FileFluss
Download

Privacy Policy

Translator’s note: This is a courtesy English translation. The German Datenschutzerklärung at https://www.ranagmbh.de/datenschutz/ is the legally authoritative version. The URL reference below has been updated for the FileFluss site — verify that hosting, cookies, and third-party-service sections match the actual filefluss.de stack before publishing.

In the following, we inform you that the service provider Rana GmbH (registered office: Germany, Kurt-Eisner-Str. 42, 04275 Leipzig) processes your personal data in the manner and for the purposes set out below.

When processing data, we act in accordance with applicable legal provisions — in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

This privacy policy applies to the following website: https://filefluss.de

We reserve the right to amend this declaration at any time. Any changes take effect upon publication.

Data Controller

Name: Rana GmbH
Registered office: Germany, Kurt-Eisner-Str. 42, 04275 Leipzig
Email: info@ranagmbh.de
Phone: +49-172-6793005

Legal Bases for Data Processing

  • Performance of a contract (Art. 6 (1)(b) GDPR)
  • Compliance with a legal obligation (Art. 6 (1)(c) GDPR)
  • Legitimate interests of the controller or a third party (Art. 6 (1)(f) GDPR)
  • Consent of the data subject (Art. 6 (1)(a) GDPR)
  • Public interest or exercise of official authority (Art. 6 (1)(e) GDPR)
  • Compliance with accounting and tax obligations (e.g. Art. 6 (1)(c) GDPR and other applicable national provisions)
  • Enforcement, assertion, or defense of legal claims (Art. 6 (1)(f) GDPR)

Data Processed on this Website

Hosting Provider Information

The following hosting provider processes and stores data so that the service can operate.

  • Provider name: Netcup GmbH
  • Address: Daimlerstraße 25, D-76185 Karlsruhe, Germany
  • Email: mail@netcup.de
  • Website: www.netcup.com

Remarketing Activities

As part of our marketing activities, the service provider may work with external partners (e.g. placing advertisements). Data is transmitted to these partners only with the data subject’s explicit consent.

  • Google Ads — 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“)
    Data processed: email, device, behavior, IP address, phone number, browser, purchase history, search terms.

Cookies

When browsing the website, so-called cookies may be stored on the user’s computer. These cookies contain technical information and primarily serve convenient, personalized navigation. The website may also use cookies for analytics, remarketing, or media purposes.

Categories:

  • Essential
  • Required
  • Analytics
  • Marketing
  • Media
  • Other services

Users can manage or disable cookies in their browser settings. Doing so may limit website functionality.

Processing of Minors‘ Data

Our service is not specifically directed at minors under 16. If data of minors is nonetheless collected and processed, this is done only where the law provides for consent or approval of a legal guardian.

Parents and legal guardians may at any time request rectification or deletion of data stored about them or about the minors under their supervision.

Contact Forms

Forms on the website collect the data voluntarily provided by the user, which we use to make contact or process inquiries.

Fields:

  • Email
  • Name
  • Phone number

Newsletter and Marketing Notifications

If you subscribe to our newsletter or other marketing notifications, you agree that we may send communications (offers, news, etc.) to the contact details provided. You can unsubscribe or withdraw your consent at any time.

Data processed when subscribing to the newsletter:

  • Email
  • Name

Retention Periods

We store data only for as long as it is necessary or as required by law. Data is then deleted or anonymized.

Disclosure of Data to Third Parties

We transmit your data to third parties only when you have given express consent, or where this is required by law or by an order of an authority.

Security Measures

When processing data, both the controller and the processor implement organizational and technical safeguards that take into account current technological possibilities, the characteristics of the processing (purpose, scope, circumstances), and the varying risk to natural persons. These measures aim to ensure ongoing protection of data proportionate to the risks.

Such measures may include encryption, maintaining the availability, confidentiality and integrity of systems and services, and ensuring sufficient resilience. We pay particular attention to restoring availability of and access to data as quickly as possible in the event of physical or technical incidents.

Through regular review and testing of security measures, we ensure that the guarantees offered are not merely theoretical, but provide an appropriate level of protection in practice. We store data in a manner that prevents unauthorized access. To this end, paper-based documents are kept in a secure, closed environment; electronic data is accessible only to persons with appropriately regulated access rights.

