Skip navigation links

Open-Xchange Privacy Policy

(Last updated: June 2018) 

We are pleased that you have chosen to visit this website and are interested in our products. The protection of your personal information during your visit to our website is important to us. We undertake to protect your privacy and to treat your data confidentially and in accordance with applicable law, particularly the General Data Protection Regulation (GDPR). 

With this Privacy Policy, we would like to inform you which categories of your personal data will be collected and processed by Open-Xchange during your visit. We also would like to share the purposes these data will be used for. Changes of legal circumstances or internal corporate processes can make it necessary to adjust this privacy policy (rights are accordingly reserved) from time to time. If possible please re-read this Privacy Policy each time you visit our website.

1. Personal Data

‘Personal data’ means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Although you can basically use this website without disclosing your identity to us, during your visit to this website some personal data will be collected in order to provide you with certain features and functionalities of the website. The collected data is described in details in the respective sections below. For example, in the event that you register for one of our personalized services or would like to send us a message (e.g. via our contact form) we will ask you for your name and your e-mail-address in order to be able to respond to your requests. In such case, Art. 6 par. 1 lit. b EU General Data Protection Regulation (GDPR) is the general legal basis which allows us the processing.

In any case, the decision on whether you want to provide this information to us is in your sole discretion. Please be aware that without providing this information some of the services offered on our website will not be working (see below for details). In the event that you do decide to disclose personal data to us during your visit to our website, 
Art. 6 par. 1 lit. a GDPR will be the general legal basis.

The following processing activities can be found on our website:


1.1 Logfiles

On the occasion of your visit and use of this website and every time you request a file, our web server saves data about these accesses in a report file. The set of data contains the following information:

  1. domain name or IP-address of the remote host,
  2. result of the access (file transferred; file not found etc.)
  3. date and time of the access
  4. amount of transferred data
  5. browser type and version
  6. operating system
  7. used language and name of the internet service provider
  8. website from which the file was accessed
  9. saved cookies for the accessed domain
  10. device identifier
  11. UserID
  12. IP address
  13. user password

We collect these logfiles solely to provide the service (website functionalities; e.g. retention of your session) and due to legitimate interests, such as system security, troubleshooting and to optimize our web presence (e.g. improvement of the user friendliness of our website). The legal basis this processing activity can be seen in Art. 6 par. 1 lit. f GDPR.

1.2 Contact & Job Application Form

If you contact us via our contact form, you have to provide the following information in order to be able to use this feature:

  1. first- and last name
  2. email address

This information is required in order to process the contact request. The legal basis for collecting and processing this information is Art. 6 par. 1 lit. b GDPR.

Furthermore, when filling out the contact form, you can provide additional information at your discretion:

  1. telephone number
  2. country

Your consent in accordance with Art. 6 par. 1 lit. a EU General Data Protection Regulation (GDPR) is the general legal basis.

When using the job application form, we further collect the following information:

  1. zip code 
  2. city 
  3. address 
  4. application form and CV information

We are not able to process your inquiry without the aforementioned information. The legal basis is Art. 6 par. 1 lit. b GDPR.

We generally do not transfer any of the information mentioned above to third parties, unless we are required to do so by applicable law or have a valid legal basis for such transfer.

However, in certain cases we have to comply with inquiries made by third parties and transfer your information to hem, e.g. transfer to the law enforcement authorities if a crime is suspected. For this purpose, Art. 6 par. 1 lit. c-e GDPR is the general legal basis since processing the data is either a legal obligation, mandatory to protect your vital interests (e.g. prevent data abuse) or the processing is carried out in the public interest or in the exercise of the public duties of an official authority.

1.3 Newsletter

You may register for our newsletter using our website. This requires providing us with your email-address. After you signed up for the newsletter we will send you an email in which you will be asked to verify your email address (double opt-in). After you confirmed your interest and the correctness of your data by clicking on the link that is sent with the double opt-in email we will put your email address on our newsletter list. 

You can opt-out from the newsletter at any time by clicking the respective link provided at the bottom of each newsletter. In case you do not want to opt-out using the respective link you may submit a message to one of the addresses stated below under No. 8.


For the newsletter registration and mailing list, we process the following data.

  1. e-mail address 
  2. name (not required)

Regarding the newsletter process we are working together with a subcontractor who offers a GDPR-compliant and adequate level of data protection and data security. 
We are not able to process your registration without collecting your email address. The legal basis is Art. 6 par. 1 lit. b GDPR. For your name, we assume your consent when you provide us with this information. The legal basis is Art. 6 par. 1 lit. b GDPR.

1.4 Cookies

Our website uses cookies in order to make visiting our website attractive for you and to enable the use of certain functions (technically necessary cookies). Cookies are small text files that are stored on your computer or device. Most of the cookies used by us will be deleted from your hard disk after the end of the browser session (so-called session cookies).

We also use permanent cookies, which are primarily used to provide you, the visitor, with permanently recurring settings. Those cookies also allow us to analyze the visitor's user behavior, but only within the framework of the cookies' period of validity and if you comply.

Following applicable law all data is saved exclusively in a pseudonymised form (at most) without any direct personal reference. This enables us to update our website to address your individual preferences. 
You can opt out of future data collection and storage through cookies at any time.

You can prevent the storage of cookies on your computer or device by making the appropriate changes to your browser settings so that cookies are not accepted or so that you are notified before accepting cookies. However, this can limit functionality of our website and our services.

There is always a link present with which you can object to cookies from other providers or third parties. If you declare your objection, the providers set an opt-out cookie that prevents any further data being recorded on your computer or device. If you would like to retain your right to objection, you should not delete the opt-out cookie. 

You will have to complete the opt-out process again if this cookie is deleted later, e.g. by deleting or clearing your browser settings.

Furthermore, you can manage data collection and storage by many other services. More details are cited here: www.networkadvertising.org/choices/ or http://www.youronlinechoices.com/de/praferenzmanagement.

1.5 PIWIK PRO

Our website uses the web analytics tool “Piwik Pro”. Piwik Pro uses cookies which are placed on the hard drive of your device. These enable us to analyze the visitor’s usage of our website. For this purpose, the generated information in the cookie (including the abbreviated anonymized IP-address) is transmitted to our server and stored to enable us to optimize the usage of our website. In this process, your IP-address is being anonymized immediately, so that you remain fully anonymous to us. The information generated by the cookie about your use of this website will not be disclosed to third parties.

You may preclude the usage of cookies by selecting the appropriate settings in your browser, in this case it may occur, however, that you may not be able to use all functions of this website.

If you wish to opt out for the future, you may do so by clicking on the link below at any time. In this case a so called opt-out-cookie will be placed within your browser so that Piwik Pro will not collect any session data.

Opt-out from PIWIK PRO analytics

Please keep in mind that in the event that you delete your cookies, this opt-out-cookie will also be deleted, and you may have to reactivate it.
 
When you enter our website, you will see a pop-up banner explaining the use of our cookies and containing a link where you can change your cookie settings for our website. By clicking on this link, you will be shown an opt-out button for the PIWIK cookie. Please note that deleting your browser settings would lead to a reactivation of the PIWIK cookie as stated above.

2. Rights to information, rectification, erasure and restriction of processing

Upon request, we will confirm what kind of personal data of yours, if any, is currently stored on our servers, the purpose of storing as well as the envisaged period for which the personal data will be stored and, if any, the recipients to whom the personal data have been or will be disclosed. You will find our contact details below.

If your personal data we have stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed.

If requested, we will promptly erase your personal data, unless prohibited by law, and then we will restrict the respective data. Besides we will delete your personal data if it is no longer necessary in relation to the purposes for which they were collected and stored, if you withdraw consent on which the processing is based or if the personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject to.

Furthermore, you have the right to request restriction of processing if the accuracy of personal data is contested for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, if we do not need the personal data anymore for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims or if you objected the processing as long as the verification if legitimate grounds of us override yours is pending.

3. Right to lodge a complaint with a supervisory authority

Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

4. Right to object

You have the right to object at any time to processing of personal data on grounds relating to your particular situation which is based on point (e) or (f) of Article 6(1) (task carried out in public interest or processing in purpose of legitimate public interest) or if the personal data is processed for direct marketing purposes.

