In the following, we inform you about the collection of personal data when using our website and our products. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
The responsible body as defined in Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
Secomba GmbH i.L.
Werner-von-Siemens-Str. 6
D-86159 Augsburg
phone: 0049 821 90786150 (no product support under this number)
fax: 0049 82190786159
E-mail: info@secomba.com or support@boxcryptor.com
Our data protection officer can be reached at the e-mail address privacy@secomba.com or at the above-mentioned postal address with the endorsement “FAO Data Protection Officer “.
Your data will only be processed if there is a legal basis mentioned in Art. 6 (1) GDPR, in particular
for protecting a legitimate interest of our company or a third party pursuant to Art. 6 (1) lit. f GDPR to the extent that the interests, fundamental rights, and freedoms of the data subject do not override the former interest. We will inform you of the respectively relevant legal basis for the individual data processing activities in this privacy policy. Processing may also be based on several legal bases.
Disclosure of data to processors and third parties If, in the framework of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant these parties access to such data, this will only be done on the basis of a statutory permission, in particular if
you have expressly consented to this,
the disclosure is necessary to protect our legitimate interests (e.g., when deploying agents, web hosts, CMS, etc.) as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data. If we commission third parties with the processing of data on the basis of a so-called "Data Processing Agreement", this based on the provisions in Art. 28 GDPR.
Transfers to third countries If we lawfully process data in a third country (i.e., a country outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur in presence of the specific requirements of Art. 44 et seq. GDPR. The processing is particularly carried out on the basis of special guarantees, such as the officially acknowledged determination of a level of data protection that corresponds to the data protection level of the European Union or the conclusion of EU standard data protection clauses.
As a data subject, you have the following rights with respect to us regarding the personal data concerning you:
Pursuant to Art. 77 GDPR, you also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The data protection supervisory authority responsible for us is
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
phone: +49 (0) 981 180093-0
facsimile: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de
If you have given your consent to the processing of your data, you may revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Pursuant to Art. 21 GDPR, you have the right to object at any time on grounds relating to your particular situation to the processing of personal data concerning you which is carried out on the basis of the provisions in Art. 6 (1) lit. e or f GDPR. This is the case if the processing is unnecessary, in particular, for the performance of a contract concluded with you. In case you exercise your right to object, we will ask you to explain the reasons why your personal data should not be processed in the way we do it. In the event of a justified objection, we will discontinue or adapt the data processing or present compelling legitimate grounds for you to continue the processing that override your interests, rights, and freedoms, or which serve the assertion, exercise, or defence of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such advertising at any time. In this case you will only incur transmission costs according to the prime rates. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. Inform us of your objection regarding the use for advertising by using the following contact details:
Secomba GmbH Werner-von-Siemens-Str. 6 D-86159 Augsburg phone: 0049 821 90786150 (no product support under this number) facsimile: 0049 82190786159 privacy@secomba.com
Unless expressly stated otherwise within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations, e.g., in the case of data that must be retained for reasons of commercial or tax law. Pursuant to the legal requirements in Germany, retention may be necessary for up to 10 years due to commercial and tax law requirements.
In the case of merely informational use of the website, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis: Art. 6 (1) sentence 1 lit. f GDPR). In detail, the following data is stored about each access/retrieval:
IP address,
In the context of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of users in protection against misuse and other unauthorized use.
The collection of log data for the provision of the website including their storage in log files is mandatory for the operation of the website. Therefore, as a rule, there is no possibility of objection on the part of the user. This does not apply to log data that is processed in the context of various services offered on our website beyond purely informational use. You can find more information in this respect in the notes relating to the individual services in this privacy policy.
Use of cookies: This website uses the following types of cookies, the scope and functionality of which are explained hereunder:
a) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. For example, the login status may be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for measuring the reach or for marketing purposes. You can delete the cookies in the security settings of your browser at any time
c) "Third-party cookies" are cookies offered by providers other than the responsible party that operates the online offer (if these are only the responsible party’s cookies, they are referred to as "first-party cookies"). Cookies that are technically necessary to carry out the electronic communication process or to provide certain functions you have requested (e.g., shopping cart function) are stored as provided in Art. 6 (1) lit. f GDPR. As website operator, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. As far as other cookies (e.g., cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially for tracking, via the US site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/.
Please note that in this case not all the functions of this online offer can be used.
If you actively contact us by e-mail, by using the contact form or through a phone call, the personal data you provide will be collected and processed in order to deal with your request. This includes, in particular, your name and contact details (e-mail address, post address, mobile phone number) as well as other information provided by you. When using our contact form, the data transmitted through it will be processed (e.g., name, company, e-mail address and the time of transmission).
The legal basis for that is Art. 6 (1) lit f. GDPR. Our legitimate interest is in the processing of the request. If your contact is aimed at the conclusion or execution of a contract, this is based on the provision in Art. 6 (1) lit. b GDPR.
We delete the data accruing in this context once the storage is no longer necessary, or we restrict the processing in case of statutory retention obligations.
In addition to the purely informational use of our website, we offer various licenses for our products that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.
In order to use Boxcryptor, it is necessary to create a user account. For this purpose, your personal data required for the performance of the contract, such as e-mail address, first name, last name, and country, are collected, stored, and processed by us. This also includes information regarding the payment method until you finally delete your account. Furthermore, we store the data voluntarily provided by you for the time that you are using the product, unless you delete it beforehand. You can manage and change all details in the protected customer area.
In addition, the data required for encryption, in particular the public and private keys, are stored by us (the private keys in encrypted form that cannot be decrypted by Secomba). The aforementioned data is used exclusively to enable the use of Boxcryptor.
All confidential information stored by the Boxcryptor key server is either encrypted (private RSA keys, for instance) or otherwise protected (such as password hashes). To further increase security, all personal data (such as e-mail addresses) is encrypted before being stored in databases.
For analysing malfunctions of the software, crash logs are collected on all platforms in the event of a crash and evaluated via a third-party provider. For this purpose, we use Apple Crash Reporting of Apple Distribution International Limited on the macOS and iOS platforms. The reporting is part of the regular App Store offer that the user of an iOS /macOS device can agree to himself/herself (see also Apple’s privacy policy at https://www.apple.com/de/legal/privacy/ ). On Android, we use the open-source service Sentry, which we run on our own servers (see Application Monitoring and Error Tracking Software | Sentry for more information). Furthermore, our software reads and evaluates the functional cookies set by our website when using the software (e.g., account creation).
The aforementioned data is used exclusively for the performance of the contract. The legal basis is Art. 6 (1) sentence 1 lit. b and lit. f GDPR. Our legitimate interest is the fulfilment and optimization of the services provided.
If you have registered with us / created a Boxcryptor account, you will receive e-mails from us with technical information. These are in particular mails to activate the account or mails containing the notice that your license expires or is renewed.
For sending these e-mails we use Mandrill, a tool developed by The Rocket Science Group, LLC d/b/a MailChimp (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). To this end, your e-mail address provided within the framework of the registration is provided to this tool. Said e-mail address is thereby transmitted to a MailChimp server in the USA and stored there. MailChimp uses this information to send the displayed mails.
Furthermore, MailChimp may use this data themselves on the basis of their own legitimate interest in designing and optimizing the service to meet needs, as well as for market research purposes, for example, in order to determine which countries the recipients come from. However, MailChimp does not use the data of our recipients to write to them themselves or to pass them on to third parties. To protect your data in the USA, we have concluded a Data Processing Agreement with MailChimp based on the European Commission’s standard contractual clauses to enable the transfer of your personal data to MailChimp. You can see the privacy policy of MailChimp at https://mailchimp.com/legal/privacy/ .
The legal basis for sending e-mails with technical information is Art. 6 (1) lit. b GDPR.
If you use Microsoft Teams, you can securely exchange sensitive information by means of an integration of Boxcryptor using end-to-end encryption with zero-knowledge standard. Unauthorized third parties, in particular the provider Microsoft Corporation (One Microsoft Way, Redmond, USA), will then no longer be able to access the exchanged data and documents with the Boxcryptor integration. Personal data are not processed thereby. Detailed information on how the integration works can be found at Boxcryptor for Microsoft Teams. In addition, we refer to the basic data processing by Microsoft when using MS Teams and other MS products under Privacy – Microsoft Privacy and Privacy Policy of Microsoft – Microsoft Privacy
As far as you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use the function 'anonymizeIP' (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. During your website visit, the following data is collected among others:
the referrer URL (through which website/ advertising medium you came to this website)
Purposes of processing On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
Recipient The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.
Transmission to third countries A transmission of data to the USA cannot be excluded.
Storage period The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, in that a. you do not consent to setting the cookie, or b. you download and install the browser add-on to enable Google Analytics HERE.
You can also prevent cookies from being stored by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, you may experience limitations in functionality on this and other websites.
For more information on the terms of use of Google Analytics and the privacy policy at Google, see https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
We use the YouTube service to embed videos on our website. The responsible provider in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The legal basis is your consent pursuant to Art. 6 I lit. a GDPR.
YouTube uses cookies to collect information about visitors to their website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. The cookies remain on your terminal device until you delete them.
As soon as you start a YouTube video on our website, a connection to YouTube's servers is established. The YouTube server receives the information which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. In doing so, data may be transferred to the USA and linked to further data from other Google services, especially if you are logged into your Google account. In order to secure the data transfer, we have concluded the EU standard data protection clauses. If such a transfer of this information to YouTube and Google is not desired, you can prevent this transfer by logging out of your YouTube account before accessing our website.
The processed data includes
We have no influence on the storage period of the data and further data processing by YouTube and Google.
In order to reduce data transfer before the actual start of a video, we use the extended privacy mode. According to YouTube, this mode has the effect that YouTube does not store any information about visitors to this website before they watch the video. We also embed the videos on our website in such a way that a transfer of your data to Google or YouTube partners (the Google DoubleClick network) only begins with your active click on the video.
For more information about data protection at YouTube and Google, please see their privacy statements at: https://www.youtube.com/static?gl=DE&template=terms&hl=de and https://policies.google.com/privacy?hl=de
For the execution of application data, we use the personnel administration and applicant management software of Personio GmbH. Your transmitted data is transferred via TLS encryption and stored in this database. This is based on the legal provisions in Art. 6 (1) lit. b GDPR. Personio is our processor in this context according to Art. 28 GDPR. You can find more information on data processing at https://www.personio.de/datenschutz/.
To process customer requests, we use the support widget of Zendesk, a customer service platform of Zendesk, Inc. 109 Market Street San Francisco, CA 94103 USA. For this purpose, necessary data, such as name, first name, or e-mail address, are collected via our website in order to be able to process your requests. If you contact us by e-mail or via a contact form, we will use the personal data you provide only in the context of processing your specific inquiry. The transmission serves the purpose of being able to answer your inquiry quickly and efficiently. This also establishes our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 (1) sentence 1 lit. b, f GDPR. By contacting us, you consent to the transmission of the aforementioned data to Zendesk. Zendesk meets the minimum requirements for legally compliant commissioned data processing through the existence of Binding Corporate Rules and the conclusion of the EU standard data protection clause. There is also a Data Processing Agreement (DPA) in place with Zendesk. This ensures that Zendesk only uses the user data within the framework of the EU data protection standards exclusively for processing the requests and does not pass them on to third parties without authorization. Further information can be found in Zendesk's privacy policy at: https://www.zendesk.de/company/agreements-and-terms/privacy-policy//
On this website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA (Hubspot, Inc. 25 First Street Cambridge, MA 02141 USA) with a branch in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). This is an integrated software solution that we use to cover various aspects of our online marketing. This includes, among other things, contact management using a CRM system and pop-up news on our website. In addition, to improve the user experience on our website, we use HubSpot's live chat service "Messages" (chat window) for sending and receiving messages on some subpages. Upon consent and use of this feature, the following data is transmitted to HubSpot's servers:
The legal basis for the use of Hubspot's services is your consent pursuant to Art. 6 (1) lit. a GDPR.
HubSpot meets the minimum requirements for legally compliant commissioned data processing by concluding the EU standard data protection clause. In addition, there is a Data Processing Agreement (DPA) with HubSpot. This ensures that Hubspot only uses the user data within the scope of the EU data protection standards exclusively for processing the requests and does not pass them on to third parties without authorization. Further information can be found under https://legal.hubspot.com/de/privacy-policy .
For the subscription to our newsletter, we use the opt-in procedure. This means that after entering your e-mail address, you confirm the registration again by clicking a button. We store your IP addresses and ties of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information required for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. This is based on the legal provisions of Art. 6 (1) sentence 1 lit. a GDPR.
In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard data protection clauses of the European Commission to enable the transfer of your personal data to MailChimp. For information on data processing at MailChimp see: https://mailchimp.com/legal/privacy/ and https://mailchimp.com/de/gdpr/.
Newsletter evaluation For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also recorded (e.g., time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. Furthermore, MailChimp may use this data themselves on the basis of their own interest in the needs-based design and optimization of the service, as well as for market research purposes, for example, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them directly or to pass them on to third parties. The legal basis for newsletter tracking is Art. 6 (1) lit. a GDPR, which you consent to during the newsletter registration process.
Revocation You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint. We would like to point out that a separate revocation of the tracking consent is not possible and that in this case you will equally no longer receive the newsletter.
If you revoke your consent, we store the information from the registration and deregistration in a block list to avoid possible consent-free e-mail advertising.
In addition to this website, we maintain social media presences on Twitter, Xing, Instagram, and LinkedIn, which you can access via the corresponding buttons on our website. If you visit one of these sites, personal data may be transmitted to the provider of the social network.
We would like to point out that in this case user data is transmitted to a server in a third country and might therefore be processed outside the European Union. An appropriate level of protection for the transfer of data is ensured by the conclusion of the EU standard data protection clauses. In addition to the storage of the data specifically entered by you in this social medium, the provider of the social network may also process further information. If you are logged in to the network with your personal user account while visiting the corresponding website, this network can assign the visit to this account. The purpose and scope of the data collection by the respective medium and the further processing of your data there, as well as your rights in this regard, can be found in the respective provisions of the respectively responsible party, e.g.:
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; service provider in the EU: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND):
LinkedIn (LinkedIn Corporation, 1000 W. Maude Ave. Sunnyvale, California 94085; service provider in the EU: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; service provider in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
Privacy policy as at: January 2022