Privacy Policy
Effective date: October 2024
As a provider of software to strengthen privacy, your rights regarding data protection and informational self-determination are important to us. We attempt to restrict the use of data to the absolute essential minimum. Of course, we do not use analysis tools and unnecessary cookies. However, for some processes, especially in connection with payment transactions, we depend on the services of third parties and you should also read their privacy policies carefully.
This privacy policy consists of the following sections:
- Name and address of the responsible company
- General Information on Data Processing
- Provision of the Website and Creation of Log Files
- Use of Cookies
- Email Contact
- Use in the Course of Online Orders (E-Commerce)
- Disclosure of Personal Data to Third Parties
- Using the Cryptomator Application
- Rights of the Affected Person
- Use of Analytics
1. Name and address of the responsible company
The responsible company within the meaning of the General Data Protection Regulation (GDPR) and other nation data protection laws of the member states as well as other data protection regulations is:
Skymatic GmbH
Am Hauptbahnhof 6
53111 Bonn
Germany
Represented by:
Tobias Hagemann
Sebastian Stenzel
Contact: [email protected]
2. General Information on Data Processing
2.1 Extent of Processing of Personal Data
As a matter of principle, we collect and process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2.2 Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.
2.3 Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
3. Provision of the Website and Creation of Log Files
3.1 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- browser name and version
- the user’s operating system
- referrer URL
- access date and time
- IP address
- accessed web site
- amount of transmitted data in bytes
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
3.4 Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose for which it has been collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
If the data is stored in log files, this is the case after 7 days at the latest.
3.5 Opposition and Removal Possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
4. Use of Cookies
4.1 Description and Scope of Data Processing
Our website only uses technically necessary cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is reopened.
4.2 Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
4.3 Purpose of Data Processing
The purpose of using technically necessary cookies is to enable the use of websites for users. In particular, they are used to detect and mitigate DDOS attacks. The user data collected by technically necessary cookies is not used to create user profiles.
This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4.4 Duration of Storage, Opposition and Removal Possibility
Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may not be possible to use all the functions of the website to their full extent.
5. Email Contact
5.1 Description and Scope of Data Processing
It is possible to contact us via the provided email address. In this case, the user’s personal data transmitted with the email will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
5.2 Legal Basis for Data Processing
The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
5.3 Purpose of Data Processing
The processing of personal data serves us solely to process the contact. This also includes the necessary legitimate interest in processing the data.
5.4 Handling Inquiries and Customer Relationship Management
We use self-hosted open-source software solutions to manage external inquiries and customer relationships efficiently. These tools help us organize, respond to, and track interactions with customers, partners, and interested parties in a service-oriented and structured manner.
When you contact us, your data is stored in a user profile to process your inquiry, handle follow-up questions, and manage our relationship with you. The data processed may include:
- First name
- Last name
- Email address
- Username (if applicable)
- Organization/Company
- Time of inquiry
- Content of the inquiry
- Communication history
- Phone number (if applicable)
- Duration of a phone call (if applicable)
- Notes from previous interactions
We process this data based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing efficient support, maintaining customer relationships, and ensuring smooth communication. If your inquiry relates to a contract or a pre-contractual measure, data processing is based on Art. 6 para. 1 lit. b GDPR.
Your data can be added to our system in several ways:
- By contacting us via phone, email, or through our website
- By providing information during a meeting, trade show, or event
- When placing an order or engaging in a business transaction with us
The information you provide during these interactions is stored in our system to create a comprehensive profile, helping us manage and respond to future inquiries more effectively.
Data is retained as long as necessary to fulfill the purpose for which it was collected or to comply with legal requirements. Data will be deleted if the GDPR right to erasure is exercised, unless legal obligations or legitimate interests require further retention. Retaining certain data allows our support and sales teams to provide better service by drawing on insights gained from past interactions.
We do not share your data with third parties unless required to fulfill contractual obligations or provide necessary services through an authorized service provider acting on our behalf.
5.5 Use of the Newsletter
We use self-hosted open-source software solutions to manage the distribution of newsletters.
