Data protection provisions for the
web applications sproof sign and sproof Ident

This privacy policy is only relevant for our web application sproof sign. The privacy policy for our webpage sproof.com can be found here.

1. Introduction

The protection of your personal data is of particular concern to us. Consequently, we treat your personal data in accordance with the applicable legal provisions for the protection, lawful handling and confidentiality of personal data, in particular in accordance with the Data Protection Act (hereinafter “DPA”) and the General Data Protection Regulation (hereinafter “GDPR”). The following information explains how we process your personal data when you use our sproof sign and sproof ident web applications.

This privacy policy applies to the sproof sign and sproof ident web applications. The sproof.com website is technically separate and there is no automated data exchange between the pages.

2. Name and contact details of the controller

sproof GmbH (hereinafter “sproof”) is responsible for data processing.

sproof GmbH
Urstein Süd 19/2
A-5412 Puch bei Hallein
privacy@sproof.com

3. Data processing

In providing our services, in particular our website and the offers made available on our website, we process personal data of users of our website as well as of users who use our online offer. The specific data processing methods are presented below:

3.1. Data processing Use of web applications

The following personal data is automatically processed when you visit our web applications:

  • Log;
  • IP address;
  • Type and version of your web browser;
  • Data about your device (device ID);
  • Date and time of access to our website or the sub-pages;
  • Website from which you access our website (referrer URL).

The processing serves to provide you with the offers on our website, to ensure the security of the IT infrastructure used, to carry out marketing and analyses for advertising purposes and to enable informational use of our website.

The log data is generally stored for 30 days. In the event of a safety-relevant event, the data is stored until the incident has been clarified.

The legal basis for the processing of your personal data is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to make our website user-friendly and to continuously improve it, to provide you with the content you access, to ensure the security of our IT infrastructure (in particular for the purpose of defending against attacks, detecting, eliminating and documenting faults) and to manage the cookie consents granted.

The provision of your data is not mandatory; however, without the provision it is not possible for us to provide you with the accessed content.

You can find more information about cookies under point 3.3.

3.2. Data processing cookies

Information on cookies can be found in the Cookie Policy: To the Cookie Policy

3.3. Data processing in connection with the use of sproof sign

When you use sproof sign, we process your personal data for the purposes listed below:

3.3.1. Account usage

The following personal data is processed by us when you create and use an account
as a customer or use sproof sign to send or sign
:

  • Name data;
  • dates of birth (only if identified by a qualified electronic signature);
  • Email data;
  • mobile phone number (only when using an SMS TAN);
  • Address data;
  • contact details (e-mail address, telephone number);
  • Company;
  • additionally uploaded data (documents, images);
  • signatures;
  • Timestamp;
  • IP address;
  • Log data;

The data is passed on to our IT service provider (processor), which is based in the EU. If a customer invites other people to sign, it is necessary to enter the name and email address of the invitee.
Alternatively, you can log in to sproof sign via existing accounts with Google, Facebook, LinkedIn, Windows Live, Advokat or, under certain circumstances, via single sign-on after integration via sproof. The following categories of data are processed:

  • Name data;
  • Email data;
  • Profile pictures (from the account in question).

The personal data is generally processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is consent in accordance with Article 6 (1) (a) GDPR, the fulfilment of pre-contractual and contractual obligations in accordance with Article 6 (1) (b) GDPR and the fulfilment of legal obligations in accordance with Article 6 (1) (c) GDPR (in order to comply with statutory retention obligations).
The provision and processing of your data is necessary to provide you with the service of our sproof sign.

3.3.2. Data processing Trust service provider

The following personal data is processed by us if customers with a qualified signature wish to sign with the assistance of trust service providers (e.g. A-Trust, D-Trust, swisscom) or other providers that are necessary to provide the services of the trust service providers:

  • Name data;
  • Birth;
  • contact details (e-mail address, telephone number);

The personal data is generally processed by us for the duration of the business relationship and in accordance with the legal requirements (retention obligations). The legal basis for the processing of your personal data is consent in accordance with Article 6 (1) (a) GDPR, the fulfilment of pre-contractual and contractual obligations in accordance with Article 6 (1) (b) GDPR and the fulfilment of legal obligations in accordance with Article 6 (1) (c) GDPR (in order to comply with statutory retention obligations).
The provision and processing of your data is necessary to provide you with the service of our sproof sign.

3.3.3 Stripe data processing

We work together with Stripe (Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland) as a payment service provider. Payment transactions on our sproof sign are therefore processed via Stripe. The following personal data is processed by us in this context:

  • Name of the cardholder;
  • E-mail address;
  • Customer;
  • Order number;
  • Bank account;
  • Credit card;
  • the validity period of the credit card;
  • Credit Card Verification Number (CVC);
  • Date and time of the transaction;
  • transaction amount;
  • Name of the provider;
  • Place.

The provision and processing of your data is necessary to provide you with the service of our sproof sign, in particular payment transactions.
Stripe assumes a dual role as controller and processor for data processing activities. As controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.
Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the framework of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with data protection regulations within the meaning of Art. 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
For more information on how to object to and opt-out of Stripe, please visit: Stripe Privacy Center

3.3.4 Data processing social media plugins

We have not integrated any social media plugins on our web app. The social media buttons to the social networks (e.g. Instagram, Facebook, LinkedIn) have only been integrated on our sproof sign with a link (reference link to the social networks). If you click on this link (button), you will be forwarded directly to the respective website. Please note the

3.4. Data processing in connection with the use of sproof ident

If you use sproof ident for simplified registration, identification or setting up a user account, we and the company with which you carry out the registration process, identify yourself or set up a user account (hereinafter referred to as the “contractual partner”) process your personal data as joint controllers within the meaning of Art 26 GDPR.
The contractual partner acts as a single point of contact for the processing and fulfilment of data subject rights in accordance with Art 15 to 20 GDPR. The contact details of the contractual partner can be found, for example, in its data protection information in accordance with Art 13, 14 GDPR.
If you decide to use sproof ident, you will be automatically redirected to our servers and will receive the invitation to participate in sproof ident on your screen. Your end device transmits the relevant technical connection data (such as your IP address, type and version of your web browser) to us. The data is recorded in log files and processed in particular for the operation of sproof ident (for more detailed information, see section 3.1 “Use of the web applications”).

Access to your digital identity (E-ID in accordance with EU Regulation 2024/1183; in Austria the ID Austria) is only possible with your consent. If you successfully authenticate yourself by entering your correct access data, we collect the data stored in your E-ID (e.g. first and last name, address including street, house number, address suffix, zip code and country as well as other data; you will be informed separately of the data collected in each case) and transmit this to our contractual partner to carry out the registration and set up the user account or for identification or registration. The data processing in this regard is based on the legal basis pursuant to Art. 6 para. 1 lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future, e.g. via privacy@sproof.com. Revocation does not affect the lawfulness of data processing up to the time of revocation.

Subsequently, our contractual partner processes the data transmitted by us to him to terminate or complete the registration process. Any subsequent processing by the contractual partner, e.g. for the purpose of customer administration, is carried out under the responsibility of the contractual partner in accordance with Article 4 (7) GDPR.

Please note that sproof does not store any data collected via your E-ID for a longer period of time. This data is only stored for a period of 30 days to prevent fraud and misuse and to protect against cyber attacks and is then automatically deleted. Data for authentication and consent is also anonymized or deleted after 30 days. From then on, we will not be able to assign any data to you personally.

For the technical processing of sproof ident, we pass on your data to the subcontractors mentioned under point 4. For this purpose, we have concluded data processing agreements in accordance with Art. 28 GDPR.

4. sub-processors

4.1. Scaleway S.A.S

Name: Scaleway S.A.S
Address: 8 rue de la Ville l’Evêque, 75008 Paris, France
Name, function and contact details of the contact person:
Scaleway’s DPO: dpo@iliad.fr.
Scaleway’s Privacy Team: privacy@scaleway.com
Notification of a data breach: security@scaleway.com
Subject of processing: Data center, i.e. the provision of infrastructure. The data is processed and stored there.

4.2. Swisscom (Switzerland) Ltd

Name: Swisscom (Switzerland) Ltd
Address: Alte Tiefenaustrasse 6, 3050 Bern, Switzerland
Name, function and contact details of the contact person:
Email: datenschutz@swisscom.com
Post: Swisscom (Switzerland) Ltd, Dr Nicolas Passadelis,
LL.M., Data Protection Officer Swisscom Ltd and Swisscom (Switzerland) Ltd, P.O. Box, 3050 Bern
Object of processing: Creation and generation of qualified electronic signatures. Only for sproof sign.

4.3. Sendinblue GmbH

Name: Sendinblue GmbH
Address: Köpenicker Straße 126, 10179 Berlin, Germany
Name, function and contact details of the contact person: datenschutz@sendinblue.com
Subject of processing: Mail server, i.e. sending emails for invitations to digitally sign a document, other transactional emails such as reminders, setting passwords, etc. or information about our services.

4.4. OVH GmbH

Name: OVH GmbH
Address: Christophstraße 19, 50670 Cologne, Germany
Name, function and contact details of the contact person: kundendienst@ovh.de
Subject of processing: Data center, i.e. the provision of infrastructure. The data is processed and stored there.

5. automated decision-making / profiling

There is no automated decision-making, including profiling.

6. your rights as a data subject

We would also like to draw your attention to the following rights to which you are entitled as a data subject:

  • Right of access from the controller about the personal data concerning you in accordance with Article 15 GDPR
  • Right to rectification in accordance with Article 16 GDPR
  • Right to erasure according to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to data portability according to Article 20 GDPR
  • Right to object to processing in accordance with Article 21 GDPR
  • Right to withdraw consent in accordance with Article 7 (3) GDPR

Furthermore, you also have the right to lodge a complaint with the competent supervisory authority (in Austria, the data protection authority based in Vienna). In this regard, we refer you to the website of the Austrian Data Protection Authority, which can be accessed via the link www.dsb.gv.at . However, you can also contact us directly at the e-mail address privacy@sproof.com if you have any complaints.

7. stand

An update of this privacy policy may be necessary due to technical developments and new legal requirements. We will inform you in advance.

These data protection provisions are available in different languages. In the event of ambiguities or questions of interpretation, only the German version of this Privacy Policy shall prevail.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.