let's open it logo

Legal Stuff

Thanks for surfing by, this page containts our

If you have any questions or concerns, please get in touch with us. The Imprint, Terms & Conditions, and Data Protection Policy are currently valid, status 2022-08-16. You can always access the current version here. We regularly check it for content, legal and technical changes. We do changes as required. We highlight significant changes in our changelog below. Please check this website regularly.
We also keep a log of product changes, you can find it here: letsopen.it's product changelog. We will consider your continued use of our services as consent.

Legal Changelog

  • 2022/08/16: Clarification on when we log the IP address, added link to the product changelog
  • 2022/07/07: Clarification on how long we store IP addresses
  • 2022/06/23: Clarification Sec. 5 German Telemedia Act (TMG) and Sec. 55, para. 2 German Federal Broadcasting Agreement (RstV)
  • 2022/05/19: Typos and clarification, external references
  • 2022/05/10: Initial draft


Information provided according to Sec. 5 German Telemedia Act (TMG)

Florian Rienhardt
c/o Grosch Postflex #2355
Emsdettener Str. 10
48268 Greven


E-mail: hello@letsopen.it

Phone: +49 177 5 37 38 38

EU Dispute Resolution:

The European Commission provides a platform for online dispute resolution, you can open it here.

You can find our e-mail address in the imprint above.

Consumer dispute resolution/universal arbitration

We are not willing nor obliged to participate in dispute resolution proceedings in front of a consumer arbitration board.

Responsible for contents acc. to Sec. 55, para. 2 German Federal Broadcasting Agreement (RstV):

Florian Rienhardt, address see above. As a service provider, we are responsible for our own content on these pages in accordance with § 7 para.1 TMG under general German laws. According to §§ 8 to 10 TMG, we are not obligated as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.

Obligations to remove or block the use of information according to general German laws remain unaffected. However, liability in this regard is only possible from the point in time at which a concrete infringement becomes known. If we become aware of any infringements, we will remove the relevant content immediately.

Liability for links

We may reference (link) to external web pages operated by third parties. These linked web pages were checked for possible legal violations at the time of linking. Illegal contents were not recognizable at the time of linking. We have no influence on linked, external contents. Therefore, we cannot assume any liability for these contents. We cannot check linked external web pages without any concrete evidence of violation continuously. If we become aware of any infringements, we will remove such links immediately.


The content provided at https://letsopen.it is subject to German copyright law. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require prior written consent. Downloads and Copies are only permitted for documentation and testing the provided services.

If content at https://letsopen.it was created by third parties, the copyrights of third parties are respected. In particular such content is marked as such.

Should you become aware of any copyright infringement, please inform us. We will remove such content immediately.

Symbols, logos, or names might be registered trademarks. The trademark owner can be an individual, business organization, or any legal entity. Any rights of used trademarks is reserved by their owners.

References and Licenses

Terms & Conditions


§ 1 Definitions

For the Terms the following definitions shall apply:

  • "Operator", "We", "Us" means "https://letsopen.it", represented by an individual consultant: Florian Rienhardt. Address see Imprint above.
  • "Customer", "You" means any customer that is a business operating in any form, including a sole proprietorship. Sales to a non-profit organization, to a trust, to any government, or to an agency or instrumentality of that government are treated as sales to a business customer and must be assigned consistent with the rules for those sales. Customer shall be 18 years or older. Any Customer shall be capable of forming a binding contract with Operator and is not barred from using them under applicable law.
  • "Customer Computer" means any computer system, and connected storage systems, Customer uses to access our Service.
  • "Non-Customer" means any natural or legal person or any other association of persons, and any public special fund that is not "Customer".
  • "Everyone" means "Customer" and "Non-Customer".
  • "Documents", "Submitted Content" means any typical digital office document file: PDF, DOC/X, XLS/X, PPT/X, or such files archived in ZIP/7z a Customer submits to the Service.
  • "Server" means computers the Operator or sub contractors (all-inkl.com, contabo) run. Servers are connected to the internet and provide Service to Customer. Customer can access Service with Customer Computer. The servers processes data provided (uploaded) by Customer. After processing data, the Servers provide the processed data back to Customer as part of the Service.
  • "Service" is a collective term for services or software provided by Operator. Software includes any executable computer program, any provided digital service, or any related printed, electronic digital information that may accompany the Service provided by Operator. When Customer makes use of the Service, Customer shall upload Documents to a server the Operator runs. The server processes the uploaded Documents and converts them into Portable Document Format (PDF). Customer can then download the converted file as PDF or view the PDF in an browser-based viewer provided by Operator.
  • "Customer Data" means any personal or company-related data Customer provides (uploads) to Operator to make use of Service.
  • "Scope" of provided Service is an online service where Customer can upload Documents to convert them into sanitized PDF. The so sanitized PDF should be free from potentially harmful active content like scripting (Macros, JavaScript), so Customer can open converted file without worries.

By using Service, Customer agrees to be bound by Terms. If Customer does not agree to Terms, Customer shall not use Service.

If Customer is accessing and using Service on behalf of a company (such as your employer) or other legal entity, Customer represent and warrant that Customer has authority to bind that company or other legal entity to these Terms. Hence Customer will refer to that company or other legal entity.

Operator may modify the Terms at sole discretion. If Operator does so, Operator will let Customer know either by posting the modified Terms here or through other communications.

It is important that Customer reviews the Terms before using Service.

§ 2 Scope

This Terms apply to any Service and agreement between Customer and Operator. Operator explicitly contradicts other Terms. They are not subject and will not apply.

The agreement on behalf of this Terms shall be concluded for an indefinitely period. Customer rights under this agreement hold as long as they contain the Terms of this agreement. On any breach of contract caused by Customer, all the rights expire for Service.

All rights, title, and interest in and to the Service are and will remain the exclusive property of https://letsopen.it, Florian Rienhardt and its licensors. Nothing in these Terms should be construed as conferring by implication or otherwise any license or right under any copyright, patent, trade mark, or other intellectual property or proprietary interest of https://letsopen.it, Florian Rienhardt, its licensors or any third party. We reserve the right to remove any Submitted Content without prior notice and at our sole discretion.

Additionally, nothing in these Terms gives you a right to use any trademarks, logos or domain names related to the Service.

Any feedback, comments, or suggestions you may provide regarding the Service is entirely voluntary. We will be free to use such feedback, comments or suggestions as we see fit and without any obligation to you.

§ 3 Warranties and Liability

Operator makes no warranties, express or implied, regarding availability, processing speed, the fitness of Service for any particular purpose. Operator claims no liability for data loss or any other problems caused by use of Service and any digital output by Service.

A processed and sanitized Document (=output) by Service may still be dangerous and may be malicious. Any Customer shall use a malware scanner (anti virus), application control to protect Customer Computer in addition. Customer Computer shall be backup data frequently.

Operator is not responsible nor liable for all damages, losses and causes of action to Everyone's computer system or data and in no event will Operator, its officers, directors, employees or agents be responsible to Everybody for any consequential, incidental, or indirect damages (including damages for loss of business profits, business interruption, loss of business information and the like) arising out of the use or inability to use any Service provided by Operator, even if Operator has been advised of the possibility of such damages.

§ 4 Data Protection

We have taken appropriate technical and organizational precautions designed to ensure that personal data for which you are responsible is treated and handled in a confidential manner respecting sensitivity of the personal data.

We collect, processes, and uses personal data for which you are responsible pursuant to the provisions of the Data Protection Policy.

Upon your written notice to us that a submitted file is reasonably suspected of containing trade secrets or confidential information or personal data, then we, upon verification of the assertion, will delete the use and subsequent disclosure of such file in a way that is reasonably intended to maintain the confidentiality. Representing an exception to the above are items of information that are intended for publication and situations where you have agreed to the passing on of the information.