You have the option to subscribe to our newsletter through our website. The newsletter is only sent if you have provided us with consent in accordance with Art. 6 para. 1 lit. a GDPR. After registering on our website, you will receive a confirmation email to the email address you provided (so-called double opt-in). You can withdraw your consent at any time. An easy way to unsubscribe is provided in each newsletter via a link.
When signing up for the newsletter, we may store additional information beyond the data already mentioned, if necessary, to demonstrate that you have subscribed. This may include storing the full IP address at the time of registration or confirmation of the newsletter. This data processing is based on our legitimate interest in being able to provide evidence of the lawful nature of our newsletter distribution (Art. 6 para. 1 lit. f GDPR).
We do not share the data stored third parties unless required to fulfill contractual obligations through a service provider acting on our behalf.
5.6 Opposition and Removal Possibility
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
You can send your objection informally at any time to [email protected] or any other means of contact provided by us (e.g. by post).
All personal data stored in the course of contacting will be deleted in this case.
6. Use in the Course of Online Orders (E-Commerce)
6.1 Description and Scope of Data Processing
In case of an online order via our online shop the following data is collected:
- Choice private or corporate clients
- first and last name
- email address
- company name (just for corporate clients)
- VAT ID number (just for corporate clients)
- address (street, house number, postal code, town, country)
- bank details (when paying by direct debit)
- credit card details (when paying by credit card)
During the ordering process, the user’s consent to the processing of this data is obtained and the user is made aware of this privacy policy. The data will only be passed on if this is necessary to fulfil contractual obligations. Details can be found in the following section (7. Disclosure of Personal Data to Third Parties).
6.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
6.3 Purpose of Data Processing
The data is used exclusively to process the order you have placed. In case of an order we save the text of the contract and send you the shipping confirmation by email. You can also view the Terms & Conditions at any time here.
6.4 Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for order processing, this is the case as soon as the order is completely processed. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
6.5 Opposition and Removal Possibility
The collection of data for order processing and the storage of data for the same purpose is mandatory. Consequently, there is no possibility of objection on the part of the user.
7. Disclosure of Personal Data to Third Parties
7.1 Description and Scope of Data Disclosure
In order to fulfil our contractual obligations, it is sometimes unavoidable that certain data is also passed on to third parties. In each case, this serves only to fulfil a contract or to carry out pre-contractual measures. Details can be found in the following table:
Category | Disclosed data | Purpose |
---|---|---|
Payment Processor | Name and email address, order number, date and amount, credit card details | Processing of the payment; assignment of the payment to the customer |
For the payment process, the user may be redirected to the website of the payment service provider or data from websites of these service providers may be reloaded. This may depend on the payment method chosen by the user:
- PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). Please note the relevant privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
- Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irland). Please note the relevant privacy policy at: https://stripe.com/de/privacy.
- CoinPayments (CoinPayments Inc., Hodltech OÜ, Tornimäe 5, 10145 Tallinn, Estland). Please note the relevant privacy policy at: https://www.coinpayments.net/help-privacy.
- Paddle (Paddle Payments Ltd., Core B, Block 71, The Plaza, Park West 12 Dublin, Irland). Please note the relevant privacy policy at: https://paddle.com/privacy/.
7.2 Legal Basis for Data Disclosure
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR. If the disclosure serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. Furthermore, Art. 6 para. 1 lit. f GDPR is also an additional legal basis.
7.3 Purpose of Data Disclosure
The passing on serves the fulfilment of our contractual and pre-contractual obligations. These purposes are also our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
7.4 Opposition and Removal Possibility
The transfer of data is mandatory for the fulfilment of contracts or for pre-contractual measures. Consequently, there is no possibility of objection on the part of the user.
8. Using the Cryptomator Application
8.1 Description and Scope of Data Processing
When using one of the Cryptomator applications for desktop operating systems, iOS or Android, data can be processed by us. This is the case when using one of the following functions:
8.1.1 Update Check (Desktop, Android)
If the user checks for updates, either manually or at a scheduled interval, the application will connect to a server to query the latest version. The following data is transmitted during this request:
- Operating system version
- Software version
- Time of the request
- IP address
8.1.2 Cross-Reference with Error Database
If the user grants permission for the Cryptomator desktop application to cross-reference the current error with our database, the following data will be transmitted during the process:
- Operating System Version
- Software Version
- Error Code
- Time of the request
- IP address
8.1.3 Sending of Error Protocols
Locally created log file can help identifying problems. If the user decides to send one of these files via email, it may contain the following data:
- Operating system version
- Software version
- Times of triggered application functions
- Error messages and warnings
- File paths (if running in debug mode)
This data will not be stored together with other personal data of the user.
