Privacy policy for Doxis4 mobileCube SER

SERgroup Holding International GmbH (hereinafter "SER", ­information about SER and the companies of the SER Group can be ­found here), is pleased that you are using our app. Data protection and data security when using our app are very important to us. We would therefore like to inform you at this point which of your personal data we collect when you use the app and for what purposes it is used.

Since changes in the law or changes in our internal company processes may make it necessary to adapt this privacy policy, we ask you to read through this privacy policy regularly. The data protection declaration can be accessed, saved and printed out at any time under the data protection declaration for apps.

§1 Scope?

This privacy policy applies to the Doxis4 mobileCube app.

§2 What are personal data?

Personal data is information that can be used to find out personal or factual circumstances about you (e.g. name, address, telephone number, date of birth or e-mail address). Information for which we cannot (or can only with a disproportionate effort) establish a connection to your person, e.g. by anonymizing the information, is not personal data.

§3 What personal data do we collect/process and use?

You can use a large part of our app without providing personal data.

Access data is stored without personal reference, such as the name of your Internet service provider. This data is evaluated exclusively to improve the app and does not allow any conclusions about your person.

We use the information we collect about you to provide the products and services we offer, to answer your questions, and to operate and improve the App.

We use your personal data exclusively to be able to offer you a comprehensive service with our app.

No further use of your personal data will take place. Your personal data will not be transferred to third parties or used for advertising purposes without your consent, with the exception of the transfer to the company that makes its Doxis4 ECM system accessible to users via this gateway server (hereinafter the "Operator") and the cases described below. If and to the extent that we have access to the data at all (cf. a) and b) below), anything to the contrary will only apply if we are legally obliged to hand over data (information to law enforcement agencies and courts; information to public bodies that receive data on the basis of statutory regulations, e.g. social insurance agencies, tax authorities, etc.) or that we involve third parties bound to professional secrecy to enforce our claims.

In particular, personal data is used as follows:

a) Transfer to the operator of the Doxis4 ECM system / Doxis4 iECM Suite

Doxis4 mobileCube is a mobile client for accessing content of the Doxis4 iECM suite, which is purchased and installed separately by a company, e.g. as a document management system (DMS). The mobile client is licensed by the company for users of this enterprise software for mobile access to the company's own system and made available by SER via external app stores.

As a user, you install Doxis4 mobileCube via the respective app store and log in to access the company's own Doxis4 iECM system according to your company's specifications.

Doxis4 mobileCube transmits collected data exclusively to a specific server (so-called Doxis4 mobileCube gateway, hereinafter "gateway server"), which is entered in the Doxis4 mobileCube server profile by you as the user. The gateway server is typically not operated by SER, but by the company that makes its Doxis4 ECM system accessible to users via this gateway server. Users are, according to the operator's choice, usually internal employees, possibly also external users, who are subject to the operator's data protection regulations.

The Doxis4 mobileCube app itself stores the following information locally:
(a) URL to the Doxis4 mobileCube gateway
(b) user name, role and password (only if the user activates saving of the password; the password in this case is stored in an encrypted form).
(c) when using the offline functionality, copies of documents, cases and files from the Doxis4 ECM system to which the user has logged in.

A transfer to SER does not take place.

Doxis4 mobileCube accesses the camera of the smartphone to capture images, receipts or barcodes. Doxis4 mobileCube can access and transfer files from the smartphone to the Doxis4 ECM system. Furthermore, the app may access the device location for the purpose of location-based search and filing. The data (files, images, barcode values, location coordinates) could be sent to and optionally stored in the Doxis4 ECM system to which you have logged in as a user. This depends on the configuration of the particular Doxis4 ECM system.

The operations described above are never executed automatically without an interaction with the user. It’s the user task to decide to collect specific data items to use them within the Doxis4 ECM system.

In addition to that, Doxis4 mobileCube collects app crash logs. These logs might be sent by the user to the gateway server system for further analysis.
All of this data is also not transferred to SER, but to the operator, i.e. to the company that operates the gateway server and to which you connect as a user. Regarding this data, only the operator of the gateway server is the "responsible party" for the data processing and accordingly responsible for the protection of the transmitted data. In case of queries regarding the transmitted data, the user must therefore contact the operator whose data protection provisions apply.

 

b) Setup/user account

Creating a user account is only possible if the operator has previously set it up in the Doxis4 iECM system. When you set up a user account, it is necessary to specify a URL to the operator's Doxis4 mobileCube gateway. All data stored there is subject to data protection by the operator.
Username, role and password can additionally be stored within the app to allow you to conveniently log in to your account; this only happens if you as the user set it up that way.

§4 Security measures to protect the data stored by us

We are committed to protecting your privacy and treating your personal data confidentially. To prevent loss or misuse of the data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions outside our sphere of responsibility. In particular, data disclosed without encryption - even if this is done by e-mail - can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.

§5 Information about your personal data stored by us / storage period / deletion

We only store your personal data for as long as this is permitted by law. The deletion of the stored personal data takes place when the user revokes his consent to the storage or when the knowledge of this data is no longer necessary for the fulfillment of the purpose pursued with the storage, in particular when the user account is deleted or when their storage is inadmissible for other legal reasons.

At your request, we will be happy to inform you about the personal data we have stored about you. If, despite our efforts to ensure that the data is correct and up to date, we have stored incorrect data, we will correct it immediately.

The administration of the user account and the data stored in this context is the sole responsibility of the operator.

If and insofar as data is also stored at SER, which is generally not the case (cf. § 3 a), b)), any deletion of this data requested by you will be carried out immediately upon your request. If a deletion is not possible for legal reasons, a blocking of the respective data will take its place. Please note, however, that if your data is deleted, we will no longer be able to offer you the services described here.

In all other respects, deletion is the responsibility of the operator as the responsible party.

§6 External data protection officer

If you have any other questions or suggestions regarding data protection at our company or these data protection notes, please contact our external data protection officer* directly:

External Data Protection Officer of SERgroup Holding International GmbH
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbHHohenzollernring 54
D-50672 Köln
Tel.: +49 221 222183-0
E-Mail: mail@kinast.eu
Website: www.kinast.eu

* Responsible for the German companies of SERgroup Holding International GmbH as well as SER Solutions Österreich GmbH.

V 1.1, Status February 2021