§ 5 Prices, Contract

Operator provides the Service at https://letsopen.it free of charge to Customer for test and demonstration purposes only. Customer has no claim for using the Service, nor any claim for quality of service (QoS) or fit. Operator may refuse or restrict Service at any time. Customer may use Service for up to 3 document files uploaded to Service within 24 hours.

Operator does not provide Customer support for the free Service.

Customers may request consulting and support as additional paid service. Operator may provide private cloud instances of Service for an additional fee. The fee depends on requirements by Customer. Customer must request a quotation for this purpose.

The contracting parties conclude individual contracts for the services to be executed. For this purpose Operator submits an offer to the customer. This offer is non-binding, unless Operator has expressly stated or confirmed it as binding in writing.

The order of the customer based on the non-binding offer by Operator constitutes a legal application according to § 145 BGB (German Civil Code).

The individual contract is deemed concluded by the declaration of acceptance of the customer's order by Operator in writing on the basis of these Terms as well as the description of services, including any additional agreements made in writing.

All indicated prices are final prices in Euro (EUR, €), no specified VAT. Tax-exempt regarding German code § 19, Abs. 1 UStG. All prices given and invoiced are exempt from value-added tax according to Art. 19(1) of the German VAT code (UStG). A consultant day includes 8 hours. Rate per 60 minutes is 110.00 EUR. Travel expenses are charged extra, depending on the distance to Customer. Remote work is preferred. Customer shall contact Operator for a quotation and modalities. A contract is concluded when Operator and Customer agree on defined deliverables, delivery terms, acceptance conditions, rights to withdraw from the contract, costs, payment modalities and any additional contractual framework.

There is no right to conclude a contract by Customer. Operator can refuse requests without giving any reason.

§ 6 Governing Law

Any claim relating Operator and Service shall be governed by the laws of Germany without regard to its conflict of law provisions.

§ 7 Severability clause

If any provision in this Terms is held invalid or unenforceable by a body of competent jurisdiction in Germany, such provision will be construed, limited or, if necessary, severed to the extent necessary to eliminate such invalidity or unenforceability. The parties agree to negotiate in good faith a valid, enforceable substitute provision that shall most nearly effects the parties’ original intent in entering into this Agreement or to provide an equitable adjustment in the event no such provision can be added. Please note that the other provisions of this Agreement will remain in effect.

Data Protection Policy

With this data protection declaration we would like to inform you about which personal data we collect, store and process. If you have any questions or wish to exercise your right of revocation or objection, simply send an e-mail to hello@letsopen.it. Please refer GDPR (DS-GVO) in the subject of the e-mail.

§ 1 Scope

  • Website https://letsopen.it and provided Service
  • E-mail
  • Phone
  • Post mail

§ 2 Name and contact details

§ 2.1 Person responsible for processing data

Florian Rienhardt
Address see Imprint from above.

§ 2.2 Name and address of the State Commissioner for Data Protection of North Rhine-Westphalia

To facilitate your right to officially complain and report, here is the contact point of the State Commissioner for Data Protection of North Rhine-Westphalia.

State Commissioner for Data Protection of North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf

Phone: +49 211 38 424 0
Fax: +49 211 38 424 10
E-mail: poststelle@ldi.nrw.de

§ 3 Collection and storage of personal data

§ 3.1 Visiting the website and using our service

When you visit the website https://letsopen.it your browser automatically sends information to the server responsible for this website. This information is stored in a log file for a maximum of 7 days. The following information is collected without you doing anything and stored until automatically deleted:

  • Anonymized IP address of the requesting computer. The last two digits of the IP address are set to zero (xxx.yyy.0.0),
  • Date and time of access,
  • Name and URL of the accessed file,
  • website from which your access occurred (so-called referrer URL), browser used and, if applicable, the operating system of your computer (so-called user agent),

The above data is processed for the following purposes:

The web server needs your IP address so that it can send content to your browser. In order to be able to offer the website for as many browser versions as possible, we analyze the user agent in order to optimize the website. To determine the load and attacks on the server, we store the source IP address, number and frequency of requests to the server. We only store the first two bytes of the IP address. We delete the logged data after 7 days. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. In no case do we use the collected data to draw conclusions about your person.

If you make use of the service and upload a document file to be sanitized, the following information is collected:

  • Your IP address
  • The uploaded file: it will be processed on our servers and the result is kept online for you to download within one hour.
  • If you opt in to share an uploaded file: The uploaded file will be saved for further analysis. We might extract information/intelligence as an indicator of compromise (IOC) and then delete the shared file.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. The above data is processed to provide the service of converting a given document file into a sanitized document file into Portable Document Format (PDF). The original file will be deleted immediately after conversion finishes. If we cannot convert a file, the file will also be deleted immediately. The converted PDF file will be deleted one hour after creation. The server logs the IP address of the user uploading any file to limit the number of uploads a user can perform per day. If the user exceeds the limit of uploads, he or she will not be able to convert files for 24 hours. Any further attempt will be blocked by this IP and no data is stored on the server. The limit of uploads depends on the load the server has to handle. The value ranges between 5 and 30 uploads per day. The server also logs an IP address if it encounters malign usage. Malign usage is:

  • trying to exploit the API with malformed input (parameter pollution/poisoning, brute force)
  • absuing the API with manipulated parameters
  • huge amount of requests per second, not possible by any human

Any such logged IP address is deleted after 24 hours.

If you opt in for sharing the document for IOC creation, the file will be deleted after an IOC was created. Sharing for IOC means that we store your document file in a collection and do not immediately delete it after conversion. We analyze your document file to learn more about malicious documents. The file will be deleted at least after 7 days you have uploaded it. No matter whether an IOC could be created or not.

Order data processing by ALL-INKL.COM

The website and server for e-mail is processed on servers by the company ALL-INKL.COM. ALL-INKL.COM operates the websites defined in the scope of application on our behalf of us and ensures that the data collected is only accessible to us as the client. We guarantee the rights of the data subjects accordingly. There is a contract for commissioned data processing in compliance with the DS-GVO between us and ALL-INKL.COM.

The operating company is

main street 68
02742 Friedersdorf
Phone: +49 35872 353 10
Fax: +49 35872 353 30
E-mail: info@all-inkl.com

The current version of the privacy policy of ALL-INKL.COM can be found here.

Order data processing by Contabo GmBH

When you upload document files to our web server, the server processes these document files. For this purpose, it transmits the document files to a server (conversion server). The conversion server converts your submitted document file into Portable Document Format (PDF). After conversion, the conversion server sends the converted file back to the web server. The transmission of all files is TLS/SSL encrypted. The data collection and further processing is carried out according to Art. 6 para. 1 p. 1 lit. a DS-GVO. The storage period and use of the collected (possibly personal) data is determined by the purpose.

After conversion, you can download the converted file from the web server. The converted file remains on our web server for a maximum of 1 hour, then the file is automatically deleted.

The conversion server runs in Random Access Memory (RAM) only.We make use of virtualization to render and convert document files on a readonly in-memory disposable operating system. After conversion finishes, this operating system is wiped from memory. This ensures security and data protection by design.

The conversion servers are operated by the company Contabo GmbH on our behalf os us. We and Contabo GmbH ensure that your provided data is only accessible to us. We guarantee the rights of the data subjects accordingly. There is a contract for commissioned data processing in compliance with the DS-GVO between us and Contabo GmbH.

The operating company is

Contabo GmbH
Aschauer Street 32a
81549 Munich
Phone: +49 89 3564717 71
Fax: +49 89 216 658 62
E-mail: info@contabo.com

The current version of Contabo GmbH's privacy policy can be found here.

§ 3.2 Sharing files

When you choose to use the service we provide, you upload document files to our web server. Before uploading a document file, you may choose to share the document file with us for IOC. This is a voluntary option. You do not have to share a document file for IOC to use our service. Sharing for IOC means that we store your document file in a collection and do not immediately delete it after conversion. The data collection and further processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO.

We analyze your document file to learn more about malicious documents. The analysis includes offline virus scanning, data type analysis, structure analysis and triage. Your document file will be processed exclusively on our IT systems. The intelligence gained in this process can help identify new attack methods and malicious code. We share these findings with partners (research and education, antivirus vendors, threat intelligence). We do not share the document files you have uploaded, but so-called Indicator Of Compromise (IOC). Indicator of Compromise (IOC) are characteristics and data that indicate an attack. These are data fragments of the uploaded document file that classify malicious content. These can be checksums (hash values), IP addresses, URLs, or script code. We check these IOCs for personal data to ensure that they are not part of the IOC. After we have created an IOC, we delete the original document file.

You can revoke consent at any time. We will then immediately delete the document file from the collection. To do so, send us an e-mail with the SHA-256 checksum of the document file you have uploaded.

Please note: Technically we cannot delete an IOC that has been shared with partners.

§ 3.4 Contact by e-mail / form

If you send an e-mail to us, the (personal) data you transmit is automatically processed and stored on a mail server. If you send us a message via the contact form, the data entered in the form will be transmitted to us as an e-mail. The data collection and further processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. The storage period and use of the collected (possibly personal) data is determined by the purpose. The provision of personal (personal) data is voluntary. We inform the data subject(s) about the use, storage period and deletion.

§ 3.5 Contact by telephone

If you call us, the (personal) data you provide may be stored automatically. The data collection and further processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. The storage period and use of the collected (personal) data is determined by the purpose. If we collect personal data, we will inform you about the use, storage period and deletion.

§ 3.6 Contact by mail

If you contact us by mail, your letter will be digitized and processed and stored in our IT systems. The data collection and further processing is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. The storage period and use of the collected (possibly personal) data is determined by the purpose. The provision of personal (personal) data is voluntary. We inform the data subject(s) about the use, storage period and deletion.

Order data processing by Grosch Postflex

Data will be processed by Grosch Postflex. Grosch Postflex works on our behalf and ensures that the collected data is only accessible to us as the client. We guarantee the data subject rights accordingly extensively. There is a contract for commissioned data processing in compliance with the DS-GVO between us and Grosch Postflex.

The operating company is

Grosch Postflex
Emsdettener Str. 10
48268 Greven
Phone: +49 2571 87300 80
E-Mail: info@adress-schutz.de

The current version of Grosch Postflex's privacy policy can be found here.

§ 4 passing on of data

We do not pass on your personal data unless:

  • you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DS-GVO,
  • the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • that there is a legal obligation for the disclosure according to Art. 6 para. 1 p. 1 lit. c DS-GVO, as well as
  • this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DS-GVO.

§ 5 Data Subject Rights

You have the right:

  • pursuant to Art. 15 DS-GVO to request information about your personal data processed by us,
  • pursuant to Art. 16 DS-GVO, to demand a correction or completion of your personal data stored by us;
  • pursuant to Art. 17 DS-GVO, to request the deletion of your personal data stored by us. This is not possible if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • pursuant to Art. 18 DS-GVO, to request the restriction of the processing of your personal data.
  • pursuant to Art. 20 DS-GVO to receive your personal data that you have provided to us in a commonly used format or to request the transfer to another controller; in accordance with Art. 7 (3) DS-GVO, to revoke your consent once given at any time. In accordance with Art. 77 DS-GVO, to complain to a supervisory authority.

§ 6 Right of Objection

If your personal data is processed pursuant to Art. 6 (1) p. 1 lit. f DS-GVO, you have the right to object to the processing pursuant to Art. 21 DS-GVO. This is possible if there are reasons for doing so that arise from your particular situation.

§ 7 Data Security

The web server uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) to secure the communication between your browser and our server according to the state of the art. So-called end-to-end encryption. We use security measures to protect data transmitted to us against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. If we process your data on our computers, we use VeraCrypt with the option AES-256, HMAC-SHA-512 or 7-ZIP with AES-256 for encryption.

§ 8 Links to external websites

There may be links to external websites. If you access external sites through links on our website, the operators of those websites can track that you came to their site from our website. However, only the operator of linked website collects this information. For more information, please read the privacy policy of the other website.