8.1.4 Accessing Cloud Storage Services (Android, iOS)
If the user authorizes the Cryptomator application for iOS or Android to access one or many cloud storage services, the application is granted access to data stored by the respective service. The application will not access any data other than stored in folders knowingly selected by the user.
Any such data is processed solely on the user’s local device. Under no circumstances will we receive any of this data. We have implemented security procedures to protect the confidentiality of the user’s data. Specifically:
- We use encryption to protect the user’s information. All sensitive data is encrypted using state-of-the-art encryption algorithms.
- On Android, sensitive data is stored in the Keystore system, which securely stores cryptographic keys and ensures their confidentiality and integrity.
- On iOS, sensitive data is stored in the Keychain, which provides a secure storage container that is encrypted and managed by the system.
When using such a third-party cloud storage services, please refer to the corresponding privacy policy of the provider:
8.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. a GDPR as well as Art. 6 para. 1 lit. f GDPR.
8.3 Purpose of Data Processing
The update check is necessary to inform the user about (security-relevant or other) updates. This serves both the continuously necessary adaptation to the operating environment, protects the user from problems and incompatibilities, and enables him to use new program features.
When sending an error log, it may contain data that you have customized (e.g., file names), that could identify you, or that may otherwise be sensitive to you.
Log files are stored in order to evaluate constellations of operating system and program versions used, to detect problems and to offer updates if necessary. This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
8.4 Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose for which it has been collected.
If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this is possible. In this case, the user’s personal data is deleted or anonymized so that it is no longer possible to assign the calling client.
9. Rights of the Affected Person
If your personal data is processed, you are affected according to GDPR and you have the following rights to the person responsible:
9.1 Right to information - Art. 15 GDPR
The right of access gives the data subject a full insight into the data concerning him or her and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right regulated in § 34 German Federal Data Protection Act (BDSG) apply.
9.2 Right to rectification - Art. 16 GDPR
The right of rectification includes the possibility for the data subject to have incorrect personal data concerning him corrected.
9.3 Right to Erasure - Art. 17 GDPR
The right to erasure includes the possibility for the data subject to have data deleted by the person responsible. However, this is only possible if the personal data concerning him/her is no longer necessary, is processed unlawfully or if his/her consent to this has been revoked. The exceptions to this right regulated in § 35 BDSG apply.
9.4 Right to Restriction of Processing - Art. 18 GDPR
The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data relating to him/her for the time being. A restriction occurs mainly in the examination phase of the data subject’s exercise of other rights.
9.5 Right to Data Portability - Art. 20 GDPR
The right to data portability includes the possibility for the data subject to obtain the personal data concerning him/her from the data controller in a common machine-readable format, with the possibility of having them transferred to another data controller, if necessary. Pursuant to Art. 20 Paragraph 3 Sentence 2 GDPR, however, this right does not apply to processing necessary for the performance of a task carried out in the public interest.
9.6 Right to Object - Art. 21 GDPR
The right to object includes the possibility for data subjects to object, in a specific situation, to the further processing of their personal data, insofar as this is justified by the performance of public tasks or by public or private interests. The exceptions to this right regulated in Section § 36 BDSG apply.
9.7 Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
10. Use of Analytics
For internal audience measurement, we use a privacy-preserving, self-hosted analytics service that uses cross-page user recognition technology to analyze behavior.
We collect various information (e.g., anonymized IP address, referrer URL, browser and operating system used) and measure certain visitor actions (e.g., clicks, purchases, etc.).
No “cookies” are stored on your device, and no information is retrieved from your device for analysis. Where personal data (e.g. IP addresses) is collected, it is stored in a completely anonymized form.
The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR in connection with § 25 para. 1 TDDDG, as the website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize its online services.