You would like to know if we, as a data protection company, also stick to the rules and, for example, adhere to the data subject’s right to be informed? But of course!
We collect personal data when you use DS-Doku.
If you work with DS-Doku as a user, personal data is processed for the following purposes:
The following data categories are being processed about users:
If these data were not collected by the user himself, it was provided by the employer or colleagues or calculated within DS-Doku.
The data can be viewed by your employer and, if applicable, employees within your own group. Service providers who provide or maintain the IT infrastructure and who are separately bound to confidentiality can also view the data.
The storage period depends on the above-mentioned purposes and, if applicable, on the statutory retention periods.
The legal basis for data processing is the fulfilment of your contractual obligations to your employer (Art. 6 Para. 1 letter b GDPR) as well as the legitimate interests of your employer (and, if applicable, the external data protection officer) in the audit-proof documentation of the current status within the organisation (Art. 6 Para. 1 letter f GDPR).
For the technical provision of the service it is necessary to process personal data:
Server log files
The provider and the system collect and store information that your browser automatically transmits to us. These are mainly browser type and version, operating system used, referrer URL (originating address), host name of the accessing computer, the requested files with date and time and the IP address.
These data are not merged with other data sources.
The basis for data processing is Art. 6 Para. 1 letter f GDPR, which permits the processing of data on the basis of legitimate interest. In this case, there is a legitimate interest in a secure and functioning operation of the web server. In order to ensure this, the administration must be able to detect and trace attacks and malfunctions of the system via server log files. In order to be able to recognize attack patterns, accesses to the server must be stored. As soon as these data are no longer needed, they are deleted. For technical reasons, the data is disclosed to the IT service providers, who are bound by instructions and contract to us.
To detect technical errors DS-Doku uses Bugsnag's services (Bugsnag, Inc., 110 Sutter St, Suite 1000, San Francisco, California 94104, USA). Although it is not this service’s the main purpose to analyse personal data, in individual cases the transmission of a log-in name or IP address cannot be ruled out. The legal basis for data processing is EU Standard Contractual Clauses and Art. 6 Para. 1 letter f GDPR. The legitimate interest lies in the correction of errors and optimisation of the functionality of the website.
DS-Doku users can subscribe to the newsletter. To do so, they can register with their e-mail address. The legal basis is consent (Art. 6 Para. 1 letter a GDPR).
You can unsubscribe at any time, for example by clicking on the unsubscribe link in the footer of the e-mail or by sending an e-mail to firstname.lastname@example.org. We use technical service providers to send the newsletter. We do not evaluate the usage or click behaviour on a personal basis.
Your employer is responsible for data processing by DS-Doku.
If your employer has appointed an external data protection officer, the employer and the company of the external data protection officer are joint controllers.
The contact details, including those of the data protection officer, can be found on the “Help & Contact” page.
As a data subject, you are entitled to the following rights, provided that the legal requirements are met: