Datenschutzbestimmungen für die SaaS-Lösung foxdox - FOXDOX

Privacy Policy for SaaS Solution foxdox

This privacy policy is intended to explain to you, as a customer ("you," "your," "customer") or user ("you," "your," "user") of our web-based system foxdox ("foxdox," "our service"), the personal data that we, d.velop business services GmbH, Schildarpstraße 6-8, 48712 Gescher, Germany ("d.velop," "we," "us" or "controller"), collect from you as a customer and process ("process") in our role as controller within the meaning of Art. 4 No. 7 of the EU General Data Protection Regulation ("GDPR"). Because protecting your personal data is our highest priority.

We have appointed an external data protection officer. His name is

Sascha Kremer

Certified external data protection officer (TÜV Rheinland, PersCert TÜV 1992690) LOGIN data protection consultant

Disch-Haus, Brückenstraße 21, 50667 Cologne, Germany (city center)

You can contact the data protection officer at

E-Mail: datenschutz@d-velop.de

1 Data processing by foxdox

According to Art. 4 No. 1 of the GDPR, personal data is information that allows the identity of a natural person to be established. This includes, but is not limited to, the name, date of birth, address, telephone number and e-mail address of a natural person. Personal data also includes master data, usage data and content-related data that is generated in connection with the use of foxdox.

As a user of our service, you should always note that links may take you to websites that are not operated by us, but rather by third parties. Such links are either clearly marked or can be identified by a change in the address line of your Internet browser. We are not responsible for compliance with data protection regulations or the safe handling of your personal data on these third-party websites.

This privacy policy exclusively covers the data protection relationship between d.velop, as the controller, and you, as the user (private or business) of foxdox, with regard to the processing of your personal data. If used correctly, the settings in foxdox also enable you, as a foxdox business user, to remain in compliance with the GDPR with respect to other users you have created ("data subjects"). However, we are not responsible for this legal relationship. We do, however, guarantee compliance with all data protection regulations that apply to us as a provider of a software service such as foxdox, in particular those that make prescriptions regarding the design of foxdox. The data protection relationship between you as controller (only applies to foxdox business users) and us as processor is fully governed by further provisions (in particular in the data processing agreement to be concluded between you and us, including annexes).

Our primary goal is to make document management as easy as possible for you. In your profile, you can specify exactly who can access the information you have stored in your foxdox account. All functions are set by default in such a way that nobody can view them ("data protection by default" according to Art. 25 Para. 2 of the GDPR). However, you have the option of giving your contacts access to the information stored in your foxdox account.

foxdox applications and services can be accessed through the d.velop website. You do not have to actively disclose any personal data to us to use this website. Nevertheless, we still process personal data when you simply visit our website. Our privacy policy for the use of the d.velop website can be found here.

1.1 What personal data do we process?

1.1.1 Data that you make available to us

To use foxdox, you must register as a customer. When you register, you must provide the personal information necessary to complete the registration process and to enter into the foxdox Applications and Services Agreement in accordance with the General Terms and Conditions of Use ("Terms and Conditions") https://mein.foxdox.de/legal/termsandconditions. This includes, for example, the contact details for a contact person or, if you are registering a foxdox business user, this person's name and address. Further information can be entered voluntarily and deleted at any time.

To use foxdox, foxdox business users can create individual users. These may be employees, suppliers or contractual partners as well as third parties approved by you. Certain personal data (e.g. user ID, name, e-mail address) must also be provided for these users so that they can use the foxdox applications and services. You, and not the user, decide on the data to be entered when registering a user. You must observe applicable data protection regulations, in particular when handling employee data. Further information can be entered voluntarily by any user at a later date and deleted at any time.

We will only process your data or the personal data of the user for the fulfilment of our contractual obligations. Accordingly, we may use your e-mail address to send you system messages, e.g. when passwords are changed, or to notify you of changes made by foxdox (e.g. about completed tasks, completed workflows or status messages about other users' activities). In the settings for your user ID, you can select which messages you want to receive by e-mail. Our right to process your data in this manner is defined in Art. 6 Para. 1 Lit. b) of the GDPR.

