European Privacy Seal for DRACOON GmbH

Recertification: 03/2018 

DRACOON GmbH proved that its IT product and IT-based service "DRACOON" complies with EU data protection law. DRACOON is a web-based, virtual data space which can be used for uploads, downloads, storage, management and transmission of data. Providing the service, DRACOON GmbH processes customer data in line with EU data protection law. Users of DRACOON are controllers in respect of personal data that may be uploaded to DRACOON. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet. Thus, they can be sure to comply with EU data protection law if they follow this guidance. 



This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.


(previously marketed as Secure Data Space)

Version: 4. (Subversion 4.5.0) - Function as provided in January 2018 

Qualification: IT product and IT-based service (processor service)

View the DRACOON V4 Certificate 

Version of Certification Criteria


Cert. No.



15/03/2018 - 31/03/2020

Recertification No. 1 (SDS v3.0): June 29, 2015

Initial certification (SDS v2.1) on April 28, 2015


11/2018 (O.K.)

07/2019 (O.K.)

Public report

2018 Short Public Report DRACOON v4 Image Image 

2015 Short Public Report SDS v3 Image Image


(previously traded under the name SSP Europe GmbH)
Galgenbergstrasse 2a
93053 Regensburg


DRACOON enables users to make use of secure encryption technology at the client side. A leaflet provides users with understandable information on how to use DRACOON in a data protection compliant manner.


Data that are uploaded to a data room by the user may contain personal data and even special categories of personal data. In this respect, the users of DRACOON are controllers whereas DRACOON GmbH acts as a processor on their behalf. This means that users of DRACOON must ensure that this processing of personal data complies with all relevant requirements of EU data protection law. Users are provided with detailed information on this topic in a data protection leaflet.


DRACOON is a web-based virtual data space which can be used for uploads, downloads, storage, management and transmission of data. DRACOON is designed for B2B relationships. It is accessible via

Depending on the individual usage scenario, data may qualify as personal data and even as special categories of personal data. Confidentiality of (personal) data can be ensured by means of encryption technology at the client side. DRACOON GmbH advises the users to choose this option when processing personal data by means of DRACOON in a data protection leaflet.


Recertification 03/2018:

The following changes have been made to the ToE since the previous recertification:

  • Directories can now be shared
  • Introduction of a recycle bin where old versions of files can be kept
  • The syslog entries can now optionally be sent to an audit system (e.g., Splunk - not part of the ToE)
  • E-mail addresses can be changed by the users
  • Customers’ accounts can be locked
  • Favorites: Files and folders can be tagged as favorites by users for quick access
  • Upload accounts can be password protected
  • Upload accounts and download links (with password protection) in encrypted rooms have been enabled
  • The Activity Log has been introduced, allowing authorized users to see, etc. which new files have been added in their data rooms
  • Granular rights concept and new roles
  • Sending release passwords via SMS
  • Drag and drop upload via the web interface
  • Sending note e-mails via the web interface

The results of the re-evaluation by the EuroPriSe experts demonstrated that DRACOON meets all applicable requirements of EuroPriSe's "GDPR-ready" criteria catalogue.  

Recertification 06/2015:

SDS v3.0 introduces the following improvements:

  • Implementation of JSON_REST_API Interface
  • Improvement of encryption functionalities
  • Improvement of provision of encrypted files
  • Increased length of share links
  • Improvement of authorisation concept

The following versions of SDS v3.0 are covered by the EuroPriSe certification:

  • Secure Data Space Online
  • Secure Data Space Dedicated
  • Secure Data Space Virtual Appliance

The ToE includes:

  • WebUI
  • JSON_REST_API Interface
  • SDS Server
  • Management database
  • Appropriatenes of technical and organisational measures at QSC data center
  • Legal interfaces (data protection relevant contracts) with QSC data center

The ToE does not include:

  • The use of SDS by means of smartphones and tablets
  • Mobile apps that enable users to make use of SDS
  • The operational environment
  • The hardware components that are located in the data center and the respective operating system
  • Licensing and sales processes of SSP Europe GmbH
  • The presentation of the company at
  • Any further services of SSP Europe GmbH

Technical Evaluator

Since recertification no. 2 (201803):

Alexey Testsov
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen

Until recertification no. 1 (201506):

Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen

Legal Evaluator

Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen

Formerly Certified Versions