1. Information about the collection of personal data
In the following, we inform you about the collection of personal data upon use of this website. Personal data are defined as all data which can be attributed to your person, e.g. name, address, email address, user behavior.
The Controller in terms of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
Tel: 0049 821 90786150 (no product support under this number)
Fax: 0049 82190786159
When you contact us by email or via the contact form, the data you have provided (your email address and, where applicable, your name and your telephone number) will be stored by us for the purpose of responding to your enquiry. The data collected in this context are deleted once storage is no longer required; if there is a statutory duty to retain the data, processing will be restricted.
If we wish to use commissioned subcontractors for individual functions of this service or to use your data for commercial purposes, detailed information about the respective processes is provided below. The fixed criteria for storage periods are likewise stated below.
2. Your rights
You have the following rights in your relationship with us with regard to the personal data concerning your person:
- Right of access,
- Right of rectification or erasure,
- Right restriction of processing,
- Right to object,
- Right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The designated data protection supervisory authority is
Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany,
Telephone: 0049 (0) 981 53 1300,
Fax: 0049 (0) 981 53 98 1300,
3. Collection of personal data upon visiting our website
If you are using the website only on an informational basis, i.e. you do not register or otherwise transmit information to us, we will only collect the personal data transmitted to the server by your browser. If you wish to view the website, we collect the following data, which are technically required in order to display this website to you and ensure stability and security (the legal basis is Article 6 (1) (f) GDPR); In the following we will detail the data that is being recorded at each access:
- anonymized IP address
- date and time of access
- requested pate/name of requested URL
- amount of data transferred
- type of browser and version
- Operating system
- notice, if access was successful.
In addition to the aforementioned data, cookies are stored on your computer when you use this website. Cookies are small text files which are stored on your hard drive and allocated to the browser used by you and through which the agency which sets the cookie (in this case us) is provided with particular pieces of information. Cookies cannot execute applications or transfer viruses to your computer. Their purpose is to make the online service generally more user-friendly and effective.
This website uses the following types of cookies, the scope and functioning of which are explained below:
- Transient cookies (see 3.2)
- Persistent cookies (see 3.3).
Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a so-called session ID, through which different requests by your browser may be allocated to a single session. This enables your computer to be recognized when you return to this website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a pre-set period, which may differ depending on the type of cookie. You may at any time delete cookies in your browser's security settings.
You may configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies. This may mean that you will not be able to use all functions of this website.
4. Further functions and services of our website
Alongside the purely informational use of our website, we offer a number of different services which you may use if they are of interest to you. For this purpose, you will normally have to supply some additional personal data which we will use to provide the respective service and to which the aforementioned principles of data processing apply. In order to use Boxcryptor you need to create a user account. For this we will gather personal data such as email address, name, last name and country and store it. Furthermore, we will store the data necessary for the encryption, especially the public and private keys (the private keys encrypted, for us unencrypted).
The aforementioned data will only be used to fulfil the contract.
We use external service providers for some parts of the processing of your data. These providers have been carefully selected and engaged by us, are bound to instructions and are monitored regularly.
If these service providers or associates are domiciled in a state outside the European Economic Area (EEA), we will inform you of the consequences of this fact in the service description.
5. Objection or revocation of consent to the processing of your data
If you have given your consent for your data to be processed, you may revoke it at any time. Such a revocation affects the lawfulness of processing of your personal data once you have declared it to us.
If the processing of your personal data is based on a weighing up of interests, you may object to the processing. This is the case particularly if the processing is not required to fulfil a contract with you, which we will explain in the following with each description of functions. If you wish to declare such an objection, we request that you stipulate the reasons why you wish no processing of your personal data to take place. In the event of a justified objection, we will investigate the circumstances and either cease or adjust data processing, or notify you of mandatory reasons meriting protection, due to which the processing must be continued.
You may, of course, at any time object to the processing of your personal data for the purposes of advertising and data analysis. Please use the following contact details to inform us of your objection to advertising:
Tel: 0049 821 90786150 (no product support under this number)
Fax: 0049 82190786159
6. Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "Cookies", which are text files placed on your computer, to allow the website operator to analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed further in a shortened version, which excludes the possibility of attribution to a particular individual. If the data collected about you is attributable to your person, this attribution is therefore immediately excluded and the personal data therefore immediately deleted.
We use Google Analytics in order to be able to analyse use of and continually improve this website. The statistics gained enable us to improve our services and design them in a manner which is of more interest to you as the user. For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) (f) GDPR.
7. Use of Social Media Plugins
For the time being we use the following social media plugins: Facebook and Twitter. In this case we use the so called two-click-solution. This means, if you visit our site at first we will generally not transfer personal data to the provider of these social plugins. You will recognize the provider of the plugin through the mark in the checkbox above the initial or the logo. We offer you the possibility to directly communicate with the provider of the plugin using the button. Only if you click on the box and activate it the plugin provider will get the information that you have opened the respective website of our online offer. Additionally, the data described under para. 3 of this policy will be transmitted. In case of Facebook according to information from Facebook in Germany the IP-address will be anonymized immediately after gathering. Through activation of the plugins personal data will be transmitted from you to the respective plugin provider where (in case of USAmerican provider in the USA) your data will be stored. As the plugin provider conducts the gathering of data especially using cookies, we recommend to delete all cookies though the security settings before clicking the grey checkbox.
We neither have influence over the gathered data and data processing processes nor do we have knowledge about the full extent of the gathering of data, the purposes of processing, the storage periods. Neither do we have any information about the deletion of gathered data by the plugin provider.