1.1.2 Data that we process automatically

When you use foxdox, we automatically process data such as functional data and usage data. Each time foxdox is called, certain usage data is stored in a log file on the server on which foxdox is running. This log file contains the IP address of the terminal device, the URL, the time stamp, the operating system version and possibly the referrer, i.e. the previously called content, for each call of content (e.g. website, graphic, document) in foxdox. The data in this log file is generally not personal data (with the exception of the IP address), and we do not combine it with other data. When you access our web application via a browser, we record the browser version you are using and the content that is opened on our website. Your IP address will be stored for up to 28 days. After this period, at the latest, the stored IP addresses will be completely deleted or made unrecognisable so that your geographical location cannot be determined.

If you use our mobile app, the data necessary for registration (user name and password) is automatically stored in the protected locations specified by the operating system in order to enable the user to log in as easily as possible. The operating system cleans up this data as soon as the user logs off from the mobile app. In addition, personal data such as the user's name can be stored in the mobile apps. This is so that the user can easily find out whether they are logged in to the correct account.

We carry out the aforementioned processing steps in order to constantly improve our services and make them easier for you to use. For example, this processing enables us to easily detect errors that can occur when using foxdox. Only by continuously improving our services can we ensure that they are always available and functioning properly. Therefore, the continuous improvement of our services is also in our legitimate interest. Our right to process your data in this manner therefore results from Art. 6 Para. 1 Lit. b) and f) of the GDPR.

All data relating to the use of foxdox will be processed and used by us for a maximum period of 30 days and exclusively for the purpose of detecting, limiting or eliminating malfunctions or errors in the IT systems in order to guarantee IT security. Afterward this usage data will be deleted completely and without your request, with exceptions made for usage needed to fulfill the contract (see above). It will not be consolidated with other data sources. Our right to process your data in this manner results from Art. 6 Para. 1 f) of the GDPR, as we have a justified interest in this.

We also use third-party providers such as Matomo and Crashlytics to process functional and usage data ("tracking"). You can turn off tracking in the settings.

We also use our solution in regulated industries such as the healthcare sector. No functional or usage data is processed by Crashlytics in this sector. In this case, you will not find an option in the settings to enable or disable tracking.

1.1.2.1 MATOMO

If you access foxdox via a browser or use foxdox via our mobile apps, a plugin called Matomo is loaded to statistically evaluate your use of foxdox. Matomo is a plugin that runs on our server. Matomo uses cookies that are stored on your terminal device (unless you have prohibited the use of cookies in your browser) and that allow us to analyze your use of the website.

The Matomo plugin is used to help us optimize our website from a business standpoint and refine its design to meet our customers' needs.

We anonymize your IP address immediately after it has been collected by replacing parts of the IP address with filler characters ("x") during storage (known as IP masking). After that it is no longer possible to match the IP address to you. Data is not transferred to third parties. You are not obliged to provide this personal data, and it is possible to use our website without providing it.

Matomo's privacy policy can be found at https://matomo.org/privacy-policy/. The Matomo plugin is used to help us optimize the foxdox services from a business standpoint and refine their design to meet our customers' needs. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 Lit. f) of the GDPR.

1.1.2.2 CRASHLYTICS

If you access foxdox via our mobile apps, a plugin called Crashlytics is loaded to statistically evaluate errors.

If the app crashes, Crashlytics automatically generates a bug report and sends it via a subcontractor (Google Inc.) to the app developer. Google Inc. is located at 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. The error report contains information on the device and its general parameters, such as manufacturer, device type and operating system version.

The use of such automatically generated bug reports is a standard method in app technology to provide ongoing maintenance and quality assurance for apps, as it is the only (systematic) way for developers to obtain technical information about bugs that occur during ongoing use of apps. All information collected is of a technical nature and is intended solely for use by developers for troubleshooting purposes.

The error report does not contain any data such as user name, scanned documents, phone numbers, names or addresses. It is not possible to deduce a specific user from the data transmitted.

As stated in the Crashlytics privacy policy, when the error report is transmitted to the Crashlytics server, additional information such as a device ID is also transmitted. However, Crashlytics' privacy policy ensures that no information is transmitted that personally identifies the user. The privacy policy can be viewed and downloaded at http://try.crashlytics.com/terms/privacy-policy.pdf.

