Thank you for visiting our website and for showing an interest in our company. We see data protection as a hallmark of our commitment to our customers. Protecting your personal data and safeguarding your personal rights is important to us.
The purpose of this Data privacy statement is to allow us to transparently inform all users of our website about the nature, scope, and purpose of the personal data that we collect, use, and process as well as to clarify your rights as a user.
In principle, it is possible to use our website without providing any personal data. However, if you use our website to access our company's services, we may be required to process your personal data.
Data that is collected automatically when you visit our web pages, or personal data that you submit when using our services, is processed in accordance with the latest statutory provisions on the protection of personal data.
If processing of your personal data is required and there is no legal basis for such processing, we will always obtain your consent in relation to the purpose for which your data is to be processed.
As a controller responsible for the processing of your personal data, we have established technical and organizational measures to ensure that your personal data is protected to the highest possible level.
However, it should be noted that the transfer of data via the Internet will always be vulnerable to security breaches.
If you would like to use our company's services but do not wish to use the Internet for transferring data, you also have the option of communicating by phone.
The controller within the meaning of the General Data Protection Regulation is as follows:
Company: DocuWare GmbH
Street: Planegger Str. 1
Zip code / city/town: 82110 Germering
Tel.: +49 89 894433-0
The following person has been appointed as data protection officer:
Mr. Stephan Hartinger
Tel.: + 49 (0)8232 80988-70
Each time you visit our website, the server log file data that your browser sends to us is automatically collected. This includes the following data:
Note that it must not be possible to attribute this data to a specific person. We use this technical access data for the following purposes exclusively:
Personal data is only collected by us if you actively communicate it to us, e.g. by creating a customer account.
In addition, we process data that you provide directly through the use of our online services (in particular the Docuware Process Planner) for the purpose of exchanging this data between you and other users or third parties that you choose to be authorized to receive your data and content (cooperation by sharing content and/or granting editing rights). In this case, your data will only be used by us for the purpose of fulfilling the contract concluded with us regarding the use of our online-based services with regard to their operation and the provision of the respective functionalities within the scope of which you or other users have provided us with this data, and will be stored until the fulfilment of this specific purpose. If you access and/or edit shared content, the creator of the content or user with editing rights will be informed that an additional user is accessing or editing the content. For this purpose, your e-mail address with which you were invited to use or to collaborate in the respective content will be displayed.
You have the right to object at any time to the use of this data for the respective purpose for the future.
The personal data collected from you will only be used for the purpose for which you gave it to us or for the use and forwarding of which you gave us your consent. After completion of the contractual relationship the user data shall only be stored as long as is required on the basis of fiscal and commercial law retention periods. On expiry of these periods the data will, however, be deleted, unless you gave your express consent to its further or different use. You can also assert rights during the storage periods, such as blocking your data.
Our website allows you to subscribe to our newsletter, which we use to inform you about our offers, products, and information at regular intervals.
To receive our newsletter, you need to have a valid e-mail address.
In order to send you a personalized newsletter, we need you to provide the following information:
The data specified here is exclusively used for the purposes of sending the newsletter. This personal data is not disclosed to third parties. We use HubSpot technology to process, send, and analyze newsletters. If we obtain your e-mail address in connection with the sale of a product or service, and you have not objected to this, we reserve the right to send you by e-mail regular offers for other products in our range that are similar to those already purchased. At all times, you have the option to stop receiving the newsletter by canceling your subscription, and to withdraw your consent in relation to the use of your data for the purposes of sending the newsletter. Each newsletter will include a corresponding link for this purpose.
Our website allows you to get in touch with us via e-mail and/or via a contact form.
If you contact us by e-mail or via a contact form, the personal data that you provide will be automatically saved.
Such personal data, which you freely submit to us, will be stored for the purposes of processing your request or contacting you in your capacity as a data subject. This personal data is not disclosed to third parties.
When you visit our website, information in the form of "cookies" is temporarily or permanently stored on your computer/device, which automatically recognizes you the next time you visit our website. “Cookies” are small text files which allow, e.g., the adaptation of an application to the visitor’s interests. If you do not want “cookies” to be stored by us, you are asked to set the end device to delete these “cookies”, to block all or certain “cookies” or to issue a warning before any “cookies” are stored.
Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files that are stored on your computer and used to analyze the way you use our website. The information generated by cookies in relation to your use of this website is generally sent to a Google server in the US where it is stored. As part of this process, we use IP anonymization ("IP masking") on our website. This means that within member states of the European Union or in other states that are party to the Agreement on the European Economic Area, your IP address will be shortened by Google before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the US first, and then shortened. Google will use this information to evaluate your use of the website, compile reports on website activity, and provide the website owner with other services relating to website and Internet usage. The IP address that is sent from your browser by Google Analytics is not merged with other Google data. You can prevent cookies from being saved by applying a specific setting in your browser software. However, please note that if you do this, you may not be able to use all of the features of this website to the fullest extent possible. You can also prevent Google from collecting and processing the data generated by cookies in relation to your use of the website (including your shortened IP address). You can do this by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=en For both general and detailed information about Google Analytics as well as information about data privacy, refer to the link above or go to http://www.google.com/intl/en/policies/privacy/. This website uses Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect personally identifiable information. The tool triggers other tags that in turn may collect data. This data is not accessed by Google Tag Manager. If disabled at domain or cookie level, Google Tag Manager will be disabled for all tracking tags implemented by Google Tag Manager. For more information about Google Tag Manager, see http://www.google.com/tagmanager/faq.html and http://www.google.com/tagmanager/use-policy.html. This website also uses the online advertising program Google AdWords as well as its conversion tracking feature. The cookie that is used for conversion tracking is stored on your computer or mobile device whenever you click on an ad served by Google. These cookies expire after 30 days and are not used to personally identify individual users. If you visit certain pages of this website and the cookie has not yet expired, both we and Google can detect that you clicked on the ad and were redirected to this page. Each Google AdWords client receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords clients. Information gathered using a conversion cookie is used to generate conversion statistics for AdWords clients that have opted to implement conversion tracking. Clients are informed about the total number of users that clicked on their ad and were redirected to a page containing an embedded conversion tracking tag. However, they do not receive information that personally identifies individual users. If you do not want your data to be tracked, you can easily disable the Google conversion tracking cookie in your Internet browser's user settings. Your data will then be excluded from conversion tracking statistics. In addition to Google AdWords, this website also uses Google Remarketing. Google Remarketing determines whether you have visited certain pages of our website and then uses this information to display targeted advertisements on our website or on the Google Advertising Network.
We are using the web analysis software Amplitude a service of Amplitude Inc., 631 Howad St, Floor 3, 94105 San Francisco (“Amplitude”) to optimize its Internet presence. This procedure serves to evaluate the use of the Internet presence by the users, to compile reports on the website activities for us and to provide further services connected with the use of the Internet presence. This is done on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f DSGVO. Pseudonymised user profiles can be created and evaluated from these data for the same purpose.
We use a shortened IP address. The information generated in this way is transmitted to and stored on an Amplitude server in the USA. Amplitude is a member of the EU-US Privacy Shield (see german version and english version), which sets minimum standards for the protection of personal data of Europeans whose data is stored or processed in the USA. The official Amplitude statements can be found here and here.
If you do not want “cookies” to be stored, you are asked to set the end device to delete these “cookies”, to block all or certain “cookies” or to issue a warning before any “cookies” are stored.
The information generated by the cookie in the pseudonymous user profile is not used to personally identify visitors to this website and is not combined with personal data about the bearer of the pseudonym.
With Hotjar we are using a service of Hotjar Ltd, Level 2, St. Julian's Business Centre, 3 Elia Zammit Street, St. Julian's STJ 1000, Malta (hereinafter "Hotjar"). Hotjar is an analysis software to evaluate the behaviour of users on our website and subpages, for example clicks or mouse movements. In order to collect this data, a cookie within the meaning of Section 4 above and a pseudonymised identification number (“tracking code”) is generated, which is used to transmit data to Hotjar's servers in Ireland, where it is stored for further analysis.
