Data protection information on the “IREKSBox” data exchange platform

Information on the processing of your data in accordance with Art. 13 and Art. 14 of the European General Data Protection Regulation (GDPR)
References to legal regulations refer to the European General Data Protection Regulation (GDPR) and the Bavarian Data Protection Act (BayDSG) in the version applicable from 15 May 2018.

1    Scope
This data protection information applies to the users of the data exchange platform IREKSBox, hereinafter referred to as the platform, of IREKS GmbH, hereinafter referred to as IREKS, and the personal data processed via this platform. IREKS is the operator of the platform. For websites of other providers, to which reference is made e.g. via links in documents made available, the data protection notices and declarations there apply.

2    Responsibility
Responsible within the meaning of the GDPR for the processing of personal data on the platform is the

Lichtenfelser Str. 20
95326 Kulmbach
Phone: +49 9221 706-0

3    Data Protection Officer
You can reach our data protection officer as follows:

Mr Christian Volkmer
Projekt 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Phone: +49 941 2986930
Fax: +49 941 29869316

4    Handling of your data
4.1    Personal data

According to Art. 4 GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more personal characteristics that are an expression of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.

4.2    Registration on the platform
When a user registers, the following data is stored at IREKS for the purpose of providing and using the platform (uploading and / or downloading data):
•    Name
•    First name
•    E-mail = Login name
•    Password

IREKS receives this data voluntarily from you, the user.
A registered user can request his deregistration on the platform at any time. The user orders the deregistration without notice and formless with a responsible administrator of IREKS. IREKS is responsible for the deletion of the data. The use of the platform is only possible by providing the above mentioned data.
In addition to registered users, non-registered users can also upload or download files. Such a possibility can be provided by registered users by sending links.

IREKS does not pass on user data to third parties or compare it with other data. A forwarding to third countries does not take place, either.

4.3    Usage data
For each action in the application, the following data is stored at IREKS to ensure traceability and thus secure technical operation (activity logging):

•    User name
•    User action
•    Name of the file/folder when working with files/folders
•    the date and time of the request
•    data volume transferred
•    Status of the action
•    the IP address of the participating computer (client)

For reasons of data security and data protection, i.e. in order to be able to clarify unauthorised access or prevent misuse, the complete IP address of the requesting computer as well as the e-mail address (also in the case of actions by unlicensed users) are recorded, stored and automatically deleted 30 days after the end of the access.
Other data will be deleted after 30 days after deletion of the user profile.

4.4    Purposes and legal bases
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

•    for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1lit.b GDPR):
The platform is used for the exchange of data in file form (file sharing) between the partners involved in order to fulfil contractual obligations or in the initiation phase of a contract.

•    for the protection of legitimate interests (Art. 6 para. 1 lit.f GDPR):
Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests occurs, for example, in the following cases: Retention of project documentation such as specifications, requirements specifications, operating instructions, design documentation; commercial documents such as contracts, license documents.

4.5    Maintenance and care
In connection with the maintenance and care of the platform, there is a contractual relationship with a subcontractor. There is an data processing agreement (DPA) with this subcontractor. In this context, access to file contents of the user's data by the subcontractor is not possible.

5    Your rights
As a user of our platform, you have various rights vis-à-vis IREKS, which arise in particular from Art. 15 to 18, Art. 21 GDPR:

5.1    Right to information
You can request information about your personal data processed by us in accordance with Art. 15 GDPR, subject to the restrictions of Art. 10 BayDSG. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data and to avoid queries.

5.2    Right of rectification
If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

5.3    Right of cancellation
Under the conditions of Art. 17 GDPR you can demand the deletion of your personal data.

5.4    Right to restrict processing
Within the framework of the requirements of Art. 18 GDPR, you have the right to demand a restriction of the processing of the data concerning you.

5.5    Right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of data relating to you at any time for reasons arising from your particular situation. However, should legal regulations conflict with this request, it cannot be complied with or only to a limited extent.

5.6    Right of appeal
If you are of the opinion that we have not complied with data protection regulations when processing your data, you can lodge a complaint with the supervisory authority responsible for you in accordance with Art. 77 GDPR. For us, this is the Bayerische Landesamt für Datenschutz, Promenade 18, 91522 Ansbach (  
General information on data protection at IREKS can also be found on our website (

5.7    Withdrawal of consent
If the collection or processing of your personal data is based on consent pursuant to Art. 7 GDPR, you may revoke your consent at any time with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.