GDPR and Cryptshare

Aus Cryptshare Documentation
Version vom 9. März 2022, 14:03 Uhr von Maintenance script (Diskussion | Beiträge) (Edited by replacement maintenance script.)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche

General

This page describes how and why personal data is processed in Cryptshare. You can use this information to create a Privacy Policy for your Cryptshare system. The descriptions apply to all Cryptshare Products. If the information differs in detail for any Cryptshare add-on products this will be pointed out explicitly. Add-on Products include the following list of products:

  • Cryptshare for Outlook
  • Cryptshare for Notes
  • Cryptshare Robot
  • Cryptshare Java API
  • Cryptshare .NET API

What personal data is processed in Cryptshare?

Sender Data

In order to inform recipients of a transfer the name, phone number and email address of the sender are collected when the sender performs a verification. This information is stored on the client computer of the sender. In addition, this information is used in email notifications to all recipients of a transfer. The email address of the sender as well as the IP address of the sender at the time of an upload are stored in the server-side system-log and transfer-log for each upload being made. When using sender identification via eID, unique personal information received from an eID provider is recorded at the time of sender identification. This information is stored in a database on the server. These pieces of information are displayed to recipients when the transfer is retrieved to verify the sender's identity. In the email notification of all recipients, the name received from the ID provider is used. For further details what data is stored in the database for which eID provider, please consult the respective section of the chapter Electronic Identity (eID).

Recipient Data

Email addresses of all recipients as well as their IP addresses at the time of a download are stored in the system-log and transfer-log for each download being made. The recipient email addresses typed in by a sender in the user interface are stored on server-side in a database. Recipient information for identifying recipients via eID, entered by the sender in the Web App, is stored in the database on the server. This information is used for the identification process on recipient side.

Why is personal data processed?

Cryptshare is a communication solution based on email communication. In order to provide a comfortable way to communicate with each other, this minimum amount of personal information is stored:

  • The name and phone number of a sender is stored on client-side so the user does not have to re-enter this information with every use of the system.
  • Sender contact details are provided to the recipient to inform them where the information comes from and how to contact the sender.
  • Email addresses for senders and recipients are stored on server-side as a technical prerequisite (Meta-Information of a Transfer).
  • IP addresses for senders and recipients are stored on server-side for audit trail and troubleshooting purposes.
  • Email addresses of recipients are stored in a server-side database in order to provide senders a comfortable way of selecting addresses previously used.
  • Sender information received via eID providers is stored on the server for the sender's proof of identity for the recipient.

Further details can be found in the section 'Sender Identification' in the chapter Electronic Identity (eID).

  • When using the security mode 'Electronic Identity' the sender must provide personal information about the recipient as a technical prerequisite, so recipients can access the transfer by identifying themselves via eID.

This information is stored so that the sender doesn't need to enter it manually the next time he sends an eID transfer to the same recipient(s). Further details can be found in the section 'Recipient Identification' in the chapter Electronic Identity (eID) .

Product What Where When Why
Cryptshare Web App Sender Name Browser Cookie Email Notification Verification Contact detail for recipients
Cryptshare Web App Sender Phone Browser Cookie Email Notification Verification Contact detail for recipients
Cryptshare Web App Sender Email Browser Cookie Email Notification Transfer Log System Log Verification Communication pre-requisite
Cryptshare Web App Sender IP Transfer Log System Log Transfer Upload Audit trail Troubleshooting
Cryptshare Web App Name of the Sender from the eID Profile Email Notification Recipient Download Screen eID Sender Identification Proof of the senders identity for recipients
Cryptshare Web App Personal unique information about the sender (i.e. Personal Identity Number for Bank ID Sweden) Recipient Download Screen eID Sender Identification Proof of the senders identity for recipients
Cryptshare Web App Recipient Email Email Notification Transfer Log System Log Transfer Upload Sender address book Communication pre-requisite
Cryptshare Web App Recipient IP Transfer Log System Log Transfer Download Audit-Trail Troubleshooting
Cryptshare Web App Personal unique information about the recipient (i.e. Personal Identity Number for Bank ID Sweden) 'eID Details Screen' when sending a transfer eID Details Communication pre-requisite
Cryptshare for Outlook Sender Name Outlook Email Notification Trace-Log Client Setup Contact detail for recipients
Cryptshare for Outlook Sender Phone Outlook Email Notification Client Setup Contact detail for recipients
Cryptshare for Outlook Sender Email Outlook Email Notification Trace Log Client Setup Communication pre-requisite
Cryptshare for Outlook Recipient Email Outlook Email Notification Trace Log Transfer Upload Communication Pre-Requisite
Cryptshare for Notes Sender Name Email Notification Log Application Transfer Upload Contact detail for recipients Audit trail Troubleshooting
Cryptshare for Notes Sender Phone Email Notification Log Application Transfer Upload Contact detail for recipients
Cryptshare for Notes Sender Email Email Notification Log Application Transfer Upload Communication pre-requisite
Cryptshare for Notes Recipient Email Email Notification Log Application Transfer Upload Communication pre-requisite

For a better overview of the above table, you can also Datei:22118577.xlsx.

How long is personal data kept?

Name and Phone Number

Web User Interface

Name and phone number of a sender are stored in Browser Cookies. These cookies are deleted automatically depending on what was configured by the administrator. By default Cryptshare Cookies will be removed after 30 days. Besides from the automatic deletion of a browser cookie, the user can delete these cookies manually at any time by either using the built-in function for deleting cookies in the browser, or by using the deletion function in the Cryptshare User Interface: 18944635.png Email addresses of recipients the addressed by the sender are stored in a server-side database. This address book stores a maximum amount of addresses per sender. If the maximum is exceeded the addresses which have not been used for the longest time will be removed automatically. Unique personal sender information received via eID providers is stored in a server-side database. When using automated deletion of expired transfers, this information is also deleted after the configured time has passed. Further details can be found in the section 'Sender Identification' in the chapter Electronic Identity (eID). Unique personal data of recipients used for the identification process via eID provider is stored in a server-side database. Further details can be found in the section 'Recipient Identification' in the chapter Electronic Identity (eID).

Add-On Products

All add-on products store personal information in a local configuration file on client-side. When this file is deleted or the product is uninstalled this information is deleted as well.

Server-Side Logging

Email/IP Addresses

All email addresses and IP addresses are stored in the Cryptshare System Log and as meta-information as part of a Cryptshare Transfer. The retention period for transfer-log data depends on administrative settings.

Selective deletion of specific email addresses is not possible as this information is part of the transfer meta-information.

Deletion of personal data

In the administration interface of the Cryptshare server, administrators have the option to delete personal data of individual users of the Cryptshare application. As a user of the Cryptshare application, please contact your server administrator.

Product Configuration Recommendations

Cryptshare Server

CS4O

Check if trace-logging is active and deactivate it if not required at the moment (Required for Cryptshare Support)

Cryptshare for Notes

Activate the automated deletion of log documents in the CS4N Log Application.