AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
EnvelopeGenerator/EnvelopeGenerator.Web/wwwroot/privacy-policy.en-US.html

123 lines
6.8 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Information for the Remote Signature System signFLOW</title>
<link rel="stylesheet" href="css/privacy-policy.css">
</head>
<body>
<header>
<h1>Privacy Information for the Remote Signature System signFLOW</h1>
<p><strong>Last updated:</strong> 19.09.2024</p>
</header>
<section>
<h2>1. General Information</h2>
<p>In todays fast-paced and increasingly digital world, personal data is a valuable resource. Your data is important and must be handled with care as mandated by various laws and regulations (GDPR, TDDDG, ...).</p>
<p>As a provider of on-premise solutions, the manufacturer of signFLOW, Digital Data GmbH, places a clear emphasis on data protection and data security. For you, this means that only the necessary data is collected and stored (data minimization). Additionally, the processing is done using the latest and considered secure technologies.</p>
<p><strong>Manufacturer's Contact Information:</strong></p>
<address>
Digital Data GmbH<br>
Ludwig-Rinn-Straße 16<br>
35452 Heuchelheim<br>
<a href="https://digitaldata.works">https://digitaldata.works</a><br>
<a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
Phone: 0049 641 202360<br>
</address>
<p><strong>Contact for Data Protection:</strong> <a href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
</section>
<section>
<h2>2. Responsible Party for Data Processing</h2>
<p>Your data will be processed confidentially by:</p>
<address>
Digital Data GmbH<br>
Ludwig-Rinn-Straße 16<br>
35452 Heuchelheim<br>
<a href="https://digitaldata.works">https://digitaldata.works</a><br>
<a href="mailto:info-flow@digitaldata.works">info-flow@digitaldata.works</a><br>
Phone: 0049 641 202360<br>
</address>
<p><strong>Contact our Data Protection Officer:</strong> <a href="mailto:privacy-flow@digitaldata.works">privacy-flow@digitaldata.works</a></p>
</section>
<section>
<h2>3. Data Collection</h2>
<h3>3.1 The following categories of personal data are processed:</h3>
<ul>
<li>Names: First and last names, and your digital signature</li>
<li>Contact details: Phone number, mobile phone number, and email address</li>
<li>Technical data: IP address, time of access, or attempted access</li>
</ul>
<h3>3.2 Source of personal data</h3>
<p>You have previously provided the data listed in 3.1 to your business partner (the responsible party). This submission may have occurred orally by phone, in person, via email, or through a contact form.</p>
<p>You submit your digital signature independently when signing a document.</p>
<h3>3.3 Retention periods / storage duration</h3>
<ul>
<li>Automatic email correspondence is stored for 6 years.</li>
<li>Signed contracts are stored for the duration of their term plus 10 years.</li>
<li>The technical process is stored indefinitely in the signFLOW software solution depending on the type of document or contract.</li>
</ul>
<p>Your personal data will generally be anonymized when:</p>
<ul>
<li>The contract has expired and the legal retention period has passed.</li>
<li>The contract was rejected by you or never signed.</li>
</ul>
<p>The legal bases for these retention periods include:</p>
<ul>
<li>Commercial Code (HGB)</li>
<li>Tax Code (AO)</li>
<li>Principles for the proper management and storage of books, records, and documents in electronic form and access to data (GoBD)</li>
</ul>
<h3>3.4 Purpose of processing</h3>
<p>The personal data defined in 3.1 is processed to enable the technically necessary process. This includes identity verification, application review, billing, and documentation obligations.</p>
<h3>3.5 Lawfulness of processing</h3>
<p>Your data is collected based on a developing or existing business relationship.</p>
<p>The legal basis for transferring data to responsible authorities is §8 para. 2 VDG.</p>
<h3>3.6 Legitimate interests</h3>
<p>There is a legitimate interest of the responsible party according to Art. 6 para. 1 lit. f GDPR, especially in information security and damage prevention.</p>
<h3>3.7 Necessity of the data</h3>
<p>The data collected represents the minimum necessary for the purpose of a digital signature.</p>
<h3>3.8 Data sharing</h3>
<p>Data is only shared with the manufacturer in exceptional cases for support services.</p>
</section>
<section>
<h2>4. Use of Cookies</h2>
<p>Temporary cookies are used when visiting certain pages, which are necessary for the technical provision of the services.</p>
</section>
<section>
<h2>5. Rights of Data Subjects</h2>
<p>If you have questions about your data or wish to request rectification, deletion, or restriction of processing, please send your inquiry by post or email to the address listed above. You can also object to the processing under Art. 21 GDPR.</p>
</section>
<section>
<h2>6. Whistleblower System</h2>
<p>We have established an independent, neutral, and confidential whistleblower system that allows internal and external whistleblowers to submit reports anonymously. This system serves to uncover serious violations of applicable law and other significant matters.</p>
<h3>6.1 Purpose and legal basis of data processing</h3>
<p>The purpose of the processing is to manage the whistleblower system, which fulfills legal obligations under Art. 6 para. 1 lit. c GDPR.</p>
<h3>6.2 Categories of personal data</h3>
<p>General personal data, data related to criminal convictions, and special categories of personal data may be processed.</p>
<h3>6.3 Obligation to provide personal data</h3>
<p>Providing personal data is not mandatory, as anonymous reporting is also possible.</p>
<h3>6.4 Recipients of personal data</h3>
<p>Reports are processed by the relevant department and forwarded to the appropriate divisions. Data is only shared when legally required or with the consent of the whistleblower.</p>
<h3>6.5 Retention period</h3>
<p>Personal data that proves irrelevant will be anonymized or deleted. Archived reports are deleted after 3 years following the conclusion of the process and documentation obligations.</p>
</section>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink