For Utimaco, as a provider of IT security products and solutions, data protection is very important. As operators of these sites, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
1. General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. Anonymous data, in the opposite, is present when no connection to the user can be established that would make them identifiable.
Data controller and data protection officer
Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
www.utimaco.de
Data protection officer´s contact address
Your rights as a data subject
In accordance with applicable data protection law, you are entitled to the right at any time to receive information about whether and which personal data we process about you, including information about the origin and possible recipients of your data, as well as the purpose of the processing. You also have potential right, to request correction or deletion of this data and to request restriction of processing. You also have the right to data portability and to object to data processing.
If you would like to execute such rights or if you should have any questions about data protection at conpal, please contact us using the contact options listed at the beginning of this data protection declaration. This also applies if you have granted your consent to data processing and now want to revoke it. You also have the right to lodge a complaint with a data protection supervisory authority at your place of residence, our place of business or the location of the alleged violation.
Special information on your right to contradict against a data processing
Please note in connection with the right to object: If we process your personal data for the purpose of direct marketing, you are entitled to object to this data processing at any time without having to name any reasons. This also applies to profiling insofar as it is related to direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, if possible using our contact options mentioned at the beginning.
If we process your data to protect legitimate interests, you can object to this processing at any time for reasons relating to your particular situation; This also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
We may process your data to initiate business, to execute contractual and legal obligations, to implement contractual relationships, to offer products and services and to strengthen customer relationships (which may also include analyzes of marketing and direct mailings). We may also process your data on the basis of data protection consent if you should grant us such consent. Of course, we will inform you of your right of withdrawal before any consent you give us.
Transfer of data to third parties
We will only transfer your data to third parties if such is required by law or to execute contracts with you or if you have granted your respective consent. Legal obligations to disclose personal data may exist, for example, in relation to law enforcement authorities.
If service providers support us in executing our tasks and personal data is to be processed by such third parties, we will enter into a suitable data protection contract with the partner before data processing begins or will include another data protection-compliant instrument for data transfer with the process.
Transfer of personal data to third countries
Personal data will only be transferred to third countries, i.e. countries outside the EU or the European Economic Area, if this is required to fulfill our contractual or legal obligations or if you have granted your consent. By default, we currently do not transfer your data to affiliated companies or service providers in third countries.
An exception may be present if you use our services, which are offered using MS Azure cloud solutions. In this case, your data may be transferred to the USA if so required and in accordance with Microsoft's data protection and licensing regulations. With regard to the transfer of personal data to third countries, please also note our separate information on data protection for individual cookies that we may use.
Should we transfer your personal data outside the EU or EEA, we will ensure compliance with the required level of data protection. This is implemented, for example in the case of transmission to Microsoft, by having entered into appropriate data protection contracts and by having verified that the provider is certified under the Transatlantic Data Privacy Framework.
Data retention
We process your data for as long as this is required for the underlying processing purpose. In addition to purposes that may consist, for example, in fulfilling the contract, there may also be other requirements for processing your data. In particular, legal retention obligations should be mentioned here, which require data to be retained even if a contractual relationship may have already terminated. This applies in particular to commercial or tax law retention obligations (e.g. according to the Commercial Code or the Tax Code).
However, as soon as the last applicable retention obligation no longer applies and we are no longer entitled to store your data - for example because you have given us consent that is still valid or because we need the data as evidence in the context of legal disputes, we will delete your data. With regard to the applicable statutory limitation periods, we would like to point out that these can be up to thirty years. The standard limitation period is three years.
Secure transfer of data
This site uses encryption for security reasons and to protect your data while in transfer over the Internet, such as requests that you send to us. We offer HTTPS as the transfer protocol for our website and use the latest encryption protocols. You may identify an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browsers´ address-line. Regardless of this, absolutely confidential communication on the Internet cannot be completely guaranteed. If you would like to transfer very sensitive information, please consider alternative communication channels such as surface mail.
Obligation to provide personal data
Various personal data is required so that contracts and other obligations can be initiated, executed and terminated, to fulfill legal obligations or simply to answer questions you may address. The same applies to our website and the functions it offers. Please note that we may not be able to enter into or continue to execute a contract with you if you do not provide the mandatory data or do not provide them in full.
If an interaction with our website or functionalities offered there requires data to be provided, you may not be able to use these functions or not use them in full if you do not provide the required data or do not provide them in full. If we offer you the opportunity to provide additional data in addition to the data that we absolutely require from you in the respective context, it will have no legal impact if you only provide the mandatory information.
Categories, sources and origin of personal data
We generally collect personal data that we process about you directly from you. The respective context determines which data we process. In this regard, we may process different data if, for example, you contact us with a general question, register as a user or request support. Please note that we may provide additional or different information separately for certain processing operations.
Fully automated decision making
We do not use fully automated procedures to make decisions that have legal impact on you.
2. Processing of data of website visitors in general
When you are visiting our website, the following data may be processed:
Server-Log-files
When you access our website, your browser automatically sends information to us. This information is temporarily stored in a so-called server log file. The following information is processed without your intervention and stored until it is automatically deleted:
- IP-address of your device
- Date and time of access
- Name and URL of the page browsed
- Website of origin (Referrer-URL)
- Browser and operating system of your device, name of your access-provider
This data is processed for the following purposes:
- Safeguarding that a connection is properly established
- Safeguarding that our content can be used conveniently
- Evaluation of the system- stability and -security
The legal basis for data processing is our legitimate interest in technically secure and flawless website operation, Art. 6 I 1 f GDPR.
Registered users
On our website, you can register to use u.trust LAN Crypt Cloud. To do this, you must provide the following data:
- Name
- Surname
- e-mail-address
- password
- Company
- Company address
- Payment information
- A mobile number
In addition, you may provide a landline-connection for cases of request we may have.
We use the email address beyond the initialization of the contract with you or your company to communicate with you in the event of important changes, such as the scope of the offer or technically necessary changes.
The data entered during registration is processed on the basis of the contract for our product (Art. 6 I 1 b GDPR).
The data collected during registration will be processed for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.
Login as a registered user, interaction with our services
If you log in to our website as a registered user, you will be required to enter your email address and password. This is required so that we can identify you without any doubt. In addition, for reasons of data protection and information security, data relating to your use of our systems, such as times at which you made use of the authorizations granted to you (standard system logging), may be processed.
If you contact us to receive support for a solution you purchase from us, we may process any data you provide to us in this context. In addition, we can process all data that we already store about you from the underlying contractual relationship, provided this is necessary to process your support request.
If you download software clients from our website, your data will be processed for the purpose of handling the download request. This applies in particular to the following data:
- E-Mail-Adresse
- Firma
We process these data on the basis of the performance of a contract with you.
3. Cookies
On our website, cookies are used. Cookies are small text files your browser stores in the local storage on your device and that serve different purposes and can be placed by different providers. We have explained for you which cookies are used on our website in our cookie policy. You can find the cookie policy here.
4. Processing of data during APP-use
When using our APP we may process the following data:
- Name of the user
- E-mail-adress of the user
- Device-IDs
- Videos, Photos, Voice-recordings
For reasons of technical security (in particular, to prevent attempts to attack our web server), this data is stored in accordance with Article 6 I 1 f GDPR.
Access rights granted
To enable the app to work on your device, it is required that the app is granted certain rights to access certain functions of the device. For all devices, regardless of their operating system, it is necessary to grant the app certain permissions, which we call “basic permissions”. Depending on the operating system of the device you use, it may have additional functions that require you to grant additional permissions for the app to work. We list these after the “basic conditions” sorted by operating system (Android or iOS).
The basic permissions (Android and iOS) are:
- Retrieve WiFi connections: Required to ensure document download functionality related to WiFi connections.
- Retrieve network connections: Required to ensure document download functionality on non-WiFi network connections.
- Access to all networks: Access to all networks is required to download documents.
If you use the app on a device that runs the Android operating system, no additional operating system-related authorizations are required:
However, if you use the app on a device that works with the iOS (Apple) operating system, in addition to the basic authorizations, the following additional authorizations are required depending on the operating system:
- Mobile data/access to mobile data: If the user wants to download documents exclusively via WiFi, they can make a corresponding setting in the app menu and deactivate the use of mobile data. Access to mobile data is required in order to ensure the functionality of switching off document downloads via mobile data.
4. Version and changes to our privacy policy
This privacy policy is currently in force. Version: 14.12.2023.