Who can I contact?
Filen Cloud Dienste UG (haftungsbeschränkt)
Breite Str. 27
Phone: +49 02361 8491926
We are also GDPR compliant. The company's designated representative in the European Union (in particular for the purposes of Article 27 GDPR) is Filen Cloud Dienste UG (haftungsbeschränkt), Breite Str. 45657 Recklinghausen, Germany.
We secure all data on servers hosted in Germany. No data is stored by us in third countries, except in the cases mentioned below by payment providers (payment).
When you upload a file, it is already encrypted on your device, so we do not know if it belongs to you or another person, if it refers to a company or other organization, or what it contains. We also create and store encrypted thumbnails of images, videos, and certain other file types. We collect a small amount of metadata about the file type, but it does not reveal anything about the content or information the file contains.
We collect your files because we need them to provide our encrypted cloud storage and collaboration services, which you have contracted for by agreeing to our terms.
All your files remain encrypted at all times while they are on our system. They will never be received, stored or otherwise processed by us in unencrypted form, as decryption will only occur on your device or that of another user to whom you have provided the file/folder links and keys that are created when you grant them access.
We will retain your files for as long as you are subscribed to our Services, but subject to our rights to suspend and terminate as set forth in our Terms of Service. You must keep copies/backups of your files. We do not guarantee that there will be no data loss or that the Services will be error-free.
You should download your files before you stop using our Services.
If you forget your password, you will lose access to all your files unless you have exported a recovery key. (https://drive.filen.io/#/account/security "Export master keys").
What are my rights?
If you have any questions about your data protection rights or would like to exercise any of the following rights, you can contact us at any time:
Storage period and deletion of data
Unless otherwise specified, we delete data upon your notification or when the data is no longer needed for contractual purposes (no ongoing subscription, except for lifetime options) (e.g. e-mail address upon deletion of a user account). Your data will also be deleted after the legal retention periods have expired, unless, there is a need for further storage for the conclusion or fulfillment of a contract. For legal reasons, we may have to keep certain data longer. You can, of course, request information about stored data at any time.
Data Up and Download
Filen offers the ability to upload and store text files, documents, images, videos and other digital content to or from our servers via AES 256-bit end-to-end encryption. Strict internal privacy processes and security requirements govern and ensure that this digital content is not accessible to anyone (AES 256-bit end-to-end encryption allows only the account owner to see the data, as it is not readable or accessible to us). We never share this (encrypted) content with third parties unless required by applicable German law.
Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. not having to log in again after each session restart). Other cookies are used to evaluate user behavior (in our case with Plausible Analytics) or to display advertising, if necessary.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g., as mentioned above, not having to log in again and again on our website https://filen.io/) or to optimize the website (e.g., cookies for measuring the web audience and processing by Plausile Analytics, which is self-hosted in Germany) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing will be based solely on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time (simply delete the cookies for https://filen.io in the browser settings and reload the page and select your preference again).
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.
If you have not submitted any personal data to Filen (https://filen.io) (e.g. for an optional invoice for purchased subscriptions), it is not possible for anyone to obtain such information. Only by law or by a court order could a conditional revocation of your anonymity be enforced. In such a case, we will have to transfer the payment process for the concerned Filen user account to the legitimate authority authorized by law.
If we become aware of any misuse of our service ((https://filen.io )(Filen) (Filen Cloud Dienste UG)), we will actively contribute to the investigation. (e.g. the distribution of illegal content under German and European law, or protected content that is protected by copyright and we accordingly receive a request from the rightful owner or authority).
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.
PayPal also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or a data transfer there, PayPal uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
If you choose a payment method offered via the payment service provider "Stripe", the payment processing will be carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information on the data protection of "Stripe" at the following Internet address: https://stripe.com/de/privacy#translation.
Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively according to our instructions and has been contractually obligated within the meaning of Art. 28 GDPR to comply with the provisions of data protection law.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
For more information on opt-out and redress options against Stripe, please visit: https://stripe.com/privacy-center/legal
We use the payment provider Coinbase on our website. The service provider is the American company Coinbase Inc. The Irish company Coinbase Europe Limited (70 Sir John Rogerson's Quay, Dublin D02 R296, Ireland) is responsible.
