The General Data Protection Regulation (GDPR) is often regarded as the furthest reaching legislation for privacy protection of users. On this page we detail how the Delta Chat app and website complies with GDPR requirements.
Implements the Privacy by Design requirement of the GDPR, through
Confidentiality: End-to-end encryption when possible, by implementing Autocrypt Level 1.
Data minimization: No uploading of address-book content.
Data avoidance: No Delta Chat server, no processing of personal data.
Does not require any consent (article 7 GDPR) from the users or their contacts (data subjects), because no address-book data is transmitted.
Can be used without requiring a contract or instructions from any controller (organisation), because no additional third party will process the E-Mail related personal data.
Creates no additional information requirements for the controller towards direct or indirect data subjects regarding any collection of address-book-data, article 13, 14 GDPR.
Needs no data protection impact assessment to be carried out for Delta Chat (Article 35 GDPR), because it processes no particular additional data beyond E-Mail messenging.
Adding Delta Chat’s privacy measures to the record of processing activities can have a positive impact on eventual evidence documentation, (article 30 GDPR) as well as on the data protection certification process, Article 25 (3), 42 GDPR.
The record of processing activities linked to the messenger-communication is reduced to identifying the email-providers and recording their activities, Article 30 (2) GDPR.
Remaining risks to the rights and freedoms of natural persons are generally also limited to the communication data processed by the controller and the email providers.
This statement reflects the General Data Protection Regulation (GDPR) as of 16.05.2018.
If you share your location in a chat, this location data is treated like other messages. Delta Chat will use your location data to display your locations to the other members of the chat.
Location data is collected even when the app is closed or not in use – for as long as you keep this optional feature activated.
Status: January 21, 2020
At Delta.Chat, we make sure that not only our messenger but also the Delta.Chat website is in compliance with the European General Data Protection Regulation (2016/679). Therefore, we minimise the processing of your data to the minimum necessary (Privacy by Design).
The Delta.chat website does not use own or third party cookies, website analytics services, third party advertising and marketing services or the use of social media plug-ins. Data processing is limited to voluntary e-mail contact.
The person responsible for the data processing of this site in terms of the DSGVO and other national data protection laws of the member states as well as other data protection regulations is
Merlinux GmbH Reichgrafen Str. 20 79102 Freiburg
Your contact address for privacy issues at Delta.Chat:
When voluntarily subscribing to the Delta mailing lists, your email address from the input mask, the IP address of the calling computer, date and time of registration are transmitted. The processing of this data is solely for the purpose of processing the contacts and the delivery of the public community communication. As usual with open source projects, the shared messages can also be found in public archives. The legal basis for processing with consent is Art. 6 I lit. a GDPR. The user’s e-mail address is only stored as long as the subscription to the e-mail list is active. By unsubscribing from any mailing list, a revocation of consent is possible.
You can request information from Delta.Chat about whether and how your data is processed by us. You have the right to object to the processing, which takes place on the basis of art. 6 I lit.e or lit.f GDPR. If the processing is incorrect or incomplete, you have the right to rectification/completion, cancellation and, if necessary, restriction of the processing. You can revoke the declaration of consent of the mailing list at any time. You have the right to receive the data in a structured common and machine-readable format and the right to complain to a supervisory authority.
We reserve the right to update the present data protection regulations in view of the constantly changing legal and technical situation.