Data Privacy Policy

Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

Our privacy policy is structured as follows:

I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing

I. Information about us as controllers of your data

The party responsible for this website (the "controller") for purposes of data protection law is:

Nitrokey GmbH
Rheinstr. 10 C
14513 Teltow
Germany

Phone: +493012053434
Email:

The controller's data protection officer is:

Jan Suhr

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right

  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.

Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.

Server data

For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.

The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Cookies

We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your shopping cart and log-in information.

This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

Some of the cookies we use are so-called temporary or transient session cookies. These store a so-called session ID, which can be used to assign various requests from your web browser to the shared session. This allows your device to be recognized when you return to our website. Session cookies are deleted after the end of the browser session, i.e. after closing your browser.

Other cookies used by us are so-called permanent or persistent cookies. These remain on your device and enable us to recognize your browser the next time you visit. These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies in your web browser settings at any time.

Disabling cookies

You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.

If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.

Order processing

The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.

The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.

After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.

In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment. These include in particular:

Web-Hoster: This provides us with infrastructure and platform services as well as technical maintenance and security services, computing capacity and storage space and database services, which we use for the purpose of operating this online offering.

Commercial service providers: These take care of the mailing of documents, especially invoices and reminders. Transport companies: They take care of the packaging and packing of the orders, their dispatch and delivery to the recipient.

House bank: This takes care of the processing of payment transactions for us with the exception of credit card payments and PayPal, for which we use a separate payment service provider.

Payment service provider: The data processed by the payment service provider includes inventory data, such as the name and address, and bank data, such as account numbers or credit card numbers, as well as information relating to contracts, totals and recipients. This information is required to execute the transactions. However, the data entered will not be processed by us, but exclusively by the payment service provider and stored with him.

We use the following external payment service providers:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg

Data protection information can be found at

https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=en_EN

https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN

Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA

https://stripe.com/privacy

The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.

Customer account/registration

If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, your address, or your email address) exclusively for services leading up to your potential placement of an order or entering some other contractual relationship with us, to fulfill such orders or contracts, and to provide customer care (e.g. to provide you with an overview of your previous orders or to be able to offer you a wishlist function). We also store your IP address and the date and time of your registration. This data will not be transferred to third parties.

During the registration process, your consent will be obtained for this processing of your data, with reference made to this privacy policy. The data collected by us will be used exclusively to provide your customer account. 

If you give your consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for this processing.

If the opening of the customer account is also intended to lead to the initiation of a contractual relationship with us or to fulfill an existing contract with us, the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.

You may revoke your prior consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

The data previously collected will then be deleted as soon as processing is no longer necessary. However, we must observe any retention periods required under tax and commercial law.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

Tracking

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an email was opened, and which links in the email were called up by the recipient.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by us in order to optimise the sending of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the recipients. This personal data will not be passed on to third parties. After a revocation, these personal data will be deleted by us.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

Contact

If you contact us via email or the contact form, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.

The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

User posts, comments, and ratings

We offer you the opportunity to post questions, answers, opinions, and ratings on our website, hereinafter referred to jointly as "posts." If you make use of this opportunity, we will process and publish your post, the date and time you submitted it, and any pseudonym you may have used.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent.

In addition, we will also process your IP address and email address. The IP address is processed because we might have a legitimate interest in taking or supporting further action if your post infringes the rights of third parties and/or is otherwise unlawful.

In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in any legal defense we may have to mount.

Follow-up comments

If you make posts on our website, we also offer you the opportunity to subscribe to any subsequent follow-up comments made by third parties. In order to be able to inform you about these follow-up comments, we will need to process your email address.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent to this subscription under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each email.

Matomo (formerly: PIWIK)

Our website uses Matomo (formerly: PIWIK). This is open-source software with which we can analyze the use of our site. Data such as your IP address, the pages you visit, the website from which you came (referrer URL), the duration of your visit, and the frequency of your visits is processed.

Matomo stores a cookie on your device via your browser in order to collect this data. This cookie is valid for one week.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis and optimization of our website.

We use Matomo with the "Automatically Anonymize Visitor IPs" function. This anonymization function truncates your IP address by two bytes so that it is impossible to assign it to you or to the internet connection you are using.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.

In addition, you have the option of terminating the analysis of your usage behavior by opting out. By confirming the link
https://www.nitrokey.com/matomo/index.php?module=CoreAdminHome&action=optOut&language=en
a cookie is stored on your device via your browser to prevent any further analysis. Please note, however, that you must click the above link again if you delete the cookies stored on your end device.

Shariff social media buttons

Our website uses the plug-ins of the following social networks. To integrate these plug-ins, we use the Shariff plug-in.

The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.

Shariff is an open source program developed by c't and heise. By integrating this plug-in, linked graphics prevent the following social network plug-ins from automatically establishing a connection to the respective social networks server when you visit website(s) on which the plug-ins are integrated. Only if you click on one of these linked graphics will you be forwarded to the service of the respective social network. Only then will information about your use of our site be recorded by the respective social network. This information may include your IP address, the date and time you visited our site, as well as the pages you viewed.