If you have objected we will no longer process the personal data unless on our side legitimate interest for the processing prevail your interests or for the purpose of establishment, exercise or defense of legal claims. If you have objected to the processing of personal data due to direct marketing purposes we will no longer process this personal data for those purposes. 

To declare your objection, you may submit a message to the addresses stated below under No.8.

5. Right to data portability

Upon request, we will provide you with the personal data you have provided to us in a structured commonly used and machine-readable format and ensure you will be able to transmit those data to another controller.

6. Links to other websites

Our website contains hyperlinks to websites of other parties. These websites may possibly use cookies or collect personal data. As we have no influence on whether these parties adhere to our privacy policy or not we cannot point out the relevant aspects. This privacy policy is only valid for our website. Links to other websites from this site are not included.

7. Data security

We are always seeking to process your personal data by taking all technical and organisational possibilities in a way so that it is not accessible to third parties. If you contact us e.g. via e-mail or our contact form, full data security cannot be guaranteed. We recommend sending confidential information by letter post only.


8. Contact

Please feel free to address data protection related questions or suggestions at any time. Please contact the address below via written letter. There you can confirm, which of your personal data is stored on our servers, receive further information and exercise your rights to revocation, deletion or rectification.

You may contact the data protection department under:

Open-Xchange AG
Datenschutz
Rollnerstraße 14
D-90408 Nuernberg
Germany
E-Mail: datenschutz(at)open-xchange.com

You can also contact our Data Protection Officer:

Mrs. Dr. Jana Jentzsch
Jentzsch-IT Rechtsanwaltsgesellschaft mbH
Alsterarkaden 13
20354 Hamburg 
Germany
Email: info(at)jentzsch-it.de


Open-Xchange Privacy Policy for the OX Drive App

We are pleased that you have chosen to download and install our OX Drive App (hereinafter referred to as “App”). The protection of your personal data is an important topic for us and we will protect your privacy and treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and other applicable law.

With this Privacy Policy we inform you about the types of your personal data we collect and the purposes it will be used for. Since changes of the laws, jurisdiction or our corporate procedures may require an adjustment of this Privacy Policy, we reserve the right to change it without further notice. This makes it necessary for you to regularly re-read this document to keep track of the changes. Possible changes will not affect the legal basis of any data processing and collection. In case the legal basis changes, we will inform you proactively in the respective situation while using the App, asking for your consent.

1. Scope of the data collection and processing

As a rule, we collect personal data within the use of the App only to the extent you have voluntarily provided us the information, e.g. your e-mail-address or other credentials. Although providing us with these data is voluntary, without these we partly cannot provide you the respective service. You will find specific details about mandatory personal data which is required to perform our services and non-mandatory personal data in the respective sections of this document below. We generally do not transfer personal data to any third parties other than your service provider.  Please be aware that we have no influence on where your service provider processes your personal data. The laws of the USA and other countries outside of the EEA may not protect your data to the same level as the laws of the EEA, or give you the same rights that you would have in the EEA. Please check with your service provider where he processes your personal data, and if he processes it outside the EEA only in compliance with mandatory legal requirements.

Please generally keep in mind while using the App that you are connecting to a service that is most likely not run by the developer of this App. The App’s purpose is to enable you to connect to a service provider using a compatible cloud server software. The App itself does not provide a cloud storage service – it only helps you access or upload files on a compatible cloud storage service of your choice, which provides you with digital storage space to store your personal files (“Service Provider”). Please also refer to their data protection policy for information on which data they process for which purpose on server side.


2. Personal Data

„Personal Data“ is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The App processes some personal Data itself. Please find below a detailed description and the corresponding purpose of every single Personal Data collection and processing activity of the App itself:


2.1 Log-In Data

As you first open the App, it asks you for a Server-URL which is being used to connect you to the remote service installation of your Service Provider where your account data is being stored. On providing this information the App will try to connect to the URL to check whether the server runs an installation of OX Drive. This connection attempt will most likely leave an entry in the log file of the server you are trying to connect to. Please refer to the data protection policy of the service provider behind the URL to find out what Data they collect and process regarding this connection attempt. However, on a successful connection the App stores the URL as part of the log-in data, as stated below.

