DocuWise Privacy Policy

1. About This Policy

At SKOZAR Legal, pravne storitve d.o.o. (»SKOZAR«) we protect your personal data with utmost care and commitment. We respect your privacy and we protect data carefully and in accordance with applicable laws. We only collect and process your data if we have a legal basis for doing so, and only to the extent strictly necessary to achieve the purpose of the processing of personal data.

This Privacy Policy (»Policy«) describes how we process your personal data. It applies to your use of DocuWise services (»Services«) on any device. It does not apply to any other service, products, or websites we offer.

2. Our Contact Information

Information about us as a data controller:

Company name: SKOZAR Legal, pravne storitve d.o.o.
Short company name: SKOZAR Legal d.o.o.
Headquarters: Ljubljana
Business address: Kersnikova ulica 6, 1000 Ljubljana, Slovenia, EU
Registration number: 8609551000
Tax number: SI 35287390
e-mail address: office@skozar.com

3. Personal Data We Collect About You

This table sets out the categories of personal data we collect.

Collected when you sign up or update your account
Category Description
User Data

Data that we collect when you create or update your Services account.

The data include your:

–       name,

–       surname,

–       e-mail address,

–       password (in encrypted form, not readable to us).

We receive this data from you e.g. from the sign-up form or process or account updates.

Collected through your use of the Services
Category Description
Usage Data

Data collected and processed when you are using the Services.

a)    Information about your Services settings

The data include:

–       information about your language preferences,

–       information about other Services settings.

b)    Information about how you use the Services

The data include:

–       information about your actions with the Services (including date and time), such as clicks on individual features etc.

c)     Technical data

The data may include:

–       IP address,

–       information about the devices you use such as device IDs, network connection type, operating system, browser etc.

Additional data
Category Description
Survey and Research Data When you respond to a survey or take part in user research, we collect and use the personal data you provide.
Response Data If you subscribe to our E-newsletter, we receive from our e-mail marketing partners data about your interactions with campaigns (and/or emails), which may include dates and times for accessing campaigns (and/or emails) and browsing activities (such as which emails you open).

4. Purpose and Legal Basis for Processing of Your Personal Data

We process your data or data relating to you for different purposes. For each purpose, we have explained what category of data we process and why are we entitled to process it.

Here is a general explanation of each »legal basis« to help you understand the table:

  • performance of a contract: When it is necessary for SKOZAR to process your personal data to provide Services.
  • legitimate interest: When SKOZAR or a third party has an interest in using your personal data in a certain way, which is necessary and justified considering any possible risks to you and other Services users. For example, using your Usage Data to improve the Services functionalities for all users. Contact us if you want to understand a specific justification.
  • consent: When SKOZAR asks you to actively indicate your consent to use of your personal data for a specific purpose, such as for e-mail marketing.
  • compliance with legal obligations: When SKOZAR must process your personal data to comply with the law.
Purpose for processing your data Legal basis that permits the purpose Categories of personal data used for the purpose

To provide the functioning of the Services.

For example, we use your personal data to:

–       set up an account for you,

–       change your account,

–       personalise your account,

–       distinguish between users and for authentication purposes,

–       help you with the use of the Services, or

–       provide the Services functionalities.

Performance of a contract

–       User Data

–       Usage Data

–       Survey and Research Data

 

To diagnose, troubleshoot, and fix issues with the Services Performance of a contract

–       User Data

–       Usage Data

To keep the Services secure and to detect and prevent fraud.

For example, when we analyse Usage Data to check for fraudulent use of the Services.

Legitimate interest

Our legitimate interests here include protecting the smooth functioning of the Services and our users against fraud and other illegal activity.

–       User Data

–       Usage Data

–       Survey and Research Data

To evaluate and develop new features, technologies, and improvements to the Services.

For example, we analyse how our users react to a particular new feature and see whether we should make any changes.

Legitimate interest

Our legitimate interests here include developing and improving products and features for our users.

–       User Data

–       Usage Data

–       Survey and Research Data

To analyse and define marketing strategies.

 

Legitimate interest

Our legitimate interests here include developing strategies for marketing which enable us to effectively allocate marketing resources, such as which country, region or city should we target, which general types of customers are most likely to buy our services.

–       User Data

–       Usage Data

–       Survey and Research Data

–       Response Data

 

For marketing purpose via email marketing.

We will send you news, promotions, personalized offers and additional discounts.

We may apply additional processing that is compatible with the original purpose. In this regard we may carry out analysis of the responses to e-mails (whether the message was open, clicks, etc.) for the purposes of managing, analysing and customizing / personalizing campaigns to your needs and interests. We may also create general user profiles according to behaviour (e.g. past campaigns interactions), interests, and other attributes and send you automated e-mails based on this.

Consent

 

When available, you can subscribe to our E-newsletter via our website. You can unsubscribe from receiving E-newsletter at any time by clicking on the “unsubscribe” link in any e-mail you receive.

–       User Data

–       Response Data

To comply with legal obligations that we are subject to.

These include accounting, reporting and tax obligations.

Compliance with legal obligations

–       User Data

–       Usage Data

–       Survey and Research Data

–       Response Data

To comply with a request from law enforcement, courts, or other competent authorities.

Compliance with legal obligations, and legitimate interest

Our legitimate interests here include assisting law enforcement authorities to prevent or detect crime.

–       User Data

–       Usage Data

–       Survey and Research Data

–       Response Data

To establish, exercise, or defend against legal claims.

For example, if we are involved in litigation and we need to provide information to our lawyers or court in relation to that legal case.

Legitimate Interest

Our legitimate interests here include seeking legal advice, protecting ourselves, our users or others in legal proceedings.

 

–       User Data

–       Usage Data

–       Survey and Research Data

–       Response Data

To conduct accounting, business planning, reporting, and forecasting.

 

Legitimate interest

Our legitimate interests here include accounting, researching, reporting and planning so that we can keep running our business successfully.

 

–       User Data

–       Usage Data

–       Survey and Research Data

–       Response Data

To conduct research and surveys.

For example, when we contact our users to ask for your feedback.

Legitimate Interest

Our legitimate interests here include to understand more about how users think about and use the Services.

–       Survey and Research Data

 

5. Sharing Your Personal Data

See the below table for details which data we share, to whom and why we share it. Persons to whom we share data may act as our data processors with whom we enter into appropriate data processing agreements, independent data controllers or as joint controllers with whom we enter into joint controllers agreements.

Categories of recipients Categories of data Reason for sharing

Service providers who act as our data processors

 

–       User Data

–       Usage Data

–       Response Data

 

They provide different services to SKOZAR.

These service providers include those we hire to:

–       give customer support (e.g. CRM providers etc.)

–       develop, operate and maintain the technical infrastructure we need to provide for the Services (e.g. server hosting providers, cloud infrastructure providers, software development companies)

–       assist in protecting and securing our systems and services (e.g. software development companies)

–       comply with our legal obligations and pursue our other legitimate interests (e.g. accounting companies, providers of analysing tools etc.)

E-mail marketing partner who act as our data processor.

–       User Data

–       Response Data

 

They provide e-mail marketing platform and service with which we carry out e-mail marketing and additional processing that is compatible with the original purpose.
Law enforcement and other authorities, or other parties to litigation

–       User Data

–       Usage Data

–       Response Data

–       Survey and Research Data

When we believe in good faith it is necessary for us to do so, for example to comply with a legal obligation, to respond to a valid legal process (such as court order, or subpoena) or to initiate one, in litigation (a court case) etc.

 

6. Data Retention

We keep your personal data only as long as necessary to provide you with the Services and for SKOZAR’s legitimate and essential business purposes, such as:

  • maintaining the performance of the Services
  • making data-driven business decisions about new features and offerings and marketing strategies
  • complying with our legal obligations
  • resolving disputes.

Here are some of the categories of our retention periods:

  • Data retained until you remove it

It’s your right to request that we delete certain personal data under certain conditions. More on your right to erasure please see below under Section 9.

  • Data that expires after a specific period of time

We have set certain retention periods so that some data expires after a specific period of time. For example Usage Data will be deleted after the specific period of time, which is set for a specific set of data. We choose the retention period based on its legitimate business purpose.

  • Data retained until your Services account is deleted

We keep some data until your Services account is deleted. When your Services account is deleted, your data is deleted or anonymised. Generally, we keep User Data until you delete your account. We may keep it longer for the purpose of complying with our legal obligations, for the protection of our legal claims or against the legal claims of others and litigation.

  • Data retained for extended time periods for limited purposes

After your account is deleted, we keep some data for a longer time period but for very limited purposes. Examples include mandatory data retention laws, complying with our legal obligations, data kept for the purposes of litigation and data kept for the protection of our legal claims or against the legal claims of others.

 

7. Transfer of the Data Outside EU

SKOZAR may share personal data internationally with subcontractors and partners when carrying out the activities described in this Policy. They may process your data in countries outside EU.

To ensure each data transfer complies with applicable EU legislation, we use the following legal mechanisms:

  • Standard Contractual Clauses (»SCCs«). These clauses require the other party to protect your data and to provide you with EU-level rights and protections. You can exercise your rights under the Standard Contractual Clauses by contacting us.
  • Adequacy Decisions. This means that we transfer personal data to countries outside of the European Economic Area which have adequate laws to protect personal data, as determined by the European Commission.

 

8. Keeping Your Personal Data Safe

We are committed to protecting your personal data. We put in place appropriate technical and organisational measures to help protect the security of your personal data. We have put various safeguards in place to guard against unauthorised access and unnecessary retention of personal data in our systems. These include access and retention policies. However, no system is ever completely secure.

