AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
EnvelopeGenerator/EnvelopeGenerator.Web/wwwroot/privacy-policy.en-US.html

158 lines
8.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Data Protection Information for the Remote Signature System signFLOW</title>
<link rel="stylesheet" href="css/privacy-policy.min.css">
</head>
<body>
<header>
<h1>Data Protection Information for the Remote Signature System: signFLOW</h1>
<p><strong>As of:</strong> 18.11.2025</p>
</header>
<section>
<h2>1. General Information</h2>
<p>In today's fast-paced and increasingly digital world, personal data is an important resource. Your data is
valuable and must therefore be handled with the care required by various laws and regulations (GDPR, TDDDG,
...).</p>
<p>As a provider of local solutions (OnPremise), the manufacturer of signFLOW, Digital Data GmbH, places a clear
focus on data protection and data security. For you, this means that only the necessary data is collected
and stored (data minimization). Furthermore, current and secure technologies are used in processing.</p>
<p><strong>Contact details of the manufacturer:</strong></p>
<address>
Digital Data GmbH<br>
Ludwig-Rinn-Straße 16<br>
35452 Heuchelheim<br>
<a href="https://digitaldata.works">https://digitaldata.works</a><br>
<a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
Phone: 0049 641 202360<br>
</address>
<p><strong>Contact the Data Protection Officer:</strong> <a
href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
</section>
<section>
<h2>2. Responsible Entity for Data Processing</h2>
<p>Your data is processed with confidence by:</p>
<address>
Digital Data GmbH<br>
Ludwig-Rinn-Straße 16<br>
35452 Heuchelheim<br>
<a href="https://digitaldata.works">https://digitaldata.works</a><br>
<a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
Phone: 0049 641 202360<br>
</address>
<p><strong>Contact our Data Protection Officer:</strong> <a
href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
</section>
<section>
<h2>3. Data Collection</h2>
<h3>3.1 The following categories of personal data are processed</h3>
<ul>
<li>Names: Username, first and last names as well as your digital signature</li>
<li>Contact details: Phone number, mobile phone number, and email address</li>
<li>Technical data: IP address, time of access, or access attempts</li>
</ul>
<h3>3.2 Source of the personal data</h3>
<p>You have previously provided the data mentioned under 3.1 to your business partner (the responsible entity).
This transmission may have occurred verbally over the phone, in personal contact, via email, or via a
contact form.</p>
<p>You transmit your digital signature independently when signing a document.</p>
<h3>3.3 Retention periods / Storage duration</h3>
<ul>
<li>Automatic email correspondence is stored for 6 years.</li>
<li>Signed contracts are retained for the duration of their term + 10 years.</li>
<li>The technical process is stored in the signFLOW software solution indefinitely, depending on the
document or contract type.</li>
</ul>
<p>Your personal data will generally be anonymized when:</p>
<ul>
<li>The contract has expired, and the statutory retention period is over.</li>
<li>The contract was rejected by you or never signed.</li>
</ul>
<p>The legal basis for these retention periods includes:</p>
<ul>
<li>Commercial Code (HGB)</li>
<li>Tax Code (AO)</li>
<li>Principles for the Proper Keeping and Retention of Books, Records, and Documents in Electronic Form and
for Data Access (GoBD)</li>
</ul>
<p>
Depending on the specific type of document, the retention period may vary. Additionally, the periods may be
extended in case of irregularities, such as a pending or ongoing legal dispute.
</p>
<h3>3.4 Purpose of processing</h3>
<p>The personal data defined under 3.1 is processed to:</p>
<ul>
<li>Support or provide the technically necessary process.</li>
<li>Enable you, as the end user, to sign a document digitally. This requires the identification of the
applicant, application verification and processing, billing, and compliance with documentation
requirements.</li>
</ul>
<p>In individual cases, data is processed separately by the IT department, particularly in response to support
requests, or possibly forwarded to the manufacturer for further processing.</p>
<p>Data processing also occurs to ensure information security, especially for the identification and prevention
of attacks, and for conducting internal and external audits, export controls, and sanctions list checks.
Information may also be transmitted to the relevant authorities in accordance with Section 8 (2) VDG.</p>
<h3>3.5 Legality of processing</h3>
<p>Your data is collected based on an impending or already existing business relationship.</p>
<p>The legal basis for the transmission to competent authorities is Section 8 (2) VDG. Requests from data
subjects are processed in accordance with Articles 12 to 23 of the GDPR and Sections 32 to 37 of the Federal
Data Protection Act (BDSG).</p>
<h3>3.6 Legitimate interests</h3>
<p>A legitimate interest of the responsible entity in accordance with Article 6 (1) (f) GDPR exists in the
following cases:</p>
<p>Measures are taken for information security, which include both preventive technical and organizational
measures as well as incident handling. The aim is to assess and avoid potential harm to the company, the
individuals affected by data processing, and the users of trust services.</p>
<h3>3.7 Necessity of data</h3>
<p>The collected data represents the minimum necessary for the digital signature. Without the data mentioned
under 3.1, the service cannot be operated.</p>
<p>It is particularly important to provide a mobile number or a German landline number, as this is used for
authentication and signature triggering as a second factor. Without this security mechanism, the service
cannot be provided.</p>
<h3>3.8 Data transfer</h3>
<p>Systematic data transmission does not take place.</p>
<p>Data is only forwarded to the manufacturer for support services in exceptional cases. A valid data processing
agreement (DPA) exists with the manufacturer, which ensures the security and integrity of the handling of
your data.</p>
</section>
<section>
<h2>4. Use of Cookies</h2>
<p>
When visiting certain pages, temporary cookies are used, which are necessary for the technical provision of
the services. These so-called session cookies do not contain any personal data and are automatically deleted
after the session ends. Methods such as Java applets or Active-X controls that could track user behavior are
not used.
</p>
</section>
<section>
<h2>5. Rights of Affected Persons</h2>
<p>
If you have questions about your data or wish to request correction, deletion, or restriction of processing,
please send your request by mail or email to the address provided above. This also applies if you wish to
object to the processing in accordance with Article 21 GDPR or request data portability.
</p>
<p>
If you have questions or complaints about a procedure, you can also contact us using the contact details
provided. If you have further grounds for complaint, you can contact our supervisory authority. You can find
out which supervisory authority is responsible for you here:
<a href="https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html">Laender-node.html</a>
</p>
</section>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink