We value your privacy!
We use cookies on our website to offer you the best experience. By clicking "accept & close", you agree to the use of all cookies according to our
and our . If you do not make a selection, our default cookie settings will be applied. You can change your settings at any time.Essential cookies: They are required for the proper functioning of the website. First-party- und third-party-cookies: They are optional and are set by us or our subcontractors. Session and persistent cookies: Are automatically deleted when the browser is closed. Persistent cookies are cookies that remain on your computer/device for a certain period of time after the browser is closed.
This privacy policy is only relevant for our web application sproof sign. The privacy policy for our webpage sproof.com can be found here.
The protection of your personal data is of particular concern to us. Consequently, we treat your personal data in accordance with the applicable legal provisions for the protection, lawful handling and confidentiality of personal data, in particular in accordance with the Data Protection Act (hereinafter "DPA") and the General Data Protection Regulation (hereinafter "GDPR"). The following information explains how we process your personal data when you use our sproof sign web application (hereinafter "web app"). This privacy policy applies to the sign.sproof.com web application. The sproof.io website is technically separate and there is no automated data exchange between the pages.
sproof GmbH (hereinafter "sproof") is responsible for data processing.
sproof GmbH Urstein Süd 19/2 A-5412 Puch bei Hallein privacy@sproof.com
When providing our services, in particular our website and the offers made available on our website, we process personal data of users of our website and of users who use our online offer. The specific data processing operations are described below:
The following personal data is processed automatically when you visit our website
The processing serves to provide you with the offers on our website, to ensure the security of the IT infrastructure used, to carry out marketing and analyses for advertising purposes and to enable informational use of our website. The log data is generally stored for 30 days. In the event of a security-related incident, the data is stored until the incident is resolved. The legal basis for the processing of your personal data is our legitimate interest in accordance with Article 6(1)(f) GDPR. Our legitimate interest is to make our website user-friendly and to continuously improve it, to provide you with the content accessed, to ensure the security of our IT infrastructure (in particular to defend against attacks, detect, eliminate and document malfunctions) and to manage the cookie consents granted. The provision of your data is not mandatory; however, without the provision it is not possible for us to provide you with the content accessed. You can find more information on cookies under point 3.5.
We process the following personal data when you create and use an account as a customer or use the web app for sending or signing::
The data is forwarded to our IT service provider (processor), which is based in the EU. If a customer invites other people to sign, it is necessary to enter the name and email address of the invitee. Alternatively, registration for the web app can take place via existing accounts with Google, Facebook, LinkedIn, Windows Live, Advokat or, under certain circumstances, via single sign-on after integration via sproof.
The following data categories are processed:
The personal data is generally processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is consent pursuant to Article 6(1)(a) GDPR, the fulfilment of pre-contractual and contractual obligations pursuant to Article 6(1)(b) GDPR and the fulfilment of legal obligations pursuant to Article 6(1)(c) GDPR (to comply with legal retention obligations). The provision and processing of your data is necessary to provide you with the service of our web app.
We process the following personal data if customers wish to sign with a qualified signature using trust service providers (e.g. A-Trust, D-Trust, swisscom) or other providers that are necessary to provide the services of the trust service providers:
The personal data will generally be processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is consent pursuant to Article 6(1)(a) GDPR, the fulfillment of pre-contractual and contractual obligations pursuant to Article 6(1)(b) GDPR and the fulfillment of legal obligations pursuant to Article 6(1)(c) GDPR (to comply with legal retention obligations). The provision and processing of your data is necessary to provide you with the service of our web app.
We work with Stripe (Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland) as a payment service provider. Payment transactions on our web app are therefore processed via Stripe. The following personal data is processed by us in this context
The provision and processing of your data is necessary to provide you with the service of our web app, in particular payment transactions. Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process. Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR. Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information on how to object to and opt-out from Stripe, please visit: Stripe Privacy Center
We have not integrated any social media plugins on our web app. The social media buttons for the social networks (e.g. Instagram, Facebook, LinkedIn) have only been integrated on our web app with a link (reference link to the social networks). If you click on this link (button), you will be forwarded directly to the respective website. Please note the data protection declarations of the respective providers.
Name: Scaleway S.A.SAddress: 8 rue de la Ville l'Evêque, 75008 Paris, FranceName, function and contact details of the contact person:
Object of processing: Data center, i.e. the provision of infrastructure. The data is processed and stored there.Type of processing: See above for categories (i) to (vi)Duration of processing: See above for categories (i) to (vi)
Name Swisscom (Switzerland) Ltd Address Alte Tiefenaustrasse 6, 3050 Bern, Switzerland Name, function and contact details of the contact person
Name: Scaleway S.A.SAddress: 8 rue de la Ville l'Evêque, 75008 Paris, FranceName, function and contact details of the contact person:
Object of processing: Data center, i.e. the provision of infrastructure. The data is processed and stored there.Type of processing: See above for categories (i) to (vi)Duration of processing: See above for categories (i) to (vi)
Name: Swisscom (Switzerland) LtdAddress: Alte Tiefenaustrasse 6, 3050 Bern, SwitzerlandName, function and contact details of the contact person:
Object of processing: Creation and generation of qualified electronic signatures **Type of processing: **See above for categories (i), (ii), (iii) and (v)Duration of processing: See above for categories (i), (ii), (iii) and (v)
Name: Sendinblue GmbHAddress: Köpenicker Straße 126, 10179 Berlin, Germany **Name, function and contact details of the contact person: ** datenschutz@sendinblue.comPurpose of processing: Mail server, i.e. sending emails for invitations to digitally sign a document, other transactional emails such as reminders, setting passwords, etc. or information about our services.Type of processing: See above for category (ii)Duration of processing: See above for category (ii)
Name: OVH GmbHAddress: Christophstraße 19, 50670 Cologne, GermanyName, function and contact details of the contact person: kundendienst@ovh.dePurpose of processing: Data center, i.e. the provision of infrastructure. The data is processed and stored there.Type of processing: See above for categories (i) to (vi)Duration of processing: See above for categories (i) to (vi)
No automated decision making, including profiling, takes place.
We would also like to draw your attention to the following rights to which you are entitled as a data subject:
Furthermore, you also have the right to lodge a complaint with the competent supervisory authority (in Austria, the data protection authority based in Vienna). In this regard, we refer you to the website of the Austrian data protection authority available at www.dsb.gv.at . However, you can also contact us directly at the e-mail address privacy@sproof.com if you have any complaints.
An update of this privacy policy may be necessary due to technical developments and new legal requirements. We will inform you in advance in this regard.