1. General

With the following information we would like to give you an overview of the processing of your personal data by TrustCerts Legal Tech and your data protection rights. The use of our Internet pages is basically possible without entering personaldata. However, if you wish to use special services from us via our website or other options, it may be necessary to process personal data – for example when using the TrustSigner. If the  processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

As the controller, we always try toensure the most complete protection of personal data processed through this website with up-to-date technical and organizational measures, just as we attach great importance to security and data protection friendliness in our other processing. Inprinciple, Internet-based data transmissions can have security gaps, so that absolute protection against unauthorized access by third parties cannot be guaranteed. For this reason, you are free to reach us by telephone orpost and to transmit personal data to us in this way.

2. Person in charge

TrustCerts Legal Tech GmbH

Munscheidstraße 14
45886 Gelsenkirchen

Phone: +49 (0) 209 883 067 51
Fax: +49 (0) 209 883 067 50
E-Mail: sign@trustcerts.de

Web: https://tc-lt.de

Further information can be found in our imprint.

3. Privacy

If you have any questions about data processing or data protection at our company, you can contact our data protection officer at any time. You can reach him by post to the above address (please note ‘Attn: Data Protection Officer’ on the envelope), by e-mail
at datenschutz@tc-lt.de or confidentially via our data protection portal.

4. Transmission of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below when you visit our website. We will only share your personal data with third parties if:

1. you have given us your expressconsent to do so in accordance with Art. 6 para. 1 lit. a GDPR,
2. the transfer to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR is permissible and there is no reason to assume that you have an overriding interest worthy of protection inthe non-disclosure of your data,
3. in the event that there is a legal obligation for the transfer pursuant to Art. 6 para. 1 lit. c GDPR, as well as
4. this is legally permissible and according to Art. 6 para. 1 lit. b GDPR is necessary for the initiation and processing ofcontractual relationships with you.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the standardcontractual clauses of the European Commission. If the standard contractual clauses are not sufficient to provide an adequate level of security, your consent can be given in accordance with Art. 49 para. 1 lit. a) GDPR serve as the legal basis for the transfer tothird countries. This sometimes does not apply to a transfer of data to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

5. Technology

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as contact requests that you send to us as the operator. You can recognize an encrypted connection  by the fact that there is a “https://” instead of a “http://” in the address bar of the browser and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

Data collection when visiting the website

When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browsertransmits to our server (in so-called “server log files”). Our website collects a series of general data and information each time you or an automated system accesses a page. This general data and information is stored in the log files of the server.

The following are recorded:

• the browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system reaches our website (so-called referrers),
• the sub-websites, which are accessed via an accessing system on our website,
• the date and time of access to the website,
• a shortened Internet Protocol address (anonymized IP address),
• the Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about your person. Rather, this information is needed to:

• deliver the contents of our website correctly,
• to optimize the content of our website as well as the advertising for it,
• to ensure the long-term viability of our IT systems and the technology of our website, and
• to provide law enforcement authorities with theinformation necessary for criminal prosecution in the event of a cyber attack.

Therefore, we evaluate these collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensurean optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Thelegal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above.

6. COOKIES

We do not use cookies or similar technology on the TrustCerts website. We also do not use tools or other technologies that store information in the end user’s terminal equipment. Accordingly, you will not find a cookie banner or CMP for managing consents.

7. Contact/ Contact form

CONTENT AND CONTACT OPTIONS

Here at TrustCerts we provide you with information about our company, our services as a service provider, our products and other general information about our competencetopics. Our website and other services offered also offer various ways to contact us.

a) Contact by e-mail

If you contact us via an e-mail address provided by us, the personal data provided by you will be used exclusively for correspondence with you, forthe purpose of processing your respective request, as well as for the possible initiation or execution of a contract with you in accordance with Art. 6 para.   1  sentence 1 lit. b GDPR. The personal data collected will be automatically deleted after completion of the request made by you; this is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no legal storage obligations to the contrary. We would like to point out that, in principle, contacting us by e-mail is not to be regarded as secure.

b) Formular via Hubspot

On our website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

In addition to contacting us via e-mail, it is also possible to contact us via a web form. This information as well as the contents of our website are stored on servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

The legal basis for the use of the services of Hubspot is Art. 6 para. 1 p. 1 lit. f GDPR – legitimate interest. Our legitimate interest in the use of this service is the optimization of our marketing measures and the improvement of our service quality on the website.

More information about HubSpot’s privacy policy
More information from HubSpot regarding EU data protection regulations
You can find more information about the cookies used by HubSpot here & here.

8. Services / Digital Goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the bank commissioned with payment processing. A further transmission of the data does not take place or only ifyou have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

9. Cooperation with affiliated companies

As a matter of principle, we do not forward your personal data to third parties. In order to safeguard our legitimate interests in optimizing our operating processes, our advertising and sales market and brand presence of our group of companies, as well as for reasons of improved personnel and technical organization, we as TrustCerts LegalTech GmbH may jointly process data with TrustCerts GmbH pursuant to Art. 6 (1) lit. f DSGVO. For example, TrustCerts GmbH may distribute and promote TrustSigner on our behalf or provide us with personnel services through its employees or perform individual processing activities for us as a processor. Insofar as this is necessary for individual processing activities, we have concluded the necessary agreements on commissioned processing or joint responsibility with our companies for this purpose. We always ensure that the confidentiality and security of the processing is maintained.

