Privacy at a glance

1. General information and mandatory information

The following information gives a simple oversight about what happens to your personal data when you are visiting our website. Personal data imply all data with which you can be personally identified. More detailed information about the topic privacy, can be found in the privacy statement below.

Data collection on our website

Who is responsible for the data collection on this website?

The data processing of this website is performed by the website operator, STRATO-AG, Pascalstraße 10, 10587 Berlin. We concluded an agreement with the provider of this website, the STRATO AG, for the order processing.

How do we collect your data?

One way of how your data are collected, is you communicating them with us. For example, this could be data that you fill in a contact form.

Other data are collected automatically by our IT-system when you are visiting the website. These are mostly technical data (e.g. internet browser, operating system or the time of page retrieval). The collection of these data is done automatically as soon as you are visiting our website.

What are we using your data for?

Some part of your data is collected to ensure the correct provision of the website. Other data can be used to analyze your user behavior.

What rights do you have concerning your data?

You have the right to receive information about the heritage, the recipient and the purpose of your saved personal data at any given time. Moreover, you have the right to demand the correction, blocking or deletion of these data. For this purpose or for any other questions concerning privacy, you can contact us anytime using the address provided under: responsible person for privacy. Furthermore, you are entitled to a right of appeal at the supervisory authority in charge.

Analysis-tools and tools of third-party providers

During your visit on our website, your surfing behavior can be statically analyzed. This happens most of all with the use of cookies and with so called analysis programs. The analysis of your surfing behavior usually happens anonymously and therefore cannot be tracked back to you. You can veto this analysis or prevent it by not using certain tools. For more details about this topic, please read the section titled “third-party modules and analysis-tools”.

You can veto this analysis. We will inform you about all objection possibilities in this privacy statement.


As conpal is a provider of products and solutions concerning IT-security, privacy is of great importance to us. As operators of these pages, we are taking the protection of your personal data very seriously. We treat your personal data confidential and according to the legal data protection regulations as well as this privacy statement.

Information about the responsible authority

The authority responsible for the data processing of this website is:

conpal GmbH
Dornhofstr. 67-69
63263 Neu-Isenburg

Phone: +49 (0) 6102 / 75 198-0

Fax: +49 (0) 6102 / 75 198-99

Email: conpal GmbH

The responsible authority is the natural or legal person who, alone or jointly with others, decides about the purpose and instruments of the processing of personal data (e.g. name, email address etc.).

Many procedures in the data processing are only possible with an explicit consent. You can revoke your already given consent at any time. For this purpose, an informal message to us via email is enough. The legality of the data processing until the revocation remains untouched by the revocation.

Right to complaint with the supervisory authority responsible

In the case of data protection violations, the party concerned has the right to file a complaint with the supervisory authority responsible. The supervisory authority responsible in questions concerning data protection is the federal commissioner for data protection of Hesse:

The hessian commissioner for data protection:

Prof. Dr. Alexander Roßnagel
Postfach 31 63
65021 Wiesbaden

Gustav-Stresemann-Ring 1, 2. OG
65189 Wiesbaden

Phone: +49 (0)6 11 140 8-0
Telefax: +49 (0)6 11 140 8-900


Right to data portability

You have the right to receive all data that we are processing automatically based on your consent or in fulfillment of a contract, in a common machine-readable format. You can also have these data handed to a third party. If you wish to have the data directly transferred to another responsible person, the transmission can only take place insofar as the technical possibilities allow it.

SSL- or TLS- encryption

For security reasons and to ensure a protected transmission of personal contents (e.g. orders or requests that you are sending to us as page operators) this page is using an SSL- or rather TLS-encryption. You can recognize an encrypted connection anytime there is a change from “http://” to “https://” in the browser address bar or by the lock-symbol in the browser line.

When SSL- or rather TLS-encryption is activated, the data that you are transmitting to us cannot be read by third parties.

Disclosure, blocking and deletion

Within the framework of existing legislation, you have the right to a free disclosure about your saved personal data, as well as their heritage, the recipient and the purpose of the data processing at any given time. If necessary, you also have the right to have these data blocked or deleted. For this purpose or for other questions about the topic of personal data, you can contact us using the address provided in the imprint.

Objection to advertising emails

We hereby object to the submission of not explicitly requested advertisement and information material using the contact data published within our obligation to provide an imprint or other legal obligations. The operators of the pages reserve the right to take legal measures in the case of receiving unsolicited advertisement, for example through spam emails.

2. Data collection on our website

Server log files

When retrieving our website information is automatically being sent to the STRATO-AG through the browser in use on your device. These information are temporarily stored in a so-called server-logfile. Following information are collected without your involvement and are being saved until an automated deletion:

  • IP-address of the requesting computer
    Date and time of the retrieval
    Name and URL of the retrieved file
    Website from which the access takes place (Referrer-URL)
    Used browser and if necessary the operating system of your computer as well as the name of your access-provider

The mentioned data are used for the following purposes:

  • To assure a smooth connection establishment of the website
    To assure a comfortable use of our website
    To analyze the system security and stability as well as
    For other administrative purposes

The legal basis for the data processing is article. 6(1) p. 1 lit. f GDPR (data protection act). Our entitled interest in data collection lies only in the purposes listed above. On no account are we using the collected data to draw any conclusions about your person.

An aggregation of these data with other sources of data is not performed.

We are using cookies during the visit of our website. We are using the analysis service of STRATO AG. More information about this topic can be found under point 4 and 5 of this privacy statement.

Registered user on this website

When you purchase an article with maintenance from us, you are receiving access to our support area. Your username and password are sent to you. With these, you are able to use additional features on our page that concern the product you have purchased. The data entered and transmitted for this, are only being used for the purpose of the offer or service that you have registered for or bought.

For important changes such as the range of our services or in the case of technically necessary changes, we will use the email address you have provided with the registration to inform you.

The processing of the data entered in the registration process happens on the basis of your contract of sale (article. 6(1) lit. b GDPR).

The data collected during registration are being saved by us as long as you stay registered on our website and will be deleted subsequently. Legal retention periods remain untouched.

3. Transmission of data

A transmission of your personal data to third-parties for any other purposes than the ones listed below, does not take place.

We only transmit your personal data to third-parties, if:

You have given your explicit consent according to article 6(1) p. 1 lit. a GDPR (privacy act),

Or if the transmission is necessary in order to claim, exercise or defend a legal right as of 6(1) p. 1 lit. f GDPR (privacy act), and there is no reason to believe that you have a predominant legitimate interest in not transmitting your data,

Or in the case that there exists a legal obligation for the transmission according to article. 6(1) p. 1 lit. c GDPR (privacy act),

It is permitted by law for the implementation of a contractual relationship with you according to article 6(1) p. 1 lit. b GDPR (privacy act).

4. Cookies

We are using cookies on our website. These are small files that your browser is creating automatically and saving on your end device (laptop, tablet, smartphone etc.) when visiting our website. Cookies are not causing any damage on your device, do not contain viruses, trojans or any other malware.

Information are being filed in the cookie that result from the context with the specifically used end device. This does not mean, however, that we gain direct knowledge of your identity.

The use of cookies serves the purpose of making the use of our offerings more convenient for you. Thus, we are using so-called session-cookies to register that you have already visited certain pages of our website. These are automatically being deleted after leaving our website.

Also, we are using cookies to statistically record the use of our website and to analyze the use for optimizing our offerings for you (see point 5). These cookies allow us to automatically recognize that you have already been with us, when revisiting our website. These cookies are automatically being deleted after a respectively predefined time.

The data that have been processed by cookies are necessary for the stated purposes and to ensure our legitimate interests as well as these of third-parties as of article 6(1) p. 1 lit. f GDPR (privacy act).

Most browser accept cookies automatically. However, you can configure your browser so that cookies are not being saved on your computer or so that a notice appears anytime that a new cookie is being created. The complete deactivation of cookies though, may affect the use of some functions on our website.

5. Analytical tools

The tracking measures specified below that we employ are implemented on the basis of the first sentence of Article 6(1)(f) of the General Data Protection Regulation (GDPR). In employing these tracking measures, we wish to ensure that the design of our website meets requirements and that it is continuously optimized. We also employ the tracking measures in order to collect statistics on the utilization of our website and for the purposes of evaluating the optimization of our product range for you. These interests are to be considered legitimate in accordance with the aforementioned regulation.

For the purposes of ensuring that the design of our website meets requirements and that it is optimized on an ongoing basis, we use Google Analytics, a web analytics service provided by Google Inc. [] (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). Pseudonymized usage profiles are created and cookies are used in this regard (see point 4). The information generated by the cookie about your use of this website, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the page previously visited),
  • time of the server request,

will be transferred to a Google server in the USA and stored there. The information is used to analyze the use of the website, to compile reports about website activity and to provide other services related to website and Internet usage for the purposes of market research and ensuring that the design of this website meets requirements. This information may also possibly be transferred to third parties provided that this is required by law or provided that third parties have been commissioned to process this data. On no account will your IP address be linked with other data from Google. The IP addresses are anonymized so that no association is possible (IP masking).

You can prevent the installation of the cookies by means of appropriate settings in the browser software; however, we would like to point out that if you do so, it is possible you may not be able to fully use all of the functions of this website.

Furthermore, by downloading and installing a browser add-on [ ], you can prevent the data generated by the cookie related to your use of the website (including your IP address) from being collected and processed by Google.

You can find further information on data privacy in connection with Google Analytics in the Help for Google Analytics, for example at [].

Demographic characteristics with Google Analytics

This website uses the Google Analytics “demographic characteristics” function, which allows reports to be generated that contain information about the age, gender and interests of visitors to the site. This data comes from Google interest-based advertising and visitor data from third-party providers. This data cannot be associated with any specific person. You can deactivate this function at any time by means of the display settings in your Google account or you can generally prohibit Google Analytics from collecting your data, as described in the section on “Objection to Data Collection”.

Web analytics with IPregistry

To comply with legal export restrictions, we use Ipregistry, a web analytics service provided by Ipregistry [ ] (28 Avenue Ziem, 06800 Cagnes-sur-mer, France; hereinafter “Ipregistry”). Ipregistry is part of a company registered in France (ID/SIREN: 810697763).

In this context, information about the location of your device is obtained. Your location data may include your IP address and other location-related values.

Ipregistry collects IP addresses and other information (e.g. HTTP headers, user agent) and stores this information for up to 12 months for location purposes only. Ipregistry does not share the collected information with other customers.

Ipregistry may combine the information it receives from third parties with identified information. Ipregistry treats the information in accordance with its privacy policy (

6. Social media plugins

We do not use any social media plugins.

7. Data subject rights

You have the right:

  • in accordance with Article 15 of the GDPR, to demand information about your personal data that is processed by us. In particular, you can demand information about the purposes of processing, the category of the personal data, the categories of recipients to whom your data was or is disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the source of your data, when they do note come from us, as well as the existence of an automated decision making including profiling and, if given, meaningful information to these details.
  • in accordance with Article 16 of the GDPR, to demand the rectification without delay of inaccurate personal data of yours that is stored by us, or to demand that your personal data is completed;
  • in accordance with Article 17 of the GDPR, to demand the deletion of your personal data that is stored by us provided processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • in accordance with Article 18 of the GDPR, to demand restriction of the processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you oppose its deletion, we no longer need the data but you need it for the establishment, exercise or defense of legal claims, or you have entered an objection to the processing in accordance with Article 21 of the GDPR;
  • in accordance with Article 20 of the GDPR, to obtain your personal data that you supplied to us in a structured, common and machine-readable format or to demand that it be transmitted to another responsible party;
  • in accordance with Article 7 (3) of the GDPR, at any time to withdraw the consent you once gave us. The effect of this is that, in the future, we are no longer permitted to continue the processing of the data that is based on this consent;
  • in accordance with Article 77 of the GDPR, to complain to a regulatory authority. For this purpose, you can generally contact the supervisory authority for your usual residence or place of work or our office.

8. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with the first sentence of Article 6(1)(f) of the GDPR, you have the right, in accordance with Article 21 of the GDPR, to enter an objection to the processing of your personal data, provided there are grounds for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection that we put into effect without a particular situation being indicated.

