Privacy Policy

With this privacy policy, we would like to inform you in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about how our company processes personal data when you use our online offers (hereinafter also referred to as "website") and other services and inform you about your rights. We process your personal data in compliance with the GDPR and all other applicable data protection regulations. This privacy policy uses the terminology of the GDPR. The terms used, such as "user", are to be understood as gender-neutral.

1. Controller and data protection officer
DokuMe GmbH
Subbelrather Str. 436c, 50825 Cologne
E-Mail: info@dokume.net

Contact details of the data protection officer: privacy@dokume.net

2. categories and origin of the data we process
We process personal data of visitors and users of our online offer (hereinafter we also refer to the data subjects collectively as "users") if you contact us via other channels and also if third parties provide us with this data.

2.1 Data that is collected when you visit our website
When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded in a server log file during an ongoing connection for communication between your Internet browser and our web server:

  • Visited domain
  • Date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer (possibly also internet provider)
  • Amount of data transferred
This data is not merged with other data sources.

2.2 Other processed data
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form or data that you provide to create a customer account.

In addition to the data collected when you visit our website, we also process inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. login status, access times), applicant data (e.g. CVs, job references), among other things and insofar as you provide us with this data.

2.3 Data that we receive from external sources
Third parties (e.g. companies, organizations, associations to which you belong) can create a user account for you via our online services. A confirmation message will be sent to the e-mail address provided. If the created account is not activated within 30 days by clicking on the link in the confirmation message, it will be automatically deleted. The following data is usually stored by third parties to create an account: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos).

  • for the security and presentation of our website (log files),
  • for the contact you have requested,
  • for the creation and use of user accounts,
  • for the performance or initiation of contracts with you,
  • for advertising purposes, and/or
  • for statistical evaluations and analysis of our services;
Your data is processed in accordance with the following legal bases: your consent in accordance with Art. 6 para. 1 lit. a GDPR or, if applicable, Art. 9 para. 2 lit. a GDPR, for the performance of a contract with you in accordance with Art. 6 para. 1 lit. b GDPR or, if applicable, Art. 9 para. 2 lit. b GDPR, for the fulfillment of legal obligations in accordance with Art. 6 para. 1 lit. c GDPR or for a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

In detail, we use your data for one or more of the following purposes and with the corresponding legal bases:

3.1 Security and presentation of our website
Every time our website is accessed, usage data is transmitted by the respective internet browser and stored in log files, the so-called server log files. The data records stored in this process are listed under point 2.1. These log file data records may be evaluated in order to protect our website against attacks, to find and rectify errors and to control the utilization of servers. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We reserve the right to check the log data if there is a justified suspicion of unlawful use based on concrete evidence.

Cookies and other technologies may be necessary for the complete and correct display of our website. Unless otherwise specified, the complete and correct presentation is a legitimate interest on our part in this data processing in accordance with Art. 6 para. 1 lit. f GDPR.

3.2. contact
If you contact us (e.g. via the contact form), we will save your details for processing the inquiry and in the event that follow-up questions arise.

If you wish to contact us, for example because you send us an e-mail message or write to us via a contact form, the legal basis is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the complete processing of your contact. Since you are contacting us, we assume that you have no interests that conflict with our processing of your request. If the contact is aimed at the conclusion of a contract or the fulfillment of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. If consent has been given, the legal basis for processing for contacting us is Art. 6 para. 1 lit. a GDPR or, if applicable, Art. 9 para. 2 lit. a GDPR.

3.3. Customer accounts
You can register for certain services offered on our website and thereby create a customer account or user profile. We process your personal data in order to provide you with our online services. For new registrations, we collect, among other things, master data (e.g. name, address), communication data (e.g. e-mail address) and access data (e.g. user name, password).

The processing of your customer account data takes place on the basis of the contractual relationship (or initiation) that you enter into with us, insofar as the data is required for the fulfillment (or conclusion) of the contract. The basis for this data processing is Art. 6 para. 1 lit. b GDPR. For other purposes, such as the use of specific apps and functionalities within our online platform, we process your personal data if we have your consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR). We will also inform you which personal data can be processed by an app or functionality.

3.4. Contracts
We process certain personal data when you conclude a contract with us or during the initiation of a contractual relationship and insofar as the correspondingly processed data is necessary for the execution or conclusion of the respective contract or the initiation of the contractual relationship. The basis for data processing in this case is Art. 6 para. 1 lit. b GDPR.

In the case of applications that do not lead to a contractual relationship, we have a legitimate interest, pursuant to Art. 6 para. 1 lit. f GDPR, in retaining the application data for a limited period of time in order to enforce our legal claims or defend ourselves against legal action.

3.5. Advertising purposes
We process your personal data for advertising purposes if we have your consent in accordance with Art. 6 para. 1 lit. a GDPR. This is the case, for example, if you subscribe to our newsletter (via a double opt-in procedure). The success of the newsletter is measured. The data you provide for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter with our newsletter dispatch provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. After you unsubscribe from the newsletter mailing list, your e-mail address may be stored by us or the newsletter mailing provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. You can revoke your consent to the storage and use of your data for sending the newsletter at any time. The revocation can be made via a link in the newsletter.

In a few cases, your personal data may be processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in advertising our products, for example if you are an existing customer of our company (see also Recital 47 GDPR and Section 7 UWG).

3.6 Statistical evaluation and analysis of our services
We process your personal data for the statistical evaluation and analysis of our website (e.g. via cookies and other technologies) and our services if we have your consent in accordance with Art. 6 para. 1 lit. a GDPR. Due to the necessity of bookkeeping, an indirect statistical evaluation of your personal data could occur due to a legal obligation (Art. 6 para. 1 lit. c GDPR). In addition, your data may be processed for the purpose of statistical evaluation of the key figures of our economic activity. This constitutes a legitimate interest of our company in accordance with Art. 6 para. 1 lit. f GDPR, as it enables us to carry out financial planning and allocate economic resources.

4. Legitimate interests
Unless otherwise stated in this privacy policy and if we base the processing of your personal data on legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, these are the protection against misuse, the enforcement of our legal claims, the adaptation and evaluation of our offer and the processing of inquiries that arise.

5. Recipients or categories of recipients of the personal data
When processing your data, we work together with service providers who have access to your data. Possible recipients of your personal data are (i) software companies that enable us to provide our services, help us to improve them and/or serve us for marketing purposes (for example, to manage newsletters); (ii) public bodies and administrations, insofar as we are legally obliged to do so; (iii) payment service providers; (iv) hosting providers; (v) service companies, such as tax consultants or accountants.

For the purpose of fulfilling the contract, we may also transfer your personal data to anyone to whom we assign rights arising from the contractual relationship with you.

Some of the recipients of the personal data that we process on our website and for our services are

Apple & Firebase Cloud Messaging
We use Apple and Firebase Cloud Messaging for our services. Personal data may be passed on in the process. We use these services to send push notifications to our customers.

https://policies.google.com/privacy?hl=de
https://www.apple.com/legal/privacy/en-ww/

Coconut
We offer our customers services from Coconut. Personal data may be passed on in the process. The services are used to edit videos, e.g. to make them smaller.

https://coconut.co/tos

Google Ireland Limited
We integrate Google services on our website and in our services in order to (i) integrate fonts. Personal data may be passed on to Google in the process. We use the aforementioned services to (i) offer a complete and appealing website (Google Fonts).

https://policies.google.com/privacy?hl=de

gridscale GmbH
We use the services of gridscale GmbH to host our website and online services. Personal data may be passed on in the process. We use the aforementioned services in order to be able to offer a website and platform.

https://gridscale.io/datenschutzcenter/datenschutzerklaerung/

Microsoft Azure
We use Blob Storage to offer our customers document storage. Your personal data is transmitted to Microsoft in the process. We use these services to improve our administration and collaboration processes and to offer a functional website.

https://privacy.microsoft.com/en-us/PrivacyStatement

Mailjet
We use Mailjet as our e-mail dispatch provider. After registration, your contact details will be passed on to our e-mail provider in order to contact you in connection with your user account or, if applicable, the newsletter.

https://www.mailjet.de/privacy-policy/

6. Transfer to third countries
Data is transferred to third countries outside the European Union or the European Economic Area. Information we collect from you may be processed in the United States or other third countries. Some third countries, such as the United States, have not currently received an adequacy decision from the European Union under Article 45 of the GDPR, which means that your data may not receive the same protection there as under the GDPR.

