Effective date: March 2022
As a provider of software to strengthen privacy, your rights regarding data protection and informational self-determination are important to us. We attempt to restrict the use of data to the absolute essential minimum. Of course, we do not use analysis tools and unnecessary cookies. However, for some processes, especially in connection with payment transactions, we depend on the services of third parties and you should also read their privacy policies carefully.
- Name and address of the responsible company
- General Information on Data Processing
- Provision of the Website and Creation of Log Files
- Email Contact
- Use in the Course of Online Orders (E-Commerce)
- Disclosure of Personal Data to Third Parties
- Using the Cryptomator Application
- Rights of the Affected Person
1. Name and address of the responsible company
The responsible company within the meaning of the General Data Protection Regulation (GDPR) and other nation data protection laws of the member states as well as other data protection regulations is:
Am Hauptbahnhof 6
Contact: [email protected]
2. General Information on Data Processing
2.1 Extent of Processing of Personal Data
As a matter of principle, we collect and process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2.2 Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.
2.3 Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
3. Provision of the Website and Creation of Log Files
3.1 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:
- browser name and version
- the user’s operating system
- referrer URL
- access date and time
- IP address
- accessed web site
- amount of transmitted data in bytes
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
3.4 Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose for which it has been collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
If the data is stored in log files, this is the case after 7 days at the latest.
3.5 Opposition and Removal Possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
4.1 Description and Scope of Data Processing
Our website only uses technically necessary cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is reopened.
4.2 Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
4.3 Purpose of Data Processing
The purpose of using technically necessary cookies is to enable the use of websites for users. In particular, they are used to detect and mitigate DDOS attacks. The user data collected by technically necessary cookies is not used to create user profiles.
This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4.4 Duration of Storage, Opposition and Removal Possibility
5. Email Contact
5.1 Description and Scope of Data Processing
It is possible to contact us via the provided email address. In this case, the user’s personal data transmitted with the email will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
5.2 Legal Basis for Data Processing
The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
5.3 Purpose of Data Processing
The processing of personal data serves us solely to process the contact. This also includes the necessary legitimate interest in processing the data.
5.4 Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
If the purpose of the contact was the conclusion of a contract and if this contract has been concluded, the purpose is achieved after the contract has been fully executed. In addition, statutory storage obligations, e.g. according to the German tax code, may make further storage necessary.
5.5 Opposition and Removal Possibility
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
You can send your objection informally at any time to [email protected] or any other means of contact provided by us (e.g. by post).
All personal data stored in the course of contacting will be deleted in this case.
6. Use in the Course of Online Orders (E-Commerce)
6.1 Description and Scope of Data Processing
In case of an online order via our online shop the following data is collected:
- Choice private or corporate clients
- first and last name
- email address
- company name (just for corporate clients)
- VAT ID number (just for corporate clients)
- address (street, house number, postal code, town, country)
- bank details (when paying by direct debit)
- credit card details (when paying by credit card)
6.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
6.3 Purpose of Data Processing
The data is used exclusively to process the order you have placed. In case of an order we save the text of the contract and send you the shipping confirmation by email. You can also view the Terms & Conditions at any time here.
6.4 Duration of Storage
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for order processing, this is the case as soon as the order is completely processed. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
6.5 Opposition and Removal Possibility
The collection of data for order processing and the storage of data for the same purpose is mandatory. Consequently, there is no possibility of objection on the part of the user.
7. Disclosure of Personal Data to Third Parties
7.1 Description and Scope of Data Disclosure
In order to fulfil our contractual obligations, it is sometimes unavoidable that certain data is also passed on to third parties. In each case, this serves only to fulfil a contract or to carry out pre-contractual measures. Details can be found in the following table:
|Payment Processor||Name and email address, order number, date and amount, credit card details||Processing of the payment; assignment of the payment to the customer|
For the payment process, the user may be redirected to the website of the payment service provider or data from websites of these service providers may be reloaded. This may depend on the payment method chosen by the user:
7.2 Legal Basis for Data Disclosure
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR. If the disclosure serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. Furthermore, Art. 6 para. 1 lit. f GDPR is also an additional legal basis.
