Service description fileee Conversations for fileee Conversations customers

The services of fileee Conversations result from this service description and the selected fileee Conversations package(www.fileee.com/conversations/pricing). 

A large part of the services is also documented in the fileee Conversations knowledge base. The knowledge database is part of fileee Conversation Support and can be accessed at www.fileee.com/conversations/support. 

fileee also relies on third-party products for the provision of services. Additional provisions apply to the following services.

For the digital signature, fileee relies on the solutions of the company iS2 Intelligent Solution Services AG. fileee has concluded a corresponding contract with iS2. The product inSign is used.

"The scope of functions covers so-called "simple" and "advanced" signatures (according to eIDAS) as standard. By means of optional data interfaces to third-party providers, "qualified" signatures and (video) identifications can also be seamlessly integrated into the process.

Digitally signed documents contain encrypted biometric signature data. fileee has decided to deposit the necessary keys for decryption with a notary. The notary is an independent authority in the sense of BiPRO standard 262. The fileee customer can only make use of the decryption subject to the following restrictions:

• Decryption of data records is only permissible if the authenticity of the stored signature is disputed in a case and is relevant to the decision in a legal dispute.
• The fileee customer shall notify fileee of the intended decryption of a data set in writing with a reasonable period of notice in advance and shall substantiate the reason for decryption.
• The fileee customer shall indemnify fileee against all costs incurred in connection with the decryption, in particular the costs of the custodian and decrypting notary, and shall reimburse fileee for any costs incurred against proof.

For digital identification, fileee relies on the solutions of the company Nect GmbH. fileee has agreed a corresponding contract with Nect for this purpose. The product Selfie-Ident is used.

"Nect GmbH offers digital identity verification based on a self-recording ("selfie video") and a recording of an identity document. The solution ensures the real-time of the recording, the authenticity of the ID document and the legitimacy as well as the vitality of the owner by using state-of-the-art technology and own research results fully automatically and remotely. The service is provided independently, i.e. as a service provider, Nect is itself responsible for data protection and is not a processor dependent on instructions according to Art. 28 DSGVO. Thus, the separate conclusion of an Art. 28 agreement is not regularly foreseen."

A detailed product and service description of Nect's Selfie-Ident product can be provided upon request.

fileee uses the services of an external data centre to provide its services. A description of the technical environment in the data centre and the relevant security precautions can be found in the chapterSecurity and Data Protection Provisions. The basic availability of the system is 24/7. No scheduled maintenance work is carried out within the core operating hours. In exceptional situations, however, important maintenance work that cannot be postponed may be carried out on the software. 

fileee provides the services within the scope of granting access to or via the Internet with an availability of 99% within the core operating hours. The availability is calculated on the basis of the time allotted to the respective calendar month in the contractual period minus the agreed maintenance times; the availability measured at the transfer point in accordance with fileee Conversations AGB § 4.1 is decisive. The core operating hours for fileee Conversations are weekdays, 09:00 - 17:00. The times between 08:00 - 09:00 and 17:00 - 20:00 on weekdays are defined as marginal operating times. The rest of the time is defined as off-peak hours

fileee strives to reduce maintenance times to a minimum. This is possible in most cases due to the use of microservice architecture and the deployment of containers. Planned larger maintenance windows (>1h) will therefore always be carried out by fileee outside of core operating hours and the customers will be informed of this. In order to avert imminent threats to the security of the customer's infrastructure or the data centre as a whole, fileee is also entitled to carry out maintenance work without prior consultation with the customer; in these cases, fileee will inform the customer immediately about the expected downtime. 

All data is stored redundantly several times. Several hard disks or even entire servers can fail without data loss. In addition, backups are created every 3 days, of which 2 copies are always kept until the next scheduled backup. The re-transfer of the backed-up contents only happens in the event of an error in the software that has led to the alteration or deletion of the data.

The cloud service provided by fileee is operated in a data centre in accordance with the strictest current security regulations. Essential preliminary services for the fileee product and fileee Conversations are provided by data centre operators. These are the companies Telekom Deutschland GmbH and iNNOVO Cloud GmbH with a data centre location in Germany. The data centres have the relevant certificates (ISO 27001) and have successfully completed audits. A complete list of contractors for data centre services for fileee can be found in the contract for commissioned processing.

fileee assures fileee Conversations customers of compliance with technical organisational measures (TOM). The TOMs are part of the order data agreement and an important component for compliance with the GDPR. This makes the use of fileee Conversations particularly suitable with regard to the GDPR, which prescribes very strict security mechanisms for providers.