The plugin provider stores your data gathered as user profiles and uses it for purposes of marketing, market research and/or the configuration of the website as needed and in order to inform other users of the social network about your activities on our website. You have the right to object against the creation of user profiles; you have to address the objection to the respective plugin provider. Over the plugins we can give you the possibility to interact with the social networks and other user in order to be able to improve our offer and to make it more interesting for your as user. Legal basis for the use of the plugins is Art. 6 (1) sentence 1 f) GDPR.
The transmission of data takes place irrespective of whether you have an account with the plugin provider or if you are logged in. If you are logged in with the plugin provider, your data that are being gathered with us will be directly related with the account you have with the plugin provider. If you confirm the activated button and e.g. link to this page, the plugin provider will also store this information in your user account and will publicly disclose it to your contacts. We suggest you always logout after every use of a social network, especially before activating the button, as you can avoid the assigning to your profile with the plugin provider.
You can get further information regarding the purpose and extent of the gathering of data and its processing through the plugin provider via the data policies offered by these providers named below. There you will get more information regarding your respective rights and possibilities of setting for the protection of your privacy.
Please, find here the addresses URL with their privacy policies of the respective plugin provider:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for further information regarding the gathering of data: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other\#applications as well as http://www.facebook.com/about/privacy/your-info\#everyoneinfo. Facebook has submitted to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
8. Personal Data and the Use of Boxcryptor
- When and if you use our product, we store your data necessary for the fulfillment of the contract, as well as information regarding the payment method, until you definitely delete your account. Additionally, we store the data you voluntarily gave us for the time of your use of the product if you do not delete them before. You can administer and amend all information in your protected user area. Legal basis is Art. 6 (1) s. 1 f GDPR.
Furthermore, the data necessary for the encryption, especially the public and private key, will be stored with us (the private key in encrypted form, not decryptable for Secomba). The aforementioned data will exclusively be used to enable the use of Boxcryptor.
All confidential information that the Boxcryptor Key Server stores, are or encrypted (as e.g. private RSA-keys) or protected otherwise (as password hashes). In order to additionally increase the safety all personal data (such as email-addresses) will be encrypted before they are being stored in databases.
For the creation of statistics, user information and the update check on all platforms an anonymized ID, type, version and language of the device, the duration of use and the crash logs will be gathered. On the platforms Mac OS X and iOS with use the solution offered by the third HockeyApp for this reason. This data transmission can be deactivated manually by users on Mac OS X and iOS in the settings. Furthermore, our software reads and analyses the cookies set by our website when using the software (e.g. when creating an account).
With your consent, you may subscribe to our newsletter. The goods and services advertised are specified in the declaration of consent.
We use a double-opt-in procedure for newsletter subscription. This means that following your registration for subscription we will send you an email to the email address provided in which you are asked to confirm that you wish to receive the newsletter. You will be added to our mailing list if you confirm your registration. If you do not confirm your subscription within one year, your information will be blocked and deleted automatically. In addition, we store the IP addresses used by you in each case, and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and investigate and solve any potential misuse of your personal data.
The only mandatory information for the sending of the newsletter is your email address. Where applicable, the provision of further, separately marked details is voluntary and is used to enable us to address you personally. Following your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis for this is Article 6 (1) (a) GDPR.
You may at any time revoke your consent for the newsletter to be sent and unsubscribe from the newsletter. You may declare revocation by clicking on the link provided in each newsletter email or sending a message to the contact information included in the Legal Notice.
The sending of the newsletter takes place using the technical service provider The Rocket Service Group, LLC c/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA (http://www.mailchimp.com/) to which we transmit the data you have provided us with when subscribing for the newsletter. This transmission takes place according to Art. 6 (1) f GDPR and serves to our legitimate interests to use a newsletter system that is safe and user-friendly as well as effective in advertising. Your data will be transmitted to a server from MailChimp in the USA and stored there. MailChimp uses this information to send and statistically analyse the Newsletter on our behalf. For the analysis the sent emails contain so-called web-beacons or tracking pixels respectively that represent one-pixel-image files that are being stored on our website. Thus we can determine if a newsletter message has been opened and which links have been clicked, if so. Furthermore, technical information will be gathered (e.g. time of demand, IP address, browser type and operating system). The data will only be gathered pseudonymized and will not be attached to your further personal data, a direct identifiability is excluded. These data only serve for the statistical analysis of newsletter campaigns. The results of the analysis can be used in order to better adapt future newsletter to the interests of the addressee. If you wish to object to the analysis of your data for statistical reasons you have to unsubscribe the newsletter. Furthermore, MailChimp can use these data according to Art. 6 (1) f GDPR for own reasons due to its legitimate interest to develop and optimize its service as well as for market research reasons, e.g. in order to determine from which countries the addressees come. Nevertheless, MailChimp does not use the data of our newsletter addressees to send own mailings to the or to transmit them to thirds. In order to protect your data in the USA we have concluded a controller-processor-agreement with MailChimp based on the standard contractual clauses of the European Commission in order to make the transmission of your personal data to MailChimp possible. This Controller to processor agreement can be reviewed under the following internet address: http://mailchimp.com/legal/forms/data-processing-agreement/. Furthermore, MailChimp is certified under the US-European data protection agreement "Privacy Shield" and herewith commits itself to comply with the data protection provisions. You can review MailChimps data protection policy here: https://mailchimp.com/legal/privacy/.