WebID Logo
  • Solutions
        • VideoIDAnti-Money Laundering Act-compliant identification via video call
        • eIDIdentification with the online ID
        • SignIDLegally effective online contract signature
        • AccountIDMoney Laundering Act Compliant identification with online banking
        • avsIDSecure online age verification made easy
        • AutoIDFully automated identity verification with AI and biometrics
        • TrueIDAutomated online identification with the digital identity
  • Industries
        • eCommerceProtection against payment defaults caused by identity fraud
        • MobilityOnline check to avoid liability risks
        • eSports, Gaming & EntertainmentOffer fair entertainment online
        • TelecommunicationsOffer everything online, from SIM registration to mobile phone contracts
        • eGovernmentSecure collection and management of citizen data
        • eHealth & InsurTechIdentify claimants and conclude contracts online
        • Financial ServicesModern online financial transactions, legally compliant and secure
        • BankingCarry out banking transactions- in compliance with the Money Laundering Act- online
  • Knowledge
        • Best Cases
        • Technology
        • FAQ
        • Podcast
  • Company
        • The WebID group
        • The WebID story
        • Management
        • Locations
        • References
        • Patents
        • Awards
        • Press and News
        • FAQ
  • Contact
  • English
    • German
    • Spanish

Privacy policy

Mann mit Laptop

WebID data privacy policy for websites and mobile apps
(as of May 3rd 2022)

The following data privacy policy serves the purpose of processing your personal data (hereinafter referred to as “data”) in accordance with Art. 12, 13, and 21 of the General Data Protection Regulation (GDPR) which is processed by WebID Solutions GmbH (“WebID”) in connection with the use of this website, the mobile apps (hereinafter referred to jointly as “website”), and the WebID services. 

Your data will be processed in compliance with the relevant data privacy regulations, in particular the provisions of the GDPR and the Federal Data Protection Act (BDSG).

1. Responsible entity

The responsible entity as defined by the GDPR is

WebID Solutions GmbH, Friedrichstraße 88, 10117 Berlin
Email: service@webid-solutions.de

2. Data Protection Officer

You can reach our external data protection officer as follows:

Data protection officer: Silvia C. Bauer

WebID Solutions GmbH, Data Protection Officer
Friedrichstraße 88, 10117 Berlin
Email: datenschutz@webid-solutions.de

3. Purposes and legal bases for data processing

3.1 Processing data when using the app

When downloading the mobile app, the necessary information is transferred to the App Store, in particular your user name, your email address and the customer number of your account, the time of the download if applicable, payment information, and the individual device code number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device and in this context, to the extent necessary for using the app, on the basis of Art. 6 para. 1 lit. b GDPR.

3.2 Informational use of the website

You can visit our website without providing any personal information. If you only use our website for information purposes, meaning you do not register or otherwise provide us with information about you, we do not process any personal data, with the exception of the data that your browser transmits in order to enable you to visit the website or information that is transmitted to us within the framework of cookies used.

3.2.1 Provision of the website

Information is collected by our IT systems when you visit the website, for the purpose of technical provision of the website. The collection and storage of this data in so-called server log files is done automatically as soon as you access our website. The following information will be collected:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Server request time
  • IP address
  • The previous website from which access takes place.

This data is not merged with other data sources. The temporary storage of your IP address by our system is necessary to enable the delivery of the website to your computer. For this, the IP address of the user must be saved for the duration of the session.

The IP address is stored in the log files to ensure the functionality of our website. In addition, this data is used to optimize the website and to ensure the security of our information technology systems (e.g., attack detection).

