Privacy Policy

Overview

This Privacy Policy describes how dox42 collects and processes information about individuals ("Personal Information") and the privacy rights associated with such processing. As a manufacturer of software products, we take privacy and data security very seriously and are committed not only to complying with legal requirements, but also to the principle of responsible handling of personal data. We want to give our customers and partners peace of mind by assuring them that their information will be kept confidential and secure.

We recognise that compliance with data protection laws can be complex, given the ambiguities and uncertainties that can occur in practice. We therefore seek to maintain an open dialogue with data subjects and to reassure them of our strong commitment to upholding the fundamental right to the confidentiality of personal data.

In pursuit of this objective, we proactively take internal steps and measures to diligently ensure compliance with the law. The purpose of this notice is to provide you with a clear understanding of the information we collect on our website and through our interactions with you, and how we use that information.

In the context of our professional business activities, dox42 processes – as the controller within the meaning of Article 4(7) of the General Data Protection Regulation ("GDPR") – your personal data and the personal data of your employees and/or members of corporate bodies.

dox42 GmbH
Vegagasse 5/2
AT-1190 Vienna
E-Mail: info@dox42.com

If you have any questions about data protection, please contact monika.friedrich@dox42.com. We have not appointed a Data Protection Officer as this is not required by law.

We use the terminology of the General Data Protection Regulation (GDPR) in our Privacy Policy. To ensure that this information is easily understood by all users, we try to avoid legal terminology as much as possible. If any information is not expressed in a clear and straightforward manner, we welcome your feedback.

Your Privacy Rights

You have following rights in connection with the GDPR:

• Right of access (request for information)
• Right to rectification
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing (Revocation of consent)
• Rights in relation to automated decision making (including profiling)
• Right to complain to the Data Protection Authority (https://www.dsb.gv.at)

You may exercise your rights at any time. We invite you to contact us by post or electronically by e-mail at monika.friedrich@dox42.com to enforce your privacy rights. Please understand that we are unable to respond to telephone or verbal requests as we cannot guarantee that the information will be passed on to the authorised person. We ask for your cooperation in confirming your identity when contacting us.

Website

When entering the website and its sub-pages, as well as the services offered by dox42 GmbH, personal data is processed for the following purposes:

• Presentation of the website and its contents
• Contacting the user
• Presenting the company and offering services
• Ensuring the functionality of the website
• Marketing activities
• Analysis of the use of the website by users

The following categories of information are collected:

• IP address (only stored after interaction with the contact form during reCAPTCHA verification)
• Date and time of access
• Browser types and versions
• Operating system used by the accessing system
• The website or sub-page from which the accessing system reached our website (in the case of a link)
• Internet service provider of the accessing system
• Data generated by cookies

What services do we use and who receives the information?

• Data processors, such as web hosting services and IT service providers
• When cookies are used (based on consent via a cookie banner):
  • "Google Analytics 4," "Google Tag Manager," "Google Signal," "Google Remarketing," Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, with IP anonymization
  • "Google AdWords," Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • "Youtube," Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with enhanced privacy mode
  • "LinkedIn," LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA
  • "X", X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
  • XING," New Work SE, Am Strandkai 1, 20457 Hamburg, German

Server logs (log files) are kept for up to six months. The legal basis for the processing of access data (web server log files), user analysis and data collected through technically necessary cookies is, in accordance with Art. 6(1)(f) of the GDPR, is the legitimate interest of the data controller dox42 GmbH (purposes: presentation of online service offers, data security).

The use of advertising cookies requires your consent, which can be modified at any time via our cookie banner. There you will also find a detailed description of the type of cookies and the duration of data storage.

If a job application is submitted by e-mail, we delete the application data within 7 months after the conclusion of the application process (for the purpose of enforcing claims pursuant to Sections 15(1) and 29 of the GlBG, with reference to the decision of the Data Protection Supervisory Authority (DSB) DSB-D123.085/0003-DSB/2018), unless consent has been given for longer data storage.

Please note: Cookies may also be used by us and third parties to process personal data. Third parties, such as Google, are based in the US, which does not have an adequate level of data protection. There is a risk that the data of EU citizens may be processed by US authorities without any effective means of redress. We therefore ask you to take this into account when giving your consent. You can withdraw your consent at any time (by changing the settings in the cookie banner). Of course, we try to select providers that have been certified under the EU-US Data Privacy Framework.

Newsletter

The provided newsletter contains information about (online) events organised by dox42 or our business partner, company updates and product recommendations as well as articles related to document automation and data integration.

When you subscribe to the newsletter, dox42 processes personal data for the following purposes:

• Presenting the company and offering services
• Marketing activities
• Analysis of newsletter usage

The following categories of data are collected:

• Name and e-mail address
• Time of delivery
• Time of opening, duration of opening, IP address of opening
• Email program used (mail client), which link was clicked and the time of usage
• Language preference (DE / EN)

What services do we use and who receives the data?

• Data processors such as mailworx - eworx Network & Internet GmbH, Hanriederstraße 25, A-4150 Rohrbach-Berg
• Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (Data Privacy Framework certified)

Your email address is processed on the basis of your given consent in line with Section 107 of the Austrian Telecommunications Act and Article 6(1)(a) GDPR. When you unsubscribe from our newsletter it will be automatically noted within the newsletter tool. Therefore, you will not receive the newsletter from the time you unsubscribe.

Our Service and Contractual Performance

We offer the opportunity to buy or trial our products online. In addition, demos can be made available. In providing our services, we process personal data on the basis of a contractual relationship or upon enquiry.

In the course of providing our products and services, dox42 processes personal data for the following purposes:

• Contact for scheduling demo presentations
• Processing of inquiries regarding quotations and pricing
• Handling of orders and their invoicing
• Creation, management, and updating of customer data
• Organization of meetings (video conferences) and scheduling thereof
• Consultation on document automation and data integration
• Conducting marketing activities
• Support inquiries

The following data categories are collected:

• Customer Profile data, such as title, name, email address, company, job description, company address, billing address.
• Preferred or acquired products, systems, details related to document automation and data integration.
• Order processing (ordered products and invoice data).
• Data for contact purposes and correspondence data.
• When utilizing download options for licensed software products and only upon license activation, we obtain system information (such as OS version, user name, which may potentially contain personal references).

Which services do we use? Who receives your data?

• Data processors, such as Microsoft, Vtiger as a CRM tool.
• dox42 Technology Partners (refer to https://www.dox42.com/de/company/partners).
• Tax advisors and certified public accountants.

We process data on the basis of your consent when you contact us to present our products. In the context of business development and performance, we rely on the legal basis of contract fulfilment to process personal data. When we collect data to fulfil legal obligations, such as billing information, the legal basis is compliance with legal requirements.

Our customers' data is usually kept for the duration of the ongoing contractual relationship. After termination of the contractual relationship, only data that is absolutely necessary according to applicable legal provisions or retention obligations (e.g. UGB, ABGB, BAO, etc.) will be stored for the duration of these legal retention obligations. For example, we may be subject to retention obligations under tax law, or we may be required to retain personal data for liability and warranty purposes as part of contract administration.

Know-How Database and Eventmanagement

On our website, we offer the possibility to watch instructional videos and tutorials and/or to participate in our (online) events. We provide the following interaction options and process personal data for these purposes:

• Webinar organisation and hosting
• Event management for online events
• Implementation of marketing activities (post-event communication)
• Support enquiries

The following data categories are collected:

• When registering for (online) events or training:
  • Basic information such as title, name, email address, company, job description, company address in the form of attendee lists.
  • Preferred or purchased products, systems, document automation and data integration details.
  • Seminar topic/event content.
• If video content is used: Data on videos clicked, playlists created, ratings and comments provided, IP address and browser information.
• For support requests, contact email addresses provided are collected.

Which services do we use? Who receives your data?

• Data processors, such as webinar service providers:
  • „GoToWebinar“, GoTo Technologies Ireland Unlimited Company, The Reflector 10 Hanover Quay Dublin 2 D02R573 Irland
  • “Youtube”, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland with enhanced privacy mode
  • “MS Teams“, Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
  • „Atlassian”, Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia

We process your data on the basis of your consent or for the fulfilment of a contract and store it until your consent is revoked or after termination of the business relationship. Recordings of webinars will only be made following prior communication and consent.

Your data in connection with registration for (onsite/online) events will only be stored for as long as is necessary for the organisation of the event, and beyond that only for as long as is necessary for processing in accordance with legal retention obligations or for the duration of a business relationship, if one has been formed. Data will only be stored for longer periods if required by law or for the prosecution of possible legal proceedings.