(Last updated: December 2019)
1. Personal Data
‘Personal data’ means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Although you can basically use this website without disclosing your identity to us, during your visit to this website some personal data will be collected in order to provide you with certain features and functionalities of the website. The collected data is described in detail in the respective sections below.
The following processing activities can be found on our website:
On the occasion of your visit and use of this website and every time you request a file, our web server saves data about these accesses in a report file. The set of data contains the following information:
- domain name or IP-address of the remote host,
- result of the access (file transferred; file not found etc.)
- date and time of the access
- amount of transferred data
- browser type and version
- operating system
- used language and name of the internet service provider
- website from which the file was accessed
- saved cookies for the accessed domain
- device identifier
- IP address
We collect these logfiles solely to provide the service (website functionalities; e.g. retention of your session) and due to legitimate interests, such as system security, troubleshooting and to optimize our web presence (e.g. improvement of the user friendliness of our website). The legal basis this processing activity can be seen in Art. 6 par. 1 lit. f GDPR. Furthermore, we generally do not transfer any of the information mentioned above to third parties, unless we are required to do so by applicable law or have a valid legal basis for such transfer, such as your consent.
However, in certain cases we have to comply with inquiries made by third parties and transfer your information to them, e.g. transfer to the law enforcement authorities if a crime is suspected. For this purpose, Art. 6 par. 1 lit. c-e GDPR is the general legal basis since processing the data is either a legal obligation, mandatory to protect your vital interests (e.g. prevent data abuse) or the processing is carried out in the public interest or in the exercise of the public duties of an official authority.
Our website uses technically required cookies in order to make visiting our website attractive for you and to enable the use of certain functions. Cookies are small text files that are stored on your computer or device. Most of the cookies used by us will be deleted from your hard disk after the end of the browser session (so-called session cookies). When you first enter our website, you will see a pop-up cookies permission banner seeking your consent to use of non-technically required cookies as required by law (please see more details below No.1.3).
From this banner, you will also be able to access our cookies management tool where you can change your cookie settings for our website.
Following applicable law all data is saved exclusively in a pseudonymized form (at most) without any direct personal reference. This enables us to update our website to address your individual preferences.
You can also prevent the storage of cookies on your computer or device by making the appropriate changes to your browser settings so that cookies are not accepted or so that you are notified before accepting cookies. However, this can limit functionality of our website and our services.
There is always a link present with which you can object to cookies from other providers or third parties. If you declare your objection, the providers set an opt-out cookie that prevents any further data being recorded on your computer or device. If you would like to retain your right to objection, you should not delete the opt-out cookie. You will have to complete the opt-out process again if this cookie is deleted later, e.g. by deleting or clearing your browser settings. Furthermore, you can manage data collection and storage by many other services. More details are cited here: https://www.networkadvertising.org/choices/ or https://www.youronlinechoices.com/de/praferenzmanagement.
1.3 PIWIK PRO
You may preclude the usage of cookies by selecting the appropriate settings in your browser, in this case it may occur, however, that you may not be able to use all functions of this website.
If you have given your consent first but later wish to opt out for the future, you may do so by clicking on the link below at any time. In this case a so called opt-out-cookie will be placed within your browser so that Piwik Pro will not collect any session data.
Opt-out from PIWIK PRO analytics Please keep in mind that in the event that you delete your cookies, this opt-out-cookie will also be deleted, and you may have to reactivate it.
2. Rights to information, rectification, erasure and restriction of processing
Upon request, we will confirm what kind of personal data of yours, if any, is currently stored on our servers, the purpose of storing as well as the envisaged period for which the personal data will be stored and, if any, the recipients to whom the personal data have been or will be disclosed. You will find our contact details below.
If your personal data we have stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed.
If requested, we will promptly erase your personal data, unless prohibited by law, and then we will restrict the respective data. Besides we will delete your personal data if it is no longer necessary in relation to the purposes for which they were collected and stored, if you withdraw consent on which the processing is based or if the personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject to.
Furthermore, you have the right to request restriction of processing if the accuracy of personal data is contested for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, if we do not need the personal data anymore for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims or if you objected the processing as long as the verification if legitimate grounds of us override yours is pending.
3. Right to lodge a complaint with a supervisory authority
Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
4. Right to object
You have the right to object at any time to processing of personal data on grounds relating to your particular situation which is based on point (e) or (f) of Article 6(1) (task carried out in public interest or processing in purpose of legitimate public interest) or if the personal data is processed for direct marketing purposes. If you have objected we will no longer process the personal data unless on our side legitimate interest for the processing prevail your interests or for the purpose of establishment, exercise or defense of legal claims. If you have objected to the processing of personal data due to direct marketing purposes we will no longer process this personal data for those purposes. To declare your objection, you may submit a message to the addresses stated below under No.8.
5. Right to data portability
Upon request, we will provide you with the personal data you have provided to us in a structured commonly used and machine-readable format and ensure you will be able to transmit those data to another controller.
6. Links to other websites
7. Data security
We are always seeking to process your personal data by taking all technical and organisational possibilities in a way so that it is not accessible to third parties. If you contact us e.g. via e-mail, full data security cannot be guaranteed. We recommend sending confidential information by letter post only.
Please feel free to address data protection related questions or suggestions at any time. Please contact the address below via written letter. There you can confirm, which of your personal data is stored on our servers, receive further information and exercise your rights to revocation, deletion or rectification.
You may contact the data protection department under:
You can also contact our Data Protection Officer:
Mrs. Dr. Jana Jentzsch
Jentzsch-IT Rechtsanwaltsgesellschaft mbH
We are pleased that you have chosen to download and install our OX COI Messenger (hereinafter referred to as “App”). The protection of your personal data is an important topic for us and we will protect your privacy and treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and other applicable law.
Scope of the data collection and processing
As a rule, personal data is only processed for the purpose of providing the service of the App. This refers to data that is technically necessary for the operation of the service (e.g. user name or e-mail address).
In addition, your data will only be processed and used for other purposes if there is a legal legitimation or if you have consented to its use. Your data will not be processed if these conditions are not met.
Personal data are any information about personal or factual circumstances of an identified or identifiable natural person. Anonymized or statistical data which could not be related to you or could only be related to you with disproportionate effort are not personal data.
Collection and processing operations
In the following sections we will guide you through the individual processing procedures, explain the respective purpose and the corresponding legal basis.
To establish a connection, the App first asks for your Email address and your password.
The App will then attempt to connect to the specified server of your Service Provider. Please note that the connection is usually logged on the contacted server. Please contact the service provider to determine the scope of the personal data and their handling of the logged data.
If the connection is successful, the App takes over the previously collected e-mail address and asks for the corresponding password in order to transmit both information to the Service Provider and initiate a so-called session. This session serves to grant you access to your e-mail inbox. The service provider then sends an identifier to your device to identify several related requests on your part and associate them with your session. The transmission of the data is necessary for the provision of the core function of the App and is based on Art. 6 Para. 1 lit. b) GDPR.
Contact data from the address book
The App provides you with an option to import your contacts. For this the App requests access to the data that you have stored in your address book on the device. This enables you to use the e-mail addresses stored there within the App. You can either grant or deny access in a query of the operating system of your device. The access is not necessary for the App to work - you can also deactivate the access later in the settings of your operating system. If you grant access by making the appropriate selection in the query, you give us your consent to data processing within the meaning of Art. 6 Para. 1 lit. a) GDPR.
User generated data
The main feature of the App is the ability to access a compatible e-mail-box from your service provider and to chat in real-time. The e-mails and messages stored there typically contain personal data such as names, e-mail addresses, and sensitive, sometimes highly personal data about you or others. E-mail or message attachments, such as photos, videos, audio files and documents, can also contain sensitive and highly personal data. Please always keep in mind that you are solely responsible for which e-mails or messages you send and which e-mails or messages sent and received you permanently store in your e-mailbox at your Service Provider or in the inbox of the App.
