. Privacy policy and legal information - secrypt GmbH
CONTACT
+49 30 756 59 78-0

Privacy policy and legal information - secrypt GmbH

secrypt GmbH Privacy Policy

Thank you for visiting our website or using our software and/or our services and thank you for your interest in our company. The protection of your personal rights is important to us. You can rest assured that we will handle your data responsibly and in a trustworthy manner.

Name and address of the Controller

secrypt GmbH
Hohenzollerndamm 183
10713 Berlin
Germany

Email: datenschutz@secrypt.de
Website: https://www.secrypt.de

Managing Directors: Tatami Michalek, Matthias Schlede

Any data subject can contact the controller directly at any time with any questions or suggestions regarding data protection.

Content

1. Introduction

secrypt GmbH offers its customers and contractual distribution partners software solutions and services (e.g., consulting, training, installation, and support) for the use of the electronic signature, e-seal, timestamp and encryption in various industries and applications. With the digiSeal® product family, secrypt ensures the authenticity, tamper protection, and confidentiality of sensitive electronic data in digital business processes as well as the long-term preservation of evidentiary value in the electronic vault, e.g., for secure digital patient records in the healthcare sector. The collection, processing, and use of personal data take place to carry out the aforementioned activities.

2. Data Processing When Visiting Our Website

The use of our website is generally possible without providing any personal data. However, if special services of our company are to be used via our website, the processing of personal data may be required. If the processing of personal data is necessary and there is no lawful basis for such processing, we generally obtain the consent of the data subject.

Personal data affected includes, for example, customer data, business partner data, supplier data, employee data, data of former employees, prospect data, and applicant data. Recipients or categories of recipients of the data include public authorities that receive data based on statutory regulations (e.g., social insurance agencies, tax authorities, supervisory authorities) as well as internal departments involved in executing the respective business processes (primarily: human resources management, accounting, finance, purchasing, marketing, general administration, sales, telecommunications, and IT).

Data transfers to third countries occur only within the scope of contract fulfillment, necessary communication, or other legally expressly provided exceptions. Otherwise, no transfer to third countries takes place, nor is it planned.

Our website also includes content, services, and offerings from other providers. These include, among others, Google Analytics, Google AdWords, Google Maps, and Google reCAPTCHA. To display these data in the user’s browser, the transmission of the IP address is essential. The providers therefore become aware of the IP address of the respective user.

The processing of personal data, such as the gender, name, address, email address, or telephone number of a data subject, takes place in accordance with the requirements of the EU General Data Protection Regulation (GDPR). With this privacy policy, secrypt GmbH aims to inform the public about the type, scope, and purpose of the personal data collected, used, and processed. Moreover, data subjects are informed of their rights under this privacy policy.

secrypt GmbH has implemented measures to ensure the most comprehensive protection of personal data processed via this website. However, we note that internet-based data transmission (e.g., communication by email) may have security gaps. Complete protection of data from third-party access is not possible. Therefore, each data subject is free to transmit personal data to us by alternative means, such as by telephone.

3. Use of Cookies

The websites of secrypt GmbH use cookies. Cookies are text files that are stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.

By using cookies, secrypt GmbH can provide more user-friendly services to users of this website that would not be possible without cookie setting.

Using a cookie, the information and offerings on our website can be optimized with the user in mind. Cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to utilize our website. For example, the user of a website that uses cookies does not have to re-enter their login information each time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting in the internet browser used, thus permanently objecting to the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, it is possible that not all functions of our website will be fully usable.

4. Collection of General Data and Information

The website of secrypt GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the server’s log files. Data that can be collected includes the browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our website, the sub-websites that are accessed via an accessing system on our website, the date and time of an access to the website, an internet protocol address (IP address), the internet service provider of the accessing system, and other similar data and information that serve the purpose of averting danger in the event of attacks on our IT systems.

When using these general data and information, secrypt GmbH does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, optimize the content of our website and the advertising for it, ensure the continued functionality of our IT systems and the technology of our website, and provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, secrypt GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Use of Google Services

Use of Google reCAPTCHA

To protect your inquiries via online form, secrypt GmbH uses the reCAPTCHA service of Google (Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA). The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes the transmission of the IP address and, if applicable, other data required by Google for the reCAPTCHA service. For this purpose, your input is transmitted to Google and used there.