To protect your user account, we encourage you to:

  • use a strong password which you only use for the Services;
  • never share your password with anyone;
  • limit access to devices;
  • log out once you have finished using the Services on a shared device.

 

9. What Rights Do You Have in Relation to the Processing of Your Data?

You may exercise the following rights with respect to your data:

  • right to be informed: you have the right to be informed of the personal data we process about you and how we process it. We hope that in this document we have provided you with all the necessary information you need regarding the processing of your data. However, if you still have any questions, please contact us and we will be happy to give you all the necessary explanations.
  • right to access to your personal data: You have the right to request access to the personal data we process about you. You can request confirmation as to whether personal data concerning you are being processed, and, where that is the case, access to the personal data and the information under Article 15 of the GDPR. You have the right to request a copy of your personal data.
  • right to rectification: we strive to keep accurate and complete information at all times. In the event that we unintentionally keep inaccurate or incomplete information, you have the right to request that we correct and/or supplement it.
  • right to erasure: in some cases, you have the right to request the deletion / erasure of your personal data. We will delete your personal data as soon as possible if any of the following reasons are met:
    • we no longer need your personal data for the purposes for which we processed them;
    • you have withdrawn your consent to the processing of personal data, in relation to the processed data, for which your consent is necessary;
    • you have exercised your right to object to the processing of personal data that we process on the basis of our legitimate interest, and we recognize that we no longer have legitimate interests that would justify the further processing of this data, or you object to direct marketing; or
    • you assume that the processing of personal data that we carry out is no longer in accordance with generally binding legal regulations.

There are situations where we won’t be able to delete your data, for example when we have a legal obligation to keep the data, we need the data to establish, exercise or defend legal claims or it’s still necessary to process the data for certain purpose and we have appropriate legal basis to further process this data.

  • right to restriction of processing: In some cases, in addition to the right to erasure, you may also exercise the right to restrict the processing of personal data. We must limit the processing of personal data:
    • if you challenge the accuracy of personal data, until we reach an agreement on which data is correct;
    • if we process your personal data without an appropriate legal basis (e.g., above the intended scope), instead of deleting such data, you will give priority to their limitation (e.g., if you assume that you will still want to provide this data to us in the future);
    • if we no longer need your personal information for the purposes described above, but you need it to determine, execute or defend your legal claims; or
    • if you object to the processing of data and we are assessing your objection request.
  • right to data portability: you can request from us all your personal data that you have provided to us and that we process on the basis of your consent and on the basis of the implementation of the contract. We will provide you with personal data in a structured, stable and machine-readable form. You have the right to request that personal data be transferred directly from us to another controller when technically feasible.
  • right to object to the processing of data: based on the reasons related to your special situation, you have the right to object to the processing of personal data that is based on our legitimate interests. In any case, you always have the right to object to the processing of data for the purposes of direct marketing. We will immediately stop processing your data for marketing activities; in other cases, we will do the same if we do not have legitimate reasons for processing that outweigh your rights or to enforce legal claims.
  • right not to be subject to automated decision making: you have the right not to be subject to a decision based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. We do not carry out this type of automated decision making.
  • right to withdraw consent: you also have the right to withdraw consent for processing in cases where we process data based on your consent.

In any case, you have the right to file a complaint with the Information Commissioner of the Republic of Slovenia, the Slovenian supervisory body responsible for data protection (Dunajska cesta 22, 1000 Ljubljana, www.ip-rs.si). However, we would appreciate it if you could contact us before filing a complaint, as we are confident that together we will be able to address your concerns regarding the processing of your personal information.

 

10. Cookie Policy

Cookies are small pieces of text which are downloaded to your device, for example, when you visit a website. Cookies are useful because they allow SKOZAR to uniquely recognise your device and support the continuity of your experience, for example by helping us to understand your preferences or past actions.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience.

SKOZAR uses only strictly necessary cookies. These cookies are set by SKOZAR are essential to enable you to use the features of our Services, such as technically delivering content, setting your privacy preferences, logging in, etc. Without these cookies, our Services cannot be provided so you cannot decline them.

This table sets out the strictly necessary cookies that we use.

Cookie Purpose and functioning Duration Who sets the cookie?
sb-api-auth-token To authenticate and authorize API requests. Persistent docuwise.eu
sentryReplaySession To analyze errors on the website. Persistent docuwise.eu
platform_host To control visual presentation of the  website. Session docuwise.eu

 

11. Changes to this Privacy Policy

We may periodically update this Policy. If we make any material changes, we will notify you thereof. The date that this Policy was last revised is identified at the bottom.

 

12. How Can You Exercise Your Rights With Us?

If you have a question or you would like to exercise your rights, simply email us at office@skozar.com. We will try to respond to your request as soon as possible, and within one month at the latest.

 

March 2024