CSV Excel CSV

Data Privacy Policy

  1. Body in charge and data protection officer

    1. The body in charge of data processing according to the General Data Protection Regulation (GDPR) and other data protection regulations is:

      rapidmail GmbH
      Augustinerplatz 2
      79098 Freiburg
      Germany

      Telephone: +49 761 - 216 08 720
      Fax: +49 761 582 00 66
      E-mail: info@rapidmail.com
      Internet: https://www.rapidmail.com
    2. The data protection officer of the body in charge is:

      Teresa Wurst
      rapidmail GmbH
      Augustinerplatz 2
      79098 Freiburg
      E-mail: datenschutz@rapidmail.de
  2. Protecting your personal data

    Data protection is very important to us. We therefore process personal data only according to the statutory regulations for data protection and security. Our employees are obligated to maintain confidentiality and secrecy.

    You must log in with your e-mail address in order to use our online service. We request you to share your personal contact information if you wish to purchase products and services or need information from us. The following paragraphs will outline to what extent we process personal data.

  3. General information about the processing of personal data

    1. Description of the processing of personal data

      We use IT systems on our websites for carrying out services for our users and clients. With the help of these IT systems, we process this personal data, which is described in detail below.

    2. Legal bases for processing personal data

      Where we obtain consent from the person concerned for carrying out processing operations, Art. 6(1) lit. a of the GDPR shall serve as the legal basis.

      Where processing personal data that is required for performance of a contract, where the contracting party is the person concerned, Art. 6(1) lit. b of the GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for taking steps prior to entering into a contract.

      Where it is necessary to process personal data in order to fulfil a legal obligation that the company is subject to, Art. 6(1) lit. c of the GDPR shall serve as the legal basis.

      Where it is necessary to process personal data in order to protect the legitimate interest of our company or a third party, and the interests, basic rights and freedoms of the party involved do not outweigh the company's interests, Art. 6(1) lit. f of the GDPR shall serve as the legal basis.

    3. Disclosure of data

      Your personal data will be transmitted to third parties as per Art. 6(1) sent. 1 lit. a of the GDPR only with your consent, for instance when you inform us of your interest in our services or activities. In this case, the data may be forwarded to the relevant companies and organisations. In addition, we will share personal information with third parties only if we are legally required to do so as per Art. 6(1) sent. 1 lit. c of the GDPR or if this is necessary as per Art. 6(1) sent. (1) lit. b of the GDPR in order to handle our contractual relationships with you.

      Depending on the payment service provider that you select when ordering, the payment data collected for processing the payments will be given to the relevant banking institution by us, and if needed, to the payment service providers hired by us or to the payment service selected. The payment service providers also collect this data themselves to some extent if they create an account there. In this case, you must sign in with the payment service provider using your access data during the payment process. The data privacy policy of the respective payment service provider shall apply here.

    4. Deletion of data and retention periods

      The personal data of the person concerned will be deleted or blocked as soon as there is no reason to store the data any longer. However, the data can be stored if this is provided by the European or national legislator in the regulations, laws or other provisions that the body in charge is subject to. Thus, the data will be deleted or blocked when the data retention period specified by the norms mentioned lapses unless it is necessary to store the data for fulfilling a contract or for a protecting a major, legitimate interest.

  4. Visiting our website

    1. Description and scope of data processing

      When you visit our website https://www.rapidmail.com, the browser used by you on your device will automatically send information to our website's server. This information shall be temporarily saved in a log file. The following information will be collected here without any action on your part and will be saved until it is deleted automatically:

      • IP address of the computer making the request
      • date and time of access
      • name and URL of the file accessed
      • website from which access is obtained (referrer URL)
      • browser used and (if applicable) your computer's operating system
      • Name of your access provider

      The log files contain IP addresses or other data that enable them to be allocated to a user.

