We are pleased that you have chosen to download and install our OX Drive App (hereinafter referred to as “App”). The protection of your personal data is an important topic for us and we will protect your privacy and treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and other applicable law.
1. Scope of the data collection and processing
As a rule, we collect personal data within the use of the App only to the extent you have voluntarily provided us the information, e.g. your e-mail-address or other credentials. Although providing us with these data is voluntary, without these we partly cannot provide you the respective service. You will find specific details about mandatory personal data which is required to perform our services and non-mandatory personal data in the respective sections of this document below. We generally do not transfer personal data to any third parties other than your service provider. Please be aware that we have no influence on where your service provider processes your personal data. The laws of the USA and other countries outside of the EEA may not protect your data to the same level as the laws of the EEA, or give you the same rights that you would have in the EEA. Please check with your service provider where he processes your personal data, and if he processes it outside the EEA only in compliance with mandatory legal requirements.
Please generally keep in mind while using the App that you are connecting to a service that is most likely not run by the developer of this App. The App’s purpose is to enable you to connect to a service provider using a compatible cloud server software. The App itself does not provide a cloud storage service – it only helps you access or upload files on a compatible cloud storage service of your choice, which provides you with digital storage space to store your personal files (“Service Provider”). Please also refer to their data protection policy for information on which data they process for which purpose on server side.
2. Personal Data
„Personal Data“ is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The App processes some personal Data itself. Please find below a detailed description and the corresponding purpose of every single Personal Data collection and processing activity of the App itself:
2.1 Log-In Data
As you first open the App, it asks you for a Server-URL which is being used to connect you to the remote service installation of your Service Provider where your account data is being stored. On providing this information the App will try to connect to the URL to check whether the server runs an installation of OX Drive. This connection attempt will most likely leave an entry in the log file of the server you are trying to connect to. Please refer to the data protection policy of the service provider behind the URL to find out what Data they collect and process regarding this connection attempt. However, on a successful connection the App stores the URL as part of the log-in data, as stated below.
In the next step, after providing the URL of your Service Provider, the App asks you for your log-in credentials consisting of a user name and a password. Most likely, but still depending on the service provider you are connecting to, the user name equals your e-mail address. This data is being stored on your device and is also part of the log-in data. You can always delete the log-in data in the settings of your device’s operating system. It is also deleted when the server rejects connection to the saved session using the saved token. This happens after a certain time out (if used by your Service Provider), when you manually log-out or when your Service Provider resets your server side sessions.
The log-in data is saved by the App in encrypted form in the account manager of the device (session token). The log-in data is only accessible from this App. If you own several devices, the account details can be synchronized between these devices by the operating system if your device supports this. This setting can be found in your device’s system settings. Please see the manual of your device on how to activate it or delete the saved data. Please refer to the data protection policy of the synchronization service provider and your device’s software provider for information about their processing and storage of data.
The storage and processing of this Log-In Data is required to enable the core functionality of the app by providing access to the cloud storage service (Art. 6 Par. 1 (b) GDPR) without having to provide the log-in data again each time you open the app. It therefore also follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR) to provide you with a pleasant and convenient user experience.
In our App we may also use a session cookie in order to keep you logged in after closing the App. This cookie is a small text file that is stored in your device’s storage also containing the session token. It is deleted as soon as you manually log out or after a certain time out (if used by your Service Provider) or when your Service Provider resets your server side sessions. This cookie corresponds with the functionality and matches the purpose of the log-in data as stated above in 2.1 to provide our services (Art. 6 Par. 1 (b) GRPR) with a pleasant and convenient user experience which follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR).
The App does not use any other cookies. It also does not use or support any other tracking technology.
2.3 User Generated Content
The main function of the App is the capability to interact with a compatible cloud storage service by voluntarily uploading, downloading and viewing personal files you have created, modified or received to your Service Provider’s web storage space. These personal files may contain personal data of you or other persons, e.g. on photos, in text documents, spreadsheets or presentation and the like. If you choose to make files available offline by selecting this option in respect to certain files, the App saves it in its assigned space on the device you are using. You will then be able to view or edit the file without having to connect Service Provider over the internet. Please refer to the data protection policy of your device’s manufacturer and the operating system developer for information about security, collection and processing of data in the assigned App storage spaces.