In addition to the tracking code, an anonymized IP address, device- and metadata (in particular the size and resolution of the display/screen, the browser and the device type of the device you use to visit our site, including - if applicable - the IP address of the device and its resolution), the country of your access, usage and log data (in particular, log data about the referring domain, date and time at which you have accessed our website, the language setting selected for our website, your user interactions such as mouse movements, position indicators and clicks as well as any keystrokes, the website/subpage accessed, and interactions with its contents and functions) might be collected and stored. Content data may also be stored in connection with survey feedback forms.
Hotjar uses this information to compile reports on the use of our website or to provide other services relating to website use and evaluation. We have concluded an agreement with Hotjar on the processing of personal data on behalf of a controller in accordance with Art. 28 of the GDPR.
We use Hotjar on the basis of our legitimate interest pursuant to Art. 6 (1) point f of the GDPR on the analysis, optimisation and economic operation of our online services in order to get better understanding of the the needs of our users and to optimise the services offered on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and dislike, etc.) and their feedback. These evaluations help us to tailor our offer to the feedback of our users.
The cookies set by Hotjar have different storage periods. According to Hotjar, some cookies are stored for 365 days, others only for the duration of your website visit.
If you do not want your information to be collected by Hotjar, please use your browser's privacy settings or follow the instructions below to opt out from Hotjar storing a user profile and information about your visit to our website and the setting of tracking cookies:
In order to offer our users an even more comfortable way to login or register to our online-based service, we enable a "single sign-on" login via an external third party account. Single sign-on registration is a procedure by which the user with a user account that he/she maintains with a single sign-on provider can also register himself/herself on other platforms. For this purpose, we have decided to use the Google Account as an external third party provider. The Google Single-Sign-On authentication service was developed by Google Inc 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and is provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). If you are registered with Google, you do not need to remember an additional password and access data for our service, but can log in with your Google access data.
At the beginning of a registration we will inform you about the possibility to register with Google. If you decide to do so, you will be forwarded directly to Google to enter your access data. If you are already logged in to your Google Account, this step will be skipped. Your authentication will then be carried out directly at Google and on each subsequent login, based on the Google Terms of Service that you signed up with Google when you registered with Google. We will receive your User ID from Google to confirm that you are logged in to Google and an ID to complete verification on our site. However, your login details remain with Google and are not shared with us.
Google is a participant in the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI), which sets minimum standards for the protection of personal data of Europeans whose data is stored or processed in the USA.
We only process and store your personal data for the duration needed in order to fulfill the purpose for which the data was stored, or as required by the various retention periods provided for by law.
Once the purpose for which the data was stored has been fulfilled, or after expiry of the retention period provided for by law, the personal data will be routinely deleted or blocked to prevent further processing in accordance with the statutory provisions.
If you have any questions about your personal data, you can contact us in writing at any time. In accordance with the GDPR, you have the following rights:
At all times, you have the right to obtain information about the categories and types of information we process in respect of your personal data, the purpose for which this data is processed, how long this data is stored including the criteria used to determine storage of this data, and whether automated decision-making including profiling is used in this context. You also have the right to find out the recipients or categories of recipient to whom your data has been or will be disclosed; in particular, recipients in third countries or international organizations. In this case, you also have the right to be informed about which appropriate safeguards have been put in place in connection with the transfer of your personal data.
In addition to the right to lodge a complaint with a supervisory authority and the right to be informed about the origin of your data, you have the right to erase and rectify your data as well as the right to restrict or object to the processing of your personal data.
In all cases mentioned above, you have the right to request from the data processor a free copy of your personal data that is processed by us. We are entitled to charge a reasonable administration fee for any additional copies that you request or that exceed the scope of a data subject's right to be informed.
