This is the Privacy and Cookie Policy of OneOffTech-UG, with registered office at Warschauer Str. 71, 10243 Berlin, Germany, hereafter referred to as “OneOffTech”, the "Data Controller".

Please read this Privacy Policy carefully, because it contains essential information about the processing of your personal data and the use of cookies by OneOffTech. By using the website, provided through url https://k-box.net (“Website”); by creating an account, by contacting us by email/phone, by subscribing for our newsletter, you declare that you have read this Privacy Policy and that you explicitly agree to its content as well as to the processing itself.

General terms

OneOffTech complies through this privacy policy with the European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”).

OneOffTech is the controller (article 4.7 GDPR) who determines the means and purposes of the processing described below.

Data Controller: Oneofftech-UG (haftungsbeschränkt) located in Warschauer Str. 71, 10243 Berlin, Germany, email: info@oneofftech.xyz (hereinafter, the "Data Controller").

Data Controller’s Data Protection Officer (DPO): privacy@oneofftech.xyz.

This Privacy Policy does not apply to the privacy practices of third parties that we do not own or control, including but not limited to any third party websites, services, applications, online resources to which this Site may link, frame or otherwise reference (collectively "Third Party Services") that you may access through the Services. We take no responsibility for the content or privacy practices of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

Categories of personal data

When you use our Services we process and collect these categories of personal data:

1. Registration information. When you register for our Services, you submit some identification and contact data (such as your e-mail address, surname, name, affiliated organization). The data that we request at the time of registration is necessary to provide the Services.
2. Account information. When you use our Services, you also give us access to certain information (such as the name, the download/upload files history and the queries on the internal search engine) that is necessary for the provision and maintenance of your user account. In order to create a new account for a new user, we store and access certain personal data (such as the email addresses and name).
3. Payment information. When buying services, you also give us access to: your name, (where applicable) your company name, your VAT-number, your bank account, your credit card details, your email address, your address.
4. Logs. When you use our Services, we process certain information and store it in log files. This information includes internet protocol (IP) addresses as well as: number of document in the K-box, number of upload and download, search queries, time of access, publication and action on data and error logs.
5. Browsing data. The information systems and software procedures relied upon to operate these Services - based on website - acquire personal data as part of their standard functioning. The transmission of such data (technical data) is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the referring web page, the time of such requests, the method used for submitting a given request to the server, search queries, a numerical code relating to server response status (successfully performed, error, etc.). We use only “session cookies” (no persistent) that are automatically deleted after two hours. Session cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing.
6. Content uploaded. You and other users may upload content that includes information about you (as meta data or part of documents, articles, paper, videos) on our Services.
7. Content downloaded. When you download shared contents, we automatically collect information such as the search queries and referrer page to reach the content.
8. Other Personal Data. When you contact us for our technical support, help or otherwise communicate with us you may decide to share further information with us. In order to guarantee technical support in the future, these data are retained by us until your account is in existence.

Legal basis for processing data

Data Controller is a public-benefit federal enterprise for international cooperation so the personal data mentioned on this page are processed by the Data Controller in discharging its tasks that serve the public interest or are related to the exercise of its institutional functions. This includes the planning, the implementation and the execution of the Project. Personal Data are processed on the basis of Article 6, 1 lit. f) of the GDPR for the purpose of pursuing the controller’s legitimate interests, in this case to provide and improve the Services.

Purposes for processing personal data

We may use the information collected for the limited purpose of providing the Services and related functionality. These limited purposes include circumstances where it is necessary to provide or fulfill Services requested by you or in your interest. The information is used to perform a variety of purposes, including to:

• provide, operate, maintain and improve the Services;
• enable you to access and use the Services, including uploading, downloading, collaborating on and sharing contents;
• enable you to communicate, collaborate, and share files with specific users;
• send you technical notices, updates and support and administrative messages;
• obtaining invoice-details and completing the payment on the Website within the application on the legal basis of performance of a contract in order to provide you the service you have requested;
• reply to your questions and requests and provide user support;
• investigate and prevent copyright infringement and unauthorized, fraudulent or illegal use of the Services.

We use your data to produce and share aggregated insights that do not identify you. For example, we may use your data to generate aggregated statistics about your Team or its members to track their activity.

You are not obliged to provide us with your personal data, however in case you refuse to provide us with certain personal data, the delivery of certain services will not be possible.

Data recipients

The personal data collected as above are also processed by the staff from the Data Controller, acting on specific instructions concerning purposes and arrangements of such processing.

In order to operate the Service, the following entities are recipients of (some/all) the data collected when you are using our Services. They have been appointed as data processors by the Data Controller pursuant to Article 28 of the Regulation:

• Hetzner Online GmbH being hosting infrastructure provider;
• Strato AG being infrastructure service provider;
• MailGun being email communication service provider;
• Stripe being payment service provider.

Transfer to third parties:

In case of whole or partial reorganization or transfer of OneOffTech’s activities, whereby OneOffTech reorganizes, transfers, ceases her business activity or in case of bankruptcy of OneOffTech, your personal data may be transferred to new entities or third parties.

OneOffTech will use reasonable endeavours to inform you in advance of the fact that OneOffTech transfers your personal data to a third party. However you are aware that this is not always technically or commercially possible under all circumstances.

OneOffTech will not sell, rent, distribute your personal data nor place them at disposal of third parties, except in the situations provided for in this privacy policy or in case you have given your explicit, prior consent.

Duration of data retention

We will store and process your personal data for a period that is necessary for the purpose of the processing as well as depending on the contractual relationship between OneOffTech and you.

For the creation of a trial account and the upgrade to a payment account your data will be stored as long as your OneOffTech/K-Box.net account is activated. Invoices and payment transaction may be retained for 5 years after the conclusion of the service to comply with the German regulation.

In case you have subscribed to our newsletter, we will store your data as long as you have not unsubscribed.

Data subject’s rights

You (formally the “Data Subject”) have the right to obtain from the Data Controller, where appropriate, access to your personal data as well as rectification or erasure of such data or the restriction of the processing concerning you, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). In particular, at any time you may exercise your rights:

• to obtain confirmation of the data processing performed by the Data Controller,
• to access to personal data,
• to obtain correction or deletion of the data or limitation of the processing that are the same,
• to object to processing (unless there is a legitimate reason prevailing compared to the one that gave rise to his request);
• to receive the personal data concerning you (data portability)

You can exercise your rights by contacting us, either by email privacy@oneofftech.xyz by using the “Contact us” section on the Website, provided that you add a copy of your ID card.

Data security

Protecting your personal data is especially important to us. We use technical and organizational security measures to ensure that your data is protected against intentional and unintentional manipulation, deletion and unauthorized access. These measures are updated in line with technological developments and adjusted on an ongoing basis to account for risks. The servers containing your data are stored and managed in data centers in Germany.

OneOffTech shall not be liable in any way for direct or indirect damages caused by a wrongful or improper use of the personal data by a third party.

At any time you must comply with the safety standards, for instance by avoiding all non-authorised access to your login and password. You are solely responsible for the use of your OneOffTech/K-Box.net account, IP-address and identification data, as well as for the confidentiality.

Law enforcement

The data controller believes that law enforcement should be able to conduct effective and efficient investigations, but not at the expense of the users' rights. The data controller will review and respond to properly served requests for user information in accordance with its privacy policy, terms of service, and applicable law.

The data controller reserves the right to object to requests that are improperly served, overly broad, or vague. The data controller will notify its users of requests for their information unless legally prohibited.

Changes to this Privacy Policy

We reserve the right to make changes to this privacy policy at any time by giving notice to its users on this page. All users will be notified email. Still, it is strongly recommended to check this page often, referring to the date of the last modification stated below.

last modified: September 16, 2019.

Effective Date

This Privacy Policy became effective on: September 16, 2019.

Cookies

What is a cookie?

A “cookie” is a small text file that is sent from the server of OneOffTech and is stored on your computer’s hard drive. This way we can remember your preferences when visiting our Website and application. The information stored through these cookies can only be read by OneOffTech and only for the duration of your visit to the Website and application.

Why do we use cookies?

Our website and application uses Cookies and similar technologies to distinguish your preferences from those of the other users of our Website and application. This allows us to offer you a better experience and to optimize your visit to our website and application.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

Your permission

When you visit our website and application for the first time, you will be asked to accept our different kinds of cookies. For each category you may accept or deny cookies.

You can block Cookies by activating your browser settings which allows you to deny the cookies. The refusal of these cookies may lead to the effect of not being able to use some functionalities of the Website.

In case you have any more questions or remarks regarding the processing of your personal data, you may contact us by email privacy@oneofftech.xyz or by using the support section on the Website.

Change or block cookie preferences

You can always adjust your browser settings if you choose to refuse the setting of our cookies. However, keep in mind that we can’t guarantee an optimal service of on the Website and within the application. Please find below some documentation of the cookie settings of a few frequently used browsers.

• Cookie settings within Google Chrome
• Cookie settings within Apple’s Safari
• Cookie settings within Mozilla Firefox
• Cookie settings within Opera

Third party

For cookies set by third parties (such as Youtube), we kindly refer you to the statements set forth by these parties on their respective websites. Please bear in mind that we do not have any influence on the content of these statements nor on the content of the cookies of third party services.