The App collects the data on the device’s storage only to provide offline access to the so marked files. Please bear in mind that the App does not have any influence on the content of the files, so it is your very own decision on which personal data you upload or download. The files will be deleted from your device as soon as you decide to exclude them from offline access by de-selecting them accordingly.
You may also grant the App access to the photo and video storage space on your device on a voluntary basis. This function enables the synchronization of photo and video files between different devices manually or even automatically. You can always withdraw the grant of access to these file spaces by changing the respective settings in your device’s operating system settings. Please refer to the user manual or support documentation of your device’s operating system for guidance on how to manage App’s access rights.
The legal basis for the collection of these files as your personal data is your consent by using the respective functions described above (Art. 6 Par. 1 (f) GDPR).
2.4 Sharing and Opening files
The App enables you to open any file if supported, e.g. a photo, video or music file, stored in either the App or in your connected cloud storage. If you choose to do so, the corresponding file will be transferred to the third-party app you choose from the context menu. Please refer to the data protection policy of the respective app developer for information about their collection and processing of the data transferred to their apps.
The App also enables you to share your files using different third-party apps on your device, e.g. instant messaging services, e-mail services, other cloud storage services. As on opening a file, the App will transfer the selected file to the third-party app you choose from the context menu. The context menu opens as you select the commonly known “Sharing Button”, of which design and/or inscription alter on different operating systems. Please refer to the data protection policy of the respective app developer for information about their collection and processing of the data transferred to their apps. Also, think carefully about the data you share with other persons in general to avoid sensitive personal information being published without your consent.
The App itself does not collect any personal data on how often and who you share any files with. It only provides the third-party app with the file in a one-directional manner without receiving information about the activities of the third-party app.
The App also provides access to an internal sharing function of your Service Providers server software enabling you to invite persons to view, change, upload or download files from your cloud storage via a sharing link. Using this function will have your Service Provider generate a hyperlink giving anyone who receives this link access to the selected files or folders. Please refer to the data protection policy of the respective Service Provider for information about their collection and processing of the data while accessing the shared file.
However, you may grant the App access to address book storage space on your device on a voluntary basis, which most likely contains personal data of your contacts. You can then select e-mail addresses from your device’s address book which are being transmitted to your Service Provider. The server software will then generate e-mail messages to the selected contacts providing the sharing link. Please refer to the data protection policy of the respective Service Provider for information about their collection and processing of the submitted data. The App itself does not store the address book data but only accesses them on your demand. As stated above, you can always revoke access to this storage space in the settings of your device’s operating system.
The opening and sharing functions of the App are provided to give you a greater choice of handling your files and therefore are implemented to provide you with a convenient user experience, which follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR). The use of these functions is at your sole discretion. By using these functions you also declare your consent according to Art. 6 Par. 1 (a) GDPR.
3. External Hyperlinks
4. Rights to information, revocation, rectification and deletion
Please keep in mind, that the files you upload are not stored on the App developer’s servers, but on the servers of your Service Provider. Most likely the App developer will not have any of your personal data stored on their server. The App developer also does not have any access to the files contained in the App.
However, upon request, we will confirm what kind of personal data of yours, if any, is currently stored on our servers, the purpose of storing as well as the envisaged period for which the personal data will be stored and, if any, the recipients to whom the personal data have been or will be disclosed. You will find our contact details below (Art. 15 GDPR).
If your personal data we have stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed (Art. 16 GDPR).
If requested, we will promptly delete your personal data, unless prohibited by law, and then we will restrict the respective data. Besides we will delete your personal data if it is no longer necessary in relation to the purposes for which they were collected and stored, if you withdraw consent on which the processing is based or if the personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject to (Art. 17 GDPR).
Furthermore you have the right to request restriction of processing if the accuracy of personal data is contested for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, if we do not need the personal data anymore for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims or if you objected the processing as long as the verification if legitimate grounds of us overide yours is pending (Art. 18 GDPR).
If you delete the App from your mobile device, the data saved locally on your mobile device in the App will be deleted as well. Data that you have saved somewhere else on your mobile device, e.g. in photo or video storage, or have transferred to other applications (e.g. e-mail app, instant messenger) will not be deleted by this.