You have the right to request the immediate rectification of your incorrect personal data as well as, taking into account the purposes for which the data is processed, the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.
If you would like to exercise your right to rectify your data, you can contact our data protection officer or the controller at any time.
You have the right to request immediate erasure of your data ("right to be forgotten"), especially if storage of the data is no longer necessary, if you have withdrawn your consent to have your data processed, if your data has been unlawfully processed or collected, or if erasure of your data is required in order to ensure compliance with a legal obligation under EU or national law.
However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, if retention of the data is necessary in order to ensure fulfillment of a legal obligation (retention obligations, for example), if erasure of the data is precluded for archiving reasons, or if storage of the data is required for the establishment, exercise, or defense of legal claims.
You have the right to request that the controller restrict the processing of your data if you are contesting the accuracy of the data, if processing is unlawful, if you refuse to have your personal data erased and are requesting instead that processing of your data be restricted, if the requirement to process your data no longer applies, or if you have objected to the processing of your data in accordance with Article 21 (1), pending confirmation that the legitimate grounds of the controller do not override your own legitimate grounds.
You have the right to have any personal data that you provided to a controller supplied to you in a structured, commonly used, machine-readable format. In addition, you have the right to freely transfer this data to another controller without being restricted from doing so by the controller to whom you had provided the personal data initially, where:
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability shall not apply in cases where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time to the collection, processing, or use of your personal data for the purposes of direct marketing, market research, or public opinion polling, as well as to general business data processing, unless we can demonstrate compelling legitimate grounds for processing your personal data that override your interests, rights, and freedoms.
In addition, you cannot exercise your right to object if the collection, processing, or use of the data is provided for or required by law.
You have the right to lodge a complaint with the competent supervisory authority if you believe that an infringement has occurred in relation to the processing of your personal data.
You can withdraw your consent to the processing of your personal data at any time without stating a reason. This also applies to the withdrawal of declarations of consent issued to us prior to the entry into force of the EU General Data Protection Regulation.
When processing personal data for which we have obtained the data subject's consent, Article 6 (1), point a of the General Data Protection Regulation (GDPR) shall serve as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6 (1), point b of the GDPR shall serve as the legal basis. This provision also covers processing operations that are necessary to carry out preparatory steps prior to entering into a contract.
Insofar as processing of personal data is necessary to ensure compliance with a legal obligation to which our company is subject, Article 6 (1), point c of the GDPR shall serve as the legal basis.
If processing is necessary for the purposes of safeguarding the legitimate interests pursued by our company or by a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6 (1), point f of the GDPR shall serve as the legal basis for processing. The legitimate interests pursued by our company relate to the performance of our business activities as well as to the analysis, optimization, and maintenance of the security of our online offering.
In general, we do not sell or rent user data. The transfer of data to third parties that extends beyond the scope described in this Data privacy statement shall only take place if required in order to provide the requested service.
We shall only transfer data if there is a legal obligation to do so. This would be the case if a government institution (a law enforcement authority, for example) submitted a written request for information or if a court order was in place.
Personal data shall not be transferred to third countries outside the EU/EEA area.
We would like to point out that the provision of personal data is required by law in certain cases (tax regulations, for example) or may result from contractual arrangements (information relating to or provided by the contracting party, for example). For example, in order to enter into a contract, it may be necessary for the data subject/the contracting party to provide their personal data so that we can process their request (their order, for example). An obligation to provide personal data primarily arises when entering into a contract. If no personal data is provided in this case, the contract cannot be entered into with the data subject. Prior to any provision of personal data by the data subject, the data subject may contact our data protection officer or the controller. The data protection officer or the controller shall then inform the data subject whether the provision of the necessary personal data is a statutory or contractual requirement or a requirement necessary to enter into the contract, whether the data subject is obliged to provide the personal data based on their specific request, and what the consequences of failing to provide the requested data would be for the data subject.
As a company conscious of our responsibilities, we refrain from the use of automated decision-making in our business dealings.