The Crashlytics plugin is used to help us optimize the foxdox services from a technical standpoint. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 Lit. f) of the GDPR. The transfer of data to the USA is carried out in accordance with Commission Implementing Decision (EU) 2016/1250 (EU-US Privacy Shield).

We also use our solution in regulated industries such as the healthcare sector. No functional or usage data is processed by Crashlytics in this sector. In this case, you will not find an option in the settings to enable or disable tracking.

1.1.3 Content data

Content data is the content that you and your users post in foxdox. Only you and your users have access to content data, based on the permissions that you yourself configure. We can obtain knowledge of content data only when provision of the services as agreed in the foxdox usage agreement necessitates such access for technical reasons.

We process your content data in the following manner (not exhaustive).

Documents/files that you have uploaded to your foxdox account and that contain text or text passages (e.g. doc., ppt., xls., pdf., jpg. or png. files) are read using text recognition software so that you can find these documents in your foxdox account at any time using the search function.

This also allows us to create a preview of the files uploaded to your foxdox account so that they are easier for you to find in your foxdox app.

We will delete your content data completely and without request on the day after your foxdox contract is terminated.

In cases where we need to process your content data, we do so in order to provide you with all the services necessary for performance of your contract and to comply with legal obligations. Our right to process your data in this manner results from Art. 6 Para. 1 Lit. b) and c) of the GDPR.

1.2 Interactions between foxdox customers and foxdox

To make the information in this privacy declaration easy to understand, we have highlighted several situations in which foxdox may collect personal information from customers. Customer interactions with foxdox are divided into the following categories:

1.2.1 Purchase of foxdox products

If you have chosen to purchase a fee-based product from foxdox, during the purchase process you will be asked to provide us with information so that we can complete the purchase.

1.2.1.1 Data processed

In this case we process your name, your e-mail address, your delivery address, your sales tax identification number, your IP address and your payment information. If you select the SEPA Direct Debit payment method, we also save your IBAN and the country of your bank.

If you choose the credit card payment method, the credit card data is transmitted directly from your browser to our service provider Payone, and is processed and stored only there.

The time and a contract number are stored for each transaction.

1.2.1.2 Purpose & authorization of the processing

The above data is required to complete your purchase and to assist you in the event of delivery problems. Processing your personal data for this purpose is necessary to fulfil the contract we concluded with you. We collect your IP address in order to identify possible misuse. Our right to process your data in this manner is defined in Art. 6 Para. 1 Lit. b) of the GDPR.

Note: We do not store any of your credit card information. The payment information will only be used in connection with the purchase of foxdox products.

1.2.2 Registration with foxdox

You need an active foxfox account in order to use foxdox. To access the information stored in your foxdox account, you can download our app from the Google Play Store or the Apple App Store, among other methods. You have to set up an account in order to use the app.

When you register, we ask you to enter information such as your email address and name. This information is required for registration. A unique identification number is generated for each account, which is used to uniquely identify the account without having to refer directly to your personal information.

In addition to the language, you will be asked for the country from which you are registering.

We also collect a password for your foxdox account. This will only be used for authentication and access to your foxdox account.

1.2.2.1 Data processed

In this case we process your name, user name, e-mail address, password, language and country. Your password is saved using the hash function. This means that it cannot be restored and read by us.

1.2.2.2 Purpose & authorization of the processing

We process the above data in order to ensure that your foxdox applications and services are functioning properly. This processing is necessary to fulfill the contract we concluded with you. Ensuring that our services and applications function correctly at all times is in our legitimate interest. Our right to process your data in this manner results from Art. 6 Para. 1 Lit. b) and f) of the GDPR.

1.2.3 Use of foxdox products

1.2.3.1 Functional data

When you use foxdox services and applications, we process your information and personal data primarily for the following reasons:

So that you can access the documents you upload to foxdox and use the foxdox applications.

1.2.3.1.1 Data processed

Registration data. In this case we process your name, user name, email address, password, language, country and account login information (as described above).

System data. This data includes the client accessing the system and the operating system used. If documents are delivered, the delivery service you have subscribed to is stored in the system.