We process your personal data for the technical provision of our website on the basis of the following legal framework:

  • in order to make our website technically available in accordance with § 25 para. 2 no. 2 of the Telekommunikation Telemedien Datenschutzgesetz (TTDSG) [German Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia], as it is absolutely necessary to process the above-mentioned data so that we can ensure the use of our website as expressly requested by you (i.e. both with and without cookies);
  • in order to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), if you are visiting our website to find out about our products;
  • in order to protect our legitimate interests under Art. 6 para. 1 lit. f of the GDPR in order to be able to technically and securely deliver the website to you;

3.2.2 Consent Manager

We use a consent manager on our website. The consent manager provider from Jaohawi AB (Huellegelvägen 1b
72348 Väster’s, Sweden) is a solution with which we obtain your consent to certain data processing procedures requiring consent (e.g. analysis, tracking, etc.). By using it, we can inform you about the individual cookies and tools we use. You can use the Consent Manager to select which cookies and tools you want to allow or reject individually or categorically. This allows you to make an informed decision about the transfer of your data and allows us to use cookies and tools in a transparent and documented manner that is in compliance with data protection regulations.

The consent management provider processes your personal data to record your decision about the approval of cookies and tools, and to store them for your next visit to our website. This includes the corresponding cookie with your consent decision as well as other usage data such as your IP, the browser used, language and country, and the accessed website. In addition, the consent management provider stores the following cookies:

  • “euconsent” – Consent String of the IAB CMP Framework. This contains the information on whether/how you have consented to the processing of your data.
  • “eupubconsent” – similar to “euconsent”, but with less information.
  • “__cmpconsent*” – similar to “euconsent”.
  • “euconsent_backup” – backup copy of the “euconsent” cookie
  • “__cmpcvc*”/“__cmpvendors”/“__cmpiab” – Information about the consent of providers.
  • “__cmpcpc*”/“__cmppurposes” – Information about the purpose of the consent.
  • “__cmpcc”/”__cmpccx” – This cookie contains only one number and is used to check whether your browser supports cookies.
  • “__cmpiuid” – a random text. The purpose of this cookie is to log the status of your consent.
  • “__cmpld” – contains the date on which the consent level was last shown to you.
  • “anna”/”annac” – Contains a number that counts visitors to the site.
  • “kmd” – When you log in to our system, we save the login information here.

Further information and the data privacy policy of the Consent Management Provider can be found at: https://www.consentmanager.net/datenschutz/.

We process your personal data for the technical provision of our website on the basis of the following legal framework:

  • in order to technically provide consent management in accordance with Section 25 (2) No. 2 TTDSG, as it is essential to process the above-mentioned data to enable us to make it possible to use our website (with or without cookies) as expressly requested by you;
  • to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, in order to make the website technically available to you,
  • to fulfill a legal obligation from the GDPR pursuant to Art. 6 para. 1 lit. c GDPR, which consists of making the option for consent and for documenting your decision available to you.

3.2.3 Statistical analysis of the use of the website and increase in reach

When visiting our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and with what are referred to as analysis programs. This will help us improve the quality of our site and its content. We learn how the website is used and can thus continually optimize our offer. See the explanations below for detailed information.

We process your personal data for the technical provision of our website on the basis of the following legal framework:

  • with your consent, in accordance with § 25 para. 1 of the TTDSG with respect to the initial storage and retrieval of data;
  • with your consent, in accordance with Art. 6 para. 1 lit. a of the GDPR for subsequent data processing (e.g. providing functionalities, analysis, tracking, optimisation, etc.).

You can revoke your consent via our Consent Manager at any time and with future effect. You can access the Consent Manager from any web page by clicking on the tick icon in the bottom left corner of the website and modifying your settings to withdraw your consent.

3.2.3.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate your use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other Google data.

Google Analytics is integrated only in the corporate website, not in the web pages used for identification processes or any other of our services.

IP Anonymization

We have enabled the IP anonymization feature on this site. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on the website activities, and to provide us with further services related to the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other Google data.

Browser plugin

You can prevent the storage of cookies by adjusting the settings in your browser software accordingly; however, please note that you may not be able to use all the functions of this website in full in this case. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the collection of your data during future visits to this website: *please insert link*.

You can find more information on the handling of user data at Google Analytics in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/privacy?hl=de.

3.2.3.2 Google Ads

We use the online advertising program “Google Ads” and conversion tracking within the framework of Google Ads. Google Conversion Tracking is an analysis service of Google Ireland Limited (“Google”), a company registered and operated under Irish law (register number: 368047) with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”, subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain websites on our website and the cookie has not yet expired, Google and we can recognize that you have clicked on the advertisement and have been redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no possibility that cookies can be tracked via the websites of Ads customers.

The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Here, customers learn the total number of users who have clicked on their advertisement, have been redirected to a page marked with a conversion tracking tag, and have therein taken part in a competition, for example. However, they will not receive any information with which users can be personally identified.

You can prevent the processing of your data by Google Ads by

  • saving the cookies with the appropriate setting in your browser software; however, we would like to point out that you may not be able to use all functions of our website in full in this case;

Further information and Google’s privacy policy can be found at: https://policies.google.com/privacy and www.google.com/policies/technologies/ads/

3.2.3.3 Google Tag Manager

We use Google Tag Manager from Google on our website. Google Tag Manager is a solution that allows marketers to manage web page tags through an interface. The Google Tag Manager service itself (which implements the tags) is a cookieless domain and does not collect personal data. The Google Tag Manager service triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, this remains in place for all tracking tags which were implemented with Google Tag Manager.

3.3 Active use of the website

In addition to the purely informative use of our website, you can also actively use our website to use our WebID products, such as secure online identification, identity determination with artificial intelligence and biometrics without involving a human employee (“WebID AI”) or digital contract signing, to create a permanent user profile, to register for our newsletter, or to contact us. In addition to the processing of your personal data described above in the case of purely informational use, we also process other personal data from you that we need to provide the respective services and respond to your inquiries.

3.3.1 Verification and confirmation of identity or age – WebID Video Ident and other identification methods

The processing of your data by WebID in connection with the verification and confirmation of identity, a documented declaration, or age is carried out on behalf of the respective partner company of WebID, such as a bank, a telecommunications company, or an insurance company, at whose request the review is carried out (“partner”).

The processing of your data is done exclusively for the purpose of checking your identity, your declaration, or your age and confirming it to the respective partner.

For this purpose, we process the data that you provide to us for the respective partner in the context of your use of the respective WebID service, as well as any data that the respective partner provides to us for the purpose of comparison with the data communicated by you. The prerequisite for the processing is the creation of a user profile (see Clause 3.3.3), in which your data is collected and by means of which we are given the opportunity to communicate with you for purposes of the respective identification method, including by email and SMS, in order to send you information such as the transaction number (TAN) for the successful completion of the respective identification.

The scope of processing carried out on this data as well as the legal basis for this processing depends on the intended or already existing contractual relationship between you and the partner, as well as the legal requirements which require proof of identity or age in individual cases. Depending on the legal basis for proof of identity or age, it is also necessary to prove the existence of a valid, official ID document (e.g., ID card or passport). As a rule, the following data is processed within the framework of the following processes, whereby the exact scope of this data or the processing depends on the respective identification method:

3.3.1.a. for all identification methods:

  • Last name, first name
  • Place of birth
  • Date of birth
  • Nationality
  • Full address
  • Mobile phone number
  • Email address
  • Photo/screenshot of the person and the front and back of the ID document
  • ID data (such as date and place of issue, issuing authority, etc.)

3.3.1.b. WebID Video Ident:

The following data are processed in addition to the data listed in point 3.3.1.a. for identification by means of WebID Video Ident:

  • User name for the video conference program used
  • Video and sound recording of the video call

3.3.1.c. WebID AI Ident:

For identification by means of WebID AI Ident, you will create a portrait photo of yourself after collecting the data mentioned in Item 3.3.1.a. The data transmitted by the partner, the ID data, and the portrait photo are the subject of the fully automatic check by WebID AI Ident. The fully automatic identification by WebID AI Ident can proceed differently depending on the partner’s model. Your data will either be matched with your ID document or will also be reviewed to verify that it is a valid ID document; if necessary, a biometric comparison of the portrait photo with the photo on your ID document will also be carried out.

It may be necessary for you to consent to the processing of your biometric data for purposes of identification based on Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR. If you do not wish to give this consent, you can alternatively complete the video identification according to Clause 3.3.1.b, depending on the partner’s model. To use WebID AI, you will first fill out a form (usually on the partner’s website), issue your consent to the processing of your biometric data, and accept the Terms and Conditions of WebID. You will then be referred to us by the partner.

3.3.1.d WebID Account Ident

A fully automatic identity check is carried out first for identification using the WebID Account Ident. For this purpose, the data described in further detail in Clause 3.3.1.c (WebID AI Ident) is processed, and the processes mentioned there are carried out. In the next step, use your access data to log in to your bank’s online banking. To use WebID Account Ident, it is necessary for legal reasons that you use digital PSD2 or online banking interfaces to ensure secure access to information stored in your bank account and that you confirm this by means of a so-called “reference transfer”. This serves the purpose of verifying your data collected in this way and the existence of your bank account. As part of a reference transfer, a minimum amount (e.g., in the amount of 1 cent) is transferred from your bank account to a verification account of WebID. This transfer will be executed by your bank per your consent. With your explicit consent, you irrevocably agree that your bank will execute this transfer order to a verification account of WebID. This process is generally embedded with the partner for whom we work and on the basis of Art. 6 para. 1 lit. a, b and c GDPR in conjunction with Art. 28 GDPR. Alternative procedures that do not require access to data stored in your bank account plus a reference transfer are routinely available to you.

3.3.1.e. WebID eID (online ID function)

For identification via WebID eID, you need the app My WebID, which you must have loaded on your smartphone. If you decide to use the app and identify yourself via WebID eID, you will be redirected from our partner’s website to the app. There, the WebID eID online ID function is available to you as a procedure by means of which we carry out an identity check for our partner. To do this, you must have activated the online function of your ID card and have a smartphone with activated NFC function ready so that a connection can be established between your ID card and the smartphone. You start the identification process by entering the QR code that is displayed online or you enter the process number that is displayed. By entering your personal 6-digit PIN from your ID card, you initiate and authorise the transmission of the required data using end-to-end encryption by reading the NFC chip. WebID checks the transmitted data and completes the identification accordingly. By using the WebID Ident App, it is not necessary to load the ID Card App2. WebID uses eID service providers authorised in accordance with § 21b PAuswG, such as D-Trust or MTG, which have received an authorisation certificate for reading out corresponding ID card data from the Federal Office of Administration.

3.3.1.f. Processing of biometric data

When automated products are used as part of the identification process, a biometric data match is made between the video recording and the photo of your identification document (position data of the face) so that, among other things, attempts at fraud, such as identity theft, can be better detected. The survey data collected in this process is processed only for matching purposes. There is no data storage of the survey data. Only the result of the comparison is stored. This does not contain any biometric data, but only the information that the data comparison was successful.

The data is processed by the following subcontractors:

Amazon Web Services Luxembourg Sàrl, 38 avenue John F. Kennedy, L-1855, Luxembourg; BioID AG, Brünigstrasse 95, 6072 Sachseln, Switzerland.

If you would like to avoid the processing of biometric data, you can – if offered by your contractual partner (our partner) – alternatively use other procedures for identification. If these are not offered, please contact the partner directly.

3.3.1.g. Further process and legal basis

When we have determined and verified your identity, we will transfer the collected data to the partner. Depending on the design of the identification method, you may receive an email message about the result of the identification. If, at your request, the establishment of your identity via a sales partner has been forwarded by us or a sales partner of the partner, the sales partner will only receive a success report on the status of the review. The partner will process the transmitted data in order to fulfill its obligations under money laundering law or other identification obligations, as well as its rights and obligations arising from the contractual relationship between the partner and you.

The processing of your personal data takes place on the following legal basis:

  • within the framework of the respective contractual relationship with our respective partner, Art. 28 GDPR;
  • to fulfill a contract pursuant to Art. 6 para. 1 lit. b GDPR;
  • to fulfill a legal obligation to which the partner is obligated pursuant to Art. 6 para. 1 lit. c GDPR.

3.3.2 Digital contract signature

You can also use our services to conclude digital contracts with our partners. Following the above-mentioned video identification or an equivalent identification and after viewing the respective contract, you can digitally sign the contract of your contractual partner by means of a certificate.