In the next step, after providing the URL of your Service Provider, the App asks you for your log-in credentials consisting of a user name and a password. Most likely, but still depending on the service provider you are connecting to, the user name equals your e-mail address. This data is being stored on your device and is also part of the log-in data. You can always delete the log-in data in the settings of your device’s operating system. It is also deleted when the server rejects connection to the saved session using the saved token. This happens after a certain time out (if used by your Service Provider), when you manually log-out or when your Service Provider resets your server side sessions.

The log-in data is saved by the App in encrypted form in the account manager of the device (session token). The log-in data is only accessible from this App. If you own several devices, the account details can be synchronized between these devices by the operating system if your device supports this. This setting can be found in your device’s system settings. Please see the manual of your device on how to activate it or delete the saved data. Please refer to the data protection policy of the synchronization service provider and your device’s software provider for information about their processing and storage of data.

The storage and processing of this Log-In Data is required to enable the core functionality of the app by providing access to the cloud storage service (Art. 6 Par. 1 (b) GDPR) without having to provide the log-in data again each time you open the app. It therefore also follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR) to provide you with a pleasant and convenient user experience.


2.2 Cookies

In our App we may also use a session cookie in order to keep you logged in after closing the App. This cookie is a small text file that is stored in your device’s storage also containing the session token. It is deleted as soon as you manually log out or after a certain time out (if used by your Service Provider)  or when your Service Provider resets your server side sessions. This cookie corresponds with the functionality and matches the purpose of the log-in data as stated above in 2.1 to provide our services (Art. 6 Par. 1 (b) GRPR) with a pleasant and convenient user experience which follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR).

The App does not use any other cookies. It also does not use or support any other tracking technology.


2.3 User Generated Content

The main function of the App is the capability to interact with a compatible cloud storage service by voluntarily uploading, downloading and viewing personal files you have created, modified or received to your Service Provider’s web storage space. These personal files may contain personal data of you or other persons, e.g. on photos, in text documents, spreadsheets or presentation and the like. If you choose to make files available offline by selecting this option in respect to certain files, the App saves it in its assigned space on the device you are using. You will then be able to view or edit the file without having to connect Service Provider over the internet. Please refer to the data protection policy of your device’s manufacturer and the operating system developer for information about security, collection and processing of data in the assigned App storage spaces.

The App collects the data on the device’s storage only to provide offline access to the so marked files. Please bear in mind that the App does not have any influence on the content of the files, so it is your very own decision on which personal data you upload or download. The files will be deleted from your device as soon as you decide to exclude them from offline access by de-selecting them accordingly.

You may also grant the App access to the photo and video storage space on your device on a voluntary basis. This function enables the synchronization of photo and video files between different devices manually or even automatically. You can always withdraw the grant of access to these file spaces by changing the respective settings in your device’s operating system settings. Please refer to the user manual or support documentation of your device’s operating system for guidance on how to manage App’s access rights.

The legal basis for the collection of these files as your personal data is your consent by using the respective functions described above (Art. 6 Par. 1 (f) GDPR).


2.4 Sharing and Opening files

The App enables you to open any file if supported, e.g. a photo, video or music file, stored in either the App or in your connected cloud storage. If you choose to do so, the corresponding file will be transferred to the third-party app you choose from the context menu. Please refer to the data protection policy of the respective app developer for information about their collection and processing of the data transferred to their apps.

The App also enables you to share your files using different third-party apps on your device, e.g. instant messaging services, e-mail services, other cloud storage services. As on opening a file, the App will transfer the selected file to the third-party app you choose from the context menu. The context menu opens as you select the commonly known “Sharing Button”, of which design and/or inscription alter on different operating systems. Please refer to the data protection policy of the respective app developer for information about their collection and processing of the data transferred to their apps. Also, think carefully about the data you share with other persons in general to avoid sensitive personal information being published without your consent.

The App itself does not collect any personal data on how often and who you share any files with. It only provides the third-party app with the file in a one-directional manner without receiving information about the activities of the third-party app.

The App also provides access to an internal sharing function of your Service Providers server software enabling you to invite persons to view, change, upload or download files from your cloud storage via a sharing link. Using this function will have your Service Provider generate a hyperlink giving anyone who receives this link access to the selected files or folders. Please refer to the data protection policy of the respective Service Provider for information about their collection and processing of the data while accessing the shared file.

However, you may grant the App access to address book storage space on your device on a voluntary basis, which most likely contains personal data of your contacts. You can then select e-mail addresses from your device’s address book which are being transmitted to your Service Provider. The server software will then generate e-mail messages to the selected contacts providing the sharing link. Please refer to the data protection policy of the respective Service Provider for information about their collection and processing of the submitted data. The App itself does not store the address book data but only accesses them on your demand. As stated above, you can always revoke access to this storage space in the settings of your device’s operating system.

The opening and sharing functions of the App are provided to give you a greater choice of handling your files and therefore are implemented to provide you with a convenient user experience, which follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR). The use of these functions is at your sole discretion. By using these functions you also declare your consent according to Art. 6 Par. 1 (a) GDPR.


3. External Hyperlinks

The App may contain hyperlinks to external websites which might use cookies and/or collect and process your personal data. We have no influence and can not notify you about such activities. This data protection policy only aims at the services provided by the App itself, excluding external websites and services.


4. Rights to information, revocation, rectification and deletion

Please keep in mind, that the files you upload are not stored on the App developer’s servers, but on the servers of your Service Provider. Most likely the App developer will not have any of your personal data stored on their server. The App developer also does not have any access to the files contained in the App.

However, upon request, we will confirm what kind of personal data of yours, if any, is currently stored on our servers, the purpose of storing as well as the envisaged period for which the personal data will be stored and, if any, the recipients to whom the personal data have been or will be disclosed. You will find our contact details below (Art. 15 GDPR).

If your personal data we have stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed (Art. 16 GDPR).

If requested, we will promptly delete your personal data, unless prohibited by law, and then we will restrict the respective data. Besides we will delete your personal data if it is no longer necessary in relation to the purposes for which they were collected and stored, if you withdraw consent on which the processing is based or if the personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject to (Art. 17 GDPR).

Furthermore you have the right to request restriction of processing if the accuracy of personal data is contested for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, if we do not need the personal data anymore for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims or if you objected the processing as long as the verification if legitimate grounds of us overide yours is pending (Art. 18 GDPR).

If you delete the App from your mobile device, the data saved locally on your mobile device in the App will be deleted as well. Data that you have saved somewhere else on your mobile device, e.g. in photo or video storage, or have transferred to other applications (e.g. e-mail app, instant messenger) will not be deleted by this.

5. Right to object

You have the right to object to the processing of your personal data which is based on point (e) or (f) of Article 6 (1) (task carried out in public interest or processing in purpose of legitimate interest) at any time. You can base your objection on grounds relating to your particular situation.

If you have objected we will no longer process the personal data unless our legitimate interests for the processing override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

To declare your objection, you may submit a message to the address stated below under No. 9.

6. Complaint to supervisory authority

Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).


7. Right to data portability

Upon request, we will provide you with the personal data we store about you in a structured commonly used and machine-readable format and ensure you will be able to transmit those data to another controller (Art. 20 GDPR).


8. Data security

We are always seeking to process your personal data by taking all technical and organizational possibilities in a way so that it is not accessible to third parties. If you contact us e.g. via e-mail or our contact form, full data security cannot be guaranteed. We recommend sending confidential information by mail only.


9. Contact

Please feel free to address data protection related questions or suggestions at any time. Please find our contact details below. There you can confirm, which of your personal data is stored on our servers, receive further information and exercise your rights to revocation, deletion or rectification.

You may contact the data protection department under:

Open-Xchange AG
Data Protection
Rollnerstraße 14
90408 Nuremberg
Germany
E-Mail: privacy(at)open-xchange.com

You can also contact our Data Protection Officer:

JENTZSCH IT Rechtsanwaltsgesellschaft mbH
Dr. Jana Jentzsch
Alsterarkaden 13
20354 Hamburg
E-Mail: mail(at)jentzsch-it.de

Loading