Posteo

Posteo is an email service provider based in Berlin, Germany, offering paid email accounts for individuals and businesses.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? N/A (the service collects so little personal data that notification would not be possible)

7/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

There is no way to easily provide a user with notice of a data breach except via the service

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? N/A (no personal data—or contact information—collected)

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Note

There is no easy way to reach out to users' informing them of such an update (apart from through the service)

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

This privacy policy is currently valid and is applicable as of July 2019.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Yes, including independent audits

3/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

Independent "reviews," "monitoring," etc. also count as independent audits.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We always technically protect your content data with the latest security technologies (see our information page about encryption). In addition, content data is consistently saved on encrypted hard drives to protect them from physical access. We operate and maintain our own server infrastructure. All of our servers and stored data are located in Germany. We save all content data daily in a security backup and keep this data for a duration of 7 days. As a security precaution, please create an additional copy of your content data on a regular basis just in case you accidentally delete this data. Additionally, we offer the possibility to encrypt all emails, notes, contacts and calendar entries that are saved at Posteo individually with the password of the account (AES-encryption). You can do this in the settings of your mailbox at the touch of a button. Users of end-to-end encryption can add an additional level of encryption by applying inbound encryption to all incoming emails.

Note

Additional information on how Posteo protects data at https://posteo.de/en/site/encryption. They were independently audited by Cure53 and other companies as noted on the aforementioned page.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? No personal data is collected

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

As a matter of principle, we do not collect and save any inventory data (such as names, addresses, etc.) from you. When registering, you do not enter any inventory data and we do not collect any other personally related data. We effectively prevent data theft with this concept of data economy. The only data sets that cannot be stolen with 100 percent certainty are those that do not exist within a company. Futhermore, payment data is not connected to your account at Posteo. Because of this, in total, no inventory data exists for your account at Posteo. In other words, Posteo does not keep records with customer data or personally related data to your account.

In 2017, this was confirmed independently within an audit report by the German Federal Commissioner for Data Protection after an on-site inspection.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? N/A (no personal information is collected)

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

As a matter of principle, we do not collect and save any inventory data (such as names, addresses, etc.) from you. When registering, you do not enter any inventory data and we do not collect any other personally related data. We effectively prevent data theft with this concept of data economy. The only data sets that cannot be stolen with 100 percent certainty are those that do not exist within a company. Futhermore, payment data is not connected to your account at Posteo. Because of this, in total, no inventory data exists for your account at Posteo. In other words, Posteo does not keep records with customer data or personally related data to your account.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

No information proving such

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-in basis

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Non-critical use of personal data is not enabled by default.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

You can subscribe to Posteo's newsletter if you'd like by opting in within your account settings. You have the option to unsubscribe from the newsletter at any time.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

At no point in time do we voluntarily give personal data to third party companies or service contractors. All data is exclusively stored on our servers in Germany. Posteo is financed by our customers: There are no advertising partners or investors.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

At no point in time do we voluntarily give personal data to third party companies or service contractors. All data is exclusively stored on our servers in Germany. Posteo is financed by our customers: There are no advertising partners or investors.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, using an automated mechanism

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

When you delete content data, it's deleted immediately. If the data has been backed up in one of our daily security backups, it will remain there for an additional 7 days until it is completely deleted. In general, Posteo does not delete content data from an account as long as the contractual relationship is standing and has not been terminated by you or through Posteo in accordance with our terms and conditions. [...] Payment data cannot be deleted upon your request as it would conflict with legal requirement of retaining this information for 10 years for tax authorities.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? N/A (no personal data to share)

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

The service would have no personal data to share with law enforcement.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Note

Posteo does not collect data that can be shared to law enforcement or connected to an individual.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Posteo has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Posteo, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

9.8/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions