Compliance to General Data Protection EU Regulation
Last updated 02.09.2020
Thank you for choosing to be part of our community at Papermerge DMS (“company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at firstname.lastname@example.org.
In Short: We collect personal information that you provide to us such as email, username, name/your company name, your region and payment information you provide us during registration process. Also we store your documents (such as bills, invoices, scanned letters etc) you upload while using our hosted solution.
We collect personal information that you voluntarily provide to us when registering for hosted solution expressing an interest in obtaining information about us or our products and services. We collect documents you uploaded on hosted server. Documents storage is core of our business.
The personal information that we collect depends on the context of your interactions with us and the Sites, the choices you make and the products and features you use. The personal information we COLLECT can include the following:
Name and Contact Data. We collect your business name, email address, username, your region, your country name. Your region and country you live is required because it helps us to know where to deploy your hosted instance. Closer to your location servers provide better service.
Credentials. We do not collect passwords, password hints, and similar security information used for authentication and account access. Instead we create an account for you and send you credentials via email and we require you to change them immediately.
Documents – The principle of Papermerge is convenient way of document management. With Papermerge you can digitally archive your documents in a central location, organize them and access them from anywhere. You can also remove your documents from our platform at any time or export them in a common file format and save them elsewhere. Papermerge allows you to structure the documents and recognizes all important information. With the help of Papermerge, documents can be found quickly and easily thanks to intelligent organization and search functions.
In the context of document storage and analysis, Papermerge also processes personal data. If the documents transmitted to Papermerge contain personal data of third parties, the user is responsible for obtaining the corresponding consents or only to transmit personal data if a statutory permission exists.
We do NOT give, sell, transmit, neither your documents nor derivative information from your documents to 3 rd parties. Your documents stay on our servers, and it is the core of our business to keep your documents safe and secure. Your data is yours only and our business is to guard it securely. In order to assure long term storage of your documents we make backups twice a day. Backups are encrypted using AES 256 CBC algorithm with 2048 bit X509 certificates. Encrypted backups are stored on two remote AWS S3 servers located in two distinct data centers.
In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Sites for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests ("Business Purposes"), in order to enter into or perform a contract with you ("Contractual"), with your consent ("Consent"), and/or for compliance with our legal obligations ("Legal Reasons"). We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
To facilitate account creation and sign in process. Information you provide us during registration, such as your business name, subdomain, region, country, username, email, OCR language, localization language is used solely to create a hosted instance for you - (subdomain).papermerge.com.
To send you marketing and promotional communications for Business Purposes and/or with your Consent. The email your provide will be used to send your a newsletter which might include marketing and promotional information. You may choose to unsubscribe from such newsletter in such case we won’t send you any further marketing or promotional emails.
To send administrative information to you [for Business Purposes, Legal Reasons and/or possibly Contractual]. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
Fulfill and manage your orders [for Contractual reasons]. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Sites.
Request Feedback [for our Business Purposes and/or with your Consent]. We may use your information to request feedback and to contact you about your use of our Sites.
To protect our Sites [with your consent]. We may use your information in order to enable user-to-user communications with each user's consent.
To enable user-to-user communications [for Business Purposes and/or Legal Reasons]. We may use your information as part of our efforts to keep our Sites safe and secure (for example, for fraud monitoring and prevention).
To enforce our terms, conditions and policies [for Business Purposes, Legal Reasons and/or possibly Contractual].
To respond to legal requests and prevent harm [for Legal Reasons]. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
In Short: No. We only share information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations.
Our business is registered in Germany and it complies to German legislation. Germany has very strict laws regarding individual privacy and private data protection.
We only share and disclose your information in the following situations:
Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
Vital Interests and Legal Rights We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
We may transfer, store, and process your information in countries other than your own.
Your Papermerge host servers will be deployed on servers located in region you choose during registration process. In order to ensure safety and long term storage of your data - we may transfer encrypted backups of your data to different regional servers. Please note that NO 3rd party, partner or company may access user or process data stored in backups because backups are encrypted using highly secure AES 256 CBC algorithm.
European Commission's Standard Contractual Clauses. Such measures implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers, which require all such recipients to protect personal information that they process from the EEA in accordance with European data protection laws.
In Short: We are not responsible for the safety of any information that you share with third-party providers who advertise, but are not affiliated with, our websites.
The Sites may contain advertisements from third parties that are not affiliated with us and which may link to other websites, online services or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Sites. You should review the policies of such third parties and contact them directly to respond to your questions.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access the services within a secure environment.
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you becomeaware of any data we have collected from children under age 18, please contact us at email@example.com
In Short: In some regions, such as the European Economic Area, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please send us an email at firstname.lastname@example.org. We will contact you immediately to provide further details how you can receive all your data.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
You may at any time review or change the information in your account or terminate your account by:
Logging into your account settings and updating your account
Contacting us using the contact information provided below
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this will affect our service as as features like sign in, sign out or HTML ser forms rely on cookies technology to function properly
Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account. You can also opt-out by:
Noting your preferences at the time you register your account with the Sites.
Logging into your account settings and updating your preferences.
Contacting us using the contact information provided below.
In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request by following email: email@example.com
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
If you have questions or comments about this policy, email us at firstname.lastname@example.org
If you are a resident in the European Economic Area, the "data controller" of your personal information is Eugen Ciur. You can contact them directly regarding the processing of your information by Papermerge DMS, by email at email@example.com.
If you have any further questions or comments about us or our policies, email us at firstname.lastname@example.org or contact us by post at: