Privacy Policy
Website and other data processing
Business Partners
App (Barcode Demo)
App (Document Demo)
App (Data Capture Demo)
Website and other data processing
Last updated: 21 December 2023
This privacy policy informs you of which personal data (hereinafter also referred to simply as "data") we collect, in particular in the context of your use of our website scanbot.io and the functions provided there, for what purposes the data is processed and what rights you have with regard to the processing of your data. You can access this privacy policy at any time on our website at https://scanbot.io/privacy/
1. Controller’s identity and contact details
The controller within the meaning of the data protection laws is
Scanbot SDK GmbH (hereinafter also referred to as "we", "us" or "our")
Adenauerallee 120-122
53113 Bonn
Germany
If you have any questions or suggestions regarding data protection, you can also contact us via e-mail at legal@scanbot.io.
Data Protection Officer:
Alef Völkner can be contacted either by e-mail at dataprivacy@scanbot.io, or by post at the address of the controller with the title "(personal) to the Data Protection Officer". The data protection officer can also be contacted directly via dsb+scanbot@fox-on.com.
2. Subject of data protection
The subject of data protection is personal data. According to Art. 4 No. 1 of the General Data Protection Regulation ("GDPR"), this is any information relating to an identified or identifiable natural person.
3. Automatic data processing
When you access our website, your device automatically transmits data for technical reasons. This data is stored separately from other data that you may transmit to us and includes:
- Date and time of access,
- Browser type/version,
- Operating system used,
- IP address,
- Your cookie settings.
We process this data for the following purposes:
- Provision of our website and its functions;
- Ensuring the security of our IT systems, e.g. to defend against specific attacks on our systems and recognize attack patterns;
- Ensuring the proper operation of our IT systems, e.g. if errors occur that we can only rectify by storing the IP address;
- in the event of indication of criminal offenses to enable criminal prosecution, prevention of danger or legal prosecution..
As soon as this data is no longer required for the stated purposes, it will be deleted.
The processing takes place on the basis of our above-mentioned legitimate interests, Art. 6 (1)(f) GDPR.
4. Website host
We operate our website on servers from our web host WP Engine UK Limited, Irongate House, 22-30 Duke's Place London, EC3A 7LP, United Kingdom ("WP Engine"). This web host processes personal data on our behalf, i.e. exclusively in accordance with our instructions. The United Kingdom has received an adequacy decision from the EU Commission pursuant to Art. 45 (1) GDPR, according to which the United Kingdom offers an adequate level of protection.
5. Contacting us
5.1 Enquiries via our contact details
If you send us an enquiry using our contact details (by email, telephone, or post), we will process your name, type, subject and content of your enquiry as well as the time and date of your enquiry and all other information you provide us with in your enquiry. Depending on the contact method you have chosen or contact details you have provided, we will also process your email address, phone number and address for the purpose of responding to your enquiry.
In the case of enquiries of potential legal relevance, we reserve the right to retain the enquiries within the relevant statute of limitations, i.e. three years from the end of the year in which we received your enquiries. We also delete enquiries as soon as we no longer need them for the purpose for which we collected them. This is the case when we have finally processed your enquiry.
The storage is based on our legitimate interest, the proper documentation of our business operations and the protection of our legal positions (Art. 6 (1)(f) GDPR).
5.2 Contact forms
If you send us enquiries via our contact forms, your details from the form will be processed by us in order to process the enquiry and any follow-up questions.
Mandatory fields are labelled accordingly. The completion of mandatory fields is necessary so that we can answer and process your enquiry. Otherwise, your information is voluntary.
The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 (1)(a) GDPR). You can revoke this consent at any time with future effect.
We do not pass your data on to third parties without your consent or without another permissible legal basis. It cannot be ruled out that our technical service providers may gain access; however, they are obliged to maintain confidentiality.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
5.3 Arranging an online meeting via Calendly
To arrange online meetings, we use the Calendly service provided by Calendly LLC, 88 N Avondale Road, #603, Avondale Estates, GA 30002, USA ("Calendly").
Your data is also processed in the USA. Legal basis for the transfer is standard data protection clauses approved by the EU Commission with Calendly in accordance with Art. 46 (2) (c) GDPR.
If you request an appointment via our website or a booking link provided by us, we process your details from this appointment request (name, email address, company, job title and content of your enquiry with details of the use case for the planned integration of our Scanbot SDK) for the purpose of scheduling and sending invitations for the online meeting and responding to your enquiry. The legal basis is our legitimate interests in efficient scheduling in order to be able to properly plan the meeting you are seeking (Art. 6 (1)(f) GDPR). If you are a (potential) contractual partner, the processing takes place in the case of enquiries about contracts for the initiation and execution of the respective contractual relationship (Art. 6 (1)(b) GDPR).
If you have provided e-mail addresses of other meeting-participants, we will also process these e-mail addresses for the aforementioned purposes.
We will send you the invitation for the date you have requested with the necessary dial-in data for the online meeting to the e-mail addresses you have provided. If you confirm the invitation, we will also process this confirmation for the aforementioned purposes.
Your data from the appointment request will furthermore be processed in our CRM system (see section 7).
6. Online meetings via Zoom
We use "Zoom" to conduct the online meeting. Zoom is a service of Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, which is based in the USA ("Zoom, Inc."). The representative in the EU is Lionheart Squared Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, DO2 EK84, Republic of Ireland.
If you access the Zoom website, Zoom, Inc. is responsible for the data processing. However, you only need to access the Zoom website if you download the software for the use of Zoom.
You can also use Zoom by entering the relevant meeting ID and any other access data for the meeting directly in the Zoom app. If you don't want to use the Zoom app, you can also use the basic functions via a browser version, which you can also find on the Zoom website.
Your data is processed in the USA. Legal basis for the transfer is standard contractual clauses approved by the EU Commission with Zoom, Inc. in accordance with Art. 46 (2)(c) GDPR.