10. TrustSigner Usage

If you want to use our TrustSigner as a service for creating and signing documents, this requires the processing of personal data from you.

Your documents and entries are encrypted on our servers in Germany. At the same time, communication to these servers is encrypted according to the recommendations of the Federal Office for Information  Security.

Registration

If you register on the product page to use the TrustSigner, we only process your e-mail address and the chosen password, which you must confirm. We will send you a confirmation e-mail as a so-called double opt-in – there you will be informed that someone has created a TrustSigner account  with your e-mail address and you will be asked to confirm the registration via a confirmation link. Forsafety reasons, this is only valid for five minutes. If this is not confirmed or there are discrepancies, we will not register and delete the transmitted data within 48 hours. We will not send  a separate message to the registered Istrian address. The registration starts automatically with a free license, so that no payment obligations arise.

If you register as a registered user via the form, your  e-mail address and the chosen password will be required again, which you can enter in the form. As an alternative to the usual login procedure, you can also log in or register with your LinkedIn, Microsoft or Google account via their “Connect” functions– a so-called social sign-in procedure, if you already have a LinkedIn, Microsoft or Google account. If you select and use this function, data will be exchanged with the providers mentioned and selected  by them, which will be processed by them on their own responsibility if you are logged in there and have connected your account, i.e. are dialed in there. A connection is established to the server of LinkedIn, Microsoft or Google, which carries out the authentication for our TrustSigner. Personal data is exchanged between the authentication service you have commissioned for this purpose with our server. These are in particular your IP address and log data.

You can find out how the LinkedIn, Microsoft or Google services process your data as members in LinkedIn’s  privacy policy at: https://de.linkedin.com/legal/privacy-policy, Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement or Google’s privacy policy at: https://policies.google.com/privacy?hl=de.  We have no control over the processingof your personal data on your services.

11. Paid orders

When ordering our services, such as a paid business account or signatures, we collect and process your personal data only to the extent necessary to fulfill and process your order and to process your inquiries. If this data cannot be provided, no contract can be concluded. The legal basis is therefore Art. 6 para. 1 lit. b GDPR –  the processing is necessary for the performance of a contract with you.

Your data will be passed on in particular to the payment service providers you have selected, service providers for order processing and any IT service providers involved. In all cases, we strictly observe the legal requirements and, if necessary, conclude the necessary data protection contracts. We limit the scope of data transmission to a minimum.

Use of the payment service  provider Mollie

For payment processing, we offer the use of the payment service provider Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; The purpose of the processing is to be able to offer you various modern and secure payment methods. If you have opted for one of the payment options of the payment service provider  Mollie  , the data required for payment processing will be transmitted to Mollie. This includes your payment data (e.g. IBAN or credit card number), your IP address, your Internet browser and device type. This data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

 In addition to the data required for payment, Mollie may collect other data as part of transaction processing andexchange it with your bank. We are not parties to these proceedings. Further information on data processing when using the payment service provider Mollie can be found in the corresponding data protection declaration https://www.mollie.com/de/privacy as  well as at the bank or credit card company commissioned by you for their processing. The legal basis for the transmission of your data is Art. 6 From sentence 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract) and Art. 6 para. 1 lit. f GDPR (protection of legitimate interests). You have the possibility  to revoke your consent to data processing at any time with effect for the future. A revocation does not affect the effectiveness of data processing operations in the past.

12. Your rights as a data subject

Right to confirmation – You have the right to obtain confirmation from us as to whether personal data concerning you is being processed.

Right of access Art. 15 GDPR – You have the right to receive free information from us at any time about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

Right to rectification Art. 16 GDPR – You have the right to request the correction of incorrect personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.

Deletion Art. 17 GDPR – You have the right to obtain from usthat the personal data concerning you be deleted immediately, provided that one of the reasons provided for by law applies and insofar as processing or storage is not necessary.

Restriction of processing Art. 18 GDPR – You have the right to demand from us the restriction of processing if one of the legal requirements is met.

Data portability Art. 20 GDPR – You have the right to receive the personal data concerning you, whichhas been provided to us by you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated procedures. t, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have personal data transmitted directly from one controller to another, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.

Objection Art. 21 GDPR – You have the right, for reasons arising from your particular situation, to object at any time to the processing of  personal data concerning you, which is based on Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing on the basis of a balance of interests) GDPR. This also applies to profiling based on these provisions  within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which  override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data for direct marketing purposes. You mayobject to the processing of personal data for the purpose of such advertising at any time. This also applies  to profiling to the extent that it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you whichwe carry out for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR , unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.

Revocation of consent under data protection law – You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

Complaint to a supervisory authority – You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data. A compilation of the contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector as well as in other countries can be found on the pages of the Federal Commissioner for Data Protection and Freedom of Information, BfDI under addresses and links.

13. Automated decision-making & profiling

We do not use profiling within the meaning of Art. 22 GDPR when using our websites.

14. Routine storage, deletion and blocking

We process and store your personal data only for the period necessary to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject.

If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

15. Storage period

The criterion for the duration of the storageof personal data is the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfilment or initiation of the contract.

16. Other dataprotection issues

If you have any further questions, comments or other requests regarding your personal data that are not answered here, please contact us using the contact details provided.