1.2.3.1.2 Purpose & authorization of the processing

We process this personal data in order to ensure the smooth functioning of foxdox, to provide you with support services and to store your documents. These processing measures are necessary to fulfill the contract we concluded with you. We also process this data to manage product improvements and make decisions regarding customer support, which is in our legitimate interest. Our right to process your data in this manner results from Art. 6 Para. 1 Lit. b) and f) of the GDPR.

1.2.3.2 Other usage data

In order to continuously improve our products, we collect the following usage data.

1.2.3.2.1 Data processed

Function and usage data. In this case, we process information about how often you use our foxdox products, how long you use the products, and what features are used within the foxdox apps. Functional and usage data are only collected ("tracking") if the option is enabled in your account settings.

Activity data. We also process information about the documents that are saved as favorites and about documents that have been delivered by providers.

1.2.3.2.2 Purpose and authorization of the processing

We process this data to continuously improve our foxdox products. This method of processing allows us to determine which features are used within the apps and to improve or remove those features. This also enables us to identify problems at an early stage. Processing of this data is in our legitimate interest to assist you with problems. You also have control over whether we process this information. Our right to process your data in this manner therefore results from Art. 6 Para. 1 Lit. f) of the GDPR.

1.2.4 Contact with foxdox support

In order for our support team to help you with problems relating to our products, we may collect information from you in order to provide you with the best possible service.

1.2.4.1 Data processed

Your e-mail address and name are required to contact support. In certain cases, it may be helpful for support to access certain data from your account. This includes data such as your last registration date, your e-mail address and any personal data that you have marked as public. In addition, a support employee can access your pricing data as well as saved transactions if you have booked a fee-based package. The processing of your data in the manner described above is necessary to provide the support service.

1.2.4.2 Purpose and authorization of the processing

This data is processed in order to offer the most efficient possible handling of support requests. Processing of this data is necessary to fulfil the contract we concluded with you. Our right to process your data in this manner therefore results from Art. 6 Para. 1 Lit. b) of the GDPR.

1.3 Interactions between foxdox customers

1.3.1 Networking with other users

The personal data stored in your profile can be used to contact other users or to work together on documents. In your profile, you can define publicity settings for your documents. After registration, your personal data will be visible only to you. You can add further contact details such as date of birth, address or phone number to help other contacts find you. This information is voluntary and you can adjust the visibility of your contact details.

Networking between contacts always takes place by invitation from another user. foxdox itself never performs any networking.

1.3.1.1 Data collected

Salutation, name, e-mail address, date of birth, organization, address, phone number, cellphone number and a custom text about you. All information is voluntary, except for the user name and e-mail address. These are mandatory. For all data, you can set who is allowed to see it. You can set the data to private (only visible to you), contacts (only visible to contacts) and public (visible to all users). The user name is always available for searches by other users.

1.3.1.2 Purpose of collection

Users can use the contact management function to search for other users with whom to network. Users can search the contacts. The search function only searches public contact details or contact details of other contacts that have been shared for search.

Users can also invite other people to foxdox. To do so, they must enter the e-mail address of the recipient. This e-mail address is not saved. An invitation e-mail will be sent to the e-mail address provided. The recipient can accept the invitation. The sender and recipient are then networked with each other.

1.3.2 Provision of documents by other foxdox customers

foxdox customers, whether private or business users, can exchange documents with other foxdox customers via "providers." This is similar to delivering documents by mail, but in purely digital form. A provider is a normal foxdox account, only with extended rights. A provider is able to send and receive documents to and from other foxdox customers. A provider can set up "services" for the delivery of documents. Other foxdox users can subscribe to these services. Documents can be delivered and received only if the user is subscribed to the provider's service.

In order to exchange documents with other foxdox customers, you must subscribe to them in advance. This can be done in two ways:

  1. Another foxdox customer provides you with login credentials for a foxdox account that has already been created and is connected to the foxdox customer's provider (one or more of the provider's services are automatically subscribed to).
  2. You receive a direct key with which you can subscribe to a provider's service.

In order for a foxdox customer to be able to exchange documents with you, it is usually necessary to have a unique feature that can be matched to you and that is located on the document. This feature is stored in your account so that our system can assign deliveries to your account.

