VantageBox – Privacy Policy

With this Privacy Policy, we inform you about the types of your personal data we collect and the purposes it will be used for.

1. Controller

The responsible controller for data processing on this website is:

Open-Xchange AG

Hohenzollernring 72

50672 Cologne

Germany

Phone:+49 2761-75252-00
E-mail:gdpr@open-xchange.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

2. Scope of the Data Collection and Processing

The purpose of the App is to connect your contacts, appointments, emails, chat messages and calendar data. Therefore, it is necessary to process certain information within those sections. As a rule, we collect personal data within the use of the App only to the extent you have voluntarily provided us the information, e.g. your e-mail-address or other credentials. Although providing us with these data is voluntary, without these we partly cannot provide you the respective service. You will find specific details about mandatory personal data which is required to perform our services and non-mandatory personal data in the respective sections of this document below.

3. Personal Data

„Personal Data” is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Please find below a detailed description and the corresponding purpose of every single Personal Data collection and processing activity of the App itself.

3.1. Log-In Data

The App is accessible under the link - vantagebox.com which serves as a landing page and an entry point for the account creation and login procedure. During first visit of vantagebox.com the user needs to submit his/ her e-mail address for account creation. After that the App generates a token and creates a link for password-less login. The user then receives that link in his/her email inbox. Clicking on that link will start the login to the application with the before mentioned email. An account will be created automatically.

Log in flow chart

You can always delete the authentication token (log-in data) in the settings of your device’s operating system or the web browser. It is also deleted when the server rejects connection to the saved session using the saved token. The token is also invalid after a certain time out, when you manually log-out of the service or when your service provider resets your serverside sessions.

The storage and processing of this log-in data is required to enable the core functionality of the app by providing synchronization with the linked services (Art. 6 Par. 1 (b) GDPR) without having to provide the log-in data again each time you open the app. It therefore also follows a legitimate interest of us (Art. 6 Par. 1 (f) GDPR) to provide you with a pleasant and convenient user experience.

There is no automatic interaction with any provider data (i.e. Google etc). Technically, one can set up a VantageBox account (with the before mentioned log-in data for the App itself) and never follow through with connecting a provider. For connection of accounts the user will be asked for explicit permission in advance.

3.2. Sync Information, Contact Details and Usage Data

The purpose of the App is to connect your contacts, appointments, emails, and calendar data. Therefore, it is necessary to process certain information within those sections.

Contact Details and Contact Data

The App processes e-mail addresses, names, telephone and fax numbers, further contact data, birthdays, and physical addresses from and to the services you link to the App as well as other personal information you want to link to your contacts, or your contacts have shared with you. If the contacts contain pictures, those will be processed by the App as well in order to be able to display them with the specific contact information.

Since the App will connect calendar information and your emails, it may process sensitive personal information depending on how much information you or another originator share/s within the appointment descriptions. This may include and is not limited to names, addresses, telephone numbers, portions of personal conversations, medical appointments and so on. Please be aware that the level of sensitivity depends on the aforementioned input from you or the originator of the appointment.

Usage Data and Meta/Communication Data

IP-addresses, User ID and access times are being processed for error analysis and statistics (like runtime information) to ensure the proper functionality of the App and to access the linked services. The legal basis is Art. 6 Par. 1 (b) GDPR.

3.3. User Generated Content

As stated above, one of the features of the App is the capability to interact with different compatible calendar and contact services by voluntarily connecting stored information you or others have created, modified, or received to your mobile device or any other device with supported web-browser. This information may contain personal data of you or other persons, e.g. on photos, in text portions, birthday dates, locations, phone numbers and the like. The data will be stored in a cloud provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States, in encrypted form and in a data center located within the EU. Our supplier Tektit (see below) is the contractual partner of Amazon Web Services, Inc.

Furthermore, we use the supplier Tektit Consulting GmbH, Schönhauser Allee 45, 10435 Berlin, Germany to develop this App. The Tektit development team has restricted access to the development environment and therefore they have access to the information stored in the development environment of VantageBox database.

Since this a prototype of the App this information is required for troubleshooting and bug investigation. Tektit will not modify and change data. The legal basis for the collection of these files as your personal data is your consent by using the respective functions described above (Art. 6 Par. 1 (a) GDPR).

3.4. Enquiries by E-Mail, Telephone or Fax

If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact enquiries will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies.

3.5. Cookies

Our website uses so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from thirdparty companies within websites (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

In our App we may also use a session cookie in order to keep you logged in after closing the App. This cookie is a small text file that is stored in your device’s storage also containing the session token. It is deleted as soon as you manually log out or after a certain time out.

3.6. Server Log Files

The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server enquiry IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website - the server log files must be recorded for this purpose. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

3.7. Analytical Tools

PIWIK PRO

Our website uses the web analytics tool “Piwik Pro”. Piwik Pro uses cookies which are placed on the hard drive of your device. These enable us to analyze the visitor’s usage of our website. For this purpose, the generated information in the cookie (including the abbreviated anonymized IP-address) is transmitted to the PIWIK server and stored to enable us to optimize the usage of our website. In this process, your IP-address is being anonymized immediately, so that you remain fully anonymous to us. The information generated by the cookie about your use of this website will not be disclosed to third parties.

You may preclude the usage of cookies by selecting the appropriate settings in your browser, in this case it may occur, however, that you may not be able to use all functions of this website.

The legal basis of the processing is your consent according to Section 25 (1) TTDSG, Art. 6 par. 1 lit. a EU General Data Protection Regulation (GDPR), provided you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings via our banner.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service with Piwik Pro. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Opt-out from PIWIK PRO analytics

If you wish to opt out for the future, you may do so by clicking on the link below at any time. In this case a so called opt-out-cookie will be placed within your browser so that Piwik Pro will not collect any session data.

Please keep in mind that in the event that you delete your cookies, this opt-out-cookie will also be deleted, and you may have to reactivate it.

3.8. Google API Data

Where VantageBox receives information from the Google API, it uses and transfers such information to other apps (if applicable) solely in compliance with the Google API Services User Data Policy , including the Limited Use requirements.

4. Storage Period

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

5. SSL / TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6. Data Subject Rights

6.1. Rights to Information, Rectification, Erasure and Restriction of Processing

Upon request, we will confirm what kind of personal data of yours, if any, is currently stored on our servers, the purpose of storing as well as the envisaged period for which the personal data will be stored and, if any, the recipients to whom the personal data have been or will be disclosed. You will find our contact details below. If your personal data we have stored on our servers is out-of-date or inaccurate, we will correct it promptly upon your request. Additionally, you have the right to have incomplete data completed.

If requested, we will promptly erase your personal data, unless prohibited by law, and then we will restrict the respective data. Besides we will delete your personal data if it is no longer necessary in relation to the purposes for which they were collected and stored, if you withdraw consent on which the processing is based or if the personal data have to be deleted for compliance with a legal obligation in Union or Member State law to which we are subject to.

Furthermore, you have the right to request restriction of processing if the accuracy of personal data is contested for a period enabling us to verify the accuracy of the personal data, if the processing is unlawful, if we do not need the personal data anymore for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims or if you objected the processing as long as the verification if legitimate grounds of us override yours is pending.

6.2. Right to Lodge a Complaint with a Supervisory Authority

Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

6.3. Right to Object

You have the right to object at any time to processing of personal data on grounds relating to your particular situation which is based on point (e) or (f) of Article 6(1) of the GDPR (task carried out in public interest or processing in purpose of legitimate interest) or if the personal data is processed for direct marketing purposes. If you have objected, we will no longer process the personal data unless on our side legitimate interest for the processing prevail your interests or for the purpose of establishment, exercise, or defense of legal claims. If you have objected to the processing of personal data due to direct marketing purposes, we will no longer process this personal data for those purposes.

To declare your objection, you may submit a message to the addresses stated below under No. 4.

6.4. Right to Data Portability

Upon request, we will provide you with the personal data you have provided to us in a structured commonly used and machine-readable format and ensure you will be able to transmit those data to another controller.

6.5. Data Security

We are always seeking to process your personal data by taking all technical and organizational possibilities in a way so that it is not accessible to third parties. If you contact us e.g. via e-mail or our contact form, full data security cannot be guaranteed. We recommend sending confidential information by letter post only.

7. Contact

We are always seeking to process your personal data by taking all technical and organizational possibilities in a way so that it is not accessible to third parties. If you contact us e.g., via e-mail or our contact form, full data security cannot be guaranteed. We recommend sending confidential information by letter post only.

You may contact the Data Protection Officer under:

Open-Xchange AG

Datenschutz

Hohenzollernring 72

50672 Cologne

Germany

E-Mail:gdpr@open-xchange.com

Effective Date: 01.12.2023