7.3 Purpose of Data Disclosure
The passing on serves the fulfilment of our contractual and pre-contractual obligations. These purposes are also our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
7.4 Opposition and Removal Possibility
The transfer of data is mandatory for the fulfilment of contracts or for pre-contractual measures. Consequently, there is no possibility of objection on the part of the user.
8. Using the Cryptomator Application
8.1 Description and Scope of Data Processing
When using one of the Cryptomator applications for desktop operating systems, iOS or Android, data can be processed by us. This is the case when using one of the following functions:
8.1.1 Update Check (Desktop, Android)
If the user checks for updates, either manually or at a scheduled interval, the application will connect to a server to query the latest version. The following data is transmitted during this request:
- Operating system version
- Software version
- Time of the request
- IP address
8.1.2 Sending of Error Protocols
Locally created log file can help identifying problems. If the user decides to send one of these files via email, it may contain the following data:
- Operating system version
- Software version
- Times of triggered application functions
- Error messages and warnings
- File paths (if running in debug mode)
This data will not be stored together with other personal data of the user.
8.1.3 Accessing Cloud Storage Services (Android, iOS)
If the user authorizes the Cryptomator application for iOS or Android to access one or many cloud storage services, the application is granted access to data stored by the respective service. The application will not access any data other than stored in folders knowingly selected by the user.
Any such data is processed solely on the user’s local device. Under no circumstances will we receive any of this data.
8.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. a GDPR as well as Art. 6 para. 1 lit. f GDPR.
8.3 Purpose of Data Processing
The update check is necessary to inform the user about (security-relevant or other) updates. This serves both the continuously necessary adaptation to the operating environment, protects the user from problems and incompatibilities, and enables him to use new program features.
When sending an error log, it may contain data that you have customized (e.g., file names), that could identify you, or that may otherwise be sensitive to you.
Log files are stored in order to evaluate constellations of operating system and program versions used, to detect problems and to offer updates if necessary. This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
8.4 Duration of Storage
The data will be deleted as soon as it is no longer required for the purpose for which it has been collected.
If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this is possible. In this case, the user’s personal data is deleted or anonymized so that it is no longer possible to assign the calling client.
9. Rights of the Affected Person
If your personal data is processed, you are affected according to GDPR and you have the following rights to the person responsible:
9.1 Right to information - Art. 15 GDPR
The right of access gives the data subject a full insight into the data concerning him or her and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right regulated in § 34 German Federal Data Protection Act (BDSG) apply.
9.2 Right to rectification - Art. 16 GDPR
The right of rectification includes the possibility for the data subject to have incorrect personal data concerning him corrected.
9.3 Right to Erasure - Art. 17 GDPR
The right to erasure includes the possibility for the data subject to have data deleted by the person responsible. However, this is only possible if the personal data concerning him/her is no longer necessary, is processed unlawfully or if his/her consent to this has been revoked. The exceptions to this right regulated in § 35 BDSG apply.
9.4 Right to Restriction of Processing - Art. 18 GDPR
The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data relating to him/her for the time being. A restriction occurs mainly in the examination phase of the data subject’s exercise of other rights.
9.5 Right to Data Portability - Art. 20 GDPR
The right to data portability includes the possibility for the data subject to obtain the personal data concerning him/her from the data controller in a common machine-readable format, with the possibility of having them transferred to another data controller, if necessary. Pursuant to Art. 20 Paragraph 3 Sentence 2 GDPR, however, this right does not apply to processing necessary for the performance of a task carried out in the public interest.
9.6 Right to Object - Art. 21 GDPR
The right to object includes the possibility for data subjects to object, in a specific situation, to the further processing of their personal data, insofar as this is justified by the performance of public tasks or by public or private interests. The exceptions to this right regulated in Section § 36 BDSG apply.
9.7 Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.