also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The data protection supervisory authority responsible for us is
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
phone: +49 (0) 981 180093-0
facsimile: +49 (0) 981 180093-800
VI. Right of Revocation or Objection
If you have given your consent to the processing of your data, you may revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Pursuant to Art. 21 GDPR, you have the right to object at any time on grounds relating to your particular situation to the processing of personal data concerning you which is carried out on the basis of the provisions in Art. 6 (1) lit. e or f GDPR. This is the case if the processing is unnecessary, in particular, for the performance of a contract concluded with you. In case you exercise your right to object, we will ask you to explain the reasons why your personal data should not be processed in the way we do it. In the event of a justified objection, we will discontinue or adapt the data processing or present compelling legitimate grounds for you to continue the processing that override your interests, rights, and freedoms, or which serve the assertion, exercise, or defence of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such advertising at any time. In this case you will only incur transmission costs according to the prime rates. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. Inform us of your objection regarding the use for advertising by using the following contact details:
phone: 0049 821 90786150 (no product support under this number)
facsimile: 0049 82190786159
- If we receive your e-mail address, either because you have become a customer or because we were allowed to conduct a free webinar for you, we reserve the right to regularly send you offers for our own similar goods or services via e-mail. According to Sec. 7 (3) of the German Unfair Competition Law (UWG), we do not need to obtain a separate consent to this end. In this respect, the data processing is carried out solely on the basis of the legitimate interest in personalized direct advertising pursuant to Art. 6 (1) sentence 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, no mail will be sent.
VII. Deletion of Data and Storage Period
B. INDIVIDUAL DATA PROCESSING
I. Collection of Personal Data when Visiting our Website, Cookies
- In the case of merely informational use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis: Art. 6 (1) sentence 1 lit. f GDPR). In detail, the following data is stored about each access/retrieval:
- IP address,
- date and time,
- page called up/name of the URL called up,
- amount of data transferred,
- browser type and version,
- operating system used,
- message whether the access was successful.
In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against misuse and other unauthorized use.
This website uses the following types of cookies, the scope and functionality of which are explained hereunder:
- Transient cookies (see a)
- Persistent cookies (see b)
- Third-party cookies (see c)
a) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. For example, the login status may be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for measuring the reach or for marketing purposes. You can delete the cookies in the security settings of your browser at any time
c) "Third-party cookies" are cookies offered by providers other than the responsible party that operates the online offer (if these are only the responsible party’s cookies, they are referred to as "first-party cookies").
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser.
Please note that in this case not all the functions of this online offer can be used.
II. Contacting Us
If you actively contact us by e-mail, by using the contact form or through a phone call, the personal data you provide will be collected and processed in order to deal with your request. This includes, in particular, your name and contact details (e-mail address, post address, mobile phone number) as well as other information provided by you. When using our contact form, the data transmitted through it will be processed (e.g., name, company, e-mail address and the time of transmission).
The legal basis for that is Art. 6 (1) lit f. GDPR. Our legitimate interest is in the processing of the request. If your contact is aimed at the conclusion or execution of a contract, this is based on the provision in Art. 6 (1) lit. b GDPR.
We delete the data accruing in this context once the storage is no longer necessary, or we restrict the processing in case of statutory retention obligations.
III. Boxcryptor Account
In addition to the purely informational use of our website, we offer various licenses for our products that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
In order to use Boxcryptor, it is necessary to create a user account. For this purpose, your personal data required for the performance of the contract, such as e-mail address, first name, last name, and country, are collected, stored, and processed by us. This also includes information regarding the payment method until you finally delete your account.
Furthermore, we store the data voluntarily provided by you for the time that you are using the product, unless you delete it beforehand. You can manage and change all details in the protected customer area.
In addition, the data required for encryption, in particular the public and private keys, are stored by us (the private keys in encrypted form that cannot be decrypted by Secomba). The aforementioned data is used exclusively to enable the use of Boxcryptor.
All confidential information stored by the Boxcryptor key server is either encrypted (private RSA keys, for instance) or otherwise protected (such as password hashes). To further increase security, all personal data (such as e-mail addresses) is encrypted before being stored in databases.
The aforementioned data is used exclusively for the performance of the contract. The legal basis is Art. 6 (1) sentence 1 lit. b and lit. f GDPR. Our legitimate interest is the fulfilment and optimization of the services provided.
If you have registered with us / created a Boxcryptor account, you will receive e-mails from us with technical information. These are in particular mails to activate the account or mails containing the notice that your license expires or is renewed.
For sending these e-mails we use Mandrill, a tool developed by The Rocket Science Group, LLC d/b/a MailChimp (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). To this end, your e-mail address provided within the framework of the registration is provided to this tool. Said e-mail address is thereby transmitted to a MailChimp server in the USA and stored there. MailChimp uses this information to send the displayed mails.
The legal basis for sending e-mails with technical information is Art. 6 (1) lit. b GDPR.
IV. Boxcryptor for Microsoft Teams
V. Use of Google Analytics
As far as you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
- Scope of processing
We use the function 'anonymizeIP' (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
During your website visit, the following data is collected among others:
- the pages you visit, your “click path”
- achievement of “website goals” (conversions, e.g., newsletter sign-ups, downloads, purchases)
- your user behaviour (for instance, clicks, dwell time, bounce rates)
- your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the terminal devices you use (e.g., language setting, screen resolution)
- your internet service provider
- the referrer URL (through which website/ advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.
Transmission to third countries
A transmission of data to the USA cannot be excluded.
