Data Privacy Statement

Data Privacy Statement

Here at mailbox.org, data privacy is something we take very seriously. We have been specializing in secure data exchanging and privacy protection since 1992. To us, data privacy is not a necessary evil but a service we provide out of conviction; in fact, it’s our stated mission.

Still, even at mailbox.org, there is some customer data that we need to capture and store in order to guarantee seamless server operation, and with it, top security for your data. We also need to be able to show you that our systems are working as intended and that we are fulfilling our services to you as agreed.

Below, we describe in full exactly which data needs to be stored, where, for how long, and for what purpose it will be stored.

 

Account Data (‘User Data’)

You need to provide details such as your name, your address, and optionally your bank details for direct debits, when you open an e-mail account with us. We cannot verify whether this data is correct. We are required to store this user data for as long as your mailbox.org account is active. If, on registering, you additionally let us know your telephone password, an alternative external e-mail address, or a telephone number, we also store this data for the eventuality that we need to help you in an emergency or send you a link for a password reset.

All the e-mails that you send and receive while using our mail platform, as well as all contacts, addresses, and files managed by our groupware, are stored on our servers’ encrypted file systems.

Where possible, certain data such as passwords is hashed for extra protection (i.e., encrypted without a decryption option), which means that no one here at mailbox.org is able to view this data.

After you terminate your contract and after any related issues have been resolved, we irreversibly delete all of your data stored in our system.

Exception: Like any other business, we are obliged by the tax office to retain invoice data within our accounting system for ten years. This means we need to store information about when we billed what amount to whom. Within the German tax code, there is no exception to this. This data can be accessed by the following: our administrators and support team. Some of this data may also be accessed by our accountants.

 

Log Files and Connection Data

Some of our servers store log files, i.e., temporary data about who did what when, in order to monitor the operation of our servers for error tracing and for ensuring there is no unauthorized outside access to our systems.

Type: web server

  • Stored data: When did which IP address access our platform. The mailbox.org Office interface stores log-ins.
  • Purpose: Security reasons: Misuse and unauthorized access need to be eliminated wherever possible; this benefits our users.
  • Deletion: Deletion after four days.
  • Accessed by: System administrators, support team/help desk, programmers.

Type: mail server SMTP

  • Stored data: Sender, recipient, message ID, and size of every sent and received e-mail. Neither the e-mail’s contents nor its subject line are stored.
  • Purpose: Verifiability that the e-mails entrusted to us were correctly sent/received; this needs to be traced when users wish to investigate the loss of an e-mail.
  • Deletion: Deletion after seven days.
  • Accessed by: System administrators, support team/help desk.

Type: mail server POP3/IMAP

  • Stored data: Which account has logged in when from which IP address. When e-mails are deleted, the message ID and size of the deleted e-mails are stored. When an e-mail is moved to a different IMAP folder, the message ID and size are stored, as well as the source and destination locations. No e-mail contents are logged.
  • Purpose:  Verifiability of unauthorized access to a mailbox, i.e., how and why an e-mail was deleted in case users wish to investigate the loss of an e-mail.
  • Deletion: Deletion after four days.
  • Accessed by: System administrators, support team/help desk.

Type: Customer management

  • Stored data: First name/last name, as these are used to configure e-mail addresses with real names.
  • Optional data: If provided during registration, also street address; town/city and ZIP code; country; optional telephone number; alternative e-mail address. A cell phone number for receiving password resets is only stored as an undecipherable hash. If the user issues a direct debit authority, the user’s bank details are also stored.
  • Purpose: First name and last name are required for the e-mail address. The remaining data is required for billing and for user support.
  • When any of the data in the account settings is changed (address, direct debit authority, etc.), a log of which IP address the changes were made from is held for seven days.
  • Accessed by: System administrators, support team/help desk, programmers, accounting team/management assistants.

 

Website Analysis with Piwik

On our https://mailbox.org website, we use Piwik, an open-source solution for analyzing visitor statistics. The reason we are using Piwik is that we do not want to be connected to the standard solution for web traffic analysis, Google Analytics.

We use Piwik to analyze where our website visitors come from, which contents are most relevant to them, and where there might be issues with our website. We never observe any of our visitors as identifiable persons. All data, including IP addresses, is exclusively stored as anonymized data.

We do not use Piwik at all on the web pages of mailbox.org Office, i.e., the pages where our users log in and communicate.

Piwik uses cookies: These are small text files that are stored on your computer and that permit analysis of your website use. The information generated by the cookies is exclusively stored on our server in Germany.

You can configure your web browser to reject cookies, but we’d like to point out that this may prevent you from using all the features provided on our website.

Third-Party Services and Tracker

We have some links on our Website that point to our Doodle Videos, that are hosted by Vimeo. The Vimeo-Player causes an alarm with some Anti-Tracking-Systems, because the player transmits some statistical data about the videoquality to its manufacturer “Conviva”. (Dataprivacy Statement from Conviva). Currently, we dont know of any way to circumvent this. We are sure, that with Vimeo, we have found the more pleasant Video-Hoster, compared to other Videohosters, like Youtube.

Additionally, Comments from our Users under FAQ-Articles or Blogposts can lead to loading of Avatar-Images from the Provider “Gravatar” (Dataprivacy Statement from Gravatar)

We use the Google reCaptcha service in our registration form in order to prevent abuse of our systems. As part of the registration process, your IP address will be transmitted to the service for validation. The reCaptcha service is subject to Google’s data protection policy. For more information, check out our knowledge-base article on the topic: https://support-en.mailbox.org/knowledge-base/article/google-captcha-in-registration-form

 

Advertising, Market Research, and Data Sharing with Third Parties

Storing parts of your data exclusively serves the purpose of letting us operate your mailbox securely. This data will never be used, analyzed, or shared for any other purpose. We have no interest in using your data for any advertising or market research purposes. We will not share any of your data with any third parties.

 

Disclosing Data to Investigative Authorities

It is our aim to protect free communication through capturing as little customer data as possible, through technological measures such as consistent encryption to prevent surveillance, and through encouraging our customers to widely use the protective technologies available to them.

According to TKG Section 113 (German Telecommunications Law), the public prosecutor and the police can access the user data held by telecommunications providers such as ourselves relatively easily. A simple information request suffices; no court order is needed. According to TKG Section 113, a telecommunications provider has no legal recourse against such a request; it must comply. It should also be noted that according to TKG Section 113 (II), the provider is required to treat such a request confidentially, and that the affected customer must not be informed about the request.

Access to the log data of mail and web servers and to the e-mails contained in a mailbox, on the other hand, requires a search and seizure warrant signed by a judge, unless the investigative authorities can claim exigent circumstances. Telecommunications providers again have no legal recourse against search warrants; seizure of the log data cannot be denied.

In such a case, Heinlein Support, i.e., mailbox.org, has no choice but to hand over the data in question to the investigative authorities. If we failed to do so, we would face the seizure of entire servers when being searched, as well as our employees being arrested for contempt of court.

Conversely, we will never hand over any data unless the legal conditions for such a request or seizure are presented beyond doubt (so-called ‘anticipatory obedience’). We will unequivocally reject any police requests if they have insufficient legal backing, as it would be illegal for us to comply with such requests. All requests and pertaining issues are checked diligently and critically by us and our lawyers.

We have no way to determine whether the user details you have provided to us during registration are correct and relevant. If you encrypt your e-mail correspondence with GPG, we will furthermore be unable to make the contents of such e-mails readable.

 

Our Data Protection Officer

If you have any further questions or concerns, please contact our Data Privacy Officer Peer Hartleben at privacy@mailbox.org. We are additionally intending to employ a third-party data protection officer in the near future for added security.