Privacy Policy of mailto.wiki – Email for Confluence (Data Center)

We are very delighted that you have shown interest in our product “mailto.wiki – Email for Confluence” and our enterprise. Data protection is of a particularly high priority for the management of Winter und Gellweiler – Software Engineering GbR, also known as CraftCoders (hereinafter referred to as “we” or “CraftCoders”).

This document only applies to the Data Center version of the “mailto.wiki – Send Emails to Confluence” app. For the cloud version, please read: Privacy Policy of mailto.wiki – Email for Confluence (Cloud).

The processing of personal data, such as the name, address, email address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to CraftCoders. Through this privacy policy, we aim to inform data subjects about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed about the rights to which they are entitled.

Our data privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Terms used in this privacy policy shall have the meaning as defined in the GDPR.

As the controller, CraftCoders has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed. However, internet-based data transmissions may have security gaps, so absolute protection cannot be guaranteed.

1. Name and Address of the Controller and the Data Protection Officer

Controller for the purposes of the GDPR, other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:

Winter und Gellweiler – Software Engineering GbR
Alter Schlachthof 39 D2
76131 Karlsruhe
Germany

Phone: +49 721 95944575
Email: mail@mailto.wiki

Our data protection officer is available at:

Jan Hendrik Winter
Alter Schlachthof 39 D2
76131 Karlsruhe
Germany

Phone: +49 721 95944575
Email: dpo@mailto.wiki

2. Where We Store Your Data and How We Process It

If you acquire a license for our product “mailto.wiki – Email for Confluence,” Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia (hereinafter referred to as “Atlassian”) will provide us with transaction details. These transaction details will be stored and processed by us. If Atlassian processes data on its own behalf, Atlassian acts as the controller. Further information about the privacy policy of Atlassian can be accessed here: Atlassian Privacy Policy.

If you install our plugin “mailto.wiki – Email for Confluence” in your Confluence Data Center instance, all data will be stored on your Confluence instance. Our engineers and employees do not have access to it. The configuration (including access data to your mail server) is stored in the Confluence database. All emails processed by the plugin are stored in your Confluence instance. You are in control of all your data.

The plugin supports several protocols for accessing email inboxes (POP3, IMAP, POP3s, and IMAPs). Please note that your login data and emails are only protected against unauthorized access by transport authentication (TLS/SSL) during transmission from your mail provider to your Confluence instance. We strongly advise you to use IMAPs or POP3s whenever possible. We highlight this issue on the configuration page and recommend the use of IMAPs and POP3s over IMAP and POP3.

The content of emails and other sensitive information can be logged by our plugin in your server logs. These logs are stored in your Confluence instance. It is your responsibility to regularly delete these logs and ensure they are protected from unauthorized access.

We do not communicate with external services other than the email provider you have configured. All processing takes place on your Confluence instance.

3. Legal Basis for the Processing

Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

If we are subject to a legal obligation requiring the processing of personal data, such as fulfilling tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.

Finally, processing operations could be based on Article 6 para. 1 lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, which require protection of personal data.

4. Period for Which the Personal Data Will Be Stored

We store your personal data only as long as necessary to fulfill the processing purposes or, in the case of consent, as long as you have not withdrawn your consent. In the event of an objection, we will erase your personal data unless its further processing is permitted under the relevant legal provisions or your personal data is no longer identifiable as we have already anonymized it. We also erase your personal data if we are legally obliged country-specific data protection regulations applicable to CraftCoders. By means of this privacy policy, our enterprise aims to inform Data Subjects about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, Data Subjects are informed of the rights to which they are entitled.

Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Terms used in this privacy policy shall have the meanings defined in the GDPR.

As the controller, CraftCoders has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed. However, internet-based data transmissions may inherently have security gaps, so absolute protection cannot be guaranteed.

1. Name and Address of the Controller and Data Protection Officer

Controller for the purposes of the GDPR, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Winter und Gellweiler – Software Engineering GbR
Alter Schlachthof 39 D2
76131 Karlsruhe
Germany

Phone: +49 721 95944575
Email: mail@mailto.wiki

Our data protection officer is:

Jan Hendrik Winter
Alter Schlachthof 39 D2
76131 Karlsruhe
Germany
Phone: +49 721 95944575
Email: dpo@mailto.wiki

2. Where We Store Your Data and How We Process It

If you acquire a license for our product “mailto.wiki – Email for Confluence,” Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia (hereinafter referred to as “Atlassian”), will provide us with transaction details. These transaction details will be stored and processed by us. If Atlassian processes data on its own behalf, Atlassian acts as the controller. Further information about Atlassian’s privacy policy can be accessed here: https://www.atlassian.com/legal/privacy-policy.