When using Zoom, your personal data will be processed.
These include
- Your name,
- Your e-mail address,
- Your password,
- Your IP address,
- Information about your end device and
- The topic of the online meeting.
You also have the option of providing further information, such as:
- Your telephone number,
- Your department and
- Your profile picture.
If you dial in via telephone, the following data will be processed:
- Incoming and outgoing call number,
- Country,
- Start and end time of the online meeting and
- If applicable, further connection data such as the IP address of your end device
If you use the chat, question or survey functions in an online meeting, your text entries will be processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of your end device will be processed accordingly for the duration of the meeting. However, you have the option of switching off or muting the camera or microphone yourself at any time via the Zoom applications.
The legal basis for data processing when organizing online meetings is Art. 6 (1)(f) GDPR. It is our legitimate interest to effectively conduct the online meeting in response to your enquiry in order to answer your enquiry and, in the case of enquiries in connection with contracts, to enable the initiation and execution of the respective contractual relationship. In the case of enquiries about contracts in which you yourself are a (potential) contractual partner, the processing is for the initiation and execution of the respective contractual relationship, Art. 6 (1)( b) GDPR.
If you are already registered with Zoom as a user, reports on online meetings (meeting metadata, telephone dialing data, survey function in webinars) can be stored on Zoom for up to one month.
We store information on contract enquiries or of potential legal relevance for the duration of the statute of limitations, i.e. three years from the end of the year in which we received your enquiry. Otherwise, we delete your data as soon as we no longer need this data for the purpose for which we collected it. This is the case when we have finally processed your enquiry.
Third-party participation in online meeting
If a third party (e.g. one of your colleagues) provides us with your e-mail address with the purpose of participating in an online meeting, we will process your e-mail address for the purposes of scheduling and sending the e-mail invitation.
The legal basis for data processing is Art. 6 (1)(f) GDPR. We have a legitimate interest in inviting you to the online meeting on behalf of the third party.
We will delete your email address as soon as it is no longer required for the purpose for which we collected your email address. This is the case when we have completed the business transaction in connection with the online meeting.
7. CRM systems (Salesforce and Hubspot)
To manage our customer relationships, we use the systems of Salesforce.com, Inc, 415 Mission Street, CA 94105, San Francisco, USA ("Salesforce") and HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("HubSpot"), together "CRM systems".
Your data is also processed in the USA. Legal basis for the transfer is the conclusion of standard contractual clauses approved by the EU Commission with Salesforce and HubSpot in accordance with Art. 46 (2) (c) GDPR.
We store your personal data in our CRM systems so that we can answer your enquiries from the aforementioned sections in a targeted manner.
The processing carried out in this respect is based on our legitimate interests in managing our customer relationships, Art. 6 (1)(f) GDPR.
We delete this data from our CRM systems when the customer relationship has ended, or you are no longer our contact person for our customers.
8. Newsletter and success metrics
We offer a free newsletter. The newsletter informs you about our company and the development of our products as well as topics related to our products and services.
To receive our newsletter, please enter your e-mail address at the following link: https://scanbot.io. After you have registered, we will send you an e-mail with which you can confirm your registration. You will only receive the newsletter once you have confirmed your registration.
We use the newsletter dispatch platform of the US provider HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("HubSpot") to send newsletters.
Your data is processed in the USA. Legal basis for the transfer is the conclusion of standard contractual clauses approved by the EU Commission within the scope of Art. 46 (2)(c) GDPR with HubSpot.
HubSpot processes your email address to send you the newsletter on our behalf. In addition, HubSpot processes further personal data on our behalf as part of the so-called success metrics for the purpose of evaluating and optimizing our newsletter.
To measure success, our newsletters contain a so-called tracking pixel, also known as a web beacon. This is an invisible electronic image that connects to the server of our service provider HubSpot when the newsletter is opened. Depending on the functionality of your email software, you can prevent this tracking pixel from being executed by deactivating the download of embedded images.
As part of this retrieval, information about the registration page and your IP address is collected. In addition, your IP address is used to determine the location from which you accessed the newsletter. In addition, the time of retrieval, i.e. whether and when you opened the newsletter, as well as information about the links you clicked in our newsletter and other interactions on your part are collected. We can link this data to your email address. We evaluate this data to further optimize our newsletter and tailor it to the needs of our users.
Providing your email address and participating in success metrics is voluntary. In this case, your personal data is collected and processed on the basis of your consent (Art. 6 (1)(a) GDPR).
You can revoke your consent at any time with effect for the future by unsubscribing from the newsletter. Each newsletter contains information on how to unsubscribe from the newsletter with effect for the future.
We also store information in order to be able to prove your consent. This information includes the date and time of your registration for the newsletter as well as your confirmation of registration and the location of your end device. This processing is based on Art. 6 (1)(c) in conjunction with Art. 7 (1) GDPR.
If you withdraw your consent, we will delete your data immediately. We will delete information that we have stored as proof of your consent after the end of the statute of limitations, i.e. after three years from the end of the year in which you withdrew consent.
9. Document search
We have integrated the DocSearch search service of Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France ("Algolia") on the subpage https://docs.scanbot.io for searching and indexing the contents of our SDK documentation.
If you use the search function on our website https://docs.scanbot.io, the search terms you enter in the search bar are transmitted to Algolia's servers and stored there for 12 months. We receive aggregated and anonymized reports on the searches carried out to find out how often a particular term was searched for and whether the search result was clicked on. This also enables us to recognize when something could not be found.
The legal basis for data processing is Art. 6 (1)(f) GDPR. We have a legitimate interest in being able to offer you an efficient search function, in particular to make it easier for you to find certain document sections of our SDK documentation and at the same time to find out what is most frequently searched for in order to be able to continuously optimize our documentation.
