GSMK takes the privacy and security of your personal data seriously. This privacy policy explains how we collect, use and share information about you, as well as the choices you have with respect to that information. Throughout this Privacy Policy we have referred to our website, products, and services collectively as “Products and Services”.

Who are we?

GSMK Gesellschaft fuer Sichere Mobile Kommunikation mbH (“GSMK”) is a communications security specialist registered at the district court of Berlin-Charlottenburg, Germany, under company number HR B 89497. Our registered office is at Marienstrasse 11, 10117 Berlin, Germany.

If you have any questions about this Privacy Policy, or if you need to contact us about your personal data (including amending and deleting it), you can contact us by:

  • Using the contact form on our web site
  • E-mailing the data protection officer at office(at)
  • Writing to us at the registered address above
  • Telephone on +49 30 24625000

When and why do we need your personal data?

GSMK does not collect any personal data when you browse the CryptoPhone web site. We also do not use any cookies on this web site.

When we provide our Products and Services to you, we may however need to collect and use certain information in order to be able to provide those Products and Services efficiently and effectively. That information may include your personal data, but we will ensure that we only collect what is necessary for the purpose of delivering that Product or Service.

What information may we collect about you and what is it used for?

We will collect the following information about you for the purpose of providing each of these Products and Services to you:

  • If you place an order with us for our Products or Services, we will collect contact information (such as name, e-mail address, phone number, billing and shipping address) and payment information. Our legal basis for doing so is for completing our contractual obligations to you and for our legitimate interests in properly providing the relevant Product or Service to you.
  • If you use the contact form on our website, or send us an e-mail, we will collect personal data such as name, email address, and GPG/PGP public key for the purpose of contacting you by email to respond to you. Our legal basis for collecting this information is for our legitimate interests in the proper administration of our website and business, and communications with users.
  • If you ask to be included in one of our mailing lists, we will collect your email address for the purpose of providing those Products and Services to you. Our legal basis for collecting this information is that we have your consent for this purpose, and you can withdraw your consent at any time by contacting us as described above.
  • If you hand us your business card (for example, at a trade show), we will store your contact details in our electronic database and (unless you specified a different purpose, in which case they will be used for that purpose only) we may use them to contact you about our Products and Services unless you tell us otherwise. Our legal basis for doing so is for our legitimate interests in resuming business communications with you.

Except where you have ordered or have entered into a separate contract with us to provide our Products and Services, you are under no legal or contractual obligation to provide your personal data to us and it is entirely at your discretion. However, if you choose not to we may be unable to provide the relevant Product or Service to you.

Will we share the information with anyone else?

GSMK will never sell your personal information. We only share your information with others in the limited circumstances detailed below. Any third parties engaged by us to process your data or provide Products and Services on our behalf are subject to obligations to protect the privacy of your information as required under this Privacy Policy:

  • To our group companies and independent contractors: We may disclose your information to our group companies and individuals who are our independent contractors that need to know the information in order to help us provide our Products and Services to you.
  • To our third party suppliers: We may share your information with our third party suppliers who need to know the information in order to provide their services to us and yourself. This includes courier services and logistics companies tasked with delivering our products to you as well as our professional advisors (such as our accountants and lawyers).
  • As required by law: We may be required to disclose your information to comply with a legal obligation, under a court order, or other statutory or governmental request.
  • Business transfers: We may disclose your information to a third party in connection with any merger, acquisition, or sale of company assets.
  • With your consent: We may share and disclose your information with your consent (for example, when you ask us to introduce you to third parties for some of your non-CryptoPhone related security needs).

Where we disclose your information as detailed above to a third country (outside of the European Union) or international organization, we will only do so where appropriate safeguards are in place, as determined by the European Commission. Further details can be obtained by contacting the Data Protection Officer.

What are my rights regarding my personal data?

As a data subject, you have certain rights with respect to the personal data that you have provided to us:

  • The right to request a copy of the information that we hold about you
  • The right to request that we correct any personal data that we hold about you which is inaccurate or incomplete
  • In specific circumstances, you can ask for the personal data that we hold to be deleted
  • Where specific conditions apply, the right to restrict the processing of your personal data
  • The right of data portability when transferring your personal data to another organisation
  • The right to object to certain types of processing (including automated processing)
  • The right to complain to the Supervisory Authority (which in the State of Berlin is the Berliner Beauftragte fuer Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin, Germany)

Further details of your rights can be obtained by visiting the Supervisory Authority’s web site. Where you make a request based on the above, any third parties involved in the processing of your personal data may be informed of those requests. If you wish to exercise any of your data subject rights, please contact us using the details above.

How we will protect information about you

We do our utmost to protect your privacy. We do so by taking appropriate technical and organizational measures to protect your personal data to ensure that it is collected, processed and retained in accordance with our own high standards and our legal obligations. You will not be surprised to hear that we have implemented security systems and procedures to protect your information from unauthorized disclosure, loss, misuse, or destruction. However, where you submit your personal data via unencrypted e-mail, you acknowledge that this information can be intercepted by third parties while in transit, hence bear in mind that GSMK cannot control or prevent the use or misuse of such information that was sent unencrypted over the Internet by others.


If you wish to complain about how GSMK processes your personal data, or how a personal data complaint has been managed, you can complain directly to the Berliner Beauftragte fuer Datenschutz und Informationsfreiheit as the competent Supervisory Authority at the address listed above.

Amendment to this Privacy Policy

We may update this Privacy Policy from time to time by publishing a new version on our web site. You should check this page from time to time to ensure that you are happy with any changes we have made. We may also notify you of changes to this Privacy Policy by e-mail.