A foxdox customer can send documents to your account. When the customer does this, they can see if their document was successfully delivered. As soon as the document has been delivered to you, the foxdox customer no longer has access to it. The customer can therefore never see into your foxdox account.

1.3.2.1 Data processed

To execute deliveries from other foxdox customers to your foxdox account via a provider, a unique delivery key (e.g. number and number sequence) is usually stored in your foxdox account. The provider requires this delivery key for the delivery of personal documents. Your identity as a natural person can only be determined through the combination of your delivery key and your foxdox account.

The also logs the time at which the delivery took place. The foxdox customer who delivered the document to you has access to this delivery log.

1.3.2.2 Purpose & authorization of the processing

The processing of your personal data in this manner is necessary for a foxdox customer to send documents to your foxdox account. The foxdox customer has access to the delivery log in order to verify that documents have actually been received by the recipient. Processing your personal data in this manner is necessary to fulfil the contract we concluded with you. Our right to process your data in this manner therefore results from Art. 6 Para. 1 Lit. b) of the GDPR.

1.4 How we share personal information

foxdox does not offer its customers' personal data for sale, either now or in the future. We will disclose your data only for the purposes described in this declaration. We may share the data with the third parties described by the following categories.

1.4.1 Integration of third-party providers

foxdox commissions third parties to provide services on its behalf. In addition to the Matomo and Crashlytics service providers listed above, these services include website administration and hosting services, online product purchases and deliveries, credit card processing and e-mail marketing.

We will only share your personal information with third parties or their agents to process transactions on our behalf or to provide products or services that you have requested or authorized for the purposes described in this declaration and in accordance with our privacy policy. In such cases, your personal information will be disclosed to the third party providers or agents for the purpose of providing services on our behalf and at our instruction. Our authorization for the above-mentioned processing steps is therefore defined in Art. 6 Para. 1 Lit. b) of the GDPR.

If we share your personal data with third parties for the purpose of initiating or maintaining marketing activities, we will process your personal data accordingly and then contact you in order to keep you informed about our services and applications that are relevant to you. It is in our legitimate interest to share your personal data with third parties for these purposes. Our right to process your data in this manner is therefore defined in Art. 6 Para. 1 Lit. f) of the GDPR.

Insofar as third-party providers act on our behalf as processors within the meaning of Art. 28 of the GDPR, we have concluded corresponding processing agreements with them in order to ensure that your personal data is processed securely at all times.

1.4.1.1 MAILJET

We have integrated Mailjet into our application to facilitate e-mail communication between you and foxdox. Mailjet is a service that delivers e-mails. We disclose your e-mail address to Mailjet to ensure that the service functions properly.

E-mails from foxdox to users are sent via Mailjet. The address of Mailjet is Mailjet GmbH, Rankestr. 21, 10789 Berlin, Germany. The e-mails that foxdox sends via Mailjet contain information on processed documents or details of incoming and outgoing contact requests. You can turn off e-mail delivery in your account settings Mailjet's privacy policy can be found at https://www.mailjet.de/privacy-policy/.

The integration of Mailjet into our services makes it easier for us to contact and remain in contact with users and is therefore in our legitimate interest. In addition, we process your personal data in this manner for the purpose of fulfilling our contract with you. Our right to process your data in this manner is therefore defined in Art. 6 Para. 1 Lit. b) and f) of the GDPR.

1.4.1.2 PAYONE

The integration of Mailjet into our services makes it easier for us to contact and remain in contact with users and is therefore in our legitimate interest. In addition, we process your personal data in this manner for the purpose of fulfilling our contract with you. Our right to process your data in this manner is therefore defined in Art. 6 Para. 1 Lit. b) and f) of the GDPR.

Payments are processed as described above in the chapter Purchase of foxdox products.

Payone's address is BS PAYONE GmbH, Lyoner Straße 9, D-60528 Frankfurt/Main, Germany. Payone's privacy policy can be found at https://www.payone.com/datenschutz/.

The integration of Payone into our services makes it easier for us to process payments from users and is therefore in our legitimate interest. In addition, we process your personal data in this manner for the purpose of fulfilling our contract with you. Our right to process your data in this manner is therefore defined in Art. 6 Para. 1 Lit. b) and f) of the GDPR.

1.4.2 Forced disclosure

We will disclose your personal information to law enforcement, investigative or judicial authorities if we are required to do so by law or applicable regulations, or if it is necessary to perform our services or to protect our rights or users.

1.5 Legal basis for the processing of personal data

The processing of your personal data is based on various legal principles. These were already mentioned in the explanations for each processing step above. In the following sections, we once again present the essential legal principles that authorize us to process your personal data.

1.5.1 Fulfillment of our contract (Art. 6 Para. 1 Lit. b) of the GDPR)

Should the processing of your personal data be necessary to fulfil the contract we have entered into with you – for example to conclude the purchase of a product, to register and administer your foxdox account, to help with delivery problems, to ensure that foxdox performs basic functions securely or to answer your questions – our authorization to process your personal data is based on Art. 6 Para. 1 Lit. b) of the GDPR.

1.5.2 Legitimate interests (Art. 6 Para. 1 Lit. f) of the GDPR)

We may process your personal data for our legitimate interests – for example, we may use our legitimate interest as the basis to analyze and improve our foxdox products and services and the content on our websites and apps, to send you notifications of software updates or your personal data for administrative or legal purposes, or to investigate fraud. Authorization to process your personal data in the aforementioned cases results from Art. 6 Para. 1 Lit. f) of the GDPR.

1.6 Security, storage and safekeeping of the personal data we collect

1.6.1 Security

foxdox is committed to protecting your personal data. Although we take reasonable precautions to protect the personal information we collect about you, we point out that no security system is infallible.

We employ reasonable technical and organizational measures and industry standards to protect your personal information and to prevent loss, theft, misuse, unauthorized access and disclosure, alteration and destruction. For example, we store the personal information you provide on computer systems that are located in controlled areas and to which access is limited. We also ensure that third-party providers commissioned by us implement appropriate security measures in their data centers. In addition, your data is protected by encryption technologies during transmission over the Internet. Furthermore, your password is stored using a one-way hash function, which means that it cannot be recovered (or revealed) by anyone, including foxdox (it can only be reset).

You can only access your foxdox account information and our services using your user name and password. In order to maintain the confidentiality of your personal data, you are obliged to keep your password secret and not to pass it on to third parties. Please inform us immediately if you have reason to believe that your password has been misused. Also make sure you always log out and close your browser when your session is finished. Please note that we will never ask you for your password.

If you have any questions about the security of your personal data, please send an e-mail to datenschutz@foxdox.de.

The following table lists the basic security measures – in particular technical devices – that we have implemented to protect your personal data when you use foxdox:

  • Certified location in Germany: foxdox is operated by us in Hamburg, Germany. Our partner's data centers are certified according to the following guidelines, among others:
    • ISO 9001
    • ISO 27001
    • ISO 27017
    • ISO 27018
    • C5
    • And many others
    Your data and documents will be stored in Germany.
  • Encryption: Data transfer between customers and foxdox is secured with HTTPS transfer encryption. Persistent data is stored exclusively on encrypted storage media in the data center. The data may be temporarily decrypted and, if necessary, displayed for the purpose of processing and handling. HTTPS is also used to display the data.
  • Data security: All data storage in foxdox is redundant, i.e. on several data carriers in parallel. foxdox uses reliable storage media, which are designed for an availability of 99.99 percent. In addition, all persistent data is backed up regularly. These backups are kept for 30 days to protect against unfortunate circumstances.
  • Technical and organizational measures (TOM): foxdox has taken the technical and organizational measures (TOM) required by Art. 32 of the GDPR for the data security of foxdox and documented them for the customer.
  • PS880: foxdox has been certified by KPMG according to IDW PS 880. This certification makes it easier to have your entire process certified. If you need support, please contact the foxdox team.

1.6.2 Storage

Personal data collected by foxdox will be stored and processed exclusively in Germany unless otherwise specified in this privacy policy (see in particular Crashlytics and Matomo). The servers on which the foxdox services are run are operated by CANCOM Pironet AG & Co KG, Von-der-Wettern-Straße 27, 51149 Cologne, Germany ("CANCOM"). CANCOM is also the hosting service provider for foxdox services. CANCOM's servers are located exclusively in Germany. We have concluded a data processing contract with CANCOM to ensure the constant security of your personal data.

1.6.3 Safekeeping

foxdox will retain your personal information for as long as we deem necessary to enable you to use the website and your foxdox products, to provide services to you, to comply with applicable laws (including laws relating to the retention of documents), to resolve disputes with other parties and for other necessary purposes that allow us to conduct our business. All personal information that we possess is subject to our privacy policy and our internal retention policies. If you would like to know precisely how long we keep specific personal data, please send us an e-mail at datenschutz@foxdox.de.

1.7 Our use of cookies

We store a cookie on your hard disk or on your mobile end device's storage medium. The cookie is only set after successful registration with foxdox and contains a unique ID that has no meaning outside of foxdox. The cookie is valid until you log out of foxdox. If you do not log out, our cookie remains valid for 24 hours. You have the right and the ability to configure your browser to reject our cookies. If you do so, however, the functionality of foxdox may be limited. The processing of the unique ID stored with the cookie is justified pursuant to Art. 6 Para. 1 Lit. b) of the GDPR. This processing is necessary for the fulfilment of the contract.

1.8 How to contact us

If you need to reach us, please contact us at:

d.velop business services GmbH

Data protection

Schildarpstraße 6-8

48712 Gescher

Germany

We are also happy to answer your questions about data protection by e-mail. Please contact us by e-mail at datenschutz@foxdox.de.

2 Rights of data subjects

The GDPR partially restructures the rights of data subjects, i.e. the rights of those persons whose personal data is processed by us, relative to the provisions applicable under the old Federal Data Protection Act (BDSG). This section explains how the restructuring of the data subject rights as well as your rights as data subject overall affect your foxdox services and applications.

Data subject rights, or "rights of the data subject" in the terminology of the GDPR, is understood by data protection law as the rights of each individual vis-à-vis the controller. The data subject rights are derived explicitly from Art. 12 et seq. of the GDPR.

Your data subject rights are described in detail below.

2.1 Access

2.1.1 General right of access (Art. 15 of the GDPR)

You have the right to ask us (the controller) to confirm whether we are processing personal data about you. If this is the case, you have a right to be informed about this personal data. The scope of your right of access is determined by Art. 15 Para. 1 of the GDPR.

In formal terms, Art. 12 Para. 5 of the GDPR stipulates that, in principle, this information must be provided free of charge. We must reply without undue delay, but within one month at the latest. If the request for information is received in electronic form, the reply will also be in electronic form.

2.1.2 Information about your personal data

If you wish to receive information about your personal data, you can view it directly in your account settings.

2.1.3 Contacting d.velop directly

If you would like to know what other personal data we process, please send us an e-mail at datenschutz@foxdox.de.

2.2 Rectification

2.2.1 General right to rectification (Art. 16 of the GDPR)

You have the right to ask us to correct any incorrect personal information about you. In formal terms, Art. 12 Para. 5 of the GDPR stipulates that, in principle, this correction must be made free of charge. We are also required to make the correction without undue delay, but at the latest within one month.

2.2.2 Rectification of your personal data

You can correct your data yourself by searching for it in foxdox, e.g. in your account settings.

2.2.3 Contacting d.velop directly

If you would like us to correct any personal information about you, please e-mail us atdatenschutz@foxdox.de. We will normally comply with the correction request within one month.

2.3 Right to erasure

2.3.1 General right to erasure (Art. 17 of the GDPR)

You have the right to request that we delete any personal information about you immediately if any of the following scenarios apply:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based pursuant to Article 6 Para. 1 Letter a) or Article 9 Para. 2 Letter a) of the GDPR and there is no other legal basis for the processing.
  • You object to the processing under Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing under Article 21 Para. 2.
  • The personal data was processed unlawfully.
  • Deletion of the personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the data controller is subject.
  • The personal data was collected in relation to information society services pursuant to Article 8 Para. 1 of the GDPR.

