The following offers a detailed explanation of how Digicust protects the privacy of your personal data. Any storage or use of your data is based on your consent – or statutory authorization, depending on the purpose of such storage or use.

1.  Preliminary Information

In the following, “GDPR” stands for the EU General Data Protection Regulation.

The following information provides transparent disclosure in compliance with the information requirements where Digicust acts as the controller in collecting, processing, or using personal data.

Digicust provides data subjects with detailed information about the collection of personal data pursuant to Art. 13 (or Art. 14 where applicable) GDPR. This is done in the interest of transparency.

The information below is organized as follows:

• General information for all target groups
• Specific information for website visitors
• Terms of service

2.  General Information for all Target Groups

Company name of general controller (“responsible party” in earlier language of Germany’s Federal Data Protection Act (BDSG)

Digicust GmbH

Managing Director

Borisav Parmakovic, M.A.

Data Protection Officer

To be announced soon

Address of controller / responsible party

Digicust GmbH
Office Park 4
A - 1300 Airport Vienna, Austria

Company name of controller for use of Digicust trials and products

The user of the service

Rights of data subjects in any case

In the interests of fair and transparent processing, data subjects should be aware that their rights include the following:

• Right of (further) access
• Right to rectification, erasure, or restriction of processing
• The right to withdraw my consent. To do so, you can contact info@digicust.com
• Right to data portability

Please refer to Articles 15–22 GDPR for the legal basis of these rights.
If you wish to exercise these rights, please contact info@digicust.com.
Furthermore, you can file a complaint with a supervisory authority.

Address of the Austrian Data Protection Authority responsible for the federal state in which Digicust is located:

Österreichische Datenschutzbehörde
Barichgasse 40-42,
1030 Wien

ERsB: 9110025734727
UID: ATU73971829

https://www.data-protection-authority.gv.at/

Other information

• Automated decision-making, including profiling, is not currently used.
• If Digicust GmbH intends to process personal data for a purpose other than that for which it was collected, Digicust GmbH will notify the data subject of this other purpose along with all relevant information before such processing takes place. If the other purpose is consistent with the earlier purposes for which permission was obtained, or if Digicust's legitimate interests outweigh other considerations, then no separate notification is required.

3.  Specific Information for Website Visitors

3.1 Use of Cookies

Basic cookies

We use basic cookies so that everything on our site works properly. Cookies are small text files that we store on your computer or smartphone. Cookies help you navigate the website quickly and easily. They use only anonymous data and do not allow us to identify you personally.

Would you rather not use basic cookies? This will prevent some website elements from functioning properly. If you still prefer not to use basic cookies, you can disable the use of cookies in your browser settings. Begin by deleting all previously saved cookies, then disable the option to save new cookies.

Disabling cookies

You can control whether cookies are saved and retrieved through your own browser settings. Your browser lets you disable any use of cookies or limit their use to certain websites, for example. You can also configure your browser to automatically alert you as soon as a cookie is offered and ask you how to proceed. You can block or remove individual cookies. For technical reasons, however, this may limit or disable some features of our website.

3.2 Log Files

Digicust follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services‘ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users‘ movement on the website, and gathering demographic information.

3.3 Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”), if you are a resident of the European Union, the European Economic Area and Switzerland, Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://www.google.at/intl/de_ALL/analytics/learn/privacy.html.

3.4 Use of Youtube

Our site uses the provider YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is already sent to YouTube and cookies are installed on your computer. However, we have embedded our YouTube videos with the extended data protection mode (in this case, YouTube still contacts Google's Double click service, but personal data is not evaluated in the process, according to Google's privacy policy). This means that YouTube no longer stores information about visitors unless they watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged into YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before viewing the video).

Of the then possible collection and use of your data by YouTube, we have no knowledge and no influence on it. You can find more information in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy/. In addition, we refer to our general presentation in this privacy policy for the general handling and deactivation of cookies.

3.5 Data Protection with Newsletter Subscriptions

Are you receiving one or more Digicust newsletters? Then you’re regularly receiving specialized content on global trade, logistics, and IT – plus the latest news about Digicust. You receive this information only if you personally requested it.

This is how we use your personal data for newsletter subscriptions:

When you register for our newsletters, we ask you to provide your email address. Once you submit, you confirm and agree, that we can use your email to send you the newsletters you have requested.

You can unsubscribe directly from all subscriptions at any time by clicking the link “I wish to receive: No further communications” in any newsletter.

4. Terms of Service

By using Digicust trials or using our services, you are agreeing to Digicust Terms of Use (soon publicly available).

4.1 Sign-Up Privacy Policy

How will we process the information from the registration form and the uploaded invoices:

Information contained in the form will be used to manage inquiries submitted to us. We may also contact you to get more information, update, and clarify your request or any other matter relating to our services.

The uploaded invoices will be processed to provide you structured data by our automated data-extraction tool using deep learning approach and artificial intelligence. The uploaded invoice will be retained and used for further research, development, and training of the artificial intelligence and will be deleted no later than 10 years from the upload. This processing is based, in the context of GDPR regulations, on the legitimate interests of Digicust.

4.2 Privacy and GDPR

Digicust is here to understand data and make their processing easier and more effective. As such, Digicust is fully aware of the obligations and responsibilities connected with the processing of data regardless of their nature or type. That is why we take data protection and security very seriously. We follow EU laws and regulations, especially the General Data Protection Regulation (GDPR), which is one of the strictest in the world.

How are We Dealing with Data Protection Rules?

We are fully committed to ensuring compliance with the GDPR. To re-iterate, we are processing customer-provided documents for the primary purpose of electronic document processing, based on instructions of our customers, and for the secondary purpose of further research and development of document processing technology and artificial intelligence. Based on the nature of the data and the GDPR, we have a full reason to believe that this processing is fully compliant, particularly when not concerning third-party consumer invoices.

How Do We Secure the Data?

We know that the security of data is of paramount importance. Reflecting that we are taking all the industry-standard measures to guarantee that the data we get is safe. We are following access management and restrictions based on the need-to-know principle. All our employees and contractors are bound by the non-disclosure agreements. When we transmit data, we use encrypted communication channels (SSL/TLS encryption).

We store and process Customer data only with the three major cloud platform providers – Amazon AWS, Google Cloud, and Microsoft Azure.

What Do Digicust Customers Need to Do?

There are several things that you might need to do depending on your situation and jurisdiction. Our customers are generally controllers of the data contained in the documents handed over to us. As such we recommend taking these steps:

Make sure your Terms of Service or Privacy Policy properly communicate to your customers, business partners and/or employees that you are using Digicust services (and any other similar services) and how Digicust’s processing works (including artificial intelligence learning). Being transparent is one of the most important data protection principles. We recommend you ensure your policies are up to date and clear to your readers.

Recommended information to be handed over to your business counterparts or customers:
We [Digicust's customer] use Digicust GmbH (“Digicust”) as the processor of our documents. The documents may be retained and used by Digicust for limited time on the basis of legitimate interests as part of a training dataset used for research, development and learning of Digicust's artificial intelligence models employed to process the invoices or any other documents.

If you want us to process documents of which you are not the owner or direct participant (e.g. invoices of third parties) make sure that you are entitled to transmit the documents to us and, if applicable, ask for the consent of the participating persons with this processing. The consent should cover the transmission of data to Digicust for the processing of documents to eventually create customs declarations as well as for the artificial intelligence learning purposes. Please note that a consent under the GDPR must comply with quite severe requirements (see art. 7 of the GDPR).

To avoid any doubts, this does not apply to documents containing your transactions and data (e.g. invoices received by you or issued by you).

If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union.