    2. Purpose of data processing

      The system needs to store the IP address temporarily to be able to display the website on the user's computer. For this to happen, the user's IP address must be stored for the duration of the session. The data is saved in log files to ensure the functionality of the website. In addition, the data helps us optimise our website and maintain the security of our IT systems. The data is not analysed for marketing purposes in this specific context. We use the data mainly

      • to ensure a hassle-free connection to the website
      • to ensure that the user can use our website comfortably
      • for performing analyses for system security and stability
      • for other administrative purposes

      We also use cookies and analytics services when you visit our website. For further information about this, please refer to clause VI of this privacy policy.

    3. Legal basis for data processing

      The legal basis for data processing is Art. 6(1) sent. 1 lit. f of the GDPR. Our legitimate interest ensues from the above-mentioned purposes of data collection. In this specific context, we do not use the collected data to draw conclusions about your person.

    4. Data retention period

      The data will be deleted or blocked as soon as it is no longer required for the purpose for which it was collected. This is the case when the session is over, if the data is collected for making the website available. If the full IP addresses are saved in log files, they will be deleted or anonymised after seven days at the latest. It is possible that the data is stored beyond this period by means of cookies or analytics services. In this case, the user's IP address will be deleted or shortened so that it is not possible to relate it to the accessing client. For further information about this, please refer to clause VI of this privacy policy.

    5. Right to object and right to erasure

      It is necessary to collect data in order to display the website and storing the data in log files for the operation of the website. As a result, you, as the user, have no means of objecting to this if you wish to use our website.

  5. Online forms, newsletters, information

    1. Description and scope of data processing

      By filling out forms on our website, you give your consent to us to process and store all the personal data collected.

      Contact form (website)
      You can get in touch with us via the contact form on our website. We will collect the following personal data here: Name, e-mail address, your message, “Send me a copy”.

      Registration form (website)
      You can create a demo account using the registration form on our website. We will collect the following personal data here: E-mail address.

      Activation form (client section)
      You can have your account activated in the client section. This is compulsory so that you can use all the features. We will collect the following personal data here: Legal structure, company, title, first name, last name, street name, post code, city, country, telephone number (optional).

      Payment information form (client section)
      You will see a payment information form (where applicable) in our client section as soon as you place an order. The following financial data will be collected here: Account information (account holder's name, IBAN, BIC), credit card information (card number, card holder).

      Newsletter
      With your express consent, we will also use the personal data stored by us to inform you about our products, services or events. You can subscribe to our newsletter using the subscription form on our website, where will we collect your personal data (e-mail address). We will send you information via e-mail only if you have given your express consent to this in writing or in the double opt-in process.

    2. Purpose of data processing

      We will process your personal data to respond to your enquiries, perform services requested by you, issue invoices, ensure that the laws and regulations are complied with, and enforce legal claims. All financial data will be processed only for invoicing and payment processing purposes.

    3. Legal basis for data processing

      The legal basis for data processing is Art. 6(1) sent. 1 lit. a and b of the GDPR since you have given your consent by using a form or sending information and/or a contractual service is performed.

    4. Data retention period

      The personal data collected shall be stored for as long as it is required for the purposes described. If the data is subject to a legal duty to hold records according to the German tax code (AO) or German commercial code (HGB), it must be retained for six to ten years. For all other matters, the aforementioned general retention policies shall apply.

    5. Right to object and right to erasure

      If the data is subject to a legal duty to hold records, the user has no means of objecting to this. You can revoke your consent to receive the newsletter or information at any time by clicking on the “Unsubscribe” link on the individual mails or by writing to us at datenschutz@rapidmail.de. For all other matters, the user is entitled to the rights outlined below.

  6. Cookies, plugins and web analysis

    1. Description and scope of data processing

      What are cookies? When contents from our online service are requested, cookies are used, for example, for optimising communication times or for an anonymised, statistical analysis of the usage of our website. Cookies are small text files that are stored on your computer when you visit a website. They enable the website to recognise you during your current or next visit to our website.