If we have ever made your personal data public and are obliged to delete it in accordance with the above points, we will take appropriate measures, including technical measures, and taking into account the available technology and the costs of implementation, to inform the third parties responsible for processing the personal data that you have requested us to delete all links to this personal data or copies or replications of this personal data.

We are not obliged to delete the data or inform third parties of your request for deletion if further processing of your personal data is necessary for the following purposes:

  • To exercise the right to freedom of expression and information
  • To fulfil a legal obligation required by the law of the European Union or of the Member States to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us
  • For reasons of public interest in the field of public health pursuant to Article 9 Para. 2 Letter h) and i) and Article 9 Para. 3 of the GDPR
  • For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Article 89 Para. 1 of the GDPR, insofar as the regulation referred to in Para. 1 presumably makes impossible or seriously impairs the attainment of the objectives of such processing
  • To assert, exercise or defend against legal claims

You can delete the data contained in your foxdox account at any time by accessing your foxdox account.

You have the following options for deleting your data:

In formal terms, Art. 12 Para. 5 of the GDPR stipulates that, in principle, deletion must occur free of charge. We must also examine your request for deletion without undue delay, but within one month at the latest, and comply with it under the aforementioned conditions.

2.3.2 Contacting d.velop directly

If you have any additional questions or instructions about your right to erasure, please e-mail us at datenschutz@foxdox.de.

2.4 Right to restriction of processing

2.4.1 General right to restriction of processing (Art. 18 of the GDPR)

You have the right to demand that we restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data
  • The processing is unlawful and you refuse to delete the personal data and instead request that use of the personal data be restricted
  • We no longer need the personal data for the purposes of the processing, but you need it to assert, exercise or defend against legal claims
  • You have lodged an objection against the processing pursuant to Article 21 Para. 1 of the GDPR, as long as it has not yet been established that our legitimate reasons outweigh yours

In formal terms, Art. 12 Para. 5 of the GDPR stipulates that, in principle, this restriction must occur free of charge. We must also examine your request without undue delay, but within one month at the latest, and comply with it under the aforementioned conditions.

2.4.2 Contacting d.velop directly

If you have further questions or instructions about your right to restrict processing, please e-mail us at datenschutz@foxdox.de.

2.5 Data portability

2.5.1 General right to data portability (Art. 20 of the GDPR)

You have the right to receive personal information about you in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without obstruction by us, provided that the following conditions are met:

  • The processing is based on consent pursuant to Article 6 Para. 1 Letter a) or Article 9 Para. 2 Letter a) or based on a contract pursuant to Article 6 Para. 1 Letter b) of the GDPR
  • The data is processed using automated procedures

You have the right to request that the personal data be transmitted directly from us to another controller, as far as this is technically feasible.

To save your uploaded documents, you can simply download them via our web application.

foxdox sync allows you to download all documents at once to your local hard disk. See below for further information about foxdox sync (4.1 foxdox sync).

In formal terms, Art. 12 Para. 5 of the GDPR stipulates that, in principle, this portability must be offered free of charge. We must also examine your request without undue delay, but within one month at the latest, and comply with it under the aforementioned conditions.

2.5.2 Contacting d.velop directly

If you have further questions or instructions about your right to data portability, please e-mail us at datenschutz@foxdox.de.

2.6 Right to object (Art. 21 of the GDPR)

2.6.1 General right to object (Art. 21 of the GDPR)

You have the right to object at any time to the processing of personal information about you on the basis of Article 6 Para. 1 Letter e) or f) of the GDPR for reasons arising from your particular situation.

Upon request, we will no longer process your personal data unless we can prove compelling reasons for processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend against legal claims.

2.6.2 Unmittelbarer Kontakt zur 2.6.2 Contacting d.velop directly

If you have further questions or instructions about your right to object, please e-mail us at datenschutz@foxdox.de.

2.7 Obligations of the controller to cooperate

We will notify all recipients to whom your personal data has been disclosed of any rectification or deletion of your personal data or any restriction of processing pursuant to Art. 16, Art. 17 Para. 1 and Art. 18 of the GDPR, unless such notification is impossible or involves disproportionate effort. Upon your request, we will inform you of who received this notification.


foxdox privacy policy
version 1.5.0
Issue date: 15.01.2019
© d.velop business services GmbH