c67fb69af2
- move web sources to markdown - integrate privacy policy template - create and use chatmail.ini file to driving web-page generation Co-authored-by: missytake <missytake@systemli.org> --------- Co-authored-by: missytake <missytake@systemli.org>
10 KiB
Privacy Policy for {{ config.mail_domain }}
We want to show you in a fair and transparent way what personal data is processed by us. We follow a strict privacy-by-design approach and try to avoid processing your data in the first place, but as you may know, the internet, and in particular sending e-mail messages, does not work without data. Still, it's only fair that you know at all times what personal data is processed when you use our service.
If you have any remaining questions about data protection, please contact us.
1. Name and contact information
Responsible for the processing of your personal data is:
{{ config.privacy_postal }}
E-mail: {{ config.privacy_mail }}
We have appointed a data protection officer:
{{ config.privacy_pdo }}
2. Processing when using chat e-mail services
We provide e-mail services optimized for the use from Delta Chat apps and process only the data necessary for the setup and technical execution of the e-mail dispatch. The purpose of the processing is to read, write, manage, delete, send, and receive emails. For this purpose, we operate server-side software that enables us to send and receive e-mail messages. Allowing the use of the e-mail service, we process the following data and details:
-
Outgoing and incoming messages (SMTP) are stored for transit on behalf of their users until the message can be delivered.
-
E-Mail-Messages are stored for the recipient and made accessible via IMAP protocols, until explicitly deleted by the user or until a fixed time period is exceeded, (usually 4-8 weeks).
-
IMAP and SMTP protocols are password protected with unique credentials for each account.
-
Users can retrieve or delete all stored messages without intervention from the operators using standard IMAP client tools.
3.1 Account setup
Creating an account happens in one of two ways on our mail servers:
-
with a QR invitation token which is scanned using the DeltaChat app and then the account is created.
-
by letting Delta Chat otherwise create an account and register it with a {{ config.mail_domain }} mail server.
In either case, we process the newly created email address. No phone numbers, other email addresses, or other identifiable data is currently required. The legal basis for the processing is Art. 6 (1) lit. b GDPR, as you have a usage contract with us by using our services.
3.2 Processing of E-Mail-Messages
In addition, we will process data to keep the server infrastructure operational for purposes of e-mail dispatch and abuse prevention.
-
Therefore, it is necessary to process the content and/or metadata (e.g., headers of the email as well as smtp chatter) of E-Mail-Messages in transit.
-
We will keep logs of messages in transit for a limited time. These logs are used to debug delivery problems and software bugs.
In addition, we process data to protect the systems from excessive use. Therefore, limits are enforced:
-
rate limits
-
storage limits
-
message size limits
-
any other limit neccessary for the whole server to function in a healthy way and to prevent abuse.
The processing and use of the above permissions are performed to provide the service. The data processing is necessary for the use of our services, therefore the legal basis of the processing is Art. 6 (1) lit. b GDPR, as you have a usage contract with us by using our services. The legal basis for the data processing for the purposes of security and abuse prevention is Art. 6 (1) lit. f GDPR. Our legitimate interest results from the aforementioned purposes. We will not use the collected data for the purpose of drawing conclusions about your person.
3. Processing when using our Website
When you visit our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted (usually 7 days):
-
used type of browser,
-
used operating system,
-
access date and time as well as
-
country of origin and IP address,
-
the requested file name or HTTP resource,
-
the amount of data transferred,
-
the access status (file transferred, file not found, etc.) and
-
the page from which the file was requested.
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. Our hoster will process your data only to the extent necessary to fulfill its obligations to perform under our instructions. In order to ensure data protection-compliant processing, we have concluded a data processing agreement with our hoster.
The aforementioned data is processed by us for the following purposes:
-
Ensuring a reliable connection setup of the website,
-
ensuring a convenient use of our website,
-
checking and ensuring system security and stability, and
-
for other administrative purposes.
The legal basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest results from the aforementioned purposes of data collection. We will not use the collected data for the purpose of drawing conclusions about your person.
4. Transfer of Data
Your personal data will not be transferred to third parties for purposes other than those listed below:
a) you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
b) the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
c) in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
d) this is legally permissible and necessary in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you,
e) this is carried out by a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 (1) GDPR) and with whom we have concluded a corresponding contract on commissioned processing (Art. 28 (3) GDPR), which obliges our contractor, among other things, to implement appropriate security measures and grants us comprehensive control powers.
5. Rights of the data subject
The rights arise from Articles 12 to 23 GDPR. Since no personal data is stored on our servers, even in encrypted form, there is no need to provide information on these or possible objections. A deletion can be made directly in the Delta Chat email messenger.
a) request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
b) in accordance with Art. 16 of the GDPR, immediately request the correction of inaccurate or incomplete personal data stored by us;
c) pursuant to Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
d) pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
e) pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
f) in accordance with Art. 7 (3) of the GDPR, to revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
g) complain to a supervisory authority
in accordance with Article 77 of the GDPR.
As a rule,
you can contact the supervisory authority of your usual place of residence
or workplace
or our registered office for this purpose.
The supervisory authority responsible for our place of business
is the {{ config.privacy_supervisor }}.
If you have any questions or complaints, please feel free to contact us by email:
{{ config.privacy_mail }}
5.1 Right to object
If your personal data is processed on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for this based on your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of objection, simply send an e-mail to: {{ config.privacy_mail }}
5.2 Right to withdraw
If your personal data is processed on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR (e.g. via the mailing list), you can withdraw your consent at any time and without any disadvantages. As a result, we may no longer continue the data processing that was based on this consent for the future. However, the withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
If you wish to make use of your right of withdrawal, simply send an e-mail to: {{ config.privacy_mail }}
6. Validity of this privacy policy
This data protection declaration is valid as of December 2023. Due to the further development of our service and offers or due to changed legal or official requirements, it may become necessary to revise this data protection declaration from time to time.