The protection of your personal data is of particular concern to us. For this reason, too, we comply with the relevant statutory regulations. This data protection declaration is intended to inform you what type of data is collected for what purpose and to what extent this data is made accessible to third parties.
The privacy information is divided into five parts:

A. General data privacy information

B. Privacy information for users of this website

C. Privacy information for Docusnap365 users

D. Privacy information for customers

E. Rights of data subjects

A. General data privacy information

Name and address of the controller

Docusnap GmbH
represented by the managing directors: Dipl.-Inf. (FH) Peter Kurz, Ingemar Mayr

Franz-Larcher-Strasse 4
83088 Kiefersfelden, Germany

Phone: +49 (0)8033 / 6978-0
Fax: +49 (0)8033 / 6978-91
E-mail: info@docusnap.com
Internet: www.docusnap.com

Name and address of the data protection officer

Should you have any further questions regarding data protection or the processing of your personal data processed by us, please contact our company data protection officer by e-mail at: datenschutz@docusnap.com or at the above address marked "Data Protection Officer".

B. Privacy information for users of this website

Processing of Personal Data
The processing of personal data is carried out in accordance with Art. 5 GDPR.
Personal data is processed on our Internet sites

• as far as technically necessary,
• the analysis, the optimization or the economic operation of our Internet presences serves,
• this is necessary for the execution of the contract or
• to provide you as a customer with product-specific information.

Data Security

We use technical and organizational security measures in order to protect your data administered by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
Data transfers are carried out using the SSL procedure (Secure Socket Layer).

Safety notice

We endeavour to store your personal data in such a way that they are inaccessible to third parties by using all technical and organisational means at our disposal. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

Use of Service Providers

We use service providers (so-called contract processors) to provide services and process your data. The service providers process the data exclusively on the instructions of Docusnap GmbH and are obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access to your data to the extent and for the period necessary to perform the services.

External service providers are carefully selected by us and contractually bound in accordance with Art. 28 GDPR by means of an agreement on order processing.

Processing of Data in Countries outside the European Economic Area EEA

Some of the service providers we use are based in the USA or other countries outside the European Economic Area. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. We use contractual provisions or other recognised instruments to ensure that your personal data is adequately protected.

Logging the Use of our Internet Presence

When you access our website, you transmit data (for technical reasons) via your Internet browser to a web server. The following data is recorded during an ongoing connection for communication between your Internet browser and our web servers:

• Browser type/version,
• operating system used,
• Referrer URL (the previously visited page) and
• the time of the server request.

We require this data for reasons of technical security and for statistical evaluations, and as a rule we cannot assign it to specific persons. This data will not be merged with other data sources. These data will be deleted after 14 days at the latest.

Cookies

Various services on our website use so-called "cookies". These are small text files which are stored on your computer and which allow an analysis of your use of the website. They serve to make our Internet presence more user-friendly, more effective and safer - for example, when it comes to accelerating navigation on our platform.

Cookies also enable us to measure the frequency of page views and general navigation, for example. Cookies are small text files that are stored on your computer system. We would like to point out that some of these cookies are transferred from our server to your computer system, which are usually so-called "session cookies". "Session cookies" are characterized by the fact that they are automatically deleted from your hard disk at the end of the browser session. Other cookies remain on your computer system and enable us to recognize your computer system on your next visit (so-called permanent cookies). Of course, you can reject cookies at any time, if your browser allows this.
Of course, you can also use our website without using cookies. You can generally deactivate the use of cookies at any time via the settings of your Internet browser or have the setting of cookies displayed and then decide in individual cases whether you accept cookies. Please note, however, that in this case you may not be able to use all functions of our website to their full extent.

Cookies: Consent choices

Instructions for deleting cookies in the most common browsers can be found here:

• Microsoft Edge: Tutorial
• Microsoft Internet Explorer: Tutorial
• Mozilla Firefox: Tutorial
• Google Chrome: Tutorial
• Opera: Tutorial

Social Network

On our websites we use different plugins from social networks.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the Facebook plugins and their appearance can be found here:
https://developers.facebook.com/docs/plugins?locale=en_US

Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here:
https://about.twitter.com/en_us/company/brand-resources.html

Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram buttons and their appearance can be found here:
https://instagram.tumblr.com/post/36222022872/introducing-instagram-badges

LinkedIn is operated by the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

XING is operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing"). An overview of the Xing buttons and their appearance can be found here:
https://dev.xing.com/plugins/share_button

These social plugins are operated exclusively by the respective providers. The social plugins on our website are identified by the respective button belonging to the provider or service. If you visit one of our websites that contains such a social plugin, your browser will connect to the servers of the respective service. This, in turn, transmits the content of the plugin to your browser and integrates it into the displayed page. By visiting our website, the respective information is transmitted to the respective service.

If, at the same time as you visit our Website, you are logged into one of the Services through your personal account, that Service may assign the visit to the Website to your account. Users can use social plugins to post or share links to websites on social networks. Through interactions, such as leaving a comment or clicking the respective button, the respective information is transferred directly to the respective services and stored there.

If you do not want and do not want such data transfer, log out of your social networks or user accounts before visiting our websites. We have no influence on the data collection and transmission by social plugins. The purpose and scope of the data collection of the respective provider or service and the further use and processing of your data can be found in the respective data protection information directly from the websites of the providers. Please inform yourself there which rights you have and how you can achieve a satisfactory data protection setting.

Data protection information about the social plugins used on our online presence:

• https://www.facebook.com/about/privacy/
• https://www.twitter.com/en/privacy
• https://help.instagram.com/519522125107875
• https://www.linkedin.com/legal/privacy-policy
• https://privacy.xing.com/en/privacy-policy

Salesforce/ Pardot

We store solely and exclusively personal data of website visitors who have registered voluntarily/on their own accord on our websites in order to receive information on products and services, to subscribe to newsletters or to download documents. Some forms and websites are linked to Pardot. Pardot is a software for the marketing automation of

salesforce.com Germany GmbH
Erika-Mann-Straße 31-37
80636 Munich
Germany

Voluntarily provided personal data is first stored in Pardot and then processed with the Salesforce CRM system for the purpose of contacting and/or sending information.

We use Pardot as a marketing analysis service, which enables us to maintain, measure and expand our website and marketing communication and to optimize the website content. Data is processed in Salesforce/ Pardot on our behalf through the use of cookies.

Here you can find out how Salesforce processes your data when you visit websites: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5.

Matomo

In order to provide you with the best possible experience on our websites, we collect certain information. To do this, we use the Matomo Web Analytics Platform from the company

InnoCraft Ltd.
7 Waterloo Quay PO625
6140 Wellington
New Zealand

When you visit our site, we store: Your anonymised IP address, the website you visited us from, the parts of our websites you visit, the date and duration of your visit, information from the device you used during your visit (device type, operating system, screen resolution, language, country you are in and web browser type) and more. We process this usage data in the Matomo Web Analytics Platform for statistical purposes, to improve our site and to detect and prevent abuse.

Opt-out from web analytics

You can opt out of being tracked by our Matomo Analytics instance below:
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Microsoft

To create a user account for the purpose of authentication in our online portals myDocusnap, Support Portals and Ideas Portal, we use on the basis of article 6 paragraph 1 letter f of the DSGVO the service "Microsoft Azure Active Directory B2C" by

Microsoft Ireland Operations Ltd.
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland

To create a user account, your email address and - if specified - your first and last name will be transmitted. Here you always have the option to use general information of your company such as "IT department" and it@, not your personal data. The email address must be available in your company so that we can also send password changes, for example. The password chosen by the user is stored there. We use these services as a secure and more available alternative to our own cloud infrastructure and integrated password stores.

Mollie

On our website in our webshop we offer payment via the external payment service provider

Mollie B.V.
Keizersgracht 126
1015 CW Amsterdam
Netherlands

The following payment methods are processed through Mollie: Mastercard, Visa, American Express, SEPA and PayPal. When you select the payment method, the payment data you entered will be transmitted to both Mollie and the payment provider you selected. The transmission of your data to Mollie is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which can also be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights. For details on payment via the payment service provider Mollie, please refer to the following link: https://www.mollie.com/en/privacy

LiveChat

This website uses LiveChat, a software of the company

LiveChat Inc.
One International Place
Suite 1400
Boston, MA 02110-2619
USA

LiveChat uses cookies to provide you with personal entertainment in the form of a real-time chat with us. The information generated by the cookie about your use of this online service is generally transmitted to a server of LiveChat Inc. in the USA and stored there. When you use LiveChat, you can provide your email address to have the chat history sent to you. In this case the data will be stored by LiveChat Inc.

For more information about privacy at LiveChat Inc., please visit http://www.livechatinc.com/privacy-policy/.

Zapier

For the integration of different databases and tools for the automation of our workflows we use Zapier, a service of the

Zapier Inc.
548 Market St #62411
San Francisco
California 94104
USA

Customer data may be transmitted with the exception of payment data. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.

Google Ads

To draw the attention of potential users and customers to our online offers, we use the online advertising program "Google Ads" and, within the framework of Google Ads, conversion tracking, an analysis service of the

Google Inc. (Google)1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Ads places a cookie on your computer ("conversion cookie") if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages on our site and the cookie has not yet expired, we and Google may recognize that someone clicked on the ad and was redirected to our site. Each Google Ads customer receives a different cookie. As a result, cookies cannot be tracked through Google Ads customer websites. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking.
Google Ads customers will know the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.
If you do not wish to participate in the tracking procedure, you can refuse to set a cookie as required for this purpose - for example by setting your browser to deactivate the automatic setting of cookies in general. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".

Google's Privacy Policy on Conversion Tracking can be found at https://services.google.com/sitestats/en.html.
You can also prevent Google Ads from capturing your data by clicking the following link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website:

Deactivate Google Ads

Google Analytics

This website uses Google Analytics, a web analytics service provided by

Google Inc. ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA

Google Analytics uses "cookies". The information generated by the cookie about your use of this website will generally be transmitted to a Google server in the United States and stored there for 14 months. However, if IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

We would like to point out that on this website Google Analytics was extended by the code "gat._anonymizeIp();" in order to guarantee an anonymous recording of IP addresses (so-called IP masking). You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:
tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent Google Analytics from collecting this information by clicking on the following link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website:

Deactivate Google Analytics

Google Optimize

Our websites also use Google Optimize. Google Optimize is a tool integrated in Google Analytics. Google Optimize analyzes the use of different variants of our websites and helps us to improve the usability according to the behavior of our users.

Google Tag Manager

The Google Tag Manager is used on this website. The Google Tag Manager is a solution from

Google Inc. ("Google")
1600 Amphitheatre Parkway
Mountain View
CA 94043
USA,

which allows companies to manage website tags via a single interface. The Google Tag Manager is a cookie-free domain that does not collect personally identifiable information. The Google Tag Manager triggers other tags that may themselves collect data. We hereby point this out separately.
The Google Tag Manager does not access this data. If a deactivation has been made by the user at the domain or cookie level, this will remain the case for all tracking tags implemented with Google Tag Manager.

Bing Ads

Our website uses Bing Ads technology to collect and store data from which user profiles are created using pseudonyms. This is a service of the

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

This service enables us to track the activities of users on our website when they arrive at our website through ads from Bing Ads. If you reach our website via such an advertisement, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal information about the use of the website. This includes, among other things, the time spent on the website, which areas of the website were called up and which advertisement the user used to access the website. Information about your identity is not collected.

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website under certain circumstances.
In addition, Microsoft may use cross-device tracking to track your usage patterns across multiple electronic devices, enabling Microsoft to display personalized advertisements on Microsoft Web sites and apps.
You can deactivate this behavior at https://choice.microsoft.com/en-us/opt-out.
More information on Bing's analysis services can be found on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2). For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy (https://privacy.microsoft.com/en-us/privacystatement).

Facebook Custom Audience

Facebook users should note that Facebook's Website Custom Audience communication tool is used on this website. For this purpose, so-called Facebook pixels are integrated on our websites, which mark you as a visitor to our website in anonymous form, i.e. without identifying you as a person.
If you are a Facebook user, this allows Facebook to associate visiting our pages with your user account. Facebook can also subsequently recognise whether a Facebook ad has had an effect, e.g. whether it has led to a purchase. The Facebook pixel also allows us to play ads to a defined audience on Facebook. Facebook only provides us with statistical data without reference to a specific person. This is done for purposes of advertising effectiveness, market research and demand-oriented design of our website. Tracking using the pixel is done in a way that does not allow us to identify you as a person and only marks users as visitors to our website in an anonymous form for us. Facebook uses cookies for this purpose. Facebook stores and uses the data collected using the pixel. This happens at least partially outside the territorial scope of EU data protection legislation.

For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your privacy settings, please refer to Facebook's Privacy Policy, which can be found at https://www.facebook.com/privacy/explanation.

Raise an objection: If you wish to object to the use of the Facebook Custom Audiences website, you can do so at https://www.facebook.com/ads/website_custom_audiences. You must be logged in to Facebook to do this.

Wistia

On our websites we use on the basis of article 6 paragraph 1 letter f of the DSGVO, the software Wistia (https://wistia.com/) from the

Wistia Inc.
17 Tudor Street
Cambridge, MA 02139
USA

The software is used to embed videos into our website and to promote and measure the interaction of website visitors with the videos. Wistia collects the following categories of personal data on our behalf:

• anonymised IP address incl. provider;
• access time to viewed videos;
• details of their viewed video sections;
• URL of the videos;
• Type of end device (stationary, mobile), operating system and browser used.

Cookies are not used for this purpose.

