Open-Xchange Privacy Policy

 

OX App Suite is an integrated messaging and collaboration platform offering a variety of services. It is operated by

Open-Xchange GmbH
Olper Hütte 5f
57462 Olpe
Germany

Contact our data privacy department by sending an email to privacy(at)open-xchange.com or by writing a letter to the postal address given above.

You may also contact our external data protection officer:

General

You can use our OX App Suite to

• send, receive and manage your email
• store, synchronise and access contacts
• create calendars and make appointments with participants
• track and manage collaborative tasks
• upload, store and synchronise your personal files
• work with text documents, spreadsheets and presentations and collaborate on them>

By using these functions, you provide a variety of personal data to us. We ensure to keep all the data secure and treat them confidential, as required by European or national law (especially General Data Protection Regulation).

 

What types of data are we processing?

1. User Identification Data
User Identification Data are information about your personal details. You or the account holder provided this information to the reseller who gave you access to this platform. The reseller transferred a limited set of this data to us, containing your name, the email address and display name you chose, your password and alias email addresses (if any).

2. User Generated Data
User Generated Data is everything you upload to or receive within the OX App Suite platform:

• the emails you keep in your mailbox folders
• the files you store within the Drive cloud storage
• the contact data stored within the address book
• the tasks and appointments in your calendar
• the files stored in the Drive cloud storage space, including documents created using the spreadsheet, text or presentations features.

3. Usage Data
Usage Data are the information accruing about your usage of the platform. This may contain session data that is required to steer the data flow between your device and our servers, or data about the storage quota you consume. We do not collect any of this data for analytics, re-targeting or profiling. However, some of the Usage Data may be stored on your device using first-party cookies for a limited time.

4. Traffic Data
Traffic Data is the information accruing whenever you use our email service for communication. It includes date and time of your access and submission of emails and your respective IP address at that time.

 

How long do we keep your data?

Generally, we keep your data only as long as required to fulfil the respective purpose or as long as legal requirements demand data retention.

We keep your User Identification Data and your User Generated Data as long as you have a valid contract with the reseller who granted you access to the platform. As soon as your reseller signals that your contract has ended, we will delete your account and all the User Identification and User Generated Data. Before that, you can always delete all or only some selected parts of the User Generated Data by triggering the respective functions. Please note that, independent from us, your reseller possibly keeps data about you for a different time period, subject to their privacy policy.

Usage Data is not being permanently stored on our servers. It is being deleted after it is no longer needed for the provision of the platform services (e.g. after you log out). Besides that, for abuse detection and troubleshooting, we keep log files about server activity containing your IP address, the time of access and the data about the software and hardware used for accessing the platform. Such log files are being deleted after 7 days.

Traffic Data is only collected in order to ensure delivery of email messages and is being deleted afterwards. However, law enforcement agencies may request access to and retention of Traffic Data, subject to strict legal requirements.

 

Purpose and legal basis

We may process your data following your informed and express consent (Art. 6 par. 1 lit. a) GDPR). Other than that, processing of your data is needed in order to provide you with the services that you expect, based on your agreement with the reseller who granted you access to the OX App Suite platform (Art. 6 par. 1 lit. b) GDPR). Usage Data and log files are being processed on a limited scope, based on our legitimate interest to maintain and optimize our technical infrastructure and/or to calculate the fees payable by your reseller (Art. 6 par. 1 lit. f) GDPR).

 

Your rights

At any time, you remain in full control of your data. For this reason, GDPR gives you a number of rights with regards to personally identifiable data. There is a wide variety of self-service functionality within the OX App Suite platform, enabling you to take control of your data. Please reach out to the Help section or to your customer support in order to learn more about the possibilities.

Nevertheless, you always have the right to contact us directly in order to exercise your regulatory right:

a. Right to information
Upon your request, we will confirm and disclose, which of your data we store, the respective purpose as well as the envisaged retention period. We will then also disclose the recipients whom the personal data have been or will be disclosed to (if any), unless prohibited under applicable law.

b. Right to correction, completion
If your data stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed. If you contest the correctness of the data, if you claim that data processing is unlawful or that we do not need the data any longer, you may request restriction of the data until your request has been verified.

c. Right to deletion
If requested, we will promptly delete your personal data, or restrict access to it if deletion is prohibited by law.