Privacy Policy

We are very pleased that you are interested in our company. Data protection is of particular importance to the management of Docs in Clouds GmbH. The use of the websites of Docs in Clouds GmbH is generally possible without providing personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address, or phone number of a data subject, is always carried out in compliance with the General Data Protection Regulation (GDPR) and in accordance with the applicable national data protection regulations for Docs in Clouds GmbH. With this privacy policy, our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed about their rights under this privacy policy.

Docs in Clouds GmbH has implemented numerous technical and organizational measures as the controller to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions can, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, it is open to each data subject to transmit personal data to us via alternative channels, such as by phone.

Definitions

The privacy policy of Docs in Clouds GmbH is based on the terminology used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used.

In this privacy policy, we use the following terms:

a) Personal Data Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific features that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.
d) Restriction of Processing Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
e) Profiling Profiling is any form of automated processing of personal data, which involves using personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.
f) Pseudonymization Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures that ensure personal data cannot be attributed to an identified or identifiable natural person.
g) Controller or Responsible Party The controller or responsible party is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data. Where the purposes and means of processing are determined by Union law or the law of Member States, the controller or the specific criteria for its appointment may be laid down by Union law or the law of Member States.
h) Processor A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
i) Recipient A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, authorities that may receive personal data under Union law or the law of Member States in the course of a specific investigation are not considered recipients.
j) Third Party A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data.
k) Consent Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, either by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to them.

Name and Address of the Controller

The controller for the purposes of the General Data Protection Regulation (GDPR), other applicable data protection laws in the Member States of the European Union, and other legal provisions with a data protection character is:

Docs in Clouds GmbH

Vaalserstraße 460

52074 Aachen

Germany

Phone: +49 241-430 04 400

Email: info@docsinclouds.com

Website: www.docsinclouds.com

Collection of General Data and Information

The website of Docs in Clouds GmbH collects a series of general data and information with each access to the website by a data subject or an automated system. This general data and information are stored in the server’s log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system comes (so-called referrer), (4) the subpages that are accessed via the accessing system, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert dangers in the event of attacks on our IT systems.

When using this general data and information, Docs in Clouds GmbH does not draw any conclusions about the data subject. This information is rather required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and advertising for them, (3) ensure the continued functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information in the event of a cyberattack. These anonymized data and information are therefore evaluated by Docs in Clouds GmbH statistically and further with the aim of increasing data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

Contact Options via the Website

The website of Docs in Clouds GmbH contains information required by law that allows for quick electronic contact with our company and immediate communication with us, including an electronic mail (email) address. If a data subject contacts the controller by email or through a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted voluntarily by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. These personal data will not be disclosed to third parties.

Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as required by European or other applicable laws and regulations to which the controller is subject.

Once the storage purpose no longer applies or once the storage period prescribed by the European legislator or another competent legislator has expired, the personal data will routinely be blocked or deleted in accordance with legal requirements.

Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right granted by the European legislator to request confirmation from the data controller whether personal data concerning them are being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.
b) Right to Access
Every data subject whose personal data is being processed has the right granted by the European legislator to obtain from the data controller, free of charge, information about the personal data stored concerning them and a copy of that information. Furthermore, the European legislator has granted the data subject access to the following information:

the purposes of the processing

the categories of personal data being processed

the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly in the case of recipients in third countries or international organizations

if possible, the planned duration for which the personal data will be stored or, if not possible, the criteria used to determine that duration

the existence of the right to rectification or erasure of personal data concerning them, or the right to restrict processing by the controller or to object to such processing

the existence of a right to lodge a complaint with a supervisory authority

if the personal data was not collected from the data subject, all available information regarding the source of the data

the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR, and — at least in such cases — meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject
Moreover, the data subject has the right to be informed whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards related to the transfer.

If a data subject wishes to exercise this right to access, they can contact an employee of the data controller at any time.

c) Right to Rectification
Every data subject has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning them. The data subject also has the right to request the completion of incomplete personal data — including by providing a supplementary statement — in consideration of the purposes of the processing.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.

d) Right to Erasure (Right to be Forgotten)
Every data subject has the right granted by the European legislator to request the immediate erasure of personal data concerning them from the controller, where one of the following reasons applies and the processing is not necessary:

The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

The data subject withdraws their consent on which the processing is based under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.

The data subject objects to the processing under Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) GDPR.

The personal data have been processed unlawfully.

The erasure of personal data is necessary for compliance with a legal obligation under Union law or the law of Member States to which the controller is subject.

The personal data were collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.

If any of the above reasons apply, and a data subject wishes to request the deletion of personal data stored by Docs in Clouds GmbH, they can contact an employee of the data controller at any time. The employee of Docs in Clouds GmbH will ensure that the request for deletion is promptly processed.

If the personal data have been made public by Docs in Clouds GmbH, and the company is obliged to erase the personal data under Article 17(1) GDPR, Docs in Clouds GmbH will take appropriate measures, including technical ones, to inform other data controllers processing the published personal data, to delete any links to these personal data or copies or replications of these personal data, provided that processing is not required.

e) Right to Restrict Processing
Every data subject has the right granted by the European legislator to request the restriction of processing of personal data from the controller if one of the following conditions applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.

The controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.

The data subject has objected to the processing under Article 21(1) GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by Docs in Clouds GmbH, they can contact an employee of the data controller at any time. The employee of Docs in Clouds GmbH will ensure that the processing is restricted.

f) Right to Data Portability
Every data subject has the right granted by the European legislator to receive personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract under Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The data subject has the right, when exercising their right to data portability under Article 20(1) GDPR, to request that their personal data be transmitted directly from one controller to another, where technically feasible and where this does not affect the rights and freedoms of others.

To exercise the right to data portability, the data subject can contact an employee of Docs in Clouds GmbH at any time.

g) Right to Object
Every data subject has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

Docs in Clouds GmbH shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Where Docs in Clouds GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This includes profiling, to the extent that it is related to such direct marketing. If the data subject objects to Docs in Clouds GmbH processing their data for direct marketing, Docs in Clouds GmbH will no longer process the personal data for such purposes.

The data subject also has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them for scientific or historical research purposes, or for statistical purposes under Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of Docs in Clouds GmbH.

h) Automated Decisions in Individual Cases, Including Profiling
Every data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the entry into, or performance of, a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, or (3) is based on the explicit consent of the data subject.

Where the decision is (1) necessary for the conclusion or performance of a contract or (2) based on the explicit consent of the data subject, Docs in Clouds GmbH will implement suitable measures to safeguard the rights and freedoms, and legitimate interests of the data subject, which at least include the right to obtain human intervention, to express the data subject's point of view, and to contest the decision.

If the data subject wishes to exercise rights regarding automated decisions, they can contact an employee of the data controller at any time.

i) Right to Withdraw Consent
Every data subject has the right to withdraw their consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the data controller at any time.

Privacy Policy Regarding the Use of YouTube

The data controller has integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on these videos for free. YouTube allows the publication of all types of videos, so complete films and TV shows, as well as music videos, trailers, or user-generated videos, are accessible through the portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Whenever a user visits one of the individual pages of this website operated by the data controller that contains a YouTube component (YouTube video), the internet browser on the data subject's information technology system will automatically download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google will learn which specific page of our website the data subject is visiting.

If the data subject is logged into YouTube at the same time, YouTube will recognize which specific page of our website the data subject is visiting when they access a page containing a YouTube video. This information will be collected by YouTube and Google and associated with the data subject's YouTube account.

YouTube and Google will always receive information that the data subject has visited our website when the data subject is logged into YouTube at the time of accessing our website, regardless of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before visiting our website.

The privacy policies published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by YouTube and Google.

Privacy Policy Regarding the Use of Google Fonts API

The data controller has integrated components from Google Fonts on this website. The Google Fonts API allows specific fonts to be quickly loaded for a website.

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Whenever a user visits one of the individual pages of this website operated by the data controller that contains a Google Fonts API component, the internet browser on the data subject's information technology system will automatically download a representation of the corresponding Google Fonts API component. Further information about the Google Fonts API can be found at https://fonts.google.com/about. As part of this technical process, Google Fonts API and Google will learn which specific page of our website the data subject is visiting.

If the data subject is logged into Google at the same time, Google will recognize which specific page of our website the data subject is visiting when they access a page containing a Google font. This information will be collected by Google and associated with the data subject's Google account.

Google will always receive information that the data subject has visited our website when the data subject is logged into Google at the time of accessing our website. If the data subject does not want this information to be transmitted to Google, they can prevent the transmission by logging out of their Google account before visiting our website.

The privacy policies published by Google, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by Google.

Privacy Policy Regarding the Use of Google Maps API

The data controller has integrated components from Google Maps on this website. The Google Maps API allows locations to be displayed on a world map and routes to be calculated directly by Google.

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Whenever a user visits one of the individual pages of this website operated by the data controller that contains a Google Maps API component, the internet browser on the data subject's information technology system will automatically download a representation of the corresponding Google Maps API component. Further information about Google Maps API's privacy policy can be found at https://www.google.com/policies/privacy/. As part of this technical process, Google Maps API and Google will learn which specific page of our website the data subject is visiting.

If the data subject is logged into Google at the same time, Google will recognize which specific page of our website the data subject is visiting when they access a page containing a Google Maps map. This information will be collected by Google and associated with the data subject's Google account.

Privacy Policy Regarding the Use of Google ReCaptcha API

The data controller has integrated components of the Google ReCaptcha API on this website to detect bots (e.g., when submitting online forms) and to prevent or limit the submission of information via a contact form.

Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Whenever a user visits one of the individual pages of this website operated by the data controller that contains a Google ReCaptcha API component, the internet browser on the data subject's information technology system will automatically download a representation of the corresponding Google ReCaptcha API component. Further information about the privacy policy for Google ReCaptcha API can be found at https://www.google.com/policies/privacy/. As part of this technical process, Google ReCaptcha API and Google will learn which specific page of our website the data subject is visiting.

If the data subject is logged into Google at the same time, Google will recognize which specific page of our website the data subject is visiting when they access a page containing a Google ReCaptcha. This information will be collected by Google and associated with the data subject's Google account.

Legal Basis for Processing

This disclaimer is to be considered as part of the internet offer from which this page was referenced. If parts or individual phrases of this text do not, no longer, or not completely comply with the applicable legal situation, the remaining parts of the document will remain unaffected in their content and validity.

Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6 (1) lit. f GDPR, our legitimate interest is to conduct our business activities for the benefit of the well-being of all our employees and stakeholders.

Duration for Which Personal Data Is Stored

The criterion for the duration of personal data storage is the respective legal retention period. After the period expires, the relevant data will be routinely deleted, unless it is still required for contract fulfillment or contract initiation.

Legal or Contractual Requirements to Provide Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Providing

We inform you that the provision of personal data is partially legally required (e.g., tax regulations) or may result from contractual agreements (e.g., details about the contract partner). Sometimes, it may be necessary for a data subject to provide us with personal data to conclude a contract, which will then be processed by us. The data subject is, for example, obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and the consequences of not providing the personal data.

Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

This privacy policy was created using the privacy policy generator by DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as the external data protection officer for Upper Bavaria , in cooperation with data protection lawyer Christian Solmecke, and was expanded by Docs in Clouds GmbH.