Skip to main content

Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy below.

Data Collection on This Website

Who Is Responsible for Data Collection on This Website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the “information on the data controller” section of this privacy policy.

How Do We Collect Your Data?

Your data is collected when you provide it to us. For example, this could be data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website via our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

What Do We Use Your Data For?

Some data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour.

What Rights Do You Have Regarding Your Data?

You have the right to obtain free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

For questions about data protection, you can contact us at any time.

Analytics Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be statistically analysed. This is primarily done using analytics programmes.

Detailed information about these tools can be found in the following privacy policy.

2. Hosting

We Host the Content of Our Website With the Following Provider:

External Hosting

This website is externally hosted. Personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via the website.

External hosting is carried out to fulfil contracts with potential and existing customers (Art. 6(1)(b) UK GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) UK GDPR). If consent has been obtained, processing is based on Art. 6(1)(a) UK GDPR and § 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDPA), where consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

Our host(s) will process your data only to the extent necessary to fulfil their obligations and follow our instructions.

We use the following host(s):

Microsoft Deutschland GmbH
Walter-Gropius-Straße 5
80807 Munich

Data Processing Agreement (DPA)

We have entered into a Data Processing Agreement (DPA) with the above provider. This is a legally required contract ensuring they process personal data of our website visitors only according to our instructions and in compliance with the UK GDPR.

3. General Information and Mandatory Details

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data refers to data that can personally identify you. This privacy policy explains what data we collect, how we use it, and the purposes for processing.

Please note that data transmission over the internet (e.g., via email) may have security vulnerabilities. Complete protection against third-party access is not possible.

Information on the Data Controller

The data controller for data processing on this website is:
Docuflow GmbH
Maschweg 80
49324 Melle
Germany

Phone: +49 170 7844727
Email: info@docuflow.cloud

The data controller is the natural or legal person who alone or jointly determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a specific retention period is stated in this privacy policy, your personal data will be retained until the purpose for processing no longer applies. If you request deletion of your data or revoke consent, data will be deleted unless we have other legally permissible reasons for retention (e.g., tax or commercial retention periods). In such cases, data will be deleted after these reasons no longer apply.

General Legal Bases for Data Processing

Where consent is obtained, we process personal data under Art. 6(1)(a) UK GDPR or Art. 9(2)(a) UK GDPR (for special data categories per Art. 9(1) UK GDPR). If consent includes transferring data to third countries, processing is also based on Art. 49(1)(a) UK GDPR. If consent includes cookies or device access (e.g., via device fingerprinting), processing is also based on § 25(1) TTDPA. Consent can be revoked.

If data is necessary for contract performance or pre-contractual measures, processing is based on Art. 6(1)(b) UK GDPR. For legal compliance, processing is based on Art. 6(1)(c) UK GDPR. Data may also be processed based on legitimate interests under Art. 6(1)(f) UK GDPR. The relevant legal bases for specific cases are detailed below.

Note on Data Transfers to Non-Secure Third Countries and US Providers Without DPF Certification

We use tools from companies in non-secure third countries or US providers not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your data may be transferred to and processed in these countries. Note that third countries may not guarantee EU-comparable data protection standards.

The US is generally considered a secure third country with EU-equivalent data protection. Data transfers to the US are permitted if the recipient is DPF-certified or provides additional safeguards. For details on third-country transfers, see this privacy policy.

Recipients of Personal Data

We collaborate with external parties, requiring data transfers. We share data only if necessary for contract fulfilment, legal compliance (e.g., tax authorities), legitimate interests (Art. 6(1)(f) UK GDPR), or other legal grounds. Processors receive data only under valid DPAs.

Revoking Consent

You may revoke consent at any time. The legality of processing before revocation remains unaffected.

Right to Object to Data Processing (Art. 21 UK GDPR)

If processing is based on Art. 6(1)(e) or (f) UK GDPR, you have the right to object to processing for reasons arising from your particular situation. This includes profiling. We will cease processing unless we demonstrate compelling legitimate grounds overriding your interests or for legal claims.

You may object to processing for direct marketing at any time, including profiling related to such marketing.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your EU member state of residence, workplace, or the alleged infringement location.

Right to Data Portability

You have the right to receive your data (processed via consent or contract) in a machine-readable format for transfer to another controller, where technically feasible.

Access, Correction, and Deletion

You have the right to free information about your stored data, its origin, recipients, and purpose. You may also request correction or deletion. Contact us for inquiries.

Right to Restrict Processing

You may request restricted processing in cases such as:
* Contesting data accuracy (during verification).
* Unlawful processing (requesting restriction instead of deletion).
* Needing data for legal claims despite us no longer requiring it.
* Pending verification of overriding interests after objection (Art. 21(1) UK GDPR).

SSL/TLS Encryption

This site uses SSL/TLS encryption for security, indicated by “https://” and a padlock icon. Encrypted data cannot be read by third parties.

Encrypted Payment Transactions

Payment data (e.g., account numbers) is processed via encrypted SSL/TLS connections.

Objection to Marketing Emails

We oppose unsolicited marketing emails sent using contact details published under legal notice requirements. Legal action will be taken against spam.

4. Data Collection on This Website

Cookies

Our website uses cookies—small data packets stored temporarily (session cookies) or permanently on your device. Session cookies delete automatically; permanent cookies remain until manually deleted or browser-cleared.

Cookies may be first-party (us) or third-party (e.g., payment services). Necessary cookies (e.g., shopping cart functionality) are stored under Art. 6(1)(f) UK GDPR (legitimate interest). Consent-based cookies use Art. 6(1)(a) UK GDPR and § 25(1) TTDPA.

Browser settings can block cookies, but may limit website functionality. For cookie details, see this privacy policy.

Consent Via Usercentrics

We use Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich) to obtain consent for cookies/technologies. Data transmitted includes:
* Consent status
* IP address
* Browser/device info
* Visit time
* Geolocation

A cookie stores your consent choices. Data is retained until deletion request or purpose expiry. Legal retention periods apply.

The consent banner uses erecht24 (German provider), displaying their logo. The image server (Germany) logs anonymised IPs.

Server Log Files

The provider automatically collects:
* Browser type/version
* OS
* Referrer URL
* Hostname
* Time of request
* IP address

This data is processed under Art. 6(1)(f) UK GDPR (legitimate interest in website functionality).

Contact Form

Data from contact forms (including contact details) is stored to process inquiries. Processing is based on Art. 6(1)(b) UK GDPR (contract/pre-contract) or legitimate interest (Art. 6(1)(f) UK GDPR). Data is retained until deletion request, consent revocation, or purpose expiry. Legal retention periods apply.

Email, Phone, or Fax Inquiries

Inquiries (including personal data) are stored for processing. Legal basis as above. Data is retained until deletion request or purpose expiry.

Registration

Registration data is used to manage your account and notify you of changes. Legal basis: Art. 6(1)(b) UK GDPR. Data is retained while registered, subject to legal retention.

5. Newsletter

Newsletter Data

To subscribe, we require your email and verification of ownership/consent. Data is used solely for newsletters and not shared. Processing is based on consent (Art. 6(1)(a) UK GDPR), revocable via unsubscribe link.

Data is stored until unsubscription or purpose expiry. Post-unsubscription, emails may be blacklisted to prevent future mailings (legitimate interest under Art. 6(1)(f) UK GDPR).

6. Plugins and Tools

YouTube (Enhanced Privacy Mode)

We embed YouTube videos (Google Ireland Limited, Gordon House, Dublin 4). Visiting a page with YouTube connects to YouTube’s servers, informing them of pages visited. If logged in, YouTube may link browsing to your profile.

Enhanced privacy mode disables personalised ads and cookies, using local storage instead. Further data processing may occur post-video activation.

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest in appealing content). Consent-based processing uses Art. 6(1)(a) UK GDPR and § 25(1) TTDPA.

https://policies.google.com/privacy

ChatGPT

We use ChatGPT (OpenAI, USA) for customer communication (e.g., Docuflow One). Inputs and metadata are processed to generate responses. Data is not used for training.

Legal basis: Art. 6(1)(f) UK GDPR (legitimate interest in efficient communication). Consent-based processing uses Art. 6(1)(a) UK GDPR and § 25(1) TTDPA.

https://openai.com/policies/privacy-policy

7. E-commerce and Payment Providers

Processing Customer and Contract Data

We collect and process data to establish, execute, or terminate contracts. Usage data is processed to enable service access/billing (Art. 6(1)(b) UK GDPR). Data is deleted post-contract or after legal retention periods.

Data Transfer Upon Contract Conclusion

Data is shared with third parties (e.g., payment processors) only for contract fulfilment. Further sharing requires explicit consent.

Payment Services

We integrate third-party payment services. Payment data (e.g., account/card details) is processed by providers under their policies. Legal basis: Art. 6(1)(b) UK GDPR (contract) and legitimate interest (Art. 6(1)(f) UK GDPR).

We use:

Stripe

Stripe Payments Europe, Ltd. (EU customers) processes data under EU Standard Contractual Clauses. Details: https://stripe.com/gb/privacy.

Logo Docuflow AI

Company

Services

Contact

info@docuflow.cloud
+49 5203 4648992
© DocuFlow.
Powered by MediaFish.