Privacy Policy

Effective date: February 2024

As a provider of software to strengthen privacy, your rights regarding data protection and informational self-determination are important to us. We attempt to restrict the use of data to the absolute essential minimum. Of course, we do not use analysis tools and unnecessary cookies. However, for some processes, especially in connection with payment transactions, we depend on the services of third parties and you should also read their privacy policies carefully.

This privacy policy consists of the following sections:

  1. Name and address of the responsible company
  2. General Information on Data Processing
  3. Provision of the Website and Creation of Log Files
  4. Use of Cookies
  5. Email Contact
  6. Use in the Course of Online Orders (E-Commerce)
  7. Disclosure of Personal Data to Third Parties
  8. Using the Cryptomator Application
  9. Rights of the Affected Person

1. Name and address of the responsible company

The responsible company within the meaning of the General Data Protection Regulation (GDPR) and other nation data protection laws of the member states as well as other data protection regulations is:

Skymatic GmbH
Am Hauptbahnhof 6
53111 Bonn
Germany

Represented by:
Tobias Hagemann
Sebastian Stenzel

Contact: [email protected]

2. General Information on Data Processing

2.1 Extent of Processing of Personal Data

As a matter of principle, we collect and process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR as legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • browser name and version
  • the user’s operating system
  • referrer URL
  • access date and time
  • IP address
  • accessed web site
  • amount of transmitted data in bytes

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1 lit. f GDPR.

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

3.4 Duration of Storage

The data will be deleted as soon as it is no longer required for the purpose for which it has been collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

If the data is stored in log files, this is the case after 7 days at the latest.

3.5 Opposition and Removal Possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

4. Use of Cookies

4.1 Description and Scope of Data Processing

Our website only uses technically necessary cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is reopened.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

4.3 Purpose of Data Processing

The purpose of using technically necessary cookies is to enable the use of websites for users. In particular, they are used to detect and mitigate DDOS attacks. The user data collected by technically necessary cookies is not used to create user profiles.

This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4.4 Duration of Storage, Opposition and Removal Possibility

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may not be possible to use all the functions of the website to their full extent.

5. Email Contact

5.1 Description and Scope of Data Processing

It is possible to contact us via the provided email address. In this case, the user’s personal data transmitted with the email will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

5.3 Purpose of Data Processing

The processing of personal data serves us solely to process the contact. This also includes the necessary legitimate interest in processing the data.

5.4 Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

If the purpose of the contact was the conclusion of a contract and if this contract has been concluded, the purpose is achieved after the contract has been fully executed. In addition, statutory storage obligations, e.g. according to the German tax code, may make further storage necessary.

5.5 Opposition and Removal Possibility

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

You can send your objection informally at any time to [email protected] or any other means of contact provided by us (e.g. by post).

All personal data stored in the course of contacting will be deleted in this case.

6. Use in the Course of Online Orders (E-Commerce)

6.1 Description and Scope of Data Processing

In case of an online order via our online shop the following data is collected:

  • Choice private or corporate clients
  • first and last name
  • email address
  • company name (just for corporate clients)
  • VAT ID number (just for corporate clients)
  • address (street, house number, postal code, town, country)
  • bank details (when paying by direct debit)
  • credit card details (when paying by credit card)

During the ordering process, the user’s consent to the processing of this data is obtained and the user is made aware of this privacy policy. The data will only be passed on if this is necessary to fulfil contractual obligations. Details can be found in the following section (7. Disclosure of Personal Data to Third Parties).

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

6.3 Purpose of Data Processing

The data is used exclusively to process the order you have placed. In case of an order we save the text of the contract and send you the shipping confirmation by email. You can also view the Terms & Conditions at any time here.

6.4 Duration of Storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for order processing, this is the case as soon as the order is completely processed. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

6.5 Opposition and Removal Possibility

The collection of data for order processing and the storage of data for the same purpose is mandatory. Consequently, there is no possibility of objection on the part of the user.

7. Disclosure of Personal Data to Third Parties

7.1 Description and Scope of Data Disclosure

In order to fulfil our contractual obligations, it is sometimes unavoidable that certain data is also passed on to third parties. In each case, this serves only to fulfil a contract or to carry out pre-contractual measures. Details can be found in the following table:

Category Disclosed data Purpose
Payment Processor Name and email address, order number, date and amount, credit card details Processing of the payment; assignment of the payment to the customer

For the payment process, the user may be redirected to the website of the payment service provider or data from websites of these service providers may be reloaded. This may depend on the payment method chosen by the user:

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR. If the disclosure serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. Furthermore, Art. 6 para. 1 lit. f GDPR is also an additional legal basis.

7.3 Purpose of Data Disclosure

The passing on serves the fulfilment of our contractual and pre-contractual obligations. These purposes are also our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

7.4 Opposition and Removal Possibility

The transfer of data is mandatory for the fulfilment of contracts or for pre-contractual measures. Consequently, there is no possibility of objection on the part of the user.

8. Using the Cryptomator Application

8.1 Description and Scope of Data Processing

When using one of the Cryptomator applications for desktop operating systems, iOS or Android, data can be processed by us. This is the case when using one of the following functions:

8.1.1 Update Check (Desktop, Android)

If the user checks for updates, either manually or at a scheduled interval, the application will connect to a server to query the latest version. The following data is transmitted during this request:

  • Operating system version
  • Software version
  • Time of the request
  • IP address

8.1.2 Cross-Reference with Error Database

If the user grants permission for the Cryptomator desktop application to cross-reference the current error with our database, the following data will be transmitted during the process:

  • Operating System Version
  • Software Version
  • Error Code
  • Time of the request
  • IP address

8.1.3 Sending of Error Protocols

Locally created log file can help identifying problems. If the user decides to send one of these files via email, it may contain the following data:

  • Operating system version
  • Software version
  • Times of triggered application functions
  • Error messages and warnings
  • File paths (if running in debug mode)

This data will not be stored together with other personal data of the user.

8.1.4 Accessing Cloud Storage Services (Android, iOS)

If the user authorizes the Cryptomator application for iOS or Android to access one or many cloud storage services, the application is granted access to data stored by the respective service. The application will not access any data other than stored in folders knowingly selected by the user.

Any such data is processed solely on the user’s local device. Under no circumstances will we receive any of this data.

When using such a third-party cloud storage services, please refer to the corresponding privacy policy of the provider:

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. a GDPR as well as Art. 6 para. 1 lit. f GDPR.

8.3 Purpose of Data Processing

The update check is necessary to inform the user about (security-relevant or other) updates. This serves both the continuously necessary adaptation to the operating environment, protects the user from problems and incompatibilities, and enables him to use new program features.

When sending an error log, it may contain data that you have customized (e.g., file names), that could identify you, or that may otherwise be sensitive to you.

Log files are stored in order to evaluate constellations of operating system and program versions used, to detect problems and to offer updates if necessary. This purpose also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

8.4 Duration of Storage

The data will be deleted as soon as it is no longer required for the purpose for which it has been collected.

If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this is possible. In this case, the user’s personal data is deleted or anonymized so that it is no longer possible to assign the calling client.

9. Rights of the Affected Person

If your personal data is processed, you are affected according to GDPR and you have the following rights to the person responsible:

9.1 Right to information - Art. 15 GDPR

The right of access gives the data subject a full insight into the data concerning him or her and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right regulated in § 34 German Federal Data Protection Act (BDSG) apply.

9.2 Right to rectification - Art. 16 GDPR

The right of rectification includes the possibility for the data subject to have incorrect personal data concerning him corrected.

9.3 Right to Erasure - Art. 17 GDPR

The right to erasure includes the possibility for the data subject to have data deleted by the person responsible. However, this is only possible if the personal data concerning him/her is no longer necessary, is processed unlawfully or if his/her consent to this has been revoked. The exceptions to this right regulated in § 35 BDSG apply.

9.4 Right to Restriction of Processing - Art. 18 GDPR

The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data relating to him/her for the time being. A restriction occurs mainly in the examination phase of the data subject’s exercise of other rights.

9.5 Right to Data Portability - Art. 20 GDPR

The right to data portability includes the possibility for the data subject to obtain the personal data concerning him/her from the data controller in a common machine-readable format, with the possibility of having them transferred to another data controller, if necessary. Pursuant to Art. 20 Paragraph 3 Sentence 2 GDPR, however, this right does not apply to processing necessary for the performance of a task carried out in the public interest.

9.6 Right to Object - Art. 21 GDPR

The right to object includes the possibility for data subjects to object, in a specific situation, to the further processing of their personal data, insofar as this is justified by the performance of public tasks or by public or private interests. The exceptions to this right regulated in Section § 36 BDSG apply.

9.7 Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.