Protecting the Privacy of Your Data is Important to Us
The following offers a detailed explanation of how Digicust protects the privacy of your personal data. Any storage or use of your data is based on your consent – or statutory authorization, depending on the purpose of such storage or use.
1. Preliminary Information
In the following, “GDPR” stands for the EU General Data Protection Regulation.
The following information provides transparent disclosure in compliance with the information requirements where Digicust acts as the controller in collecting, processing, or using personal data.
Digicust provides data subjects with detailed information about the collection of personal data pursuant to Art. 13 (or Art. 14 where applicable) GDPR. This is done in the interest of transparency.
The information below is organized as follows:
- General information for all target groups
- Specific information for website visitors
- Terms of service
2. General Information for all Target Groups
Company name of general controller (“responsible party” in earlier language of Germany’s Federal Data Protection Act (BDSG)
Borisav Parmakovic, M.A.
Data Protection Officer
To be announced soon
Address of controller / responsible party
Himberger Straße 5/3/8
A-2320 Schwechat, Austria
Company name of controller for use of Digicust trials and products
The user of the service
Rights of data subjects in any case
In the interests of fair and transparent processing, data subjects should be aware that their rights include the following:
- Right of (further) access
- Right to rectification, erasure, or restriction of processing
- The right to withdraw my consent. To do so, you can contact firstname.lastname@example.org
- Right to data portability
Please refer to Articles 15–22 GDPR for the legal basis of these rights.
If you wish to exercise these rights, please contact email@example.com.
Furthermore, you can file a complaint with a supervisory authority.
Address of the Austrian Data Protection Authority responsible for the federal state in which Digicust is located:
- Automated decision-making, including profiling, is not currently used.
- If Digicust GmbH intends to process personal data for a purpose other than that for which it was collected, Digicust GmbH will notify the data subject of this other purpose along with all relevant information before such processing takes place. If the other purpose is consistent with the earlier purposes for which permission was obtained, or if Digicust's legitimate interests outweigh other considerations, then no separate notification is required.
3. Specific Information for Website Visitors
We use basic cookies so that everything on our site works properly. Cookies are small text files that we store on your computer or smartphone. Cookies help you navigate the website quickly and easily. They use only anonymous data and do not allow us to identify you personally.
3.2 Log Files
Digicust follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services‘ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users‘ movement on the website, and gathering demographic information.
3.3 Use of Google Analytics
Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://www.google.at/intl/de_ALL/analytics/learn/privacy.html.
3.4 Use of Youtube
3.5 Data Protection with Newsletter Subscriptions
Are you receiving one or more Digicust newsletters? Then you’re regularly receiving specialized content on global trade, logistics, and IT – plus the latest news about Digicust. You receive this information only if you personally requested it.
This is how we use your personal data for newsletter subscriptions:
When you register for our newsletters, we ask you to provide your email address. Once you submit, you confirm and agree, that we can use your email to send you the newsletters you have requested.
You can unsubscribe directly from all subscriptions at any time by clicking the link “I wish to receive: No further communications” in any newsletter.
4. Terms of Service
How will we process the information from the registration form and the uploaded invoices:
Information contained in the form will be used to manage inquiries submitted to us. We may also contact you to get more information, update, and clarify your request or any other matter relating to our services.
The uploaded invoices will be processed to provide you structured data by our automated data-extraction tool using deep learning approach and artificial intelligence. The uploaded invoice will be retained and used for further research, development, and training of the artificial intelligence and will be deleted no later than 10 years from the upload. This processing is based, in the context of GDPR regulations, on the legitimate interests of Digicust.
4.2 Privacy and GDPR
Digicust is here to understand data and make their processing easier and more effective. As such, Digicust is fully aware of the obligations and responsibilities connected with the processing of data regardless of their nature or type. That is why we take data protection and security very seriously. We follow EU laws and regulations, especially the General Data Protection Regulation (GDPR), which is one of the strictest in the world.
How are We Dealing with Data Protection Rules?
We are fully committed to ensuring compliance with the GDPR. To re-iterate, we are processing customer-provided documents for the primary purpose of data capture, based on instructions of our customers, and for the secondary purpose of further research and development of data-extraction technology and artificial intelligence. Based on the nature of the data and the GDPR, we have a full reason to believe that this processing is fully compliant, particularly when not concerning third-party consumer invoices.
How Do We Secure the Data?
We know that the security of data is of paramount importance. Reflecting that we are taking all the industry-standard measures to guarantee that the data we get is safe. We are following access management and restrictions based on the need-to-know principle. All our employees and contractors are bound by the non-disclosure agreements. When we transmit data, we use encrypted communication channels (SSL/TLS encryption).
We store and process Customer data only with the three major cloud platform providers – Amazon AWS, Google Cloud, and Microsoft Azure.
What Do Digicust Customers Need to Do?
There are several things that you might need to do depending on your situation and jurisdiction. Our customers are generally controllers of the data contained in the documents handed over to us. As such we recommend taking these steps:
Recommended information to be handed over to your business counterparts or customers:
We [Digicust's customer] use Digicust GmbH (“Digicust”) as the processor of our documents. The documents may be retained and used by Digicust for limited time on the basis of legitimate interests as part of a training dataset used for research, development and learning of Digicust's artificial intelligence models employed to process the invoices or any other documents.
If you want us to process documents of which you are not the owner or direct participant (e.g. invoices of third parties) make sure that you are entitled to transmit the documents to us and, if applicable, ask for the consent of the participating persons with this processing. The consent should cover the transmission of data to Digicust for the data-extraction as well as for the artificial intelligence learning purposes. Please note that a consent under the GDPR must comply with quite severe requirements (see art. 7 of the GDPR).
To avoid any doubts, this does not apply to documents containing your transactions and data (e.g. invoices received by you or issued by you).
If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union.