If you are logged in to one of the social network services while visiting one of our plugged-in websites, the information collected by the plug-in from your specific visit will be recognized by the provider of that social network and assigned to your personal user account there and/or publish information about your interaction with our site there. If, for example, you use the a share button for the social network, this information may be stored in your user account there and published on the platform of the respective social network provider. To prevent this, you must either log out of the social network before clicking the graphic or make the appropriate settings in your social network account.

Further information about Shariff is available at

http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

The following social networks are integrated into our website:

Facebook operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, operated within the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. 

Privacy information can be found at https://www.facebook.com/policy.php

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Facebook guarantees that it will follow the EU's data protection regulations when processing data in the United States.

Twitter operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Privacy information can be found at https://twitter.com/privacy

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Twitter guarantees that it will follow the EU's data protection regulations when processing data in the United States.

 

The above is based on Model Data Protection Statement of Anwaltskanzlei Weiß & Partner

IV. Information about the data processing for NitroChat

This chapter applies to the Matrix service provided at https://nitro.chat.

When you read 'the NitroChat homeserver', 'NitroChat' or 'the Service' below, it refers to the services made available at nitro.chat which store your account and personal conversation history, provide services such as bots and bridges, and communicate via the open Matrix decentralised communication protocol with the public Matrix Network.

The public Matrix Network is a decentralized and openly federated communication network. This means that user messages are replicated on each participant's server and messages posted to a room are visible to all participants including in some cases any new joiners. This is further explained below.

Where you read Nitrokey, Nitrokey GmbH or we, our, or us below, all refer to the same company.

1. Right to Erasure

You can request that we forget your copy of messages and files by instructing us to deactivate your account (using a Matrix client such as https://app.nitro.chat) and selecting the option instructing us to forget your messages. What happens next depends on who else had access to the messages and files you had shared.

Any messages or files that were only accessible by your account will be deleted from our servers within 30 days.

Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files. Apart from state events (see below), these messages and files will not be shared with any unregistered or new users who view the room after we have processed your request to be forgotten.

State events are processed differently to non-state events. State events are used by the Service to record, amongst other things, your membership in a room, the configuration of room settings, your changing of another user's power level and your banning a user from a room. Were we to erase these state events from a room entirely, it would be very damaging to other users' experience of the room, causing banned users to become unbanned, revoking legitimate administrator privileges, etc. We therefore share state events sent by your account with all non-essential data removed ('redacted'), even after we have processed your request to be forgotten. This means that your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your request to be forgotten. We are actively working on a solution to work around this restriction and allow you to be fully forgotten while maintaining a high quality experience for other users. If this is not acceptable to you, please do not use the Service.

2. What Information Do You Collect About Me and Why?

The information we collect is purely for the purpose of providing your communication service via Matrix. We do **not** profile users or their data on the Service.

Be aware that while we do not profile users on the Service, third party Matrix clients may gather usage data. This includes the Matrix client Riot provided at https://app.nitro.chat which optionally gathers opt-in anonymised usage data under New Vector Ltd.'s privacy notice at https://riot.im/privacy.

2.1 Information you provide to us:

We collect information about you when you input it into the Service or otherwise provide it directly to us.

Account and Profile Information

We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:

  • Username

  • Password

  • Display Name (if you choose to provide one)

  • Your email address (if you choose to provide it)

  • Your verified telephone number (if you choose to provide it)

Your username and password is used to authenticate your access to the Service and to uniquely identify you within the Service.

Your password is stored until you change it or your account is deactivated. Your username is stored indefinitely to avoid account recycling.

Your email address and/or telephone number, if you choose to provide them, are used so that other users can look up your Matrix ID from these identifiers. These are stored and processed by the chosen 3rd party identity service such as vector.im. Their privacy policy apply.

We will also use your email address to let you reset your password if you forget it, and to send you notifications about missed messages from users trying to contact you on Matrix if you enable the option. We may also send you infrequent urgent messages about platform updates.

Content you provide through using the Service

We store and distribute the messages and files you share using the Service (and across the wider Matrix ecosystem via federation) as described by the Matrix protocol and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.

This content includes any information about yourself that you choose to share.

2.2 Information we collect automatically as you use the Service:

Device and Connection Information

Each device you use to access the Service is allocated a (user-configurable) identifier. When you access the Service, we record the device identifier, the IP address it used to connect, user agent, and the time at which it last connected to the service.

This information is gathered to help you to manage your devices - you can view and manage the list of devices by connecting to the Service with a Matrix client such as https://app.nitro.chat

Currently, we log the IP addresses of everyone who accesses the Service. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for not longer than 7 days.

3. What Information is Shared With Third Parties and Why?

3.1 Sharing Data with Connected Services

We may share your information when working with our suppliers in order to provide the Service.

In addition, NitroChat is a decentralised and open service. This means that, to support communication between users on different homeservers or different messaging platforms, your username, display name and messages and files are sometimes shared with other services that are connected with the NitroChat. These other services may be outside of the EU.

Federation

Matrix homeservers share user data with the wider ecosystem over federation.

