Privacy policy

Posteo stands for maximum data protection, data economy and privacy by design. We show how an internet provider can consistently be run without collecting data, tracking or financing through advertising. As a matter of principle, we do not collect inventory data from you including names, addresses or traffic data as defined in §96 TKG (German telecommunications law). Our website and webmailer are ad-free and tracking-free. Additionally, we refrain from incorporating social media plug-ins and from using Google products.

In this privacy policy, we provide you with an overview of Posteo's protection and security of data.

Legal basis

The rendering of our email services requires the processing of data and occurs according to legal provisions. The following government regulations are of particular relevance to privacy - the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) as well as the German Telecommunications Act (TKG). The services provided by Posteo are exclusively hosted on our servers in Germany.

Responsible parties:

This privacy information applies to the processing of data by:

Posteo e.K.
Methfesselstrasse 38
10965 Berlin
Germany
Email: support@posteo.de

Data Protection Officer:

Niels Herrmann
Email: datenschutz@posteo.de

The Data Protection Officer at Posteo e.K. is also reachable at the postal address listed above. (Addition to the Posteo e.K. postal address: "Data Protection Officer Niels Herrmann").

Our email service is a telecommunications service. Our security concept is stored with the German Federal Network Agency in compliance with §109 TKG (German telecommuncations law). The last on-site inspection to audit the security concept at Posteo occurred in September 2017.
In November 2016, the German Federal Commissioner for Data Protection (BfDI) conducted an inspection of privacy without cause at Posteo. No complaints were made and the federal privacy commissioner explicitly praised our privacy security concept. The complete report can be found here.

No inventory data

As a matter of principle, we do not collect and save any inventory data (such as names, addresses, etc.) from you. When registering, you do not enter any inventory data and we do not collect any other personally related data. According to §111 Paragraph 2 TKG (German telecommuncations law), email providers are only required to save such data when they, in effect, also collect this data.

We effectively prevent data theft with this concept of data economy. The only data sets that cannot be stolen with 100 percent certainty are those that do not exist within a company. Futhermore, payment data is not connected to your account at Posteo. Because of this, in total, no inventory data exists for your account at Posteo. In other words, Posteo does not keep records with customer data or personally related data to your account.

In 2017, this was confirmed independently within an audit report by the German Federal Commissioner for Data Protection after an on-site inspection.

Traffic data: No IP addresses, no traffic data in relation to §96 TKG

Traffic data consists of all data, that is accumulated through the use of Posteo.
In conformity with the law, we strictly do not save any IP addresses that could be traced back to customers. As we do not collect any inventory data for accounts, traffic data in relation to §96 TKG does not exist at Posteo. This was independently confirmed in an audit report by the German Federal Commissioner for Data Protection. We also do not collect your IP address if you visit our website or if you use our contact form or webmailer. We also do not collect or save your IP address if you use an external client to retrieve your emails via IMAP or POP3 or to transmit messages via SMTP to be delivered by us. In the communication between email servers via SMTP, we come to know the IP addresses of other email servers (for example IP addresses from GMX and Gmail servers). The IP addresses of the servers are logged in the logfiles and deleted after 7 days.

We record account-related sending and receiving of emails to quickly identify and correct technical disruptions and errors as well as to identify abuse (like sending spam). We delete this data, which cannot be traced back to an individual, automatically after 7 days. In addition, we create generic, anonymised system usage and capacity statistics. These statistics also do not contain any personal information or IP addresses.

Content data

Content data as a term is not legally defined. We refer to it in this context as the saved contents in an email account.
The contents of a communication and its accompanying circumstances (emails and their metadata) are subject to telecommunications secrecy and are protected by fundamental rights. That means that no one is allowed to read your emails and we're not allowed to pass them on to third parties. This would be a violation of your fundamental rights and punishable by law. Telecommunications secrecy can be restricted only in individual cases and only by way of a judge if there is suspicion of certain criminal offenses. We always technically protect your content data with the latest security technologies (see our information page about encryption). In addition, content data is consistently saved on encrypted hard drives to protect them from physical access. We operate and maintain our own server infrastructure. All of our servers and stored data are located in Germany. We save all content data daily in a security backup and keep this data for a duration of 7 days. As a security precaution, please create an additional copy of your content data on a regular basis just in case you accidentally delete this data. Additionally, we offer the possibility to encrypt all emails, notes, contacts and calendar entries that are saved at Posteo individually with the password of the account (AES-encryption). You can do this in the settings of your mailbox at the touch of a button. Users of end-to-end encryption can add an additional level of encryption by applying inbound encryption to all incoming emails.