International data transfers are usually carried out on the basis of contractual or other regulations provided for by law, which are intended to ensure adequate protection of your data and which you can view on request. We rely on the provisions set out in Article 49 of the GDPR or, where applicable, on safeguards pursuant to Article 46 of the GDPR. We and our processors endeavor to apply appropriate safeguards to protect the privacy and security of your personal data. Therefore, we only process your personal data in accordance with the practices described in our Privacy Policy.

7. Storade duratin
We only store your personal data for as long as is necessary to achieve the purpose of processing. We store your data if you have consented to the processing at most until you revoke your consent, if we need the data for the performance of a contract at most as long as the contractual relationship with you exists (including the defence and enforcement of lawful claims within the limitation periods), if we use the data on the basis of a legitimate interest at most as long as your interest in deletion or anonymization does not prevail.

Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject (e.g. tax law, commercial law, anti-money laundering). In order not to violate legal regulations or lose the opportunity to enforce a claim or defend ourselves against such a claim, we reserve the right to delete the data only after the last retention period that legitimizes the data storage has expired.

We store application documents for a period of six months if the application does not lead to an employment relationship and no further storage has been agreed to. This period results from possible legal action against the person responsible in accordance with the General Equal Treatment Act (AGG).

Für den Versand unseres Newsletters speichern wir Ihre E-Mail-Adresse solange, bis Sie den Newsletter abbestellen.

8. Your rights & revocation of your consent
As a data subject affected by data processing, you may have the right under applicable data protection law to
  • Information, pursuant to Art. 15 GDPR,
  • rectification, in accordance with Art. 16 GDPR,
  • Data erasure ("right to be forgotten"), in accordance with Art. 17 GDPR,
  • restriction of processing, in accordance with Art. 18 GDPR,
  • Data portability, in accordance with Art. 20 GDPR and/or
  • objection to processing, in accordance with Art. 21 GDPR
    • .
Information on the right to object pursuant to Art. 21 (4) GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Werden Ihre personenbezogene Daten verarbeitet, um Direktwerbung zu betreiben, so haben Sie das Recht, jederzeit Widerspruch gegen die Verarbeitung Sie betreffender personenbezogener Daten zum Zwecke derartiger Werbung einzulegen; dies gilt auch für das Profiling, soweit es mit solcher Direktwerbung in Verbindung steht.

Revocation of consent
You also have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR or other data protection regulations.

10. Necessity of providing personal data
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). Occasionally it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal data when our company enters into a contract with them. Failure to provide personal data would have the consequence that the contract with the data subject could not be concluded. Before providing personal data, the data subject may contact us. We will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

With regard to our website, it is generally stated that the personal data necessary for use is marked as such. If this necessary personal data is not provided, certain functions may not be available, or our services may not be used.

11. Automated decision-making
We do not use mechanisms for automated decision-making, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them.

12. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art.

Your personal data is transmitted to us in encrypted form. We use the encryption system Transport Layer Security (TLS), but we would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) may have security vulnerabilities. Therefore, complete protection of data from access by third parties is not guaranteed.

13. Cookies
Our website uses cookies and similar technologies. Cookies are text files that are stored by the internet browser on the user's computer system. When a user accesses a webpage, a cookie may be stored on the user's operating system. Cookies contain a characteristic string of characters that enables a unique identification of the browser when the website is accessed again. Other technical aids that enable the identification of website visitors, such as tracking pixels or localStorage, are referred to as similar technologies.

Technically necessary cookies and technologies are those without which our website is not functional and usable. This category only includes cookies and technologies that ensure basic functions and security features of the website. Technically necessary cookies and technologies can be set without the user's consent.

Non-essential cookies are all cookies and technologies that are not particularly necessary for the functioning of the website and are specifically used to collect personal data from the user through tracking, advertisements, and other embedded content. Non-essential cookies and technologies (e.g., cookies for marketing, advertising, or customer analysis purposes) require the consent of the website visitor.

By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all functions of the website to their full extent.

We only use technically necessary cookies and technologies for our website. The "PHPSESSION" cookie is used to identify you while using our online services and is only stored during your session. We use LocalStorage to determine if you are logged in to our website.

14. Changes to this Privacy Policy
We reserve the right to change this privacy policy at any time in compliance with applicable laws and regulations.

For the use of our online offering, the version available online at the time of your visit applies.

Last updated: May 26, 2023.

Scroll