FragDasPDF logo

Datenschutzrichtlinie
Last updated: March 08, 2024

Controller within the meaning of the General Data Protection Regulation (GDPR):

FragDasPDF.at
HeyQQ GmbH
Wasagasse 23
1090 Vienna, Austria

Company Registration: 572680b
VAT ID: ATU77744201
Commercial Court: Vienna Commercial Court

Managing Directors:

Dmitrij Rubanov, MSc
Mag. Matthias Neumayer, BA

Email: hello@fragdaspdf.at
Email for privacy matters: privacy@fragdaspdf.at

The protection of your personal data is of particular importance to us. We therefore process your data exclusively on the basis of legal provisions (GDPR, TKG 2003). In this privacy policy, we inform you about the most important aspects of data processing within our website and our services.

  1. Legal Basis for Processing

    The controller may process personal data only if at least one of the following conditions applies:

    • Users have given their consent for one or more specific purposes
    • Processing is necessary for the performance of a contract
    • Processing is necessary for compliance with a legal obligation
    • Processing is necessary for the performance of a task carried out in the public interest
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

  2. Which Data We Process

    We process the following categories of personal data:

    • Stammdaten (Name, Address, Contact Details)
    • Email Address
    • Payment Data
    • Usage Data (visited Websites, Access Times)
    • Uploaded Files (for Processing in the Program)
    • Meta-/Communication Data (Device Information, IP Addresses)

  3. Details on Processed Data

    The types of personal data processed by this application itself or by third parties include:

    • Device Information
    • Usage Data
    • User ID
    • Geography/Region
    • Number of Users and Sessions
    • Session Duration
    • App Opens and Updates
    • Operating Systems
    • First and Last Name
    • Email Address
    • Crash Reports
    • Unique Device Identifiers (UUID)
    • Invoice Address
    • Diagnostic and Tracking Data
    • Geographical Position
    • Language

  4. Used Services and Third Parties

    We use the following services for the provision of our application:

      Details on data processing by these services can be found in the privacy policies of the providers.

    • Push Notifications

      This application can send push notifications to the user. You can usually disable them in the device settings. Please note that disabling push notifications may affect the functionality of the application.

    • How We Collect Your Information:

      We collect/receive information about you in the following ways:

      1. If a user fills out the registration form or otherwise provides personal information
      2. Interaction with the Website
      3. From Public Sources

    • How We Use Your Information:

      We will use the information collected about you for the following purposes:

      1. Marketing/Advertising
      2. Creating a User Account
      3. Collecting Customer Feedback
      4. Payment Processing
      5. Support
      6. Managing Customer Orders
      7. Managing User Accounts

      If we want to use your information for a different purpose, we will ask for your consent and will only use your information for the purpose or purposes for which you have given your consent, unless we are legally required to do something else.

    • How We Share Your Information:

      We will not share your personal information without your consent, except under certain conditions, as described below:

      1. Advertising Services
      2. Marketing Agencies
      3. Analyses
      4. Services for Payment Collection
      5. Data Collection & Processing

      We require such third parties to use the personal information they receive only for the purpose for which it is transferred and to retain it no longer than necessary for the fulfillment of the purpose mentioned above.

      We may also disclose your personal information for the following reasons: (1) to comply with legal requirements, regulations, court decisions, or other legal proceedings; (2) to enforce our agreements, including this privacy policy; or (3) to respond to claims that your use of the service violates the rights of third parties. If the service or our company is merged with or acquired by another company, your information will be one of the assets transferred to the new owner.

    • Storage of Your Information:

      We will retain your personal information with us for 90 days to 2 years after the termination of your account by the user or as long as we need it to fulfill the purposes outlined in this privacy policy. We may need to retain certain information for longer periods for legal or other legitimate reasons, such as accounting/reporting according to applicable law or for enforcing rights, fraud prevention, etc. Anonymous Rest Information and Aggregated Information, which you (directly or indirectly) cannot identify, can be stored indefinitely.

    • Your Rights:

      Depending on the applicable law, you may have the right to access and correct or delete your personal data or obtain a copy of your personal data, restrict the processing of your data, or object to processing, ask us to transfer your personal data to another entity (to port), revoke any consent you have given us to process your data, the right to file a complaint with a regulatory authority, and such other rights that may be relevant under applicable law. To exercise these rights, you can write to us at hello@branding5.com. We will respond to your request in accordance with applicable law.

      You can opt-out of direct marketing communication or profiling for marketing purposes by writing to us at hello@branding5.com.

      Please note that, if you do not allow us to collect or process the necessary personal data or withdraw your consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

    • Cookies etc.

      To learn more about how we use and your options regarding these tracking technologies, please read ourCookie Policy.

    • Security:

      The security of your information is important to us and we will take appropriate security measures to prevent the loss, misuse, or unauthorized modification of your information under our control. However, we cannot guarantee absolute security and therefore cannot guarantee the security of information you provide to us and you do so at your own risk.

    • Links to Third Parties & Use of Your Information:

      Our service may contain links to other websites that are not operated by us. This privacy policy does not cover the privacy policy and other practices of third parties, including every third party that operates a website or service that can be accessed via a link in the service. We strongly advise you to check the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of websites or services of third parties.

    • Complaint-/Data Protection Officer:

      If you have questions or concerns regarding the processing of your information available with us, you can contact our complaint officer by email at Heyqq GmbH, Wasagasse 23, E-Mail: hello@branding5.com. We will process your concerns in accordance with applicable law.

    • International Data Transfers

      We will only transfer data to third parties outside the EU/EWR on the basis of a adequacy decision of the EU Commission or using EU standard contractual clauses and appropriate additional guarantees in accordance with Art. 44 ff DSGVO.

    • Your Rights under the GDPR

      You have the following rights regarding your personal data:

      • Right to Information (Art. 15 GDPR)
      • Right to Rectification (Art. 16 GDPR)
      • Right to Deletion (Art. 17 GDPR)
      • Right to Restrict Processing (Art. 18 GDPR)
      • Right to Data Transferability (Art. 20 GDPR)
      • Right to Object (Art. 21 GDPR)
      • Right to Withdraw Consent (Art. 7 Abs. 3 GDPR)
      • Right to Complain to a Supervisory Authority (Art. 77 GDPR)

      Competent Supervisory Authority in Austria: Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna E-Mail: dsb@dsb.gv.at

    • Automated Decision-Making

      We do not use automated decision-making or profiling that has legal implications on you or significantly affects you in a similar manner.

    • Technical and Organizational Measures

      We take the following security measures to protect your data:

      • Encryption of Data Transmission (HTTPS/TLS)
      • Access Control and Authentication Systems
      • Regular Security and Data Protection Trainings of Our Employees
      • Pseudonymization and Encryption of Personal Data where technically possible
      • Regular Backups for Ensuring Availability
      • Regular Review and Evaluation of Security Measures

    • Data Processing by Third Parties

      We set the following subcontractors for the provision of our services. Corresponding contracts have been concluded in accordance with Art. 28 DSGVO with all subcontractors:

      1. Vercel (Hosting & Infrastructure)

      Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
      Processed Data:

      • IP Addresses
      • Technical Usage Data
      • Access Times
      • HTTP Header Information

      Purpose: Hosting and Delivery of the Website
      Legal Basis: Art. 6 Abs. 1 lit. f DSGVO (Legitimate Interest)
      Storage Location: EU (Frankfurt)

      2. Google Cloud Storage

      Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
      Processed Data:

      • Uploaded PDF Documents (encrypted)
      • Metadata of Files
      • Temporary Processing Data

      Purpose: Secure Storage and Processing of Documents
      Legal Basis: Art. 6 Abs. 1 lit. b DSGVO (Contract Fulfillment)
      Storage Location: EU (Belgium)

      3. Google Firebase Firestore

      Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
      Processed Data:

      • User Profiles
      • Authentication Data
      • Usage Protocols
      • Document References

      Purpose: User Management and Document Organization
      Legal Basis: Art. 6 Abs. 1 lit. b DSGVO (Contract Fulfillment)
      Storage Location: EU (Frankfurt)

      4. PostHog Analytics

      Provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA
      Processed Data:

      • Anonymized IP Addresses
      • Usage Statistics
      • Click Paths
      • Device Information
      • Page Views

      Purpose: Analyze User Behavior for Improving the Service
      Legal Basis: Art. 6 Abs. 1 lit. a DSGVO (Consent via Cookie Banner)
      Storage Location: EU (with EU Standard Contractual Clauses)

      5. Microsoft Azure (AI Services)

      Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland
      Processed Data:

      • Text Content from PDF Documents
      • Processing Requests
      • Temporary Analysis Data
      • Technical Metadata

      Purpose: AI-based Document Analysis and Processing
      Legal Basis: Art. 6 Abs. 1 lit. b DSGVO (Contract Fulfillment)
      Storage Location: EU (Netherlands)

      6. Lemon Squeezy (Payment Processing)

      Provider: Lemon Squeezy LLC, 222 South Main Street Suite 500, Salt Lake City, UT 84101, USA
      Processed Data:

      • Name and Email Address
      • Payment Data
      • Invoice Address
      • Transaction Data
      • Order History
      • IP Address
      • Device Information for Fraud Protection

      Purpose: Payment Processing, Invoice Processing and Fraud Protection
      Legal Basis: Art. 6 Abs. 1 lit. b DSGVO (Contract Fulfillment), Art. 6 Abs. 1 lit. c DSGVO (Legal Obligation)
      Storage Location: USA (with EU Standard Contractual Clauses)
      Special Features: Lemon Squeezy acts as a Merchant of Record (MoR) and is therefore responsible for:

      7. Email Octopus (Email Marketing)

      Provider: EmailOctopus Ltd., 86-90 Paul Street, London, EC2A 4NE, UK
      Processed Data:

      • Email Address
      • Name (optional)
      • Registration Time
      • Email Opens and Clicks (if not disabled)
      • IP Address at Registration

      Purpose: Newsletter Delivery and Email Marketing
      Legal Basis: Art. 6 Abs. 1 lit. a DSGVO (Consent)
      Storage Location: EU (Amazon AWS Ireland)
      Special Features: Tracking Pixels and Link-Tracking can be disabled

      • Tax Calculation and Deducting
      • Compliance with Payment Terms
      • Processing of Refunds
      • Customer Service for Payment Questions

      Storage Period: 7 Years in Accordance with Tax Law
      Data Protection Information: Privacy Policy and Order Processing Agreement

      Data Transfers to Third Countries are only based on:

      • EU Standard Contractual Clauses (Art. 46 Abs. 2 lit. c DSGVO)
      • Adequacy Decisions of the EU Commission
      • Binding Internal Data Protection Provisions (BCR, Art. 47 DSGVO)
      • Additional Technical Protection Measures (Encryption, Pseudonymization)

      You have the right to request a copy of the safeguards for data transfer to third countries. Contact us for this at privacy@fragdaspdf.at.

    • Storage Period and Deletion

      We store your data only as long as it is necessary for the purposes mentioned above:

      • Customer Data: 7 Years after the Last Business Case (in Accordance with Tax Law Preservation Obligations)
      • Applicant Data: 6 Months after Rejection
      • Protocol Data: 90 Days
      • Newsletter Subscriptions: Until Withdrawal
      • Contract Data: 7 Years after Contract End

    • Categorization of Processed Data

      CategoryExamplesIs Recorded
      A. IdentifiersContact Details like Name, Pseudonym, Address, Telephone or Mobile Number, Unique Personal Identifiers, Online Identifiers, IP Address, Email Address and Account NameYES
      B. Personal InformationName, Contact Information, Education, Employment, Employment History and Financial InformationYES
      C. Protected Classification CharacteristicsGender and Date of BirthNO
      D. Commercial InformationTransaction Data, Purchase History, Financial Data and Payment InformationNO
      E. Biometric InformationFingerprints and Voice RecordingsNO
      F. Internet or Network ActivityBrowser Run, Search History, Online Behavior, Interest Data and Interactions with Our and Other Websites, Applications and SystemsNO
      G. Location DataDevice LocationNO
      H. Audiovisual InformationImages and Audio-, Video- or Call Recordings in Connection with Our Business ActivitiesNO
      I. Professional InformationBusiness Contact Details, Job Title, Employment History and Professional QualificationsNO
      J. Educational InformationStudent Files and Directory InformationNO
      K. Derived InformationInferences from the above collected personal information for creating a profile about preferences and characteristicsNO
      L. Sensitive Personal InformationParticularly Protected Personal Data as per Art. 9 DSGVONO

      This Overview Shows Transparently Which Types of Data We Process. We Limit Ourselves to the Necessary Minimum and Process Only Data That Is Necessary for Providing Our Services.

    • Minor Protection

      Our Offer is Primarily Targeted at Persons Aged 16 and Above. Persons Under 16 Should Not Provide Personal Data to Us Without the Consent of Their Parents or Legal Guardians.

    • Changes to This Privacy Policy

      We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services, e.g. when introducing new services. The new privacy policy then applies for your next visit.

    • Right to Object

      If your personal data is processed on the basis of legitimate interests pursued by us, you have the right to object to processing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.