If you install our plugin “mailto.wiki – Email for Confluence” in your Confluence Data Center instance, all data will be stored on your Confluence instance. Our engineers and employees have no access to it. The configuration (including the access data to your mail server) is stored in the Confluence database. All emails processed by the plugin are stored in your Confluence instance. You are in control of all your data.

The plugin supports several protocols for accessing email inboxes (POP3, IMAP, POP3s, and IMAPs). Please note that your login data and emails are only protected against unauthorized access by transport authentication (TLS/SSL) during transmission from your mail provider to your Confluence instance. We therefore strongly advise using IMAPs or POP3s whenever possible. We highlight this on the configuration page and recommend the use of IMAPs and POP3s over IMAP and POP3.

The content of emails and other sensitive information can be recorded by our plugin in your server logs. These logs are stored in your Confluence instance. It is your responsibility to delete these logs regularly and ensure that they are protected from unauthorized access.

We do not communicate with external services other than the email provider you have configured. All processing takes place on your Confluence instance.

3. Legal Basis for the Processing

Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 para. 1 lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example, in the case of inquiries concerning our products or services.

If we are subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or another third party. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.

Finally, processing operations could be based on Article 6 para. 1 lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds if processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

4. Period for Which the Personal Data Will Be Stored

We store your personal data only as long as it is necessary for the fulfillment of the processing purposes or – in the case of consent – as long as you have not withdrawn your consent. In the event of an objection, we will erase your personal data unless its further processing is permitted under the relevant legal provisions or your personal data is no longer identifiable because we have already anonymized it. We also erase your personal data if we are legally required to do so. If and as long as there are legal storage obligations, we will only erase the personal data after the relevant periods have expired.

5. Automated Decision-Making

We do not use automatic decision-making or profiling.

6. Your Rights as a Data Subject

As a data subject, you have numerous rights under the GDPR. In detail, these are:

  • Right of access: You have the right to obtain information about the personal data we have stored about you.
  • Right to rectification and erasure: You can request that we correct incorrect personal data and erase your personal data.
  • Restriction of processing: You can request that we restrict the processing of your personal data.
  • Data portability: If you have provided us with personal data on the basis of a contract or consent, you may request that we send you the personal data you have provided in a structured, common, and machine-readable format or that we transfer it to another controller.
  • Right to object to data processing on the legal basis of “legitimate interest”: You have the right to object to our processing of your personal data at any time with future effect on grounds relating to your particular situation, insofar as this is based on the legal basis of “legitimate interest.” If you exercise your right to object, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for further processing that override your rights. However, if you object to such processing of personal data, you will not be able to use our services anymore (which may also have an effect on your contractual relationship with your employer or corporate partner).
  • Withdrawal of consent: If you have given us consent to process your personal data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the withdrawal remains unaffected.
  • Right to lodge a complaint with a supervisory authority: You can also lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data violates applicable law. To do this, you can, e.g., contact the data protection authority competent for your place of residence or the data protection authority competent for us in Baden-Württemberg:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Königstraße 10a, 70173 Stuttgart;

    Phone: +49 (0) 711 / 615541-0

    Fax: +49 (0) 711 / 615541-15

    Email: poststelle@lfdi.bwl.de.

Exercising any of your rights mentioned above is subject to legal prerequisites, and in certain circumstances, your rights may be limited due to legal exceptions set out, in particular, in Art. 17 para. 3 and 22 para. 2 GDPR. If you have any questions on the processing of your personal data, your data subject rights, and any consent you may have given, you can contact us free of charge. Should you have any questions relating to your rights or their limitations, please feel free to contact any of our employees.

7. Changes to This Privacy Policy

From time to time, it may be necessary to amend the content of this privacy notice. We therefore reserve the right to change it at any time. We will also publish the amended version of the privacy notice. The current version of our privacy notice applies at the time of your use of our services.

Version: 2; Date: 01.07.2024