General Data Protection Regulation

Introduction

INVISID - a brand of Deepsign GmbH - has made it its mission to help you improve email protection for senders and recipients. For this, we need personal information from you - there's no way around it. But we don't take this responsibility lightly. We are aware of the importance of privacy and your rights and want you to feel secure when using our services and interacting with us. We hope you love INVISID as much as we do, but if you do not agree with this policy, please do not use the INVISID website(s) or services.

Taking into account our license terms, which can be viewed here, and assuming your acknowledgment and consent, we provide further information on this topic in the following sections. We have tried to present the information as clearly as possible, but we are aware that it is a wealth of information. If you have any questions, please contact us by email.

This GDPR ("Notice") describes how INVISID collects, uses, and discloses your personal data. In this document, we will use some definitions to describe various products, roles, and relevant terms:

"Website" refers to all texts, data, information, software, graphics, photos, and more that we and our partners provide to you, as well as our websites (including the INVISID Help Center) and all services, extensions, plug-ins, software, or applications that we provide to you.

"Users" are the individuals who have created an INVISID account.

"Recipient" refers to individuals who receive a "certified" email from a user but may not be registered with INVISID.

"Reader" is a person who visits the website but may not or need not be a user or recipient.

"Personal data" means any data relating to an identified or identifiable natural person and processed by INVISID as described in this Privacy Policy, when such information is protected as "personal data" or "personal information" or a similar term under applicable data protection laws.

Scope:

This GDPR applies to personal data that INVISID collects when you visit or use our website, as described in the "Data Collected by Us" section of this GDPR below. INVISID is responsible for this personal data. This Privacy Notice does not apply to personal data that the user contributes when using the provided service, such as information that exists for a recipient to communicate with them via email (e.g., recipient's email address that the user owns/holds).
We process personal data as part of customer data on behalf of our customers as a processor or service provider. If you are a recipient and have questions about how your data is processed by our customers/users or if you wish to exercise your rights regarding this data, you must contact the customer/user who collected your data and uses it in our service.
If you contact us regarding personal data within customer data and are able to identify the company or user you interacted with, we will promptly inform the respective customer who collected your data about your request.

Information We Collect:

We collect information directly from you and automatically through your use of our website or application. Please note that we may not be able to provide certain parts of the services if you do not share certain personal data with us or refuse certain contact permissions. Usage capabilities will vary depending on the user (account holder) in the account settings or according to the subscription.

The service is only available to natural persons aged 16 or older (or the minimum age applicable in the respective jurisdiction). In paid subscriptions, even if you are under 16 years old and have an account from a recognized educational institution or within the family sharing.

The user may only use the service if the laws of Germany, the EU, or other applicable jurisdictions, including the laws of the country in which they are resident or from which they use the service, do not prohibit them from using the service. By agreeing to this agreement, the user assures that the foregoing has been understood and agrees to it.

  1. Information Provided by You:

    A) Information Received from Third Parties: If you choose to connect your account with your account at a third-party service provider, we may receive information from this third-party service provider, including personal data, or be granted access to it. You can terminate the sharing of your information from a third-party service provider to us by removing our access to that service. INVISID processes this information on behalf of the user as a processor or service provider.

    B) Users provide certain information to INVISID, including name, email address, username, age, country (of residence), and password when setting up their account. If you purchase a premium version of INVISID, we collect and store your billing address and credit card information (the last four digits of your credit card number, card type, and expiration date) for the third-party payment processor.

    C) Marketing Information: Users, recipients, or viewers interested in INVISID services may contact us via the forms provided on the website and voluntarily provide information such as name, work email address, phone number, company, and position. Users, recipients, or viewers interested in our newsletter may also provide their names and email addresses to be added to our mailing list. We also receive other similar information you provide to us when participating in an event hosted by INVISID or its partners (such as webinars) and through your interactions with our social media accounts.

  2. Information Automatically Collected:

    We and authorized third parties use cookies, pixels, web beacons, and other technologies to receive and store certain types of information when you interact with us through your computer or mobile device (subject to your consent, opt-out preferences, or another appropriate legal basis, if required by law). The use of these technologies helps us make the website and services more user-friendly, improve system performance, customize marketing messages, and help us detect or prevent fraud and security risks. Here are more detailed information about the types of information we collect:

    A) Log and Device Data: When you use INVISID, we and our authorized third parties may automatically record certain information ("log data"), including information your browser sends when you use our services or visit our website. This log data may include the web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, and timezone or approximate location. Whether we collect some or all of this information often depends on the type of device you are using and its settings. For example, different types of information are available depending on whether you are using a Mac or PC. To learn more about what information your device provides to us, please read your device manufacturer's or software provider's policies.