For this, the data protection regulations of Google apply. More detailed information on data protection at Google can be found at https://policies.google.com/privacy. By using the website, you implicitly agree to these data protection provisions. If you do not agree with these provisions, please refrain from using the website.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google (Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA). Google Analytics uses “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Due to the activation of IP anonymization on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide further services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly. However, we point out that you may not be able to use all functions of this website to their full extent if you do so.

You can also prevent the collection of data generated by the cookie related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

Further information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html and at https://policies.google.com/. By using the website, you implicitly agree to these terms. If you do not agree with these terms, please refrain from using the website.

Use of Google Adwords

This website uses the online advertising program Google AdWords and, as part of it, conversion tracking. The operator of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. If you access our website via a Google ad, a cookie will be set by Google AdWords on your computer. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot be tracked across the websites of AdWords customers.

The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.

If you do not want to participate in the tracking, you can easily deactivate the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. Furthermore, it is possible to object to interest-based advertising by Google for the affected person. For this, the affected person must access the link https://www.google.de/settings/ads from each of the internet browsers they use and configure the desired settings there.

The data protection and terms of use of Google apply in this case. More information can be found at https://policies.google.com/. By using the website, you implicitly agree to these terms. If you do not agree, please do not use the website.

Use of Google Maps

This website uses Google Maps by Google Inc. to visually display geographic information. When using Google Maps, data about the use of the Google Maps functions by visitors to the website is collected, processed, and used by Google.

More information on the terms of use of Google Maps and data protection can be found at https://www.google.com/intl/de_de/help/terms_maps.html and https://policies.google.com/. By using the website, you implicitly agree to these terms. If you do not agree, please do not use the website.

6. Static Linking of Facebook, Google+, XING, Linkedin

Our website links to the websites set up by secrypt GmbH on Facebook, Google+, XING, and LinkedIn using static links (not “social plugins”). The terms of use and privacy policies can be viewed on the respective websites.

7. Processing of Data When Using Our Online Forms or Other Means of Contact

If you contact us via one of the online forms, by phone, email, or any other means, we will store the information you provide to respond to your inquiry and handle any follow-up questions.

8. Processing of Data When Subscribing to Our Newsletters

If you sign up for our newsletter, we use the data you provide solely for that purpose or to inform you of circumstances relevant to the service or registration. We do not pass this data on to third parties.

To receive the newsletter, a valid email address is required. Additionally, the IP address used to register for the newsletter and the date on which the newsletter was ordered are stored. These data serve as evidence in case of misuse, should a third-party email address be registered for the newsletter.

You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time. A contact possibility for this purpose is provided in every newsletter and on the website. You also have the option to inform us of your revocation request via the contact methods mentioned on this website.

9. Processing of Data When Using Our Software and Services

In providing our software and services, we act as a data processor for our clients. Depending on the specific product used, we process the following data of users:

  • User profile data (e.g., username and email address, sign-me username)
  • Contact information
  • Name of the user’s organization
  • Additional data related to affected individuals stores in the client’s respective IT system

This is done to provide our software and fulfill our contractual obligations for software provision to our clients as well as when users use the software.

10. Data Protection for Job Applications and the Job Application Process

secrypt GmbH collects and processes the personal data of job applicants for the purpose of handling the application process. Processing can also occur electronically, particularly if an applicant submits the relevant application documents electronically, such as by email. If secrypt GmbH enters into an employment contract with an applicant, the submitted data will be stored for the purpose of handling the employment relationship in compliance with legal requirements. If secrypt GmbH does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision is announced, provided that no other legitimate interests of the controller preclude deletion. A legitimate interest in this sense, for example, is an obligation to provide evidence in a procedure under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).

11. Deletion of Personal Data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the storage purpose or as provided by the legislator. If the storage purpose ceases to apply or if a legislator-prescribed storage period expires, personal data are routinely blocked or deleted in accordance with statutory regulations.