10. Cookies and similar technologies
We use cookies and similar technologies in order to be able to offer you all the functions of our website and to make the use of our website more convenient. Cookies are data records that are stored on your end device with the help of your internet browser. Similar technologies may include tracking pixels, scripts, local storage or other comparable technologies for storing information (hereinafter collectively referred to as "cookies").
Please note that the functionality and range of functions of our website may be limited if you deactivate or do not allow cookies and similar technologies.
The specific cookies used are specified in the relevant sections of this privacy policy and fall into one of the following categories:
10.1 Essential cookies:
These cookies are essential for the operation and functionality of our website. They help us to make our website technically accessible and usable and provide basic functionalities, such as navigation on the website, the correct display of our website in your internet browser or consent management. Our website cannot function properly without these cookies.
10.2 Performance cookies (analytics):
These cookies allow us to measure online traffic and analyze your behaviour in order to better understand your use of our website and improve our service.
10.3 Third party cookies (remarketing):
With the help of these cookies, our advertising partners can show you ads tailored to your interests on our website and on third-party sites.
11. Consent management with Usercentrics
Our website uses a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot").
As our processor, Cookiebot processes the cookie preferences you have set, including any consent given, refused, or revoked, for the purpose of legally compliant consent management. To store your cookie preferences, including the status of your consent, Cookiebot stores a technically required cookie on your end device.
You can find an overview over the cookies used here.
12. Google services
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") as described below.
Your data will also be processed by Google LLC in the USA. Legal basis for the transfer are standard contractual clauses approved by the EU Commission within the scope of Art. 46 (2) (c) GDPR. You can find basic information on the processing of your personal data by Google here: https://policies.google.com/privacy?hl=en.
You also have the following setting options with Google:
- You can deactivate personalized advertising from Google: https://adssettings.google.com/anonymous?hl=en
- You can deactivate personalized advertising based on your device:
https://support.google.com/ads/answer/1660762 and https://support.google.com/ads/answer/2662922?hl=en
- You can deactivate personalized advertising via your browser: https://www.youronlinechoices.com/
12.1 Google Tag Manager
We use Google Tag Manager. Google Tag Manager makes it easier for us to integrate and manage so-called tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour and thus to record the impact of our online advertising, to set up remarketing and targeting and to test and optimize websites. We use the Tag Manager for the following tools: Google Universal Analytics, Google Analytics 4, Google Ads Conversion Tracking, Google Ads Conversion Linker, Google Ads Remarketing, Google Optimize Reddit Pixel, Meta Pixel, Hubspot, LinkedIn Insight, Zoominfo, Twitter Event Pixel, VWO SmartCode. You can find more information about Google Tag Manager at Google: https://www.google.com/intl/de/tagmanager/use-policy.html.
12.2 Google Analytics
With your consent, we use the web analysis service Google Analytics. Google Analytics uses cookies and processes pseudonymized data about your use of our website, including your abbreviated IP address. With the help of this information, we can identify which parts of our website are used frequently, which invite reuse, and which can be optimized. The information generated by the cookies about your use of the website (including your truncated IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and generating other analyses and evaluations relating to website activity and internet usage. Google may also link this data with other data about you, such as your search history, your personal account, usage data from other devices and other data that Google has stored about you. Google may also transfer this information to third parties where required to do so by law (e.g. government authorities) or where such third parties process the information on Google's behalf.
The data stored by Google Analytics is stored for a period of 14 months. After this period, Google Analytics will only retain aggregated statistics. Google Analytics is used in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) and on the basis of your consent (Art. 6 (1)(a) GDPR).
You can revoke your consent at any time by changing your cookie settings here. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
12.3 Google Ads conversion tracking
If you have consented to its use, we use the Google Ads conversion tracking service to analyze and improve the success and effectiveness of our advertising measures in the Google network. For this purpose, we embed a Google tag on our website. If you interact with one of our adverts on the Google network, a cookie is placed on your end device. This cookie is used to track if users have clicked on our adverts. We receive information from Google about the number of users who have clicked on our adverts and other information about the interactions of users after they have clicked on our adverts. The cookie is automatically deleted 30 days after you have clicked on an advert.
The legal basis for the use of the tag and cookies is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) and (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time with effect for the future by adjusting your cookie settings here. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
12.4 Google Ads Remarketing
If you have given your consent, your interaction on our website will be analyzed in order to show you our advertisements within the Google network (e.g. in Google Search, on YouTube or on other websites) that match your interests. In particular, based on the offers on our website that you were particularly interested in when you visited our website. For this purpose, we use the so-called remarketing function within Google Ads, where Google stores cookies on your device when you visit certain Google services or websites within the Google network.
The legal basis for the processing is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You have the option to withdraw your consent at any time with effect for the future by adjusting your cookie settings here. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
12.5 Google Fonts
Our websites use so-called web fonts provided by Google for the standardized display of certain fonts. When you access a page, your browser loads the required fonts directly from Google in order to display them correctly on your device. In doing so, your browser establishes a connection to Google's servers. As a result, Google becomes aware that our web pages are being accessed via your IP address.
The use of Google Web Fonts is in our legitimate interest to ensure a uniform typeface on our website.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy.
12.6 Google Recaptcha
We use the "Recaptcha" service from Google. The purpose of this is to check whether the data input on our websites (e.g. in a contact form) is made by a human or automatically by a program. For this purpose, Recaptcha analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses the page. Recaptcha analyses various pieces of information (e.g. IP address, time spent on the website and mouse movements made by the visitor). For this purpose, Google creates a cookie with a storage period of 6 months. The data collected during the analysis is forwarded to Google.
Data processing is carried out because it is absolutely necessary to protect our web offers from abusive automated spying and spam.
13. HubSpot Analytics
We use the HubSpot Analytics service of HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("HubSpot").
Your data is processed in the USA. Legal basis for this is the conclusion of standard contractual clauses approved by the EU Commission within the scope of Art. 46 (2)(c) GDPR with HubSpot.
If you have given your consent, we use cookies from HubSpot on our website to analyze and optimize your interactions with us on our website, as well as to efficiently process and manage enquiries via our contact form and our customer relationships. For this purpose, we collect information about your visit (in particular the referral URL, pages visited, time and duration of your visit).
The legal basis for the processing is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You have the option to withdraw your consent at any time with effect for the future by changing your cookie settings here to adjust them. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
14. Microsoft Advertising
If you have given your consent, we use Microsoft Advertising, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P5270 Sir Rogerson's Quay, Ireland ("Microsoft").
Your data is also processed in the USA. Legal basis for the transfer is standard contractual clauses approved by the EU Commission with Microsoft within the scope of Art. 46 (2) (c) GDPR.
If you have given your consent, we use conversion tracking cookies from Microsoft Advertising. This is used if you have reached our website via a Microsoft Bing advert. This allows us to recognize that you have interacted with our ad and have been redirected to our website. You can find more information on how Microsoft processes your data in Microsoft's privacy policy at: https://privacy.microsoft.com/en-GB/privacystatement.
Microsoft uses cookies to record your usage behaviour on our website in order to display interest-based advertising for our products across devices on other pages within the Microsoft advertising network. Microsoft uses cookies to process information from which user profiles are created using pseudonyms. These user profiles are used to analyze visitor behaviour and are used to display advertisements. This includes Bing search and other sites operated by Microsoft and Microsoft subsidiaries as well as Microsoft's advertising partners. Any further data processing will only take place if you have consented to Microsoft linking your browsing history to your Microsoft account and using information from your Microsoft account to personalize ads that you see on the Internet. In this case, if you are logged in to Microsoft while visiting our website, Microsoft will use your data to create and define target group lists for cross-device remarketing.
The collected data is transferred to Microsoft servers and stored there for 13 months.
The legal basis for the processing is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You have the option to withdraw your consent at any time with effect for the future by adjusting your cookie settings here. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by objection to the processing by Microsoft under the following link https://choice.microsoft.com/opt-out.
15. Microsoft Clarity
We use the web analytics software Microsoft Clarity (Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) on our website. This enables us to analyze your visit to our website (e.g. your navigation, click and scroll behaviour). This helps us to identify which parts of our website are used frequently and which can be optimized.
This may also involve the use of cookies that are stored on your computer. Your IP address is only processed in abbreviated form , i.e. pseudonymized.
The legal basis for the use of Clarity is your consent. You can prevent the collection of data on this website and the processing of data by Microsoft by not consenting or by revoking consent here.
Microsoft can also process data outside the EU. For these cases, Microsoft has submitted to the Transatlantic Data Privacy Framework and has also signed EU standard contractual clauses.
Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/en-US/privacystatement.
16. LinkedIn Insights
With your consent, we use the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Dublin 2, Ireland ("LinkedIn").
LinkedIn also transfers personal data to the USA and other third countries outside the European Economic Area. You can find corresponding information at: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. Legal basis for the transfer is standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2)(c) GDPR.
The LinkedIn Insight Tag, a conversion tracking cookie, is used if you have reached our website via LinkedIn. This allows us to recognize that you have interacted with our ad and have been redirected to our website. You can find more information on how LinkedIn processes your data in LinkedIn's privacy policy at: https://linkedin.com/legal/privacy-policy.
LinkedIn records the URL, referrer, IP address, information about your device and browser (user agent), time of access and your usage behaviour on our website. We receive aggregated, anonymized reports on the demographics of our target group and the performance of our ads and can draw conclusions for our product from this. We also have the option of retargeting, which allows us to display targeted adverts outside of our website.
The data collected is transferred to LinkedIn servers and stored there for 180 days.
The legal basis for the processing is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time with effect for the future by changing your cookie settings here. Alternatively, you can change your settings at any time via the "Cookie settings" link. You can find the link in the footer of our website.
You can prevent the collection of the data generated by the cookies and related to your use of the website and the processing of this data by LinkedIn by objecting against the processing by LinkedIn under the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If you have a LinkedIn account, you can control the use of your data for advertising purposes via your account settings at the following link: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
17. VWO
With your consent, we use the VWO service of Wingify Software Pvt Ltd, KLJ TOWER, 1104, North, Netaji Subhash Place, Pitam Pura, Delhi, 110034, India ("VWO").
Your data is processed in the USA. Legal basis for the transfer of data are standard contractual clauses approved by the EU Commission within the scope of Art. 46 (2)(c) GDPR.
VWO enables us to design and continuously optimize the appeal, content, and functions of our website in line with requirements by initially only displaying new functions and content to a certain proportion of our users and then evaluating any changes in website usage.
We only use VWO if you have consented to this. You can revoke your consent at any time here. Alternatively, you can change your settings at any time via the “Cookie settings” link. You can find the link in the footer of our website.
18. Webinsights (Zoominfo)
With your consent, we use a tracking pixel from the service Webinsights from ZoomInfo UK Ltd, Suite 2 First Floor, 10 Temple Back, Bristol, BS1 6FL, United Kingdom ("ZoomInfo").
Legal basis for the transfer is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR, according to which the United Kingdom offers an adequate level of protection.
Webinsights enables us to check whether we can assign the IP address used to access our website to a specific company. If we succeed in making such an assignment, we can subsequently recognize whether a specific company is interested in our products. This helps us to organize and conduct contract negotiations. We do not analyze the data on a personal basis. IP addresses that we cannot assign to a specific company are immediately discarded and not processed further.
If we can assign your IP address to a specific company, these tracking pixels allow us to track which pages a company access on our website. This helps us to optimize our website and design it to meet your needs. If companies regularly cancel their visit to our website after accessing a certain subpage, we can deduce, for example, that this subpage is not optimally tailored to the needs of our corporate customers and adapt this subpage accordingly.
The legal basis for the use of tracking pixels is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time with effect for the future by changing your cookie settings via the "Cookie settings" link. You can find the link in the footer of our website.
In addition, the legal basis for the processing of your IP address for the assignment process is Art. 6 (1)(f) GDPR. We have a legitimate interest in checking whether we can assign your IP address to a company so that we can optimize the performance measurement of our business operations and our website for our corporate customers.
19. Reddit pixel
If you have given your consent, we use a tracking pixel ("Reddit pixel") from the service Reddit Inc., 548 Market Street, Suite 16093 Francisco, CA 94104, based in the USA ("Reddit").
Your data is processed in the USA. Legal basis for the transfer is standard contractual clauses approved by the EU Commission with Reddit in accordance with Art. 46 (2)(c) GDPR.
With the help of the Reddit pixel, Reddit can specify our website visitors as a target group for the display of our adverts. We use the Reddit pixel for the purpose of displaying our adverts only to Reddit users who are actually interested in our content, which we transmit to Reddit (so-called "custom audiences"). In addition, we can track the effectiveness of our adverts by seeing whether users were redirected to our website after clicking on one of our adverts (so-called "conversion").
The legal basis for the use of the Reddit pixel is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time with effect for the future by changing your cookie settings via the "Cookie settings" link. You can find the link in the footer of our website.
You can find more information about the processing of your data by Reddit on Reddit under https://www.reddit.com/policies/privacy-policy.
You can find specific information and details about the Reddit pixel and how it works in the Reddit help section under https://reddit.my.site.com/helpcenter/s/article/Advertiser-Measurement-Program-Terms.
You can also find out more about how to deactivate usage-based advertising on Reddit under https://www.reddit.com/personalization.
20. Quora pixel
With your consent, we use a tracking pixel ("Quora pixel") from the service Quora Inc, 650 Castro Street, Suite 450, Mountain View, CA 94041, USA ("Quora"). The representative in the EU is VeraSafe.
Your data is processed in the USA. Legal basis for the transfer is standard contractual clauses approved by the EU Commission with Quora in accordance with Art. 46 (2)(c) GDPR.
With the help of the Quora pixel, Quora is able to specify our website visitors as a target group for the display of our adverts on Quora. We use the Quora pixel for the purpose of displaying our adverts only to those users on Quora who have an actual interest in our content that we transmit to Quora (so-called "custom audiences"). In addition, we can track the effectiveness of our advertisements by seeing whether users were redirected to our website after clicking on one of our advertisements (so-called "conversion"); this allows us to analyze the performance of our advertising measures accordingly.
The legal basis for the use of the Quora pixel is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1) (a) GDPR). You can withdraw your consent at any time with effect for the future by changing your cookie settings via the "Cookie settings" link. You can find the link in the footer of our website.
Further information on the processing of your data and specific information on the Quora pixel and how it works can be found here: https://www.quora.com/about/pixel_privacy.
You can also find out more about how to deactivate usage-based advertising under Quora: https://quora.com/optout.
21. Twitter-/X-Pixel
With your consent, we use a tracking pixel ("Twitter pixel") from the service Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland ("Twitter").
Your data will be processed in the USA. We have concluded the standard data protection clauses approved by the EU Commission with X in accordance with Art. 46 (2)(c)GDPR.
With the help of the Twitter pixel, X/Twitter can determine the visitors to our website as a target group for the display of our adverts on Twitter. We use the Twitter pixel for the purpose of displaying our adverts only to Twitter users who are actually interested in our content, which we transmit to Twitter (so-called "custom audiences"). In addition, we can track the effectiveness of our adverts by seeing whether users have been redirected to our website after clicking on one of our adverts (so-called "conversion").
The legal basis for the use of the Twitter pixel is your consent in accordance with § 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) (Art. 6 (1)(a) GDPR). You have the option to withdraw your consent at any time with effect for the future by changing your cookie settings via the "Cookie settings" link. You can find the link in the footer of our website.
You can find further information on the processing of your data by Twitter here: https://twitter.com/privacy.
You can find specific information and details about the Twitter pixel and how it works in the Twitter help section: https://business.twitter.com/help/campaign-measurement-and-analytics/conversion-tracking-for-websites.html.You can also find out more about how to deactivate usage-based advertising on Twitter: https://help.twitter.com/safety-and-security/privacy-controls-for-tailored-ads.
22. Our social media presence
When you visit our social media sites (Facebook, Instagram, X/Twitter, LinkedIn), we process certain data about you, e.g. when you interact with our page or our account, like or comment on a post, reply or provide other content. The data processing in this regard is regularly carried out on the basis of our legitimate interest in providing you with the corresponding functions on our social media presences (Art. 6 (1)(f) GDPR), as well as your consent to the respective operators of the platforms (e.g. Meta Platforms Ireland Limited, Twitter International, LinkedIn Ireland), Art. 6 (1)(a) GDPR, or your contractual relationship with the operators of the corresponding platforms (Art. 6 (1)(b) GDPR).
We would like to point out that these areas are publicly accessible and that any personal information you enter or provide when registering can be viewed by others. We cannot control how other users use this information. In particular, we cannot prevent unwanted messages from being sent to you by third parties.
Content posted in community areas can be saved for an unlimited period of time. If you would like us to remove any content you have posted, please send us an e-mail to the address given in section 1 above.
22.1 Facebook and Instagram
We maintain an online presence on Facebook and Instagram and process the data of users active there in order to communicate with them and to provide information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users, e.g. because it may be more difficult to enforce their rights.