To ensure network security, existing precautions of the data centre such as firewalls can be used. Furthermore, remote administration takes place exclusively in encrypted form (SSL, VPN, SSH).
The functionalities of fileee Conversations are distributed in individual services in order to guarantee a high degree of fail-safety. Furthermore, container technology is used. The container only runs with the minimum required rights and is used exclusively for the operation of a service. These measures also ensure high scalability.

Data to the end devices of the respective user are transmitted exclusively in encrypted form using SSL. The HTTPS protocol is used here.

fileee encrypts its customers' data with hybrid encryption to technically exclude the use of customer data. For this purpose, all documents are directly encrypted with a symmetric (AES 256 bit) key, which in turn is encrypted with an asymmetric (RSA 2048 bit) key (key encapsulation). The symmetric key for decrypting the documents is only available to fileee during pre-processing (OCR, analysis) or when the user accesses the documents. Further information on encryption can be found here: www.fileee.com/sicherheit

Mobile clients can use OAuth 2.0 to gain permanent access to fileee without having to store a password on the end device. Furthermore, an additional mobile passcode can be assigned, which is required when opening the app. Instead of a passcode, fingerprint protection/FaceID is also offered, if supported by the end device.

According to the terms of use, fileee guarantees its own end customers far-reaching data protection and security standards as well as strict confidentiality of the data. Detailed information can be found in the fileee GTC(www.fileee.com/agb). These take effect when the customer creates a (free) fileee account and thus establishes a contract with fileee.

Within fileee, only data intended for the end customer or voluntarily provided to the respective company will be processed. Data that is to be shared is therefore initially in the customer's sphere of control and is then shared by the customer.
This can be explained using the example of a claims process between the end customer and the insurer. In the context of a claims process, the notice of claim, a declaration of acceptance of the claim or any attached photos/documents are available within the platform. What is not available, however, is the sensitive internal insurance information from an inventory management system or internal notes. In this sense, fileee does not behave any differently under the focus of data ownership than a classic communication channel such as a letter. In terms of security (e.g. encryption), reliability (e.g. availability) and timeliness (e.g. speed), the fileee communication channel is far superior to the letter. 

The specific data processed, which is transferred from the company to fileee, is defined in an order agreement between the partner company and fileee.

During the term of the partner company's contract with fileee, fileee generally takes over the unlimited storage of Conversations created by or addressed to the company.
In addition, the temporal availability (storage) of conversations can be organised by the company itself. Depending on access rights, participants in a business process can also delete it. Deletion concepts can also be used depending on the type of business process (e.g. after 30 days, at the request of an end customer, etc.). If the end customer has an (optional) fileee account, he will always receive a copy for his own use when the fileee process is deleted by the company. 

Access to conversations and thus also to the data they contain can be defined by the creator of the process. There are a variety of rights assignment options (read, edit, delete, add new participants, etc.). For example, a fileee process can also be used to map an electronic mailbox (unchangeability of messages, no access to the mailbox by the sender, exit strategy on termination of contract). 

fileee will delete the existing customer data (in particular Conversations) 14 days after the data has been handed over to the Partner Company in connection with the termination of the contract or, in the absence of such a request, without such a handover, unless the Partner Company notifies fileee within this period that the data handed over to it is not readable or complete. Failure to notify the partner company shall be deemed as consent to the deletion of the data. fileee shall specifically inform the partner company of the significance of its conduct at the time of the termination of the contract and, if applicable, again when the data is transferred.

fileee provides the customer with support for technical questions and error messages. The support services depend on the booked fileee Conversations package. 

The support serves to assist the customer in all matters related to the use of the service of fileee, in particular error messages. Customer enquiries to the support will be processed in the order in which they are received, irrespective of any agreed response times. 

Support is available on weekdays, excluding public holidays, during our local business hours. Local business hours are 9.00 - 17.00 in the respective time zone. 

fileee provides the customer with a support portal at www.fileee.com/conversations/support. Support can also be reached at conversations@fileee.com. Telephone support is currently only offered for reporting errors of error class 1 (see 6.5) at +49 251 323 68 309.

Error messages are reported and processed as follows: 

1. The customer reports a detected malfunction of fileee Conversations by e-mail or via the ticket system. The most detailed information possible is required for processing:
   a. Description of the malfunction (incl. screenshot/video, if useful)
   b. How can the malfunction be reproduced?
   c. When did the malfunction occur?
   d. Affected user (e-mail address / user ID)
   e. Does the malfunction occur in a fileee conversation? Conversation ID
   f. On which system does the malfunction occur? (test or production)
   g. On which platform does the malfunction occur? (Webapp/iOS/Android)
   h. For mobile apps, please state the app version (Settings > Account > App version (at the bottom)).
2. fileee confirms receipt of the error message and, in consultation with the customer, attempts to reproduce the displayed error on its premises and to identify the source of the error. 
3. After determining the cause of the displayed error message, fileee informs the customer of the results achieved and the further course of action is jointly agreed.

Errors that occur are classified by mutual agreement between the parties (if organisational measures to circumvent the error are effective, this does not change the error class). If the parties cannot reach a mutual agreement on the classification of an error, fileee will decide on the classification of the error, taking into account the legitimate interests of the client.

Error class 1:
An error that prevents operation is present if the use of fileee Conversations is impossible, for example, due to malfunctions, incorrect work results or response times, i.e. the system is completely unusable or 100% of the clients are affected by the error and the error occurs several times an hour or permanently with all affected clients.

Error class 2:
An operationally disruptive error is present if the use of fileee Conversaitons is only possible to a very limited extent and the malfunction cannot be circumvented by reasonable organisational measures. This error class is present if the error occurs in at least more than 30% of the clients and the error occurs several times a day in all affected clients. 

Error class 3:
An operationally disruptive error is present if the use of fileee Conversations is only possible to a limited extent and the malfunction cannot be circumvented by reasonable organisational measures. This error class exists if the error occurs in at least 10% of the clients or if the error occurs at least five times a day in all affected clients and the occurrence of the error impairs the operational work (not if administration or reporting is impaired). 

Error class 4:
A minor error is present in the case of other impairments or impairments that can be circumvented by a workaround. Suggestions for new functions of fileee Conversations and suggestions for improvement are not errors, but are accepted like error messages of error class 4. 

The response time: Response time is the period of time from the receipt of the message to the start of error correction with the first status message to the reporting customer. 

Defect class 1:
Defects are corrected with a reaction time of maximum 1 hour, if possible within 4 hours after their reproducibility at fileee. The customer is aware that with such a short response time, the usual QA measures cannot be applied. Therefore, the customer will receive a HotFix fragment for an error of this error class. The customer's duty to cooperate is to check the elimination of the error by fileee after receipt of the HotFix fragment and to test the functions considered essential by the customer before the HotFix fragment goes live. 

Error class 2:
Errors are included in the next maintenance release (1-2 times per month) with a reaction time of maximum 2 hours, if possible, within 5 working days after their reproducibility at fileee and are imported within the then next scheduled maintenance window.

Error class 3:
Errors will be corrected with a reaction time of maximum 2 working days within the next fileee rule release and imported within the then next scheduled maintenance window for a rule release (1 time per month).

Error class 4:
Messages will be processed without any claim to specific reaction and processing times and will be included in the next maintenance window according to effort. The adjustment must be released at least 3 days before the maintenance window so that it can still be taken into account in the maintenance window. 

If the malfunction reported by the customer cannot be determined at fileee or if it is due to incorrect operation by the customer or to circumstances that are not within fileee's area of responsibility, fileee can demand compensation from the customer in accordance with the applicable legal regulations, i.e. expenses incurred will be invoiced to the customer in accordance with the applicable support conditions.

The fileee support is designed for troubleshooting. The following contents are therefore not part of the support:

• Support in the development of user-specific adaptations
• Assistance with non-service applications, services or technologies, including the implementation, management or use of third party technologies such as databases, browsers, firewalls, computer networks or communication systems
• Assistance with any type of third party application, whether created by us, the Client or a third party, or assistance with the installation or configuration of hardware, including computers, hard drives, networks or printers.
• Perform any kind of configuration of your account

If the customer requires support from fileee that goes beyond the support services offered, fileee will review the request and, if possible, offer a quote for Professional Services.