When you delete content data, it's deleted immediately. If the data has been backed up in one of our daily security backups, it will remain there for an additional 7 days until it is completely deleted.
In general, Posteo does not delete content data from an account as long as the contractual relationship is standing and has not been terminated by you or through Posteo in accordance with our terms and conditions.

Automatic spam and virus detection occurs at Posteo without any personal information and without the creation of profiles. We implement our own spam detection. We also use blacklists from third parties for this purpose but only locally on our own servers. The content of our users is not analysed by third parties and strictly not processed by spam recognition software hosted by third parties. Third party providers also do not obtain any information about the results of spam recognition at Posteo.

Payment data is not connected with email accounts

When paying via bank transfer or PayPal, your name or the name of the paying person as well as an IBAN (with bank transfers) is transmitted to us. We do not receive any data about paying customers from credit card companies. At Posteo, payment data is strictly not connected with email accounts meaning that transferred payment details do not not exist within an account. Since our founding in 2009 we use our own anonymisation process for all payment processes that completely separates them from accounts. You can find detailed information about this subject on our information page about payment. This process protects your sensitive payment data in the best possible way from potential data theft and from abuse. As there is no payment information saved in your Posteo account, you cannot set up a standing order. Payment for accounts is always prepaid. You receive a receipt for your prepayment without a name, address or VAT statement. This receipt is a tax-relevant proof of payment. For tax purposes, we are legally required to keep receipts of all payments for 10 years. Receipts are only kept for this purpose. Our procedure of anonymising the payment processes has also been mentioned in the audit report of the German Federal Commissioner for Data Protection. This report confirms that payment data is not connected with email accounts.

Back in 2014, the German Federal Government confirmed in their response to an inquiry by the former German member of parliament, Hans-Christian Ströbele, that there is no requirement for email providers to connect payment data with an email account.

No use of Schufa (German credit investigation company)/Collection agencies

We do not require any credit reports from Schufa (German credit investigation company) or any other credit reports about you. We also do not use the services of collection agencies for delayed payments. All payments for Posteo accounts are made in advance.

No advertising, no tracking, no integration of social media or Google products

Posteo is free of tracking tools and advertising. We also do not send any advertising emails to you. We work independently and do not have any advertising partners. This is the only way an internet-based service can truly be run in a privacy-oriented fashion.

In addition, our website is free of social-media plug-ins like Facebook, Twitter, etc. Were we to integrate such plug-ins into our website, usage data and personal data such as IP addresses would be transmitted to these services. We do not want this.

We do not use any Google products like Google Analytics or so-called captchas from third-party providers. The captcha with which security questions are asked when registering has been programmed by Posteo and does not collect any data from you such as your IP address.

You can subscribe to Posteo's newsletter if you'd like by opting in within your account settings. You have the option to unsubscribe from the newsletter at any time.

Privacy-oriented password reset

You can activate our "forgotten password" feature in connection with your mobile phone number in the settings of your account. In the case of a lost password, you can have a new password sent to you via text message (SMS). Your sensitive mobile telephone number is not transmitted to us when activating this feature. We only receive a mathematically calculated result (a salted hash) that we additionally secure again. This data is only a character string and is not considered inventory data in relation to TKG after a decision by the Federal Network Agency in 2017 with regard to Posteo. As a result, they are not required by law to be reported to government agencies. You can deactivate this feature at any time in the settings of your account. By doing so, the character string will also be deleted.

Posteo migration service: Secure data transfer without third-party providers

We have implemented a migration service of our own development because we do not want to use or recommend solutions from third-party providers for transferring your sensitive email data out of privacy reasons. With Posteo's migration service, you can safely transfer external email accounts of other providers (e.g. Google/Gmail, GMX, web.de, iCloud, etc.) including all folder structures (with unlimited levels). You decide whether you'd like to copy the entire contents of your previous email account or just selected folders. Posteo directly retrieves the selected folders from your previous provider and they are transferred via an encrypted connection directly into your Posteo account. At no point in time is your data transmitted via third-party providers. Nowadays, it's also possible to transfer contacts and calendars from many providers (e.g. Google/Gmail, GMX, web.de, iCloud, etc.) in this same way. Posteo's migration service has been conceived based on our policy of maximum data economy.
After the migration has occurred, you can continue to have newly incoming emails retrieved from your old account. This email collection is initially only for three months but can be renewed an unlimited amount of times. Data entered for the purposes of the email collector are saved with encryption until the email collector has been deleted by you. Entered data for the migration service is encrypted and held in working memory only for the duration of the migration.

Data import and export

Your data belongs to you. You can export and save all of your data stored at Posteo (emails, contacts, calendars, notes) locally at any time with the help of open standards and freely available programs. It's also possible to import data to your account in the same way. These standards are IMAP, POP3, SMTP, CardDAV and CalDAV. We provide instructions on how to import and export data in our help section. Alternatively, you can also use our migration service in many cases for importing.

No tracking cookies

We do not use any tracking or analytical cookies.
We only use so-called session cookies in the customer menu when logging in and in the webmailer. The data that is saved on your computer exclusively serves for logging on and is especially not used to to create user profiles or anything similar. Session cookies are deleted at the end of each session. If you use the simplified version of our homepage (ECO-switch), one cookie will be used that saves only one information: The information that the browser should load the simplified version of the homepage when directed to our website. If you change to the regular homepage, the cookie will be deleted. This cookie will also not be used to track you or to create a user profile of you.

Customer support without retention of personal data

You can contact our customer support with questions and problems related to your Posteo account at any time free of charge via email at support@posteo.de or through the contact form on our website. Our team provides support in German, English and French.

Data that you voluntarily send us in an inquiry via email, such as an alternative email address for contacting you or a general inquiry, are not saved as information to your email account with Posteo. We do not collect IP addresses if you use our contact form. For privacy reasons, our customer support also works entirely without a customer database and ticket system. There is no documentation of your contact made via email or about the questions you have asked our customer support. Your inquiry will only be answered via email by our team. We exclusively use open source email clients on encrypted computers for this purpose.
All email correspondence will automatically be completely deleted at Posteo 14 days after a case has been closed.

No transmission of data to third-party companies

At no point in time do we voluntarily give personal data to third party companies or service contractors. All data is exclusively stored on our servers in Germany. Posteo is financed by our customers: There are no advertising partners or investors.

Requests by government agencies/Transparency reports

In certain legally regulated cases, especially when presented with a court order in cases of criminal offenses, we are required to release an account and respectively provide the surveillance of email correspondence. We document how often government agencies have attempted to acquire such data from Posteo in our transparency reports. Content data and traffic data for Posteo accounts do not exist and cannot be released.

You do not need a data processing agreement with us

We had some legal research conducted on this subject for our customers. The results are as follows. As we are a publicly accessible email provider that orients itself towards private individual use, we are not a data processor as defined in the General Data Protection Regulation (GDPR). Because of this, agreements with customers of this nature do not need to be made. This also applies to cases where Posteo is used for professional or occupational purposes. There is no data processing as defined by German Data Protection laws (BDSG) § 11 or as defined in the General Data Protection Regulation (GDPR).

The explanation is as follows:
Telecommunication services like Posteo are not only required to be in accordance with data protection laws. They are subject to additional legal requirements and are thereby also regulated by strict security provisions that have been established by German telecommuncations law (TKG) and the Directive on privacy and electronic communications.

According to these additional legal regulations, we are, for example, required to provide a security concept that needs to be checked by the German Federal Network Agency (Bundesnetzagentur). At least every two years an inspection is conducted by the supervising authorities. Unlike a data processor, we are not bound by directives from our customers. We make decisions ourselves regarding the security of our service and these decisions must meet legal requirements.

For this reason, no data processing, as defined in BDSG § 11, has existed at Posteo even before the GDPR came into effect. See among other things the informational brochure about data processing from the Bavarian data protection and privacy officer(German text).

In the GDPR Art. 95 there is a specific regulation that has been established for publicly accessible electronic communication services like Posteo: “This Regulation shall not impose additional obligations on natural or legal persons in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC.” Posteo is subject to the obligations that are defined in the Directive on privacy and electronic communications (2002/58/EG). These are also in conformity with §§ 91 et seq. German telecommuncations law (TKG). Because of this, you are neither required to have a data processing agreement with us to meet the guideliness of GDPR nor do we offer such agreements.

Additional reading:
The industry association Bitkom expand upon this even further in their brochure about data processing in accordance with the GDPR: “Data processing also does not exist if the service has been regulated in special law (e.g. telecommunications services or postal services.” (Source, page 23, German text)

Your rights according to the General Data Protection Regulation (legally required part of the privacy policy)

We neither collect or save inventory data (like names or address) or traffic data (like IP addresses) from you according to § 96 TKG.
Nevertheless, we are legally required to fully inform you of your rights in our privacy policy. We hereby do so.

You have the right:

In accordance with GDPR article 15 you have the right to demand a confirmation from Posteo e.K. as to whether we process personal data in relation to you. In this case, we will confirm in writing that we do not have any inventory data or traffic data according to § 96 TKG and that no customer database entry exists in relation to you. We will confirm that payment data must be retained in written form for 10 years for tax authorities but also that payment data does not exist within your email account and has no connection to your account. We will answer that you can delete or export saved content data at any point in time in your non-personally-identifiable email account.

In accordance with GDPR article 16 you have the right to immediately demand the correction or completion of personal data that is stored within a company in relation to you. As no inventory data such as names or addresses in relation to your email account is collected at Posteo as well as payment data is not saved in relation to an account, no such data set exist on which we could make such changes (correction/completion). We only retain payment data for tax purposes. Changes cannot be made to this data.

In accordance with GDPR article 17 you have the right to demand the immediate deletion of personal data that is saved within a company in relation to you. Inventory data and traffic data according to § 96 TKG does not exist at Posteo. Payment data cannot be deleted upon your request as it would conflict with legal requirement of retaining this information for 10 years for tax authorities. Payment details are not connected with email accounts and therefore do not exist in connection with your account. We only keep payment data for tax purposes. This data cannot be deleted.

In accordance with GDPR article 18 you have the right to demand a restriction of the processing of personal data that is stored at a company in relation to you. Inventory data and traffic data according to § 96 TKG does not exist at Posteo. We only retain payment data for tax purposes. Restrictions of the processing of this data cannot be made due to tax reasons.

If companies give personal data to third parties, the company must inform the recipients if personal data has been corrected or deleted according to GDPR article 19.
You have the right to request to which recipients this information went from the company.
As no inventory data such as names or addresses in relation to your email account is collected at Posteo, no such data set exist with which we could pass on to third parties or with which we could make changes (corrections/deletions). Traffic data also does not exist according to § 96 TKG. Because of this we fundamentally could not pass on such data to third parties.

Should you have provided a company with personal data in an automated process, you have the right to receive this stored personal data in a structured, current and machine-readable format or to demand the transfer of this data to another responsible party according to GDPR article 20. At least within technical possibilities.
Posteo e.K. does not offer any means for facilitating inventory data and traffic data in an automated process according to §96 TKG.

In accordance with GDPR article 21 you have the right to revoke the processing of personal data within a company. We neither collect inventory data or traffic data from you and your email account at Posteo according to § 96 TKG. We only retain payment data for tax purposes and this cannot be revoked.

In accordance with GDPR article 7 paragraph 3, you also have the right to revoke given consent of the processing of personal data from a company. We neither collect inventory data or traffic data from you and your email account at Posteo according to § 96 TKG. We only retain payment data for tax purposes and this cannot be revoked.

In accordance with GDPR article 22 you also have the right not to be subject to a resulting decision from an automated process including profiling.
At no point in time will you be subject to a resulting decision from an automated process (including profiling) at Posteo.

Should a company store any of your personal data, the company has to inform you immediately if the protection of your data has been infringed upon according to GDPR article 34. As a matter of principle, we do not store any inventory data, payment data or traffic data in relation to §96 TKG for your email account.
Due to our data economy and the protection of sensitive data, we conceptually prevent the theft and other abuse of customer data related to your account through maximal "Privacy by Design".
As a telecommunications provider, we also have to report other security violations to our supervisory authority, the German Federal Network Agency. In the case of a security related incident that could affect the security of your data stored at Posteo, we will inform you via email and in our company’s blog. Furthermore, we will explain how to contact our data protection officer and offer tips for suitable measures.

According to GDPR article 77, you have the right to raise a complaint with a supervisory authority. The competent supervisory authorities are:

For inquiries regarding privacy at Posteo concerning telecommunications, please contact:
The German Federal Commissioner for Data Protection (BfDI)
Husarenstr. 30
53117 Bonn
Germany

Regarding other privacy topics, please contact:
The Federal Commissioner for Data Protection and Freedom of Information of Berlin
Maja Smoltczyk
Friedrichstr. 219
10969 Berlin
Germany

Actuality and changes in this privacy policy

This privacy policy is currently valid and is applicable as of May 2018.
It may become necessary to change this privacy policy as Posteo develops or based on changes in legal or official guidelines. The respectively current privacy policy can be accessed and printed at any time on our website: https://posteo.de/en/site/privacy_policy