    B) Cookie Data: Depending on how you access our services and subject to your consent, opt-out preferences, or another appropriate legal basis, if required by law, we and our authorized third parties may use "cookies" (a small text file sent to your computer each time you visit our website or a third-party website, which is only valid for your INVISID account or browser) or similar technologies to record log data. When we use cookies, we may use "session" cookies (which last until you close your browser) or "persistent" cookies (which last until you or your browser deletes them). For example, we may use cookies to keep you logged in to INVISID. Some of the cookies we use are associated with your INVISID account (including personal data about you, such as the email address you have provided us), while others are not. INVISID provides a centralized cookie management service for the entire INVISID application. You can find the link under "Account Settings" in your INVISID website account.

    C) Usage Data: When you use our service as a user, we collect certain information about your typing behavior. For example, we collect information about typing behavior through the keyboard of your PC or MAC when you have activated the services in the browsers, so the necessary files (plugin and ADDON) are installed (legitimate interest in providing the service). We aggregate this information and use it to ensure the main functionality of the service (verification of biometric handwriting), to create the certificate, to monitor and improve the service, for example, to continuously improve the algorithms used.

How We Use Your Information:

  • a) to protect our rights and interests as well as the rights and interests of our users and other individuals and to enforce this notice or our terms of use.
  • b) to comply with applicable legal or regulatory obligations, including responding to requests from law enforcement or other government authorities or in court proceedings involving INVISID.
  • c) to manage our business or perform functions described to you at the time of collection, provided you agree, as required by law.

Who We Share Information With:

We may disclose information we collect about you, including personal data, in the following ways:

We engage other companies, agents, or contractors ("Service Providers") to perform services on our behalf or to assist us in providing services and communicating with you. We may engage Service Providers to process credit card transactions or other payment methods. We may also engage Service Providers to provide services such as monitoring and developing INVISID services, assistance with communication, infrastructure and IT services, customer service, debt collection, and analysis and improvement of data. These service providers may have access to your personal data or other information to provide these functions. Additionally, some of the types of information we request may be collected by third parties on our behalf. Microsoft is one of INVISID's service providers. You can view Microsoft's privacy policy here (https://privacy.microsoft.com/en-us/privacystatement)

We may disclose information to service providers and government agencies for legal and security reasons. This includes sharing information to enforce policies or contracts, to address security breaches, and to assist with the investigation of fraud, security issues, or other problems.

We require service providers to commit to complying with legal requirements, taking appropriate measures to protect the personal data we provide, and do not authorize them to use or disclose your personal data except in connection with the provision of their services. You can find the list of INVISID service providers, who are also platform sub-processors, here https://invisid.de/gdpr

Justified in the case of:

  • A) Affiliated Companies: We may disclose information to current or future affiliated companies or subsidiaries for purposes consistent with these GDPRs.
  • B) Governmental Authorities: We may disclose your data if we believe disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable terms of use or this notice, including investigating potential violations thereof; to protect the security, rights, or property of the public, an individual, or INVISID; to detect, prevent, or otherwise address security or technical issues, illegal or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or administrative process. In this process, INVISID commits to respecting individuals' privacy, and all such disclosures are carefully reviewed to ensure they are lawful and that, if disclosure is required, only the necessary information is provided or the request is contested accordingly. Unless prohibited by law, INVISID will notify you of any government requests received.
  • C) Authorized Agents: If you use INVISID as a paid member of an organization or with the email domain of your organization (and thus represent yourself as a member of the organization), we may disclose your email address, plan information, and account data to an authorized representative of your company if your company wishes so that they manage the account for the company.
  • D) Reorganization Event


We may, as a result of a sale, merger, consolidation, change of control, transfer of assets, reorganization, or liquidation of our company (a "Reorganization Event"), transfer or assign your personal data to parties involved in the Reorganization Event. You acknowledge that such transfers may occur and are permitted by this GDPR and are subject to it.

Your Rights and Choices

    Depending on your relationship (user or recipient) with INVISID, you can exercise your rights and choices in the following ways:


  • Email: If you do not wish to receive promotional emails from us as described above, you may unsubscribe at any time by following the unsubscribe link contained in the email itself. Service-related emails cannot be unsubscribed.

  • Cookies: You can refuse or withdraw consent to non-service-related cookies through your browser settings. Please remember that certain cookies are necessary to authenticate users or recipients and perform some actions in INVISID.

  • Third-party Analysis and Advertising Tools:
    Some of the service providers we use offer the option to opt out.

  • Google Analytics:
    You can deactivate the services of Google Analytics through the opt-out function on their website. The Google Analytics service is provided by Google Inc. You can disable the use of your data by the Google Analytics service by installing the Google Analytics Opt-out Browser Tool: https://tools.google.com/dlpage/gaoptout. For more information about Google's privacy practices, please visit the Google Privacy and Terms website: https://policies.google.com/privacy.

Additional Rights:

    Depending on where you live, you have the following rights, subject to applicable exceptions or restrictions:


  • a) The right to know and access your personal data, such as the categories of personal data we have collected, the sources of personal data, the purposes of collection, and how we have used, disclosed, sold, or shared personal data; specifically, you may have the right

  • b) To correct inaccurate personal data we have stored about you;

  • c) To delete your personal data under certain circumstances;

  • d) To object to the sale or disclosure of your personal data as defined in applicable laws;

  • e) To object to certain types of processing, such as targeted advertising, direct marketing, and certain types of profiling and automated decision-making;

  • f) To request restriction of the processing of your personal data; the right to data portability, i.e., requesting a copy of your personal data in a readily accessible format;

  • g) To withdraw your consent under certain circumstances; and

  • h) To lodge a complaint with the competent data protection supervisory authority. You can find the contact details of the data protection supervisory authority responsible for you, if applicable, on the European Data Protection Board website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or in other publicly accessible sources.

  • If any of the above rights are applicable, you may exercise your rights by contacting us via email. We will take steps to verify your identity before processing certain requests. We will only process your request if you have provided us with sufficient information to reasonably verify that you are the person about whom we have collected personal data. If you have an account with us, we will use our existing account authentication procedures to verify your identity. If you do not have an account with us, we may request additional information from you to verify your identity. We will only use the personal data provided during the verification process to verify your identity or your authorization to make a request, as well as to track and document responses to requests, unless you originally provided the information for another purpose.

  • You may appoint an authorized representative to make requests on your behalf. When verifying your representative's request, we may verify both your identity and that of your representative and may request a document signed by you authorizing your representative to make the request on your behalf. To protect your personal data, we reserve the right to reject a representative's request if they fail to provide evidence that they have been authorized by you to act on your behalf.

Note on Third Party Links:

Our website may contain links to third-party websites and applications. Subject to your opt-out or consent preferences, we may also utilize advertisers, ad networks, and other advertising, marketing, and promotional companies from third parties to display advertisements on our website. Accessing and using such linked websites and applications is not subject to these notices, but rather to the privacy policies of these third parties. We do not endorse these parties, their content, or the products and services they offer, and we are not responsible for the information practices of these third-party websites or applications.

Security and Information Storage

Given the nature of communication and information processing technology, there is no guarantee that personal data is absolutely secure from access, alteration, or destruction through a breach of our physical, technical, and administrative security measures. As a cyber security service provider, we are acutely aware of this fact. For this reason, INVISID takes the security of your personal data very seriously. We work hard to protect the personal data you provide us from loss, misuse, unauthorized access, or disclosure, and we have taken appropriate steps to protect the personal data we collect. We have industry-recognized certifications and audits such as ISO/IEC 27001 in planning (not yet received);

You should also take measures to protect your device and account from unauthorized access, including choosing a unique and complex password known only to you or difficult to guess, and keeping your login and password secret. We are not responsible for lost, stolen, or compromised passwords or for activities on your account due to unauthorized password activity.

We will retain the personal data we collect for as long as reasonably necessary to fulfill the purposes for which the data was collected, to comply with our contractual and legal obligations (including any legally mandated exceptions or exemptions), and for any applicable statutes of limitations for the assertion and defense of claims.

Contacting Us:

If you have any questions or comments about this notice or any other aspect of privacy, please contact us via email.


You can also write to us at:

Attn: Data Protection Department
INVISID
A Brand of Deepsign GmbH
Ursulinenstr. 35
66111 Saarbrücken
By Email: [email protected]