We also ensure that data can be permanently deleted after the retention period has expired or for any other reason that requires deletion. Such deletion is irreversible. Paper documents are destroyed using dedicated shredders or by a specialized external company. When decommissioning or disposing of electronic storage media, we ensure data is irretrievably removed.

Protection of Paper-based Documents

For printed data, we provide physical protection including secure, dry storage and adequately locked rooms. Access to such documents is restricted to authorized staff. If paper-based documents are digitized, the corresponding rules for digital processing apply. Anyone processing data may only leave the work area when the documents entrusted to them are secured and unauthorized access is prevented.

The building and rooms in which paper-based documents are kept are equipped with appropriate fire and property protection systems to reduce the risk of physical damage.

IT Security

Computers and mobile devices involved in data processing are equipped with appropriate antivirus and access control systems. To protect electronically stored information, we use up-to-date backup and archiving solutions and ensure these are accessible when needed.

Only authorized persons with clearly defined permission levels have access to the central server. Computers used for work, and the data stored on them, are protected against unauthorized access by passwords and additional access controls.

Management and Notification of Data Protection Incidents

If an incident occurs that could result in unauthorized access to, damage to, or loss of personal data, we take immediate measures to further protect the affected data and limit the damage. Where the situation makes it likely that the event poses a significant risk to the rights and freedoms of natural persons, we inform the affected persons without delay, explaining in understandable terms the nature of the incident and the measures we have taken or plan to take.

Notification of affected persons may be omitted if we have already implemented security solutions (e.g. encryption) that render the personal data unintelligible to unauthorized persons, or if we have substantially reduced the risk potential through additional measures. In certain cases, a public notification may suffice in place of individual notification, where the latter would entail disproportionate effort.

In accordance with applicable rules, we notify the competent supervisory authority of a data protection incident likely to pose a risk to the rights and freedoms of natural persons within 72 hours of becoming aware of it. If notification occurs after this deadline, the reasons for the delay must also be communicated.

Your Rights as a User

As a data subject (user), you have the following rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR) — You have the right to know whether we store information about you, and if so, what details. You may also request information about the purpose, legal basis, and other relevant circumstances of the processing.
  • Right to rectification (Art. 16 GDPR) — You have the right to request rectification or completion of inaccurate or incomplete data.
  • Right to erasure („right to be forgotten“) (Art. 17 GDPR) — Where data is no longer needed, or where the legal conditions for erasure are met, you may request that it be deleted as quickly as possible.
  • Right to restriction of processing (Art. 18 GDPR) — In certain cases, you may request that we merely store the data and not use it further (e.g. if you contest the accuracy of the data but it should not be deleted immediately).
  • Right to data portability (Art. 20 GDPR) — You have the right to receive data we hold about you in a machine-readable format, or — where technically feasible — to request that we transmit it to another provider.
  • Right to object (Art. 21 GDPR) — You may object to further processing of your personal data where you consider that our legitimate interests (or other legal bases) do not sufficiently justify such processing.

To exercise these rights, please contact us (email: info@ranagmbh.de). We endeavor to respond to incoming requests as quickly as possible. As a rule, we respond within one month of receiving your request, though this period may be extended by a further two months — for example, in the case of complex requests. We will inform you of the reasons for any extension within the first month.

If we are unable to fulfill your request, we will likewise inform you within the stated period of this and the reasons. In that case, you are free to lodge a complaint with the supervisory authority or to pursue legal remedies.

Complaints Procedure, Legal Remedies

If you believe your personal data is being misused, you may submit an official report using the following contact details:

  • Email: info@ranagmbh.de
  • Postal address: Germany, Kurt-Eisner-Str. 42, 04275 Leipzig

We examine incoming complaints carefully and inform you of the outcome of our investigation and the measures taken. Unless a specific statutory deadline applies, we review at least every three years whether complaint handling and our procedure meet the goals of data processing and applicable rules.

In addition, you have the right to lodge a complaint with the competent data protection authority:

  • Authority: The Federal Commissioner for Data Protection and Freedom of Information (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit — BfDI)
  • Address: Graurheindorfer Straße 153, 53117 Bonn, Germany
  • Phone: +49-228-997799-0
  • Email: poststelle@bfdi.bund.de

Last updated: 12 March 2026