We are jointly responsible with the operator of Facebook and Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page") or our Instagram profile. This data includes information about the types of content that users view or interact with or the actions they take (see under "Your activity and the information you provide" in the Meta-Privacy Policy: https://www.facebook.com/policy), as well as information about users’ devices (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "App, browser and device information" in the Meta-Privacy Policy). As explained in the Meta Privacy Policy, Meta also collects and uses information to provide analytics services to site operators. We have concluded a special agreement with Meta for this purpose. You can view the essence of this agreement here: https://www.facebook.com/legal/controller_addendum.
The rights of users (in particular to information, deletion, objection and the right to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with Meta. Further information can also be found in the "Information on Page Insights Data" (https://facebook.com/legal/terms/information_about_page_insights_data).
As a rule, user data is processed for market research and advertising purposes. User profiles can be created from user behaviour and the resulting interests. These can be used, for example, to place ads inside and outside Facebook and Instagram that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer, which are used to store the user's usage behaviour and interests. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of Facebook or Instagram and are logged in there).
For a detailed description of the respective processing and the opt-out options, please refer to Meta's privacy policy and information. Requests for information and the assertion of user rights can also be asserted most effectively there.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Article 6 (1)(f) GDPR. If users are asked by the respective providers for consent to data processing (i.e. they give their consent, e.g. by ticking a box or confirming a button), this is the legal basis for the processing. For a detailed description of the respective processing and the opt-out options, please refer to Meta's general privacy policy at: https://www.facebook.com/policy
22.2 X/Twitter
We maintain an X/Twitter presence. You can find our Twitter profile at https://twitter.com/scanbotsdk.
For users outside the USA, Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland ("Twitter International"). For users in the USA, the operator is Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can find Twitter International's privacy policy at: https://twitter.com/privacy. There you will also find information on the settings options for your Twitter account.
We use the Twitter Analytics function. As part of this function, we receive non-personal information from Twitter International about the use of our account. We can use this information to analyze and optimize the effectiveness of our Twitter activities.
Please note that Twitter International also transfers personal data to the USA and other third countries outside the European Economic Area. Twitter International uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2)(c) GDPR.
22.3 LinkedIn
We also have a LinkedIn presence at https://www.linkedin.com/company/10507725/.
For users based in the European Economic Area and Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). For all other users, the operator is LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA. You can find LinkedIn Ireland's privacy policy here: https://www.linkedin.com/legal/privacy-policy. There you will also find information on the settings options for your LinkedIn profile.
LinkedIn Ireland also transfers personal data to the USA and other third countries outside the European Economic Area. You can find corresponding information at: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. Accordingly, LinkedIn regularly uses the standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2)(c) GDPR.
We are also jointly responsible with LinkedIn Ireland for the processing of so-called Page Insights data when you visit our LinkedIn company page. For this purpose, we have concluded a joint controllership agreement with LinkedIn Ireland, which you can view here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn Ireland undertakes, among other things, to assume primary responsibility under the GDPR for the processing of Page Insights data and to fulfil all obligations under the GDPR with regard to the processing of Page Insights data. The processing serves our legitimate economic interests in the optimization and needs-based design of our LinkedIn company page, Art. 6 (1)(f) GDPR. We would also like to draw your attention to the following:
We receive non-personal information and analyses about the use of our account and interactions with our posts from LinkedIn Ireland as part of the so-called Page Insights. We can use this information to analyze and optimize the effectiveness of our LinkedIn activities. For this purpose, LinkedIn Ireland processes in particular data that you have provided to LinkedIn Ireland via the information in your profile. This includes the following data, for example:
- Function data,
- Country,
- Industry,
- Seniority,
- Company size and
- Employment status.
In addition, LinkedIn Ireland will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page.
22.4 LinkedIn campaign forms
On LinkedIn, we publish posts with interesting content with a form for downloading the content. If you fill out such a form from us on LinkedIn to download the content contained in our postings, we process your data in order to provide you with the requested information. It is necessary to provide your email address so that we can send you the requested information. The legal basis for the processing is Art. 6 (1)(b) GDPR.
If you use the form, we will also receive further information from LinkedIn that you have entered in your LinkedIn profile. In addition to your full name, your e-mail address, and your profile URL, this also includes data on your function, company name and the industry in which you work. This processing serves our legitimate economic interests in the optimization and needs-based design of our LinkedIn campaigns, Art. 6 (1)(f) GDPR.
The data is stored for 90 days.
23. Applications
If you contact us via our website to apply for a job with us, we will process your email address and the other contact details you provide as well as your application documents and the information contained therein to process your application or to decide whether to establish an employment relationship with you. Your application documents will only be made accessible to the persons responsible for the application within our company. Data processing is carried out on the legal basis of Section 26 (1) (3) of the German Federal Data Protection Act ("FDPA”).
If we are unable to offer you a position, your application documents will generally be kept for up to 3 months after the end of the respective application process in order to answer any queries in connection with your application. Further storage may take place if this is necessary for the purpose of providing evidence, in particular for the defense, assertion or enforcement of claims (Art. 6 (1) (f) or Art. 9 (2)(f) GDPR).
23.1 Automated individual case decisions (Recruitee)
Our recruiting tool "Recruitee" uses automatic decisions based on the specific requirements of a position to make the recruitment process more efficient. Using criteria such as language, skills, experience and qualifications, applicant profiles are automatically pre-sorted and matched with the required criteria. This is not done for every role, only for selected roles. This gives our recruiters a quicker, more accurate pre-selection of potential candidates who match the requirements of the position. Automated decision-making reduces the workload and increases the effectiveness of the selection process, saving valuable time and resources.
24. Disclosure of data
Unless otherwise stated in this privacy policy, your personal data will only be passed on without your express prior consent in the cases listed below:
- Legal prosecution:
If it is necessary to clarify an unlawful use of our services or for legal prosecution, personal data will be forwarded to external advisors (e.g. lawyers), law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are specific indications of unlawful or improper conduct. Disclosure may also take place if this serves the assertion, exercise, or defense of claims. We are also legally obliged to provide information to certain public authorities on request. These are law enforcement authorities, authorities that prosecute administrative offences subject to fines and the tax authorities.
This data is disclosed on the basis of our legitimate interest in combating misuse, prosecuting criminal offences and securing, asserting and enforcing claims, Art. 6 (1)(f) GDPR or on the basis of a legal obligation pursuant to Art. 6 (1)(c) GDPR. - IT service providers:
For the provision of services, we rely on contractually affiliated third-party companies and external service providers who process personal data on our behalf and strictly in accordance with our instructions, so-called processors.
In addition to the processors already mentioned in this privacy policy, we also use the following categories of processors:
- IT service provider
- Cloud service provider
- Software service provider
- Administration and organization:
As part of administrative processes as well as the organization of our operations, financial accounting, and compliance with legal obligations, such as archiving, we disclose or transfer your data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers and credit agencies. This data is disclosed on the basis of our legitimate interest in maintaining our business activities, performing our tasks, asserting, exercising or defending claims, Art. 6 (1)(f) GDPR or on the basis of a legal obligation pursuant to Art. 6 (1)(c) GDPR. - Corporate transactions:
As part of the further development of our business, the structure of our company may change by changing its legal form, founding, buying, or selling subsidiaries, parts of the company or components. In such transactions, customer information is passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection notice and applicable data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required, Art. 6 (1)(f) GDPR.
25. Your rights as a data subject
Unless otherwise stated in this privacy policy, please use the contact details provided in section 1 to assert your rights below.
25.1 Right to information
You have the right to receive information from us at any time upon request about the personal data we process about you within the scope of Art. 15 GDPR and § 34 FDPA.
25.2 Right to rectification of inaccurate data
You have the right to have inaccurate data about you corrected if it is incorrect.
25.3 Right to erasure
You have the right to request that we erase the personal data concerning you under the conditions described in Art. 17 GDPR and § 35 FDPA.
25.4 Right to restriction of processing
You have the right to request that we restrict processing in accordance with Art. 18 GDPR.
25.5 Right to data portability
You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR.
25.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based, i.e., on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to this processing. Following your objection, we will cease processing.
25.7 Right of appeal
You have the right to lodge a complaint with a supervisory authority of your choice.
25.8 Data processing when exercising your rights
Finally, we would like to point out that we process the personal data provided by you when exercising your rights in accordance with Art. 7 (3)(1) GDPR and Art. 15 to 22 GDPR for the purpose of implementing these rights and to be able to provide evidence of this and, in the event of a conflict, for the defense of legal positions.
In this context, we store your data for three years from the complete fulfilment of your rights as a data subject.
This processing for the purpose of implementation and proof of legally compliant implementation is based on the legal basis of Art. 6 (1)(c) GDPR in conjunction with Art. 7 para. 3 sentence 1 GDPR and Art. 15 to 22 GDPR as well as § 34 (2) FDPA. Insofar as we process your personal data for the purposes of legal defense, this also constitutes our legitimate interest, Art. 6 (1)(f) GDPR.
You are neither contractually nor legally obliged to provide your personal data. However, we may refuse to fulfil your request to exercise your rights as a data subject in accordance with Art. 12 (2)(2) GDPR if you do not provide us with the data required for your unambiguous identification, if necessary, after being requested to do so.
Business Partners
Data protection information for contact person at our business partners (e.g. commercial customers, suppliers, cooperation partners)
Last updated: February 7, 2024
1. Purpose of the data processing
We process your personal data for the following purposes:
- Establishment of professional contact and communication
- Maintaining business relations and implementing contracts between us and your employer or client
- Implementation of customer loyalty and marketing measures
2. Source of the data
Your data comes from the following sources:
- Zoominfo UK Ltd.
- LinkedIn platform of LinkedIn Ireland Unlimited Company Ireland
- or from you yourself by entering it on our website
3. Legal basis
We process your data for our legitimate interests as stated above (Art. 6 Para. 1 Letter f GDPR). These are the performance of the contract and the maintenance of the business relationship with you and your employer/client. Insofar as we process personal data beyond this, this is based on your consent (Art. 6 Para. 1 Letter a GDPR).
4. Categories and sources of personal data
We process the following information about you: Name, gender, title, professional contact data, professional position, employer, information on previous communication. If you have voluntarily provided us with additional data, we may also have stored this data. If you have not provided us with your data yourself, we have received it from your employer or another business partner.
5. Recipient
The following entities may have access to your information:
- IT service providers who operate, maintain or service our IT systems
- We use IT service providers/cloud service providers, some of whose sub-service providers are based in the USA. If these service providers are certified under the EU-U.S. Data Privacy Framework, data is transferred on the basis of an adequacy decision in accordance with Art. 45 GDPR. Otherwise, EU standard contractual clauses are the legal basis for the transfer to this third country.
6. Retention period
The personal data are stored for as long as they are necessary for the above-mentioned purposes. If your contact details are processed in connection with invoices, we will store them in accordance with the statutory retention periods. As a rule, the storage period is often 10 years in Germany due to accounting and tax regulations.
7. Your rights as data subjects
As data subjects you are entitled to the following rights, provided that the legal requirements are fulfilled:
- Right to be informed, Art. 15 GDPR
- Right to rectification, Art. 16 GDPR
- Right to erasure, Art. 17 GDPR
- Right to restriction of processing, Art. 18 GDPR
- Right to data portability, Art. 20 GDPR
- Right to object, Art. 21 GDPR
Provided the data processing is based on your consent, you may revoke it at any time, with effect on the future.
Insofar as the data processing is based on an assessment of the legitimate interests, you have the right to object to this processing of the data. There must be justified reasons for this, which result from your particular situation.
You also have the right to lodge a complaint with the data protection supervisory authority regarding the processing of your data.
8. Controller and data protection officer
Responsible for data processing is:
Scanbot SDK GmbH
Adenauerallee 120-122
53113 Bonn
Bonn, Germany
The data protection officer can be contacted at:
fox-on Datenschutz GmbH
Pollerhofstr. 33a
51789 Lindlar
dsb@fox-on.com
App (Document Demo)
Last updated: April 4, 2023
In this Privacy Policy, we inform you about which personal data (hereinafter also referred to simply as “data”) we collect in the context of your use of the Scanbot SDK: Document Scanning App for iOS and Android (hereinafter also “App”), the purposes for which your data are processed and your rights in relation to the processing of your data. You can access this Privacy Policy at any time under https://scanbot.io/privacy#documentdemo.
1. Controller/contact
The controller within the meaning of applicable data protection law is:
Scanbot SDK GmbH (hereinafter also “we” and “us”)
Adenauerallee 120-122
53113 Bonn
Germany
If you have questions or suggestions regarding any data protection, you can contact our Data Privacy team via legal@scanbot.io
Data Protection Officer:
Alef Völkner can be reached either by e-mail via dataprivacy@scanbot.io, or by post at the address of the data controller with the title "(in person) to the data protection officer". The data protection officer can also be reached personally via dsb+scanbot@fox-on.com.
2. Subject matter of data protection
The subject matter of data protection is personal data. Under Article 4(1) General Data Protection Regulation (“GDPR”), this means any information relating to an identified or identifiable natural person.
3. Processing of personal data when using the app
We do not process personal data when using the app.
4. Processing of personal data outside the app
Regarding information on the processing of personal data outside the App - for example, if you contact us, please refer to our privacy policy at https://scanbot.io/en/privacy.
5. Changes in purpose
Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).
6. Providing your personal data
Neither by law nor by contract are you required to provide your personal data. nor is the provision of your data a requirement necessary to enter into a contract.
7. Automated individual decisions or profiling measures
We do not use automated processing processes to make decisions or profiling.
8. Your rights as data subject
Unless otherwise specified in this privacy policy, please use the contact address specified in Section 1 to exercise your right, as set out below.
8.1 Right of access
Within the scope of Article 15 GDPR and § 34 Federal Data Protection Act (“BDSG”), you have the right to obtain from us, access to the personal data concerning you.
8.2 Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you.
8.3 Right to erasure
Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you.
8.4 Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain from us the restriction of processing.
8.5 Right to data portability
Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.
8.6 Right to object
Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1)(1) GDPR. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.
8.7 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority of your choice.
8.8 Data processed when you exercise your rights
Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Article 7(3)(1) GDPR as well as Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. Further, we will process your personal data to defend our legal position.
Your personal data will be stored for three years after your data subject right request was fully processed by us.
This processing is based upon the legal basis of Article 6(1)(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG. Further, we will process your personal data in connection with your data subject right request to defend our legal position. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.
Neither by law nor by contract are you required to provide your personal data. However, we can refuse to act on your data subject right request pursuant to Article 12(2)(2) GDPR if you do not provide us with the data required to enable us to clearly identify you, if necessary after we request you to do so.
App (Data Capture Demo)
Last updated: April 4, 2023
In this Privacy Policy, we inform you about which personal data (hereinafter also referred to simply as “data”) we collect in the context of your use of the Scanbot SDK: Data Capture App for iOS and Android (hereinafter also “App”), the purposes for which your data are processed and your rights in relation to the processing of your data. You can access this Privacy Policy at any time under https://scanbot.io/privacy/#datacapturedemo.
1. Controller/contact
The controller within the meaning of applicable data protection law is:
Scanbot SDK GmbH (hereinafter also “we” and “us”)
Adenauerallee 120-122
53113 Bonn
Germany
If you have questions or suggestions regarding any data protection, you can contact our Data Privacy team via legal@scanbot.io
Data Protection Officer:
Alef Völkner can be reached either by e-mail via dataprivacy@scanbot.io, or by post at the address of the data controller with the title "(in person) to the data protection officer". The data protection officer can also be reached personally via dsb+scanbot@fox-on.com.
2. Subject matter of data protection
The subject matter of data protection is personal data. Under Article 4(1) General Data Protection Regulation (“GDPR”), this means any information relating to an identified or identifiable natural person.
3. Processing of personal data when using the app
We do not process personal data when using the app.
4. Processing of personal data outside the app
Regarding information on the processing of personal data outside the App - for example, if you contact us, please refer to our privacy policy at https://scanbot.io/en/privacy.
5. Changes in purpose
Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).
6. Providing your personal data
Neither by law nor by contract are you required to provide your personal data. nor is the provision of your data a requirement necessary to enter into a contract.
7. Automated individual decisions or profiling measures
We do not use automated processing processes to make decisions or profiling.
8. Your rights as data subject
Unless otherwise specified in this privacy policy, please use the contact address specified in Section 1 to exercise your right, as set out below.
8.1 Right of access
Within the scope of Article 15 GDPR and § 34 Federal Data Protection Act (“BDSG”), you have the right to obtain from us, access to the personal data concerning you.
8.2 Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you.
8.3 Right to erasure
Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you.
8.4 Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain from us the restriction of processing.
8.5 Right to data portability
Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.
8.6 Right to object
Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1)(1) GDPR. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.
8.7 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority of your choice.
8.8 Data processed when you exercise your rights
Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Article 7(3)(1) GDPR as well as Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. Further, we will process your personal data to defend our legal position.
Your personal data will be stored for three years after your data subject right request was fully processed by us.
This processing is based upon the legal basis of Article 6(1)(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG. Further, we will process your personal data in connection with your data subject right request to defend our legal position. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.
Neither by law nor by contract are you required to provide your personal data. However, we can refuse to act on your data subject right request pursuant to Article 12(2)(2) GDPR if you do not provide us with the data required to enable us to clearly identify you, if necessary after we request you to do so.