You can find all information on the transfer and use of data by Wistia here: https://wistia.com/privacy.

Changes to our Privacy Policy

We reserve the right to change our security and data protection measures at any time if this becomes necessary due to technical development or legal changes. In these cases, we will also adapt our information on data protection accordingly. Please therefore note the current version of this data protection declaration.

C. Privacy information for Docusnap365 users

When using Docusnap365, in addition to the data required for the performance of the contract (Art. 6 (1) p. 1 lit. b DSGVO), telemetry data on the use of the software is also processed for the purpose of improving Docusnap365. The legal basis is the legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO). We have a legitimate interest in improving Docusnap365 based on telemetry data. The rights of users are preserved because the telemetry data cannot be traced back to users.

Microsoft Azure

The Docusnap365 platform is run on the Microsoft Azure West Europe cloud service. For the creation and operation of the Docusnap365 environments and for the creation of a user account in Microsoft Azure Active Directory B2C for the purpose of authentication, we use, on the basis of Article 6(1)(f) DSGVO, the services of

Microsoft Ireland Operations Ltd.
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
Ireland

To create a user account your email address and - if given - your first and last name will be transmitted. Here you always have the possibility to use general information of your company like "IT department" and it@, not your personal data. The email address must be available in your company so that we can also send password changes, for example. The password chosen by the user is stored there. We use these services as a secure and more available alternative to our own cloud infrastructure and integrated password storage.

Product Fruits

For onboarding customers and prospects to our Docusnap365 product, we use the cloud-based platform of the company

Product Fruits s.r.o.
Rozdelovska 1999
169 00 Prague 6
Czech Republic

The basis for the use of the Product Fruits service is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interest is to ensure the best possible user experience of our product.

Mixpanel

We use the web analytics service of the company

Mixpanel, Inc.
405 Howard St., Floor 2
San Francisco, CA 94105
USA

We use this analysis service to analyze the use of our product Docusnap365 and to continuously develop it in terms of user-friendliness. The basis for the use of the Mixpanel tool is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to ensure the best possible user experience through continuous optimization and further development of our product.

D. Privacy information for customers

If you conclude a Docusnap contract with us or in the case of pre-contractual measures, we process your data in order to conclude and implement the contract. Your data will be processed on the basis of Art. 6 para. 1 p. 1 lit. b) DS-GVO (fulfillment of contract) and Art. 6 para. 1 p. 1 lit. c) DS-GVO (fulfillment of legal storage regulations, § 257 HGB, § 147 AO). We process your data as long as the contract exists and claims can still exist from the contract, which is usually three years after the conclusion of the contract in the case of a purchase contract and three years after the termination of a service contract, in each case starting on 31.12. of a year. In addition, we store accounting documents for a period of 10 years and commercial and business letters for a period of 6 years to fulfill our legal retention obligations. The storage period always begins at the end of the calendar year in which the commercial and business letter is received/dispatched or in which the accounting document is created.

The data will not be passed on to third parties with the exception of order processors in accordance with Art. 28 DS-GVO, with whom a contract for order processing exists. Data will not be transferred to a third country. An automated decision making process does not take place either.

E. Privacy information for customers

For all questions regarding data protection, please contact our data protection officer, who can be reached by e-mail at datenschutz@docusnap.com or by post at our address marked "Datenschutzbeauftragter".
In addition, you are also entitled to statutory rights of data subjects, which we list below. Please contact our data protection officer also in these cases.

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 DS-GVO. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of such data;
• in accordance with Art. 16 DS-GVO, to demand the correction of incorrect or incomplete personal data stored by us without delay;
• pursuant to Art. 17 DS-GVO, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• pursuant to Art. 18 DS-GVO, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 DS-GVO;
• in accordance with Art. 20 DS-GVO, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
•  in accordance with Art. 7 para. 3 DS-GVO, to revoke your consent to us at any time. As a result, we may no longer continue to process the data which was based on this consent in the future;
• to object to the processing of your personal data in accordance with Art. 21 DS-GVO if there are reasons for doing so that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a special situation. You have the possibility to inform us of your objection informally by telephone, by e-mail, by fax or to our address listed at the beginning of this data protection declaration and

Under Art. 77 DS-GVO, you also have a right of appeal to a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or work or to the supervisory authority of our headquarters; an overview of the supervisory authorities can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html); the supervisory authority generally responsible for us is

Bavarian State Office for Data Protection Supervision
Promenade 27 (Schloss)
91522 Ansbach
Phone: +49 (0)981 / 53-1300
Fax: +49 (0)981 / 53-5300
e-mail: poststelle@lda.bayern.de
Homepage: http://www.lda.bayern.de

As of: September 2023