If you want to avail of your right to withdraw or your right to object, it is sufficient to send an email to

9. Data security

When you visit our website, we use the widespread SSL procedure (Secure Sockets Layer) in conjunction with the highest level of encryption supported by your browser. This would generally be 256-bit encryption. If your browser does not support 256-bit encryption, we will fall back on 128-bit v3 technology instead. You can tell if an individual page on our website is being transmitted in encrypted form because a key/lock icon in the lower status bar of your browser is shown as closed.

Apart from that, we employ appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously being improved in line with technological development.

10. Miscellaneous data privacy topics


We may contact you by email with further information to deal with your inquiry or your order, or in the course of our general business relationship. Your email address, contents of emails and the history of any communication is recorded for this purpose.

We synchronize the contact data of our customers and business partners on our employees’ mobile devices so that they can contact you.

Processing of the data is based on the fulfillment of a contract, in accordance with Article 6(1)(b) of the GDPR, which permits the processing of data to perform a contract or take precontractual steps (customer relationship, contracts with business partners, authorities, employees). The data is passed on only if this is agreed with you or it is necessary for the current business transaction.

Your data is stored on our systems in accordance with the legal obligation to preserve records.

11. Contact form and email contact

11.1. Description and scope of processing of the data

There are contact forms on our website that can be used to make contact electronically. If you use this option, the data you enter in the input screen is transmitted to us and stored. This data consists of:

  • First name and last name
  • Company
  • Department
  • Email address
  • Phone number
  • Subject
  • Your message

Alternatively, you can contact us using the email address provided. In this case, the user’s personal data that is transmitted with the email is stored.

If the purpose of the user’s contact request is to obtain information about our products, the user’s data may be forwarded to the partner that is responsible for their request. The data is not transferred to third parties. The data is used only to process the user’s request and reply to it.

The legal basis for processing the data that is transmitted in the course of sending the email is Article 6(1)(f) of the GDPR. If the email contact is aimed at concluding a contract, an additional legal basis for the processing is Article 6(1)(b) of the GDPR.

11.3. Purpose of processing of the data

The sole purpose of processing your personal data when you make contact is to deal with this. This is also the basis of our legitimate interest in processing the data.

The purpose of the other personal data from the input screen that is processed during the submission process is to prevent misuse of the contact form and ensure the security of our information technology systems.

11.4. Period of storage

The data is erased once it is no longer needed to achieve the objective of it being collected. In the case of the personal data from the input screen of the contact form and that which has been sent by email, this occurs when the particular conversation with the user has finished. The conversation has finished when it can be understood from the circumstances that the issue in question has been conclusively resolved.

11.5. Objection and deletion options

The user has the option at any time to object to the processing of their personal data. In this case, the conversation cannot be continued. The objection can be declared to us by sending an email to conpal GmbH.

In this case, all personal data that was stored in the course of the contact is deleted.

Job applications

Your job applications (by post or email) are handled only by the management and a few recruiters. If job applications do not result in employment, they are sent back if this has been requested, otherwise paper applications are destroyed. Applications that are submitted electronically may be preserved for a longer period in the automated data backup process.

We save your documents for the job application (e.g. résumé, covering letter, credentials). If the application did not result in employment, the data is deleted after 12 months. It can be deleted earlier on request.

Your data is not passed on.

Processing is based on a precontractual step for the employment contract, in accordance with Article 6(1)(b) of the GDPR.

Recording of orders and processing

To process your order or inquiry, we collect the personal data of contact persons as part of the process (name, email address, phone number, responsibility in your company).

Processing is based on a contract or precontractual step, in accordance with Article 6(1)(b) of the GDPR.

The data is passed on to the tax consultant for the annual accounts/tax declaration. The data is stored in accordance with the legal obligation to preserve records.

Google Drive support in our products

conpal LAN Crypt’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

12. Updates and changes to this data privacy statement

This data privacy statement is currently valid and is dated: 22. April 2021.

It may be necessary to amend this data privacy statement due to the further development of our website and product range or because of changes to legal or official requirements. You can at any time access or print out the current data privacy statement on the website at