12. Rights of the Data Subject

Right to Obtain Confirmation

Every data subject has the right, granted by the legislator, to request confirmation from secrypt GmbH as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right, they may contact our responsible office at any time.

Right to be Informed

Each data subject affected by the processing of personal data has the right, granted by the legislator, to receive free information about the personal data stored about them and a copy of this information at any time. Furthermore, the data subject has the right to obtain the following information:

  • the processing purposes
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • where possible, the planned duration for which the personal data will be stored or, if not possible, the criteria for determining this duration
  • the existence of a right to rectify or erase the personal data concerning them, to restrict the processing by the controller, or to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject: all available information about the source of the data
  • the existence of automated decision-making, including profiling, as per Article 22 (1) and (4) of the GDPR and, at least in such cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject

Moreover, the data subject has a right to be informed whether personal data have been transferred to a third country or to an international organization.

If this is the case, the data subject has the right to be informed about the appropriate safeguards relating to the transfer. If a data subject wishes to exercise this right, they may contact our responsible office at any time.

Right to Rectification

Every data subject affected by the processing of personal data has the right, granted by the legislator, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing. If a data subject wishes to exercise this right, they may contact our responsible office at any time.

Right to Erasure / Right to Be Forgotten

Every data subject affected by the processing of personal data has the right, granted by the legislator, to demand from the controller the immediate erasure of personal data concerning them, provided that one of the following reasons applies and as long as the processing is not necessary:

  • The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject withdraws their consent on which the processing is based as per Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other lawful basis for the processing.
  • The data subject objects to the processing per Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing per Article 21(2) of the GDPR.
  • The personal data has been unlawfully processed.
  • The erasure of personal data is necessary to fulfill a legal obligation under EU or Member State law to which the controller is subject.
  • The personal data was collected in relation to the offer of information society services as per Article 8(1) of the GDPR.

If one of the aforementioned reasons applies and a data subject wishes to request the deletion of personal data stored by secrypt GmbH, they may contact our responsible office at any time, who will ensure that the deletion request is promptly complied with. If the personal data has been made public by secrypt GmbH and our company, as the controller, is obliged to delete the personal data in accordance with Article 17(1) of the GDPR, secrypt GmbH will, taking into account available technology and implementation costs, take reasonable measures, including technical measures, to inform other controllers processing the published personal data that the data subject has requested these controllers delete any links to, or copies or replications of, that personal data, as far as processing is not necessary.

Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right, granted by the legislator, to request the restriction of processing from the controller under one of the following conditions:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions applies and a data subject wishes to request the restriction of personal data stored by secrypt GmbH, they may contact our responsible office at any time.

Right to Data Portability

Every data subject affected by the processing of personal data has the right, granted by the legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrande from the controller to whom the personal data was provided, as long as the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject may contact our responsible office at any time.

Right to Object

Every data subject affected by the processing of personal data has the right, granted by the legislator, to object, at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions. secrypt GmbH will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.

If secrypt GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to secrypt GmbH processing for direct marketing purposes, secrypt GmbH will no longer process the personal data for these purposes.

Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. To exercise the right to object, the data subject may directly contact our responsible office. The data subject is also free to exercise their right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Automated Individual Decision-Making, Including Profiling

Every data subject affected by the processing of personal data has the right, granted by law, not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or is authorized by Union or Member State law to which the controller is subject and which also provides appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or is based on the explicit consent of the data subject. If the decision is necessary for the conclusion or performance of a contract between the data subject and the controller, or if it is made with the explicit consent of the data subject, secrypt GmbH shall take appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, which include at least the right to obtain human intervention from the controller, to express their point of view, and to contest the decision. If the data subject wishes to assert rights regarding automated decision-making, they may contact our responsible office at any time.

Right to Withdraw Data Protection Consent

Every data subject affected by the processing of personal data has the right, granted by the legislator, to withdraw their consent to the processing of personal data at any time. If the data subject wishes to exercise their right to withdraw consent, they may contact our responsible office at any time.

secrypt GmbH, October 2024