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, in that
a. you do not consent to setting the cookie, or
b. you download and install the browser add-on to enable Google Analytics HERE.
You can also prevent cookies from being stored by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, you may experience limitations in functionality on this and other websites.
- Legal basis and revocation option
The legal basis for this data processing is your consent, see Art.6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
We use the YouTube service to embed videos on our website. The responsible provider in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The legal basis is your consent pursuant to Art. 6 I lit. a GDPR.
As soon as you start a YouTube video on our website, a connection to YouTube's servers is established. The YouTube server receives the information which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. In doing so, data may be transferred to the USA and linked to further data from other Google services, especially if you are logged into your Google account. In order to secure the data transfer, we have concluded the EU standard data protection clauses. If such a transfer of this information to YouTube and Google is not desired, you can prevent this transfer by logging out of your YouTube account before accessing our website.
The processed data includes
- Information about the devices and browsers used (e.g., unique identifiers, IP address, type and settings, operating system, mobile network)
- your activities (videos viewed, date and time of the visit to the page in question, website visited, interactions)
- location data.
We have no influence on the storage period of the data and further data processing by YouTube and Google.
In order to reduce data transfer before the actual start of a video, we use the extended privacy mode. According to YouTube, this mode has the effect that YouTube does not store any information about visitors to this website before they watch the video. We also embed the videos on our website in such a way that a transfer of your data to Google or YouTube partners (the Google DoubleClick network) only begins with your active click on the video.
For more information about data protection at YouTube and Google, please see their privacy statements at: https://www.youtube.com/static?gl=DE&template=terms&hl=de and https://policies.google.com/privacy?hl=de
VII. Application Software
For the execution of application data, we use the personnel administration and applicant management software of Personio GmbH. Your transmitted data is transferred via TLS encryption and stored in this database. This is based on the legal provisions in Art. 6 (1) lit. b GDPR. Personio is our processor in this context according to Art. 28 GDPR. You can find more information on data processing at https://www.personio.de/datenschutz/.
VIII. Support Widget Zendesk
IV. Contact Management via HubSpot
On this website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA (Hubspot, Inc. 25 First Street Cambridge, MA 02141 USA) with a branch in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). This is an integrated software solution that we use to cover various aspects of our online marketing. This includes, among other things, contact management using a CRM system and pop-up news on our website. In addition, to improve the user experience on our website, we use HubSpot's live chat service "Messages" (chat window) for sending and receiving messages on some subpages. Upon consent and use of this feature, the following data is transmitted to HubSpot's servers:
- Content of all chat messages sent and received
- Context information (e.g., page on which the chat was used)
- Optional: e-mail address of the user (if provided by the user via the chat function).
The legal basis for the use of Hubspot's services is your consent pursuant to Art. 6 (1) lit. a GDPR.
HubSpot meets the minimum requirements for legally compliant commissioned data processing by concluding the EU standard data protection clause. In addition, there is a Data Processing Agreement (DPA) with HubSpot. This ensures that Hubspot only uses the user data within the scope of the EU data protection standards exclusively for processing the requests and does not pass them on to third parties without authorization. Further information can be found under https://legal.hubspot.com/de/privacy-policy .
- Receipt of our newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the consent form.
For the subscription to our newsletter, we use the opt-in procedure. This means that after entering your e-mail address, you confirm the registration again by clicking a button. We store your IP addresses and ties of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information required for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. This is based on the legal provisions of Art. 6 (1) sentence 1 lit. a GDPR.
- Use of the service provider MailChimp
The newsletter is sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on your data provided during the newsletter registration. This transfer takes place in accordance with Art. 6 (1) lit. f GDPR and serves our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly. Your data will be transferred to a MailChimp server in the USA and stored there. MailChimp uses this information to send and statistically evaluate the newsletters on our behalf.
In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard data protection clauses of the European Commission to enable the transfer of your personal data to MailChimp. For information on data processing at MailChimp see: https://mailchimp.com/legal/privacy/ and https://mailchimp.com/de/gdpr/.
For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g., time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. Furthermore, MailChimp may use this data themselves on the basis of their own interest in the needs-based design and optimization of the service, as well as for market research purposes, for example, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them directly or to pass them on to third parties. The legal basis for newsletter tracking is Art. 6 (1) lit. a GDPR, which you consent to during the newsletter registration process.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
We would like to point out that a separate revocation of the tracking consent is not possible and that in this case you will equally no longer receive the newsletter.
If you revoke your consent, we store the information from the registration and deregistration in a block list to avoid possible consent-free e-mail advertising.
XI. Social Media
In addition to this website, we maintain social media presences on Twitter, Xing, Instagram, and LinkedIn, which you can access via the corresponding buttons on our website. If you visit one of these sites, personal data may be transmitted to the provider of the social network.
We would like to point out that in this case user data is transmitted to a server in a third country and might therefore be processed outside the European Union. An appropriate level of protection for the transfer of data is ensured by the conclusion of the EU standard data protection clauses.
In addition to the storage of the data specifically entered by you in this social medium, the provider of the social network may also process further information. If you are logged in to the network with your personal user account while visiting the corresponding website, this network can assign the visit to this account. The purpose and scope of the data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, can be found in the respective provisions of the respectively responsible party, e.g.:
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; service provider in the EU: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND):
- Opt-Out possibility: https://twitter.com/personalization
LinkedIn (LinkedIn Corporation, 1000 W. Maude Ave. Sunnyvale, California 94085; service provider in the EU: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; service provider in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)