This processing procedure serves to guarantee the functionality of the App in accordance with its intended use and is based on Art. 6 para. 1 lit. b) GDPR. The data will be deleted on your device if you uninstall the App. Usually you can also delete the data in the settings of the device. If required contact your Service Provider to find out how to delete mail data at your Service Provider.
Cookies and tracking
The App does not use any tracking mechanisms that record your user behavior and does not leave any cookies on your device.
You can enable push notifications to get notified about new features. When your Service Provider provides a COI compliant email service, such notifications are transmitted in an encrypted way from your Service Provider to the App. Communication data such as the sender, subject or text of a message is encrypted at your Service Provider, then transmitted in an encrypted form to the service operated by Open-Xchange and hosted on German servers (hereinafter “Push Service”). The Push Service forwards the encrypted data to Google Firebase Cloud Messaging Service and/or Apple Push Notification Service which in turn forward the data to the App. At the App the communication is decrypted and shown to you on your device screen without the need to open the App.
By activating the push functionality, you consent to your Service Provider transmitting this data to the service (Art. 6 para. 1 lit. a) GDPR). Please read the privacy statements of Google, Inc., Apple, Inc. and your Service Provider for more information.
When the push functionality is activated, a unique key is generated to uniquely identify your mobile device, which is then transferred to your Service Provider. This is the only way your Service Provider and the Firebase Cloud Messaging or Apple Push Notification Service can identify your device and deliver push notifications.
This processing operation is necessary to make the push function available and finds its legal basis in Art. 6 para. 1 lit. b) GDPR.
When your Service Provider does not provide a COI-compatible e-mail-service, then the app can only query data in regular intervals. If you enable this feature, you can still get informed about new incoming messages, but such notifications will not be shown as quickly.
You can disable notifications at any time in the App’s settings.
Rights of data subjects
Please note in the following that the data displayed in the App is not stored on our servers, but on the servers of your Service Provider. The data stored in the App or on your device is also outside our control. If you would like to assert your rights from the General Data Protection Regulation in connection with the use of the App, we will still be happy to support you. In the first step, we will check your request to see whether we are the responsible party for your request or whether you would have to address your request to your service provider. In the following we will inform you about your rights, which you can exercise by sending a message to the address given below at section 6.
Right of access by the data subject
Upon request, we will confirm whether we process data about you and, if necessary, provide information on which categories of data are processed for which purpose, how long storage is intended and to which recipients the data is or was transferred to for which purpose (Art. 15 GDPR).
Right to rectification
If, while using the app, you discover that your personal data is outdated or otherwise incorrect, please contact us. If we are responsible, we will correct the data immediately upon your request. We also complete incomplete data if this is necessary and reasonable taking into account the purposes of the data processing (Art. 16 GDPR).
Right to erasure („Right to be forgotten“)
Upon request, we will delete your data immediately within the scope of our responsibility, if we are not prevented from doing so by legal storage periods. In this case, we will restrict access to the data accordingly. We will also delete your data, if available, if the purpose of the processing no longer applies or you withdraw your consent on which the processing is based on. Please note that it is easier for you to delete the data within the App yourself by selecting the functions described above on your device.
Right to restriction of processing
If your data is incorrect or is being processed unlawfully, you also have the right to obtain the restriction of processing these data for a period enabling us or the responsible party to verify the accuracy of the data or lawfulness of the processing. (Art. 18 GDPR). We will then, within the scope of our responsibility, ensure that the data is blocked accordingly.
Right to lodge a complaint
Furthermore, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is contrary to the General Data Protection Regulation.
Right to data portability
You also have the right to obtain your personal data in a structured, common and machine-readable format in order to transfer them to another controller (Art. 20 GDPR).
Please feel free to address data protection related questions or suggestions at any time. Please find our contact details below. There you can confirm, which of your personal data is stored on our servers, receive further information and exercise your rights to access, rectification, erasure, restriction or data portability.
You may contact the data protection department under:
You can also contact our Data Protection Officer:
JENTZSCH IT Rechtsanwaltsgesellschaft mbH
Dr. Jana Jentzsch