      When you leave our site and go to third-party websites, cookies may be used by the destination page. We are not legally responsible for these cookies. Please refer to the third-party website's privacy policy as well as the following statement to know how these cookies and the information stored in them are used by third parties.

      Which data is processed? Cookies, analytics tools and plugins process, among other things, the name of the internet service provider, requested files, IP address, access to individual pages, browser type, screen resolution, colour depth, operating system, search criteria and reference pages from which you were linked to our website.

      The following section contains a detailed description on which cookies, analytics tools and plugins we use, which data is processed here and how you can deactivate the analytics tools.

      Google (Universal) Analytics

      This website uses Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/com/about/), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). Pseudonymised user profiles are created and cookies are used here. The information generated by cookies about your use of the website, such as

      • browser type/version,
      • operating system,
      • referrer URL (the previously-visited page),
      • the hostname of the accessing computer (IP address),
      • time of query on our server,

      shall be transferred to and saved on a Google server in the United States. This will be used for evaluating your use of the website, compiling reports on website activities and providing other services relating to website and internet usage for market research purposes and for developing this website as needed. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. If you activate the IP anonymisation feature on this website, Google will shorten your IP address within the EU and EEA before transmitting it (IP masking). Your full IP address will only be transmitted to a server belonging to Google in the United States in cases of exception and then shortened there. Google will not, under any circumstances, associate the anonymised IP address transmitted by your browser when using Google Analytics with any other data held by Google.

      You may refuse the installation of cookies by selecting the appropriate settings on your browser (see below for details). However, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent information generated by cookies about your use of the website (including your IP address) being sent to and processed by Google by downloading and installing the following browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). Apart from using the browser add-on, especially when you are using a browser on your mobile phone, you can prevent your data from being collected by Google Analytics by clicking here. This will install an opt-out cookie, which will prevent your data from being collected the next time you visit this website. The opt-out cookie will only work on this browser and for our website, and will be stored on your device. If you delete cookies from this browser, you will have to reinstall the opt-out cookie.

      Google has its head office in the USA and is certified as per the EU-US Privacy Shield. You can see the relevant certificate here. Based on this agreement between the USA and the European Commission, the latter has specified an appropriate level of data privacy for companies certified under the Privacy Shield. For further information on data privacy with respect to Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

      Mouseflow

      This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, for collecting randomly selected individual visits (only with an anonymised IP address). Mouseflow is an analytics tool that collects mouse clicks, mouse movements, scrolls, form interactions and other meta data. The mouse movements, mouse clicks and keystrokes are thus recorded in order to replay random individual visits to this website as session replays, and to analyse them as so-called heatmaps and develop potential improvements for this website using this data. For more information on how data is processed by Mouseflow, please click here: https://mouseflow.com/tour/

      The data collected by Mouseflow is not personal data and will not be forwarded to third parties. The data collected will be stored and processed within the EU. For more information on data privacy, please click here: https://mouseflow.com/privacy/

      If you do not want Mouseflow to collect your data, you can disable this on all the websites used by Mouseflow by clicking on the following link: https://mouseflow.com/opt-out/

      Mixpanel

      This website uses Mixpanel, a web analytics tool of MIXPANEL, INC., San Francisco 405 Howard Street, Floor 2, San Francisco, CA 94105, for collecting randomly selected individual visits (only with an anonymised IP address). The websites visited and actions performed are thus recorded with the intention of developing potential improvements for this website using this data.

      The data collected by Mixpanel is not personal data and will not be forwarded to third parties. The data collected will be stored and processed in the USA. MIXPANEL INC. is certified under the EU-US Privacy Shield. For more information on data privacy, please click here: https://mixpanel.com/privacy

      If you do not want Mixpanel to collect your data, you can disable this on all the websites used by Mixpanel by clicking on the following link: https://mixpanel.com/optout

      Facebook (Remarketing / Retargeting)

      The remarketing tags of the social networking site Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated in our website. When you visit our website, a direct connection will be established between your browser and the Facebook server. Facebook thus learns that you have visited our website using your IP address. By this means, Facebook can associate your visit to our website to your user account. The information thus received may be used by us to display Facebook ads. Please note that we, as the provider of this website, will not receive any information about the contents of the transmitted data or how it is used.

      For more information on this, please refer to the data privacy policy of Facebook at https://www.facebook.com/privacy/explanation

      If you do not want Custom Audiences to collect your data, you can disable Custom Audiences by clicking on the following link: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

    2. Purpose of data processing

      We process and use the incoming data to improve the marketing of our website, make the website more user friendly and for other optimisation purposes. The analysis performed for marketing and optimisation purposes does not usually allow us to draw conclusions about your personal or personal data. Your name, address, telephone number or other data that can be traced back directly to individuals will not be saved. The analysis only delivers aggregated data such as the number of visitors and site views. However, please note that according to popular opinion, dynamic IP addresses and its related usage data can be classified as personal data.

      Cookies allow us to (among other things) customise our website as per your wishes, establish connections between various instances of visiting our website or save your password in your browser so that you do not need to enter it every time you visit our website.
      We also use cookies for targeted advertising. We also allow data providers or other automatic data collection tools do that they can help us prepare our contents and advertisements and evaluate the effectiveness of our advertising activities. These cookies can deliver anonymised or other data after linking it to data transmitted by you to us, which we pass on in a hashed form, i.e. a form that is not readable by humans. In the case of registered users, the data collected on our website is not anonymous. We will use this information along with other information that we have or obtain about you, such as your preferences, to provide you with personalised contents, services and advertisements.

      We will not forward any information that can be used to identify you to these advertisers or other third parties. The advertisers and other third parties (e.g. advertising networks, ad agencies and any other service providers hired by them) can only assume that users who click on personalised advertisements or content belong to the target audience at whom the advertisement or content is targeted.

    3. Legal basis for data processing

      The cookies, plugins and tracking measures described are used in accordance with Art. 6 (1) sent. 1 lit. f of the GDPR. The data processed by these means for the purposes mentioned is used for safeguarding the main legitimate interest of our company and of third persons in advertising messages of our clients and users when weighing interests, and is therefore required according to the proportionality principle.

    4. Data retention period

      Some of the cookies used by us will be deleted at the end of a browser session, i.e. after you close your browser (session cookies). Other cookies will remain on your device and allow us to recognise your browser when you visit our site next (persistent cookies). You can see the duration for which they are stored in the overview section in the cookie settings of your browser. For all other matters, the aforementioned general retention policies shall apply.

    5. Opt-out and disable options

      If you do not want us to use cookies, we will set your browser to delete cookies from your hard drive, delete all cookies or warn you before a cookie is saved, so that you can decide every time whether you want the cookie to be saved. Every browser decides how it wants to manage cookie settings in this way. These are described in detail in the help menu of the browser. The help menu explains how you can modify your cookie settings. You can find the relevant browser information by clicking on the following links:

      Important: You need to use cookies in order to use certain functionalities such as restoring contents. We therefore advise you not to disable cookies entirely.

      You can also find options on disabling cookies directly under the description of cookies, plugins and tracking measures (see above).

  7. Rights of the person involved

    As per the data privacy provisions, you have the following rights.

    1. Right to information

      According to Art. 15 of the GDPR, you have the right to request information about your data processed by us. In particular, you can ask for information about the purpose of processing, categories of personal data, categories of recipients to whom their data was or is disclosed, the planned retention period, the right to correction, deletion or restriction of data processing or the right to object, the right to lodge a complaint the origin of your data if it was not collected by us, and the existence of automated decision making including profiling and, if needed, meaningful information on their particulars.

    2. Right to rectification

      According to Art. 16 of the GDPR, you have the right to request us to rectify data or complete your data that is stored by us immediately.

    3. Right to erasure

      According to Art. 17 of the GDPR, you have the right to request us to erase your personal data stored by us if the processing is not necessary for exercising the right to freedom of expression and information, fulfilling a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims.

    4. Right to restriction of processing

      According to Art. 18 of the GDPR, you have the right to request the processing of your personal data to be restricted if you contest the accuracy of the data, the processing is unlawful, you oppose its erasure, we do not need the data anymore, but you still need the data to establish, exercise or defend legal claims or you have objected to the processing according to Art. 21 of the GDPR.

    5. Right to data transmission

      According to Art. 20 of the GDPR, you have the right to receive the personal data concerning you, which you have to us provided, in a structured, commonly used and machine-readable format or request this data to be transmitted to another body in charge.

    6. Right to withdraw declaration of consent under data privacy law

      According to Art. 7(3) of the GDPR, you have the right to withdraw your declaration of consent under data privacy law at any time. As a result, we will not be able to continue with the data processing based on your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to exercise your right to withdraw consent, you can simply let us know via any of our communication channels, ideally via e-mail to datenschutz@rapidmail.de.

    7. 7. Right to lodge a complaint with a supervisory authority

      According to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. Normally, in order to lodge a complaint, you can contact the supervisory authority of your habitual residence, place of work or our office.

    8. Right to object

      If your personal data is processed based on legitimate interests according to Art. 6 (1) sent. 1 lit. f of the GDPR, you have the right to object to the processing of your personal data and direct marketing according to Art. 21 of the GDPR, on grounds relating to your particular situation.

      In the latter case, you have a general right to object without providing the grounds for objection.
      If you wish to exercise your right to object, you can simply let us know via any of our communication channels, ideally via e-mail to datenschutz@rapidmail.de.

      Once you exercise your right to object, we will no longer process your personal data for these purposes unless we demonstrate compelling legitimate safety-related grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. This does not apply where the data is processed for direct marketing purposes. In this case, your personal data shall no longer be processed for such purposes.

    9. Automated decision making in individual cases including profiling

      You have the right not to be subject to a decision based on automated processing (including profiling), which produces legal effects concerning you or significantly affects you. This shall not apply when the decision

      • (1) is required for concluding or fulfilling a contract between you and the body in charge,
      • (2) is authorised by the Union or Member States, which the body in charge is subject to and these legal provisions include adequate measures for safeguarding your rights and liberties as well as your legitimate interests, or
      • (3) is made with your express consent.

      However, these decisions may not be based on the special categories of personal data described under Art. 9 (1) of the GDPR if 9 (2) lit. a or g of the GDPR does not apply and adequate measures have been taken to safeguard the rights and liberties of your legitimate interests.

      With respect to the cases outlined in points (1) and (3), the body in charge shall take adequate measures to safeguard your legitimate rights and liberties as well as your legitimate interests, which include at least the right to obtain human intervention from the body in charge, express your point of view and challenge the decision.

  8. Data security

    We use the popular SSL technology (Secure Socket Layer) with a 128-bit key, which is supported by your browser so that you can open our website. You can recognise if individual pages of our website is encrypted when it is transmitted, from the “https://”, instead of “http://” in the address bar and from the key or lock symbol in the browser line.

    We also take technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss or destruction and unauthorised access by third parties. We are constantly improving our security measures in keeping with technological developments.

    The security measures outlined are implemented according to Art. 6 (1) sent. 1 lit. f and Art. 32 of the GDPR. The data processed here is required for security purposes to safeguard our legitimate interests as well as those of third parties as per Art. 6 (1) sent. 1 lit. f of the GDPR.

  9. Validity of and amendment to this data privacy policy

    This data privacy policy is currently valid and effective from May 2018.
    Due to further development of our website and offers or amendments in statutory or official regulations, it may be necessary to amend the data privacy policy. You can read and print out the currently valid privacy policy by visiting the following link: https://www.rapidmail.com/data-protection