Data Protection Notice for file4you.schwarz

Version 2.0.2

We take the protection of your personal data very seriously and are committed to providing you with comprehensive information about the processing of your personal data. The following data protection notice provides you with information on how and for what purposes we process personal data within the scope of using the Schwarz data exchange platform (file4you) from you. Personal data is information that can be directly or indirectly attributed to or associated with your person. The legal basis for data protection is, in particular, the General Data Protection Regulation (GDPR).

1. Accessing the Website

We, Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, are the controller responsible for the operation of the website.

Purposes of Data Processing / Legal Bases:

When you access the website of the file exchange platform, the browser used on your end device automatically and without your intervention sends the following to our platform's server and temporarily stores it in a so-called log file for the following purposes:

• The IP address of the requesting internet-enabled device
• The date and time of access
• The name and URL of the retrieved file
• The website/application from which the access was made (referrer URL)
• The browser you are using and, if applicable, the operating system of your internet-enabled computer.

These are stored temporarily in a so-called log file for the following purposes:

• Ensuring a smooth connection establishment
• Ensuring comfortable use of our website/application, and
• Evaluating system security and stability.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in the purposes of data processing listed above.

Storage Period / Criteria for Determining the Storage Period:

The data will be stored for a period of up to 180 days and then automatically deleted.

2. Use of Cookies

We, Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, are the controller responsible for data processing in connection with the use of so-called cookies and other similar technologies for processing usage data on our website.

Cookies are small files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain viruses, Trojans, or other malware. Information is stored in the cookie, which arises in each case in connection with the specific end device used. However, this does not mean that we thereby immediately gain knowledge of your identity.

You can configure your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. In addition, you can set your browser to generally not accept cookies or to reject cookies only from specific providers. However, we would like to point out that this may impair the functionality of this website.

Purposes of Data Processing / Legal Bases:

The use of cookies and other technologies for processing usage data serves – depending on the category of the cookie or other technology – the following purposes:

• Technically necessary: Technically necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Within the scope of the use of cookies and similar technologies for processing usage data, the following types of personal data are processed in particular, depending on the purpose:

Technically necessary:   

• User entries to remember entries across multiple subpages;
• Authentication data to identify a user after registration in order to grant access to authorized content during subsequent visits (e.g., access to the customer portal);
• Security-relevant events (e.g., detection of frequent failed login attempts);
• Required data.

No further cookies are used.

The legal basis for the use of technically necessary cookies and similar technologies is Article 6(1)(f) GDPR and Section 25(2)(2) TTDSG (German Telecommunications Telemedia Data Protection Act). Our legitimate interest lies in the technically stable and secure operation of the website.

Cookies used:

No further cookies are used.

3. Registration on the File Exchange Platform and Data Exchange via the Schwarz file4you File Exchange Platform

The controller responsible for data processing when using the File4You platform for secure data exchange is the Schwarz company that wishes to exchange data or documents with you securely.

Purposes of Data Processing / Legal Bases:

The Schwarz file4you platform serves the exchange of larger amounts of data between employees of the Schwarz Group companies and business partners. For this purpose, the data is uploaded in encrypted form to the servers of the Schwarz file4you platform and stored temporarily.

Private use of the Schwarz file4you platform is prohibited.

The legal basis for data storage is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, provided that you are acting as a contact person for your company. The legitimate interest lies in being able to communicate securely with you and exchange data.

Storage Period / Criteria for Determining the Storage Period:

The uploaded (encrypted) data will be stored for a period of 14 days and then automatically deleted.

Recipients / Categories of Recipients:

The data you upload to the platform is accessible in unencrypted form exclusively to the intended recipients. We generally exclude the transfer of your other personal data to third parties outside of Schwarz IT KG, with which the respectively responsible company has concluded contracts for commissioned processing.

4. Security of IT Systems, Fraud/Abuse Prevention

Purposes of Data Processing / Legal Bases:

Any behavior that harms the reputation of the Schwarz Group companies or is likely to cause or facilitate damage to the company's assets or its infrastructure is prohibited on the Schwarz file4you platform. For security reasons and to prevent unauthorized data outflow, all activities on the data exchange platform are therefore logged, stored, and evaluated on a sample basis. This includes in particular the following data:

• Date and time of access,
• Status (successful/unsuccessful) and time of login with username,
• Type and time of access (upload, download, or deletion),
• Name and size of the uploaded file, and
• User account of the file owner and email address of the accessing party.

The legal basis for the aforementioned data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in maintaining system security and stability, as well as combating fraud and abuse via the Schwarz file4you platform.

Storage Period / Criteria for Determining the Storage Period:

The data will be stored for a period of 180 days and then automatically deleted.

5. Recipients / Categories of Recipients

The usage data generated by you on the platform will not be passed on to third parties. We are supported by Schwarz IT KG in the operation of the platform.

6. Data Subject Rights

If the respective legal requirements are met, you have the following rights:

• Right to information about your personal data stored by us in accordance with Article 15 GDPR and Section 34 BDSG (German Federal Data Protection Act), * Right to rectification of incorrect or incomplete data in accordance with Article 16 GDPR,
• Right to erasure of your data stored by us in accordance with Article 17 GDPR and Section 35 BDSG,
• Right to restriction of processing of your data in accordance with Article 18 GDPR,
• Right to data portability in accordance with Article 20 GDPR,
• Right to object in accordance with Article 21 GDPR,
• Right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR.

7. Name and Contact Details of the Controller and Contact Details of the Company Data Protection Officer

The controller responsible for data processing when using the File4You platform for secure data exchange is the Schwarz company that wishes to exchange data or documents with you securely.

If you have any further questions regarding this data processing or the exercise of your rights, you can contact the responsible data protection officer at the controller:

datenschutz süd GmbH – Stichwort Schwarz IT KG – Wörthstraße 15 97082 Würzburg Germany Email: [entfernte E-Mail-Adresse]

file4you is based on Z1-SecureHub by Zertificon Solutions GmbH