GDPR and Cryptshare
- Cryptshare for Outlook
- Cryptshare for Notes
- Cryptshare Robot
- Cryptshare Java API
- Cryptshare .NET API
In order to inform recipients of a transfer the name, phone number and email address of the sender are collected when the sender performs a verification. This information is stored on the client computer of the sender. In addition, this information is used in email notifications to all recipients of a transfer. The email address of the sender as well as the IP address of the sender at the time of an upload are stored in the server-side system-log and transfer-log for each upload being made. When using sender identification via eID, unique personal information received from an eID provider is recorded at the time of sender identification. This information is stored in a database on the server. These pieces of information are displayed to recipients when the transfer is retrieved to verify the sender's identity. In the email notification of all recipients, the name received from the ID provider is used. For further details what data is stored in the database for which eID provider, please consult the respective section of the chapter Electronic Identity (eID).
Email addresses of all recipients as well as their IP addresses at the time of a download are stored in the system-log and transfer-log for each download being made. The recipient email addresses typed in by a sender in the user interface are stored on server-side in a database. Recipient information for identifying recipients via eID, entered by the sender in the Web App, is stored in the database on the server. This information is used for the identification process on recipient side.
Why is personal data processed?
Cryptshare is a communication solution based on email communication. In order to provide a comfortable way to communicate with each other, this minimum amount of personal information is stored:
- The name and phone number of a sender is stored on client-side so the user does not have to re-enter this information with every use of the system.
- Sender contact details are provided to the recipient to inform them where the information comes from and how to contact the sender.
- Email addresses for senders and recipients are stored on server-side as a technical prerequisite (Meta-Information of a Transfer).
- IP addresses for senders and recipients are stored on server-side for audit trail and troubleshooting purposes.
- Email addresses of recipients are stored in a server-side database in order to provide senders a comfortable way of selecting addresses previously used.
- Sender information received via eID providers is stored on the server for the sender's proof of identity for the recipient.
Further details can be found in the section 'Sender Identification' in the chapter Electronic Identity (eID).
- When using the security mode 'Electronic Identity' the sender must provide personal information about the recipient as a technical prerequisite, so recipients can access the transfer by identifying themselves via eID.
This information is stored so that the sender doesn't need to enter it manually the next time he sends an eID transfer to the same recipient(s). Further details can be found in the section 'Recipient Identification' in the chapter Electronic Identity (eID) .
|Cryptshare Web App||Sender Name||Browser Cookie Email Notification||Verification||Contact detail for recipients|
|Cryptshare Web App||Sender Phone||Browser Cookie Email Notification||Verification||Contact detail for recipients|
|Cryptshare Web App||Sender Email||Browser Cookie Email Notification Transfer Log System Log||Verification||Communication pre-requisite|
|Cryptshare Web App||Sender IP||Transfer Log System Log||Transfer Upload||Audit trail Troubleshooting|
|Cryptshare Web App||Name of the Sender from the eID Profile||Email Notification Recipient Download Screen||eID Sender Identification||Proof of the senders identity for recipients|
|Cryptshare Web App||Personal unique information about the sender (i.e. Personal Identity Number for Bank ID Sweden)||Recipient Download Screen||eID Sender Identification||Proof of the senders identity for recipients|
|Cryptshare Web App||Recipient Email||Email Notification Transfer Log System Log||Transfer Upload||Sender address book Communication pre-requisite|
|Cryptshare Web App||Recipient IP||Transfer Log System Log||Transfer Download||Audit-Trail Troubleshooting|
|Cryptshare Web App||Personal unique information about the recipient (i.e. Personal Identity Number for Bank ID Sweden)||'eID Details Screen' when sending a transfer||eID Details||Communication pre-requisite|
|Cryptshare for Outlook||Sender Name||Outlook Email Notification Trace-Log||Client Setup||Contact detail for recipients|
|Cryptshare for Outlook||Sender Phone||Outlook Email Notification||Client Setup||Contact detail for recipients|
|Cryptshare for Outlook||Sender Email||Outlook Email Notification Trace Log||Client Setup||Communication pre-requisite|
|Cryptshare for Outlook||Recipient Email||Outlook Email Notification Trace Log||Transfer Upload||Communication Pre-Requisite|
|Cryptshare for Notes||Sender Name||Email Notification Log Application||Transfer Upload||Contact detail for recipients Audit trail Troubleshooting|
|Cryptshare for Notes||Sender Phone||Email Notification Log Application||Transfer Upload||Contact detail for recipients|
|Cryptshare for Notes||Sender Email||Email Notification Log Application||Transfer Upload||Communication pre-requisite|
|Cryptshare for Notes||Recipient Email||Email Notification Log Application||Transfer Upload||Communication pre-requisite|
For a better overview of the above table, you can also Datei:22118577.xlsx.
How long is personal data kept?
Name and Phone Number
Web User Interface
Name and phone number of a sender are stored in Browser Cookies. These cookies are deleted automatically depending on what was configured by the administrator. By default Cryptshare Cookies will be removed after 30 days. Besides from the automatic deletion of a browser cookie, the user can delete these cookies manually at any time by either using the built-in function for deleting cookies in the browser, or by using the deletion function in the Cryptshare User Interface: Email addresses of recipients the addressed by the sender are stored in a server-side database. This address book stores a maximum amount of addresses per sender. If the maximum is exceeded the addresses which have not been used for the longest time will be removed automatically. Unique personal sender information received via eID providers is stored in a server-side database. When using automated deletion of expired transfers, this information is also deleted after the configured time has passed. Further details can be found in the section 'Sender Identification' in the chapter Electronic Identity (eID). Unique personal data of recipients used for the identification process via eID provider is stored in a server-side database. Further details can be found in the section 'Recipient Identification' in the chapter Electronic Identity (eID).
All add-on products store personal information in a local configuration file on client-side. When this file is deleted or the product is uninstalled this information is deleted as well.
All email addresses and IP addresses are stored in the Cryptshare System Log and as meta-information as part of a Cryptshare Transfer. The retention period for transfer-log data depends on administrative settings.
Deletion of personal data
In the administration interface of the Cryptshare server, administrators have the option to delete personal data of individual users of the Cryptshare application. As a user of the Cryptshare application, please contact your server administrator.
Product Configuration Recommendations
- Activate the automated deletion of expired transfers.
- Control the verification settings in order to configure when user verifications will be removed.
Check if trace-logging is active and deactivate it if not required at the moment (Required for Cryptshare Support)
Activate the automated deletion of log documents in the CS4N Log Application.