English  German

Privacy policy

In the following, we inform you about the processing of personal data by us as the responsible authority when using our apps BoxToGo Free and BoxToGo Pro. The processing of personal data is carried out in accordance with the statutory provisions, in particular in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetzes (BDSG).

I. Responsible authority

The responsible authority in the sense of the GDPR as well as the Bundesdatenschutzgesetzes of the member states and other data protection regulations is:

Alexander Miehlke Softwareentwicklung
Königstr. 24, D-12105 Berlin
Phone: +49 30 70 20 63 75
Fax: +49 30 70 20 63 76

II. General information on data processing

Personal data is any information relating to an identified or identifiable person. By "data processing" we mean in particular the collection, storage, use and transmission of your data.

If we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 p. 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If personal data processing is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) p. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another person make processing of personal data necessary, Article 6 p. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.

The personal data of data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage after the purpose of storage has ceased to apply may take place if this is provided for by law. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

For further information on the legal basis for processing and the storage period with regard to specific personal data, please refer to the relevant subsection.

III. Data subject rights

1. Data subject rights

If personal data of you are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller (if applicable, upon the existence of further conditions regulated in the relevant provisions):

2. Weighing of interests and right to object

To the extent that we process personal data as explained above in order to protect our legitimate interests that prevail in the context of a balance of interests, you may object to this processing with effect for the future, but only if there are grounds arising from your particular situation (Art. 21 GDPR). If the processing is carried out for direct marketing purposes, you may exercise this right at any time even without grounds. After you have legitimately exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims. This restriction does not apply if the processing is for direct marketing purposes.

3. Complaint to a data protection supervisory authority

If you believe that we are not respecting your rights to the extent owed, you have the right to complain to a data protection supervisory authority about our processing of your personal data. Before you do so, however, we would appreciate it if you would inform us of your criticism beforehand, so that we ourselves can carry out a removal of the cause for complaint.

IV. Using the app

When using the app, various data is synchronized with the FRITZ!Box. For example, the app loads the call list, call diversions, WiFi states, voice messages, smart home devices, home network devices, the phone book and much more from the FRITZ!Box. However, this data is not transmitted to us and is not processed by us in any other way. They remain in your device until the data or the app is deleted. FRITZ!Box credentials is stored in encrypted form in the protected phone memory of the device and is likewise not transmitted to us.

The following data is transmitted to us in encrypted form by the app:

a) BoxToGo DynDns

If you use the service "BoxToGo DynDns" instead of MyFRITZ! (default, recommended), the following data will be processed. BoxToGo DynDns is used to assign a fixed "address" to the FRITZ!Box. Thus, the FRITZ!Box is accessible for you, even if your provider assigns changing IP addresses to your connection:

The legal basis for personal data processing is Art. 6 para. 1 lit. b GDPR. If "BoxToGo DynDns" is no longer used for 60 days, the data will be deleted by us.

b) Faxing PDF documents (BoxToGo Pro only)

This feature is used to fax PDF documents via FRITZ!Box. The PDF documents are converted into image files by the app and then faxed by FRITZ!Box. The legal basis for personal data processing is Art. 6 (1) lit. b GDPR. This data will be deleted by us immediately after processing.

c) Speech-to-text (BoxToGo Pro only)

You can convert voice messages into readable text. This is done only at your explicit request. The following data will be processed:

Please note: This data will be forwarded by us to the third parties mentioned below for the purpose of processing and will be processed there. You will be informed of this before the processing begins. The transfer is made to companies in countries that do not have a level of data protection comparable to that in Europe. In particular, the assertion of data subject rights is in part difficult or not provided for there.

Google (when purchasing the app via Google Play Store), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Analytics; Privacy Policy of Google.

Huawei Technologies Co. Ltd (when purchasing the app via the Huawei AppGallery), Aspiegel Limited, First Floor, Simmonscourt House, Simmonscourt Road, Dublin 4, D04 W9H6, Ireland. Registration number 561134; Privacy Policy of Huawei

The legal basis for personal data processing is Art. 6 para. 1 lit. a GDPR. The data will be deleted immediately after processing.

d) App updates

The app checks at the first start and then once a day whether updates or innovations are available and displays corresponding screen messages. The following data is transferred in the process:

The legal basis for personal data processing is Art. 6 para. 1 lit. f GDPR. This data is deleted immediately after processing by us.

e) Copy protection (BoxToGo Pro only)

To protect ourselves from the use of piracy software, we have implemented security measures. At regular intervals, we check whether the app you are using is licensed. The following data is processed in the process:

The legal basis for personal data processing is Art. 6 para. 1 lit. f GDPR. This data will be deleted by us within six months after processing, unless we need it to pursue legal claims. In this case, the data will be stored until the conclusion of any proceedings or deleted upon expiry of the limitation periods, which can be up to 10 years.

f) Troubleshooting, help function and logs

If the user presses "Help" under an error message, the following data will be processed by us:

The legal basis for personal data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest is troubleshooting and debugging. This data will be deleted by us immediately after processing.

If you turn on the logs and transmit it to us after prior consent, the data contained in the logs will be processed by us for the purpose of troubleshooting. The legal basis for personal data processing is Art. 6 para. 1 lit. a GDPR. This data will be deleted by us immediately after troubleshooting.

V. Background location access

1. Scope of personal data processing

The app connects to the FRITZ!Box in the background every 10 min. (adjustable), even if the app is closed. In this process, the following data is processed:

Please note: The processing is only done on your device. Processing of this data outside the app does not take place, not even by us.

2. Legal basis for personal data processing

The legal basis for personal data processing is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The purpose of data processing is to notify you about new calls, voice messages or Smart Home events and to update widgets. In order for this connection to take place with the correct FRITZ!Box address, the app must determine whether your smartphone including the app is in the WiFi of your FRITZ!Box. In order to detect its own WiFi, the app needs access to the location, even in the background.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the use of the app, this is the case when you delete the app or the data you entered.

VI. Cookies

1. Scope of personal data processing

In principle, the app does not use cookies. Only when the help page is opened, technically essential cookies set, since this involves opening a website in the app. Cookies are text files that are stored on your device. Some elements of our website require that the browser can be identified even after a page change.

2. Legal basis for personal data processing

The legal basis for personal data processing using cookies is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The purpose of using technically essential cookies is to simplify the use of the help website for you. Some functions of this site cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected by technically essential cookies are not used to create user profiles or to track users.

4. duration of storage

The technically necessary cookies are usually deleted when the browser is closed, i.e. at the end of the session. You can also delete already stored cookies at any time.

VII. Categories of recipients of personal data

Personal data will only be transferred to third parties in the cases mentioned in this statement or if we expressly inform you of this elsewhere. In addition, we sometimes use external order processors (Art. 28 GDPR) to provide our services (e.g. host providers, e-mail providers). However, these process personal data exclusively within the European Union, unless otherwise stated in this declaration.