81669 Munich – Germany
Dr. Dieter Steiner, Sebastian Schreiner
Phone / Fax
+49 (89) 99 82 970 – 0 / +49 (89) 99 82 970 – 99
Amtsgericht München HRB 277900
VAT / Sales tax identification number according to § 27, paragraph a, German tax law:
Protection and security of personal data are the highest value in the digital world, which is why FilesApp was developed in such a way that FilesApp GmbH only collects and uses personal data that complies with the legal provisions such as in particular the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”).
In general, it is not necessary to enter personal data in order to use the FilesApp website. Personal data may be processed for the use of the FilesApp services.
2 Controller/Contact/Data Protection Officer
The person responsible for data processing within the meaning of GDPR, BDSG, other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Data Privacy Officer
Name: Andreas H. Schmidt
E-Mail Address: email@example.com
Fone: +49 151 10 31 05 64
External Appointment: Yes
External Company: Collegium Auditores GmbH
53721 Siegburg – Germany
3 Personal data
The concept of personal data is defined in Art. 4 No. 1 GDPR. Personal data is any information that relates to an identified or identifiable natural person or allows conclusions to be drawn about such a person – for example, name, address, telephone number or date of birth, but also online identifiers such as IP addresses.
4 Categories of personal data
The categories of personal data may include:
• Inventory data (e.g. names, addresses)
• Contact details (e.g. e-mail, telephone/fax numbers)
• Content data (e.g. tag entries)
• Usage data (e.g. access data, usage behavior)
• Meta/communication data (e.g. IP addresses, access data)
• Other data for applications (e.g. information on marital status, certificate of enrolment).
5 Legal basis for the processing of personal data
Insofar as FilesApp GmbH obtain the consent of the data subject for the processing of personal data, the legal basis is Art. 6 para. 1 lit. a GDPR.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which FilesApp GmbH is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the FilesApp or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
6 Data processing when visiting our website
6.1 Accessing the FilesApp website
Each time you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called “server log files”). The following data, which is technically necessary for us, is collected:
• visited website and subpages
• Date and time at the time of access
• Amount of data sent in bytes
• Source/link from which the page came to
• Operating system used
• Browser used
• IP address used (if applicable: in anonymised form)
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR due to the legitimate interest in improving the stability and maintaining the functionality of the FilesApp website. The data will not be passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
FilesApp reserves the right to check the server log files retrospectively if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 90 days at the latest.
It is possible that the data will be stored for a longer period of time. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
You can prevent the transmission of Flash cookies by changing the settings of the Flash Player.
You can find help with the settings in the respective help menu of your browser under the following links: Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
6.3 Borlab Cookies
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.
Borlabs Cookie does not process any personal data.
The borlabs-cookie cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.
6.4 YouTube Videos
7 E-mail automation
Data processing of personal data when contacting us or newsletters.
7.1 When contacting us
If you contact us via the contact form, the data entered in the input mask will be transmitted to us and stored. When you contact us by e-mail, the e-mail address and the data you provide there will be transmitted to us.
The data will be used exclusively for the processing of the conversation and your request. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided that there are no legal obligations to retain them. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended.
The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
7.2 Subscription to the newsletter
If you are interested, you have the opportunity to subscribe to our newsletter on our website free of charge and without obligation. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your e-mail address. If you make further voluntary entries, they will only be used for personal contact.
The legal basis for the processing of your data after registration for the newsletter is Art. 6 para. 1 lit. a GDPR. We obtain this by sending you a confirmation email after registering for the newsletter, in which there is a confirmation link. If you select this link, you also give your consent to receive the newsletter.
When you send the registration for the newsletter, we store your IP address as well as the date and time of registration. This storage serves to be able to trace any possible misuse of your e-mail address. We use the data collected by us when registering for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. For this purpose, there is a corresponding link in each newsletter. This also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.
7.3 Newsletter and e-mail automation for existing users
If you place an order on our website or download the FilesApp, the contact information may be used to send a newsletter or communication for e-mail automation. To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after you have provided your e-mail address, we will send you a confirmation e-mail to the e-mail address provided, in which we ask you to confirm that you actually wish to receive the newsletter or e-mail automation. If you do not do so within 24 hours, your registration will be automatically deleted. If you confirm your subscription to our newsletter, we will store your e-mail address until you unsubscribe from the newsletter or e-mail automation. The sole purpose of storing this data is to provide you with the newsletter or e-mail automation services. Furthermore, we store the time and your respective IP address during registration and confirmation in order to prevent misuse of your personal data and to document your consent.
The legal basis for sending the newsletter or e-mail automation as a result of the sale of goods or services is § 7 para. 3 UWG and Art. 6 para. 1 lit. f GDPR. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising.
If you have already objected to the use of your email address for the purpose of direct advertising, you will not receive this newsletter. However, you also have the option of objecting to the use of your e-mail address for the purpose mentioned here at any time with effect for the future by sending a message to the person mentioned at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will then be discontinued immediately.
7.4 Service providers of newsletters and e-mail automation
We use the service provider Sendinblue GmbH (Köpenicker Str. 126, 10179 Berlin) to send the newsletter and e-mail automation.
Sendinblue GmbH processes your data on our behalf on the basis of an agreement pursuant to Art. 28 GDPR.
The e-mail addresses of the recipients of our messages as well as other data communicated to us by the recipient are located on the servers of Sendinblue GmbH in data centers in Germany and are subject to the data protection laws applicable there.
Sendinblue GmbH uses this information to send and evaluate the messages on our behalf. In addition, Sendinblue GmbH may use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of targeted messages.
However, Sendinblue GmbH does not use the data of the recipients of our messages to write to them itself or to pass them on to third parties.
8 Data processing for the use of the FilesApp or for the initiation of a contract
8.1 Orders in general
When you place an order for the FilesApp services, we process your personal data for the processing or processing of the order, if necessary. for the corresponding invoicing (Art. 6 para. 1 p. 1 lit. b DSGVO). Insofar as data is marked as mandatory, it is required for the processing or execution of the corresponding contract or for invoicing.
For the processing of payments, we pass on your data to the commissioned credit institution within the scope of the necessity.
In order to make payment processing easier for you, we offer processing via the payment service provider PayPal. If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, payment will be processed by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
8.1.1 We pass on your personal data in accordance with Art. 6 para. 1 lit. b GDPR to PayPal within the scope of necessity. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal.
8.1.2 For this purpose, your payment data may be processed in accordance with Art. 6 para. 1 lit. f GDPR due to PayPal’s legitimate interest in determining your solvency to credit agencies. The result of the credit check with regard to the statistical probability of non-payment PayPal used for the purpose of deciding on the provision of the respective payment method.
8.1.3 The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
8.1.5 You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
We store personal orders and the associated documents (e.g. invoices) in accordance with the statutory provisions.
8.2 Ordering via the FilesApp website
8.2.1 To order the FilesApp services, business users can contact our partners or purchase a software license on a subscription basis directly via the FilesApp website. For orders placed through our partners, the partners are solely responsible for data processing.
8.2.2 For ordering via our website, we use the shop system WooCommerce and WooCommerce Germanized. This is a local plugin to ensure that the sale of products is technically smooth. No personal data is transferred to WooCommerce. The WooCommerce plugin complements our content management system with the functionality of an online shop. WooCommerce Germanized extends WooCommerce and ensures the technical adaptation to the specific German legal conditions. In this way, we ensure compliance with data protection regulations when using WooCommerce. The following data is collected for the ordering process and registration of a customer account:
• E-mail address
• Surname and first name
• If applicable, company (for business licenses)
8.3 Downloading the FilesApp application
We offer the FilesApp for iOS as well as for Android. When you download the free version of the FilesApp, your device automatically transmits certain data for technical reasons. The following data is stored separately from all other data that you can transmit to us:
• Date and time of access
• Version of the app
• Operating system
• abbreviated/anonymized IP
• full IP address (for a maximum period of 90 days)
• Diagnostic information in case of faults
This data is stored for purely technical reasons and is not associated with a specific person. The data about the accesses are used for error analysis and to ensure the security of the systems. The full IP address is stored for a maximum period of 90 days for legitimate interest in achieving the listed purposes.
8.4 Use of the FilesApp application
8.4.1 In order to use the FilesApp application, it is technically necessary to create a customer account for which we process your data in accordance with Art. 6 para. 1 p. 1 lit. a, b DSGVO.
8.4.2 The following registration data is required for this:
• E-mail address
• Surname and first name
We store your details in the customer account until you delete your account with us or data stored there yourself or have your account deleted by informing us accordingly, unless the deletion is contrary to statutory retention periods.
For the integration of file storage systems (so-called “connections”), a registered customer account with the respective provider is required. The FilesApp only stores the data that the user stores in the input masks for document management (so-called “tags”). The data stored by the user will not be passed on to third parties by the FilesApp. Further data is neither read out nor otherwise processed by the FilesApp. In particular, the FilesApp does not store any access data to the respective file storage systems.
9 Use of API connections
9.1 API usage when connecting to storage systems
The storage systems available in the FilesApp for connection are automatically exchanged data between the API of the FilesApp and the providers of the storage systems in order to ensure functionality.
9.1.1 The information received from Google APIs that is used by the FilesApp and transferred to other apps adheres to the user data policy of the Google API services, including the requirements for limited use:
9.1.2 The information received from Microsoft APIs that is used by the FilesApp and transmitted to other apps adheres to the user data policy of the Microsoft API services, including the requirements for limited use.
9.1.3 The information received from iCloud APIs, which is used by the FilesApp and transmitted to other apps, adheres to the user data policy of the Apple API services, including the requirements for restricted use.
9.2 API usage for connections to software applications
9.2.1 If the user or a company connects other software applications via the FilesApp API, it is at his/her discretion which data is transferred between the applications to create the functionalities.
9.2.2 If applications and/or systems from other third-party providers are used, the user/company is responsible for complying with the data protection guidelines of these providers. If necessary, FilesApp GmbH must be involved.
10 Applicable law
10.1 The law of the Federal Republic of Germany shall apply to the exclusion of the laws on the international sale of movable goods.
The statutory provisions restricting the choice of law and the applicability of mandatory provisions, in particular of the state in which the customer has his habitual residence as a consumer, remain unaffected.
10.2 This choice of law made here does not apply with regard to the statutory right of withdrawal for consumers if they do not belong to a member state of the European Union at the time of conclusion of the contract and whose sole place of residence and delivery address are outside the European Union at the time of conclusion of the contract.
11 Rights of data subjects
11.1 We will be happy to provide you with information as to whether and which of your personal data is processed by us and for what purposes (Art. 15 GDPR).
11.2 In addition, if the respective legal requirements are met, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR).
11.3 If the legal requirements are met, you also have the right to object to the processing (Art. 21 GDPR).
11.4 To exercise your above rights, please contact us by e-mail at firstname.lastname@example.org or by post at FilesApp GmbH, Zeppelinstr. 73, 81669 Munich, Germany. The exercise of your above rights is free of charge for you.
11.5 Without prejudice to these rights and the possibility of asserting any other administrative or judicial remedy, you have the possibility at any time to assert your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is contrary to data protection law violates regulations (Art. 77 GDPR).
11.6 The supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision
12 Data integrity
12.1 All our data is stored on servers that are operated with a high standard of security and are thus protected against access by unauthorized persons and misuse.
12.2 We use the 256bit Secure Socket Layers (SSL) security standard on all pages of our websiteswhere you enter personal data – e.g. in “My Account”. Your data is encrypted directly during transmission. All information relevant to data protection (such as name and address) is stored in encrypted form in a protected database.
13.1 If the customer is a merchant, a legal entity under public law or a special fund under public law with its registered office in the territory of the Federal Republic of Germany, the exclusive place of jurisdiction for all disputes arising from this contract shall be the seller’s place of business.
13.2 If the customer’s registered office is outside the territory of the Federal Republic of Germany, the seller’s place of business shall be the exclusive place of jurisdiction for all disputes arising from this contract if this contract or claims arising from this contract can be attributed to the customer’s professional or commercial activity.
13.3 Nevertheless, in the aforementioned cases, the seller is also entitled to appeal to the court at the customer’s place of business.
14 Information on Online Dispute Resolution
The EU Commission’s platform for online dispute resolution can be accessed on the Internet at the following link: https://ec.europa.eu/odr
Although we are not obliged to participate in a dispute resolution procedure before a consumer arbitration board, we are generally willing to do so.