When you send messages or files in a room, a copy of the data is sent to all participants in the room, including (depending on room settings) participants who join the room in future. If these participants are on remote homeservers, your username, display name, messages and files may be replicated across each participating homeserver.

We will forget your copy of your data upon your request. We will also forward your request to be forgotten onto federated homeservers. However - these homeservers are outside our span of control, so we cannot guarantee they will forget your data.

Federated homeservers can be located anywhere in the world, and are subject to local laws and regulations.

Access control settings are shared between homeservers, as well as any requests to remove messages by "redactions", or remove personal data under GDPR Article 17 Right to Erasure (Right to be Forgotten). Federated homeservers and Matrix clients which respect the Matrix protocol are expected to honour these controls and redaction/erasure requests, but other federated homeservers are outside of the span of control of Nitrokey GmbH, and we cannot guarantee how this data will be processed. Federated homeservers can also be located in any territory, and will be subject to the local regulations of that territory.

Bridging

Some Matrix rooms are bridged to third-party services, such as IRC networks, Twitter or email. When a room has been bridged, your username, display name, messages and file transfers may be duplicated on the bridged service where supported.

It may not be technically possible to support your management of your data once it has been copied onto a bridged service.

Bridged services can be located anywhere in the world, and are subject to local laws and regulations.

Access control settings, requests to remove messages by "redactions" or remove personal data under GDPR Article 17 Right to Erasure (Right to be Forgotten) are shared to bridging services, which are expected to honour them to the best of their ability. Be aware that not all bridged networks or bridges support the necessary technical capabilities to limit, remove or erase messages. If this is not acceptable to you, please do not use bridged rooms.

3.2 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to

(a) comply with any applicable law, regulation, legal process or governmental request,

(b) protect the security or integrity of our products and services (e.g. for a security audit),

(c) protect Nitrokey GmbH and our users from harm or illegal activities, or

(d) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.

4. How Do You Handle Passwords?

We never store password data in plain text; instead they are stored hashed (with at least 4096 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using TLS.

It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.

If you become aware of any unauthorized use of your account or any other breach of security, you must notify Nitrokey GmbH immediately by sending us an email. Suspicious devices can be deleted using the User Settings management tools in a Matrix client such as https://app.nitro.chat, and users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.

If you forget your password (and you have registered an email address) you can use the password reset facility to reset it.

You can manage your account by using a Matrix client such as https://app.nitro.chat.

We will never change a password for you.

5. How Can I Access or Correct My Information?

You can access all your personally identifiable information that we collect by using any compatible Matrix client (such as https://app.nitro.chat) and managing your User Settings. You can get a copy of all your data.

6. Who Can See My Messages and Files?

In unencrypted and encrypted rooms, users connecting to NitroChat (directly or over federation) will be able to see messages and files according to the access permissions configuration of the relevant room. This data is stored in the format it was received on our servers, and can be viewed by Nitrokey engineers (employees and contractors) under the conditions outlined below.

In encrypted rooms, the data is stored in our databases but the encryption keys are stored only on your devices or by yourself. Users can optionally backup an encrypted copy of their keys on the Service to aid recovery if they lose all their keys and devices. This key backup is encrypted by a recovery key that only the user has access to. This means that nobody, even Nitrokey engineers (employees and contractors) can see your message content in our database, and if you lose access to your encryption keys you lose access to your messages forever.

We use HTTPS to transfer all data. End-to-end encrypted messaging data is stored encrypted using AES-256, using message keys generated using the Olm and Megolm cryptographic ratchets.

7. What Are the Guidelines Nitrokey Follows When Accessing My Data?

We restrict who at Nitrokey GmbH (employees and contractors) can access user data to roles which require access in order to maintain the health of the Service.

We never share what we see with other users or the general public.

8. Who Else Has Access to My Data?

We host the service in Hetzner's data centers in Germany.

We use secure private keys when accessing servers via SSH.

We log application data (username, user IP and user agent). We keep logs for no longer than 7 days.

This chapter is based on https://matrix.org/docs/guides/privacy_notice.html

V. Nitrokey Meet

To provide the Nitrokey Meet service at https://meet.nitrokey.com, we process network and usage information including IP addresses for the meeting participants, the user specified URL used to host the meeting, and information about the phone numbers that connect to the meeting (if audio connection is made via a telephone call). This information is stored in logs not longer than 7 days. In some cases, meeting related content, which may contain personal information, is temporarily stored to enable user functionality in a Nitrokey Meet video meeting. Examples include:

  • If you use the chat function, chat content is stored during the meeting.
  • If you record a meeting, the recording of the meeting is temporarily stored until it is uploaded to your file hosting service.
  • If you livestream your meeting, video content is temporarily stored to buffer the livestream.
  • In addition, users of Nitrokey Meet have the option of providing name, email address, and link to a picture that will be displayed to participants in the meeting.

We don’t sell personal information to third parties. We use this information to deliver the Nitrokey Meet service, to identify and troubleshoot problems with the Nitrokey Meet service, and to improve the Nitrokey Meet service. In addition, we may use this information to investigate fraud or abuse.

 

Status: 8.7.2020