Preamble

The Terms & Conditions must be observed.

The Privacy Policy is dated 23. May 2025.

Contact, collection and processing of personal data

We, Proofbox, collect, process, and use your personal data only with your consent or on your behalf for the purposes agreed with you, or if another legal basis exists under the General Data Protection Regulation (GDPR); this is done in compliance with data protection and civil law provisions, in particular solely on the basis of legal regulations such as the GDPR and the Telecommunications Act (TKG 2003). We collect only the personal data necessary for the performance and processing of our services or data that you have voluntarily provided to us or that is publicly available. We will only process the data provided to us for the purposes for which you have given your consent or that are covered by a legal basis for data processing in accordance with the GDPR. The purposes of data processing include contract fulfillment, payment and invoicing, customer service, security measures, fraud prevention, and marketing activities, provided you have consented to them. Personal data includes any information relating to an identified or identifiable natural person, such as name, address, email address, phone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of individuals, and biometric data such as fingerprints. Sensitive data such as health information or data related to criminal proceedings may also be collected.

The entity responsible for data processing is Proofbox Services FZCO, Dubai Silicon Oasis, DDP, Building A1, Dubai, United Arab Emirates. You can contact us at any time at hello@proofbox.co.

Rights of data subjects

As a customer or generally as a data subject, you have the right at any time to request information about your stored personal data, its origin and recipients, and the purpose of the data processing. You also have the right to correction, data portability, objection, restriction of processing, and blocking or deletion of incorrect or unlawfully processed data. If your personal data changes, please inform us. You have the right to revoke your consent to the use of your personal data at any time. Requests for information, deletion, correction, objection, and/or data portability — in the latter case, provided this does not entail disproportionate effort — can be sent to the address provided in this statement. If you believe that the processing of your personal data violates applicable data protection laws or your data protection rights have been infringed in any other way, you have the right to lodge a complaint with the competent supervisory authority. Users from California may opt out of data sharing and use the corresponding opt-out options. For inquiries, please contact us via email at hello@proofbox.co.

Data protection

Your personal data is protected by appropriate technical and organizational measures. These measures specifically protect against unauthorized, unlawful, or accidental access, processing, loss, misuse, and manipulation. Despite our efforts to maintain a high standard of due care, it cannot be ruled out that information you transmit to us over the internet may be viewed and used by others. Please note that we assume no liability for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties.

Disclosure to third parties

In order to provide our services, it may be necessary to share your data with third parties. For example, your payment data is transmitted to an external payment service provider. This provider acts as a comprehensive payment service provider and is responsible for invoicing and tax calculation. Payment information is stored in the form of tokens to allow recurring payments or a fast checkout. We do not store any payment data ourselves.

User and order data are managed in a secure database. Technical services such as hosting and website security may be provided by Amazon Web Services, Cloudflare, World4You, and other service providers. Tax and accounting data may be transferred to tax advisors or financial authorities. For maintenance and development purposes, technical service providers may gain access to your data. If your personal data is processed outside the EU/EEA, we ensure that an adequate level of data protection is maintained, e.g., through the EU Commission’s standard contractual clauses or adequacy decisions. In the U.S., processing complies with the California Consumer Privacy Act (CCPA). We offer users in California the option to opt out of data sharing. In Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD), including appointing a data protection officer. Canadian data processing complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). In China, data transfer only occurs with the data subject’s consent in accordance with the Personal Information Protection Law (PIPL). For Australia, we minimize the risks associated with cross-border data transfers.

In any case, we only transfer your personal data to countries for which the EU Commission has determined that they have an adequate level of data protection, or we take measures to ensure that all recipients maintain such a level.

Data retention

We store your personal data only for as long as is necessary to fulfill our contractual or legal obligations. Data related to contract fulfillment is stored for at least seven years in accordance with tax regulations. Data processed based on your consent will be deleted immediately upon withdrawal. Technical data such as IP addresses are stored for a maximum of twelve months. After the applicable retention periods expire, the data will be deleted or anonymized.

Data processing security

We implement technical and organizational measures to secure your data. These include SSL/TLS encryption during transmission, access restrictions, and regular security audits. However, please note that data transmissions over the internet may have security vulnerabilities, and complete protection against access by third parties cannot be guaranteed. Your payment data is stored and managed exclusively by a third-party payment service provider. We do not store payment data ourselves but rely on tokens provided by the third-party provider for recurring payments.

Cookies and Tracking

Our website uses cookies to enhance user experience. These include necessary cookies, analytics cookies for optimizing our website, and marketing cookies for personalized content. Tracking tools and third-party pixels from providers such as Meta, LinkedIn, and Xing help us measure the effectiveness of our campaigns. Information such as IP addresses, device data, and click behavior is processed. Google Tag Manager is used to efficiently integrate these technologies. The storage of marketing cookies and use of tracking tools only occurs with your explicit consent. You can change your cookie settings at any time or disable cookies in your browser. Users in the EU and California receive specific opt-in/opt-out options. Please refer to our separate Cookie Policy.

Data breaches

We strive to detect data breaches at an early stage and to notify you or the competent supervisory authority without delay, taking into account the categories of data affected. Affected persons will be informed if their rights are impacted by a breach. We carefully document all incidents in order to demonstrate our compliance with data protection obligations. We will not store data longer than necessary to fulfill our obligations.

Additional policies

Our privacy policy is supplemented by our Terms & Conditions, Refund Policy, Cookie Policy and Disclaimer. These documents contain further important legal and usage-related information, especially regarding the use of our platform and the content made available through it. Please read these documents carefully, as they contain critical guidance on liability, usage of the products, and their legal recognition.

Update to the privacy policy

Our privacy policy may be updated as needed to reflect changes in legal requirements or technical developments. The current version is always available on our website.