We process the data listed under Clause 3.3.1.a. for purposes of identification and digital contract signing. The processing takes place for contractual purposes, Art. 6 para. 1 lit. b GDPR, and is also based on the legal requirements which must be observed in individual cases within the framework of the digital contract signature, such as the eIDAS Regulation.

3.3.3. Processing for purposes of user profile “My WebID”

Our services for you also include the creation of a user profile.

We process the data collected by us within the framework of the identification methods described above or the digital contract signature (see Clause 3.3.1 and 3.3.2) as well as the transaction number linked to your user profile. This does not include biometric data; these are not stored by us.

In this context, we as the controller use this data for the purpose of enabling you to provide future identity or age verifications to our existing and future partners, or to enable you to sign digitally in the future.

The creation of your user profile and the processing of the data listed above for the purposes of WebID is carried out in accordance with Art. 6 para. 1 lit. b GDPR and, if applicable, a declaration of consent, Art. 6 para. 1 lit. a GDPR.

3.3.4 Inquiries

In order to process and respond to your inquiries to us, e.g., via the contact form or to our email address, we process your data communicated in this context. This includes your name, your age, and your email address to send you a reply, as well as any other information you send us as part of your communication.

We process your data in order to answer your inquiries on the following legal basis:

  • If you are contacted within the framework of a contract to which you are a contractual party, or for the implementation of pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.
  • In order to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR; our legitimate interest consists of the proper answering of customer inquiries.

3.3.5 Newsletters, surveys, etc.

With your consent, we use your data for advertising purposes, such as the transmission of our newsletter, telephone contact, or for advertising surveys. We only collect the necessary data, such as your email address.

Our service provider for sending newsletters also collects, compiles, and uses statistics and tracking data for us on our behalf (e.g., reading confirmations, interaction with links, etc.) in order to analyze your reaction to our emails, optimize our approach, and thus be able to display more suitable advertising for you, among other things.

We process your data for these purposes on the following legal basis:

  • If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR;
  • If we record and analyze your response to our emails in order to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR; our legitimate interest is to analyze your response to our communication and to optimize it in order to constantly adapt the quality and content of our communication and our marketing to your preferences, and thus send you more suitable communication.

3.3.6 YouTube

We integrate the services of YouTube.The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In order to make the videos available, technically necessary data is processed by Google for this purpose. Google is responsible for this processing. You can find more information about the handling of your personal data by Google at: https://policies.google.com/privacy?hl=de.

The legal basis for the initial reading and/or storage of data is Section 25 (2) No. 2 of the TTDSG, as the processing of data is absolutely vital for us to make it possible for you to use our website as you have expressly requested (i.e. with YouTube videos, for example). The legal basis for the initial reading and/or storage of other data which is not technically necessary is the user’s consent, in accordance with Section 25 (1) of the TTDSG. Subsequent data processing in relation to the integration of YouTube is required for the needs-based design of our website. Further data processing when integrating YouTube is necessary for the needs-based design of our website. This also constitutes our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

3.3.8 Compliance with legal regulations

We also process your personal data in order to fulfill other legal obligations. These legal obligations can affect us in connection with business communication, for example. This specifically includes retention periods under commercial or tax law.

We process your personal data in order to fulfill a legal obligation to which we are subject. The legal basis is Art. 6 para. 1 lit. c GDPR in connection with commercial or tax law, insofar as we are obliged to record and store your data.

3.3.9 Legal enforcement

We process your personal data in order to assert our rights and to enforce our legal claims. We also process your personal data in order to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to defend against or prosecute criminal offenses.

For this purpose, we process your personal data for the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in the event of legal disputes, prevent, clarify criminal offenses.

3.3.10 Sale of the company, mergers, etc.

We may process your personal data in order to process a (partial) sale of a company or a merger (or similar transactions such as takeover within the framework of liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires or intends to acquire the assets/capital, which may also include your personal data, from us or we carry out or strive to carry out a merger with another company, we may have to grant access to your personal data stored with us or transfer it for the purpose of reviewing and carrying out the sale/merger of the company (e.g., to determine the company value, business risks, etc.).

We process your personal data for this purpose in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR to be able to plan and carry out a planned company sale or a planned merger.

4. Categories of recipients

Within WebID, only those entities that require access to fulfill our contractual and legal obligations shall receive access to the data.

As part of our activity as a contract processor, we transmit the collected data to the respective partner with whom you are in contact. If, at your request, the establishment of your identity via a sales partner has been forwarded by us or a sales partner of the partner, the sales partner will only receive a success report on the status of the review. The partner will process the transmitted data in order to fulfill its obligations under money laundering law or other identification obligations, as well as its rights and obligations arising from the contractual relationship between the partner and you or as part of processing the digital signature, in particular for verifying contract conclusion.

In addition, we will share your personal data with other recipients if this is permitted or required by law. Some of these recipients provide us with services in connection with our website or our services (e.g., IT service providers or cloud service providers), some of which act independently (e.g., law enforcement authorities or tax authorities). We limit the transfer of your personal data to what is necessary, in particular in order to be able to provide our services. If our service providers receive your personal data as a processor, they are strictly bound by our instructions when handling your personal data.

5. Third country transfer

In principle, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations.

In the event of a transfer of data to countries outside the European Union, we ensure that the level of data protection complies with Art. 44 et seqq. GDPR. Unfortunately, due to the laws of non-EU states (e.g., within the framework of the Cloud Act in the USA), there is the possibility that government authorities in particular will access your personal data without us or you being able to prevent or control this, even with the conclusion of corresponding agreements and regulations. For these reasons, your consent to the use of cookies includes, for example, consent for the purpose of data transmission to countries outside the EU.  Within the context of use of the tools Google Analytics and Google Ads, we transfer your IP address or your shortened IP address to countries outside the European Union, including the USA.

If service providers are also used in the third country and we can influence this, they are obligated to comply with the level of data protection in Europe in addition to written instructions by the agreement of the EU standard contractual clauses. Alternatively, we transmit the data on the basis of the binding corporate rules or an adequacy decision. You can obtain further information from our data protection officer.

We do not otherwise transfer your personal data to countries outside the EU or the EEA or to international organizations.

6. Links

Some sections of our website contain links to third-party websites, such as YouTube videos. The websites of all third parties are subject to their own data protection principles. We are not responsible for their operation, including data handling. If you send information to or via such third-party websites, you should review the privacy statements of these pages before providing them with information that can be associated with your person.

7. Duration of storage

7.1 Informational use of the website

When using our website for purely informational purposes, we store your personal data on our servers exclusively for the duration of your visit to our website. After you leave our website and close your browser, your personal data will be deleted immediately.

The session cookies are deleted when you close the browser. 

Cookies installed by us on the basis of your consent will be deleted after a storage period of up to 14 months. With regard to cookies from Google, the storage period may be reset to the specified period for further actions. If a cookie is used for recognition, you can delete it yourself at any time via your browser settings.

7.2 Active use of the website

We process your data on behalf of our clients within the framework of video legitimation, WebID AI Ident or equivalent identification and digital contract signing. The storage period is therefore based on the contractual agreements you have made with the client or the statutory storage periods applicable to them. Within the framework of the Money Laundering Act, our client may be obligated to store the data for a period of up to five years or according to the commercial or tax regulations for a period of up to 10 years.

Within the context of the provision of services relating to a qualified electronic signature, there is also an obligation to store your data in accordance with the regulations of the eIDAS Regulation and the accompanying national legislation in the long term in order to ensure legally secure evidence regarding the services provided in this way. In Austria, for example, the storage period is up to 35 years.

If you have given your consent to the processing of your data, we will retain your data until it is revoked; in these cases, we may also have to archive your data based on statutory or legal requirements. In these cases, your data will of course be blocked for use for other purposes and will only be stored for the fulfillment of our legal or statutory obligations.

If you send us a request when using our website or we process your data within the scope of a contractual relationship, we will otherwise store your personal data for the duration of the response to your request or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we then store your personal data until the expiration of the retention period for any legal claims arising from the relationship with you, in order to use them as evidence if necessary. The retention period is generally between 1 and 3 years, but can also be up to 30 years.

Once the retention period expires, we will delete your personal data unless there is a statutory retention obligation, for example based on the Commercial Code (§§ 238, 257 para. 4 HGB) or the Tax Code (§ 147 para. 3, 4 AO). These retention obligations can be between two and ten years.

8. Your rights as a data subject

Under the legal conditions, you are entitled to the following rights as a data subject, which you can assert against us:

Right of access: You are entitled to request confirmation from us within the framework of Art. 15 GDPR at any time as to whether we process your personal data. If this is the case, you are also entitled to information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage duration, their rights, the origin of the data, the use of automated decision-making and, in the case of a third-country transfer, the appropriate guarantees) and a copy of your data within the framework of Art. 15 GDPR.

Right to rectification: Pursuant to Art. 16 GDPR, you are entitled to demand that we correct the personal data stored about you if they are incorrect or inaccurate.

Right to deletion: Under the conditions of Art. 17 GDPR, you are entitled to demand that we delete your personal data immediately. The right to deletion does not exist, among other things, if the processing of personal data is required (i) to exercise the right to freedom of expression and information, (ii) to fulfill a legal obligation to which we are subject (e.g., statutory retention obligations) or (iii) to assert, exercise, or defend legal claims.

Right to restriction of processing: Under the conditions of Art. 18 GDPR, you are entitled to demand that we restrict the processing of your personal data.

Right to data portability: Under the conditions of Art. 20 GDPR, you are entitled to demand that we transfer the personal data relating to you that you have provided to us in a structured, common, and machine-readable format.

Right of objection: You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR such that we must end the processing of your personal data. The right of objection exists only within the limits provided in Art. 21 GDPR. In addition, our interests may prevent the processing from ending, such that we are entitled to process your personal data despite your objection.

Right of appeal: You can address complaints to the authorities named under sections 1 and 2. In addition, you are entitled to file a complaint with a supervisory authority subject to Art. 77 GDPR, in particular in the member state of your place of residence, your workplace, or the location of the suspected violation, if you believe that the processing of the personal data relating to you violates the GDPR. The right of appeal exists without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:
You can find more information about the handling of your personal data by Google at: https://policies.google.com/privacy?hl=de. 219, 10969 Berlin, Germany.
Email: mailbox@datenschutz-berlin.de
Phone number of head office: +49 30 13889-0
Fax: +49 30 2155050

Revocation of consent: If you revoke your consent to the collection, processing, and use of your data in whole or in part with future effect, we will delete your data immediately, subject to statutory retention periods, to the extent requested by you or block it for further use

9. Obligation to provide data

In principle, you are not obliged to inform us of your personal data. However, if you do not do so, we will not be able to make our website available to you, respond to your requests to us, or provide you with our services. Personal data that we absolutely require for the above-mentioned processing purposes are identified by a “*” or another character.

10. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances). If we use such procedures in individual cases, we will inform you accordingly.

11. Encryption

When collecting or transmitting your data, we use a state-of-the-art SSL encryption (SSL = Secure Sockets Layer). SSL encryption ensures the confidentiality of communication. This security feature is active if either the symbol of an intact key or a closed lock (depending on the browser) appears in the lower area of your browser window.

Right of objection

You have the right to object at any time to the processing of personal data relating to you by us for reasons arising from your particular situation, which is done on the basis of Art. 6 para. 1 lit. e (perception of a task in the public interest) or Art. 6 para. 1 lit. f GDPR (authorized interest of the controller); this also applies to profiling based on these provisions. We will no longer process the personal data relating to you unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object to the processing of the personal data relating to you at any time for the purpose of such advertising. If you object to processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.

Please send any objections to the address shown under Item 1.

12. Changes

We reserve the right to change this privacy policy at any time. Any changes will be announced on our website by publishing the amended data privacy policy. Unless otherwise specified, such changes shall take effect immediately. Therefore, please check this data privacy policy regularly in order to view the most current version.

Last updated in May 2022

About us
  • Company
  • Press and News
  • FAQ
  • Best Cases
  • Patents
  • Awards
Legal notes
  • Trust Service Practice Statement
  • Trust Service Practice Statement Visual Ident
  • Disclaimer
  • General Terms and Conditions
  • Privacy policy
  • Imprint