Privacy Policy

1. General information about the processing of personal data

(1) The protection of your personal data is of particular importance to us. We would therefore like to provide you with detailed information below about which personal data is processed when you use our websites and offers.

(2) The controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation ("GDPR") is

EncryptoBox GmbH
Grünenborn 1
53797 Lohmar

Phone: +49 (0) 2206 - 917920
Email: info@encryptobox.com

Further information can be found in our legal notice.

(3) You can contact our data protection officer at dataprotection@encryptobox.com, or by post at our address with the addition "der Datenschutzbeauftragte" (the data protection officer).

(4) We process personal data only in compliance with the relevant data protection regulations and on the basis of the legal grounds specified below.

2. Data processing when visiting our websites

(1) When you use our websites for purely informational purposes, i.e. if you do not make any enquiries, do not log in or otherwise provide us with personal information, we process the data that your browser transmits to our server and that is technically necessary to display our websites and ensure stability and security:

(2) The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, namely our legitimate interest in displaying the websites accessed.

(3) The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

3. Use of cookies

(1) Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

(2) We use cookies to make our website functional. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

(3) The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) TDDDG is Article 6 (1) lit. f GDPR.

(4) The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

(5) Cookies are stored on the user's computer and transmitted to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.

4. Consent management (Complianz)

(1) We use the consent management tool Complianz from Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands, on our website. The tool is used to obtain and manage consent in accordance with Art. 6 (1) lit. c GDPR in conjunction with Section 25 TDDDG for the setting of cookies and the use of certain technologies on our website.

(2) When you visit our website, Complianz stores your consent decision and, if applicable, your rejection of certain cookies in a cookie on your device. This data processing is necessary to comply with the legal obligations of accountability.

(3) The stored information includes: (a) the consent status (accepted/rejected), (b) the time stamp of the decision, and (c) technical information about the browser and end device used.

(4) The consents stored in this way are stored for a period of 12 months, unless you revoke or delete them beforehand via the settings on our website.

(5) Data processing is carried out on the basis of Art. 6 (1) lit. c GDPR, as we are legally obliged to document your consent in a verifiable manner and to ensure the lawful use of cookies and third-party services.

(6) Further information on data processing by Complianz can be found at: https://complianz.io/legal/

5. Web analytics (Google Analytics)

(1) We use the web analytics service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website to analyse the surfing behaviour of our users. In this context, Google uses cookies (see section on cookies), which enable an analysis of your use of the website.

(2) The information generated by the cookie about your use of this website (including your abbreviated IP address) is usually transferred to a Google server in the USA and stored there. We have activated IP anonymisation on this website, which means that your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. A full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases.

(3) Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

(4) The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG. You give your consent via our cookie consent manager Complianz (section 4), which is displayed when you first visit the website. You can revoke your consent at any time by calling up the settings again via the icon at the bottom of the screen and changing your preferences.

(5) The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. The data sent by us and linked to cookies is automatically deleted after two months.

(6) For more information about data processing by Google, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245

(7) You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout

6. Use of Google Web Fonts

(1) This website uses so-called Web Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for the uniform display of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

(2) For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. According to Google, no cookies are stored in this process.

(3) The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offering. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been requested (e.g. via a consent tool), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

(4) If your browser does not support web fonts, a standard font will be used by your device.

(5) Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy

7. Data processing when contacting us

When you contact us by email, telephone or via a contact form, the data you provide (e.g. email address, name, telephone number or the content of your enquiry) will be processed by us in order to answer your questions and/or process your request. The legal basis is Art. 6 para. 1 lit. a) and b) GDPR, namely your consent or a pre-contractual measure. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation and deleted as soon as it is no longer necessary for the purpose for which it was collected.

8. Data processing for contract execution

(1) If you are or become a customer of ours, we will process your contact, contract, payment and communication data for the purpose of providing and invoicing the contractual services, which you can find in our Terms and Conditions. For the aforementioned purpose, your data may be passed on to service providers who support us (service providers, operators of communication applications, etc.), whom we have carefully selected and who are bound by our instructions.

(2) The legal basis is the existing contractual relationship (Art. 6 para. 1 sentence 1 lit. b GDPR).

9. Newsletter

(1) We send emails and other electronic notifications with promotional information (hereinafter referred to as "newsletters") only with your consent or with legal permission. The newsletters contain information about our products, offers and promotions.

(2) The use of a mailing service provider, the performance of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and meets your expectations.

(3) You can revoke your consent to receive our newsletter at any time using the contact details provided below.

(4) The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Your email address will therefore be stored for as long as the newsletter subscription is active.

10. Your rights

(1) You have the following rights with regard to your personal data:

(2) You also have the right to complain to the data protection supervisory authority about our processing of your data.

(3) We would like to point out that you can revoke any consent you have given us under data protection law at any time with effect for the future. The same applies to consent for advertising purposes. To do so, please send an informal email to: dataprotection@encryptobox.com. The respective revocation may result in our offers no longer being available to you or only being available to you to a limited extent.

(4) If we base the processing of your personal data on a balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR), you can object to the processing. If you exercise such an objection, we ask you to explain why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either cease or adapt the data processing or inform you of our compelling legitimate grounds for continuing the processing.

11. Transfer of data to Third Parties

(1) We only pass on your data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 para. 1 lit. b) GDPR, or if it can be justified on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR.

(2) If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure that personal data is protected in accordance with the relevant legal requirements.

12. Data deletion

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. The data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

13. Final provisions

(1) We use technical and organisational security measures to protect your data, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.

(2) We will update the privacy policy from time to time due to technical advances in our offerings. Insofar as the change to the privacy policy does not affect the use of existing data, the new privacy policy shall apply from the date of its update on our website. A change to the privacy policy that relates to the use of data already collected will only be made if it is reasonable for you. In such a case, we will notify you in good time by email, on our websites or in another form. You have the right to object to the validity of the new privacy policy within four weeks of receiving the notification. If no objection is made within the specified period, the amended privacy policy shall be deemed to have been accepted by you. We will inform you of your right to object and the significance of the objection period in the notification.


EncryptoBox | Privacy Policy