Coinbase also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Coinbase uses so-called standard contractual clauses (e Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Coinbase undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission.
You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We use the web analytics service "Plausible Analytics" to continuously optimize our offer, both technically and in terms of content. Plausible is a trademark of Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, Registration number 14709274, hereinafter referred to as "Plausible". Plausible Insights OÜ is fully compliant with the GDPR.
Plausible takes a particularly privacy-friendly approach to analyzing your visit. Plausible collects the following information, among others, for this purpose: Date and time of your visit, title and URL of the pages visited, incoming links, the country you are in and the user agent of your browser software. Plausible does not use or store "cookies" on your terminal device. All personal data (e.g. your IP address) is stored completely anonymously in the form of a so-called hash. A hash is an encryption of data that is not reversible, i.e. cannot be "decrypted". In this way, we can analyze your visit without storing personal data in a form that would be readable by us, Plausible or third parties.
Plausible Analytics is hosted by ourselves (Filen Cloud Dienste UG) in Germany.
To make transparent what data we collect, you can take a look at the full statistics of this page yourself: https://plausible.io/wemake.de.
You can find more information about the technical implementation here: https://plausible.io/privacy-focused-web-analytics.
You can find more information about data protection at Plausible at https://plausible.io/data-policy.
The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR.
We use Sentry, an error management tool, for our website. The service provider is the American company Sentry Inc, San Francisco, 132 Hawthorne St, San Francisco, USA.
Sentry also processes data from you in the USA, among other things. We would like to point out that, according to the ruling of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.
Data processing associated.
As a basis for data processing with recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Sentry uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred and stored in third countries (such as the USA). With these clauses, Sentry commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. The decision and the corresponding standard contractual clauses can be found here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing addendum corresponding to the standard contractual clauses can be found at https://sentry.io/legal/dpa/.
Disclosure for civil or criminal enforcement purposes
If we deem it necessary or we are required by law in any jurisdiction to do so, we may disclose your files, account information, and usage information to the appropriate authorities, even if those items are encrypted. We reserve the right to assist law enforcement authorities in any investigation, including disclosing information to them or their agents. We also reserve the right to comply with any legal process, including, but not limited to, data breach notification procedures, subpoenas, search warrants, and court orders initiated by law enforcement agencies or other third parties.
Communication & Messages
In rare cases, a person may receive an email from us asking them to confirm their new Filen Account email address, but in fact they did not try to create an account at all - someone else started the process and used their email address either maliciously or by mistake. In these cases, we ((Filen)(https://filen.io)) have a volatile/incomplete account that can be used to upload files. Upon request and proof of ownership of the email address, we will delete and or re-enable the account.
Where applicable, some of these communications will contain unsubscribe information so that you can opt out of receiving further emails. We will honor any request to unsubscribe from emails (except those we need to send for billing, security or service updates).
Online job applications / publication of job advertisements
We offer you the opportunity to apply to us via our website. For these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.
The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with. Art. 88 para. 1 GDPR.
If an employment contract is concluded after the application process, we will store the data you provided during the application in your personnel file for the purpose of the usual organizational and administrative process - this, of course, in compliance with the more extensive legal obligations.
The legal basis for this processing is also Section 26 (1) sentence 1 BDSG in conjunction with. Art. 88 para. 1 GDPR.
If an application is rejected, we automatically delete the data provided to us two months after notification of the rejection. However, the deletion does not take place if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the obligation to provide evidence according to the AGG.
In this case, the legal basis is Art. 6 Para. 1 lit. f) GDPR and § 24 Para. 1 No. 2 BDSG. Our legitimate interest lies in the legal defense or enforcement.
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be further processed based on your consent. The legal basis is then Art. 6 para. 1 lit. a) GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) GDPR by declaration to us with effect for the future.
No commercial sale of data
Ready to take back your privacy?
Copyright © 2023, Filen Cloud Dienste UG