Privacy Policy

How we protect your personal data and ensure GDPR compliance

Hello! Thank you for taking the time to read our privacy policy.

Since we work with sensitive medical data daily, we take data protection very seriously. Our philosophy is simple: we only collect data we really need and are transparent about what we do with it. No secret tracking, no data sales to third parties.

If you want to use our AI service, we will enter into a data processing agreement with you that contains all details about the type and purpose of patient data processing. The following declaration covers data processing on our website and in general business activities.

§ 1 Information about the Collection of Personal Data and Controller

The following informs you about the collection of personal data when using our website. Personal data is all data that can be personally related to you, e.g. name, address, email addresses, user behavior.

The controller according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:

docxtract

Christoph Bogner

Seidlgasse 21

1030 Wien

Austria

For any questions regarding data protection and privacy, you can contact our Data Protection Officer:

Thomas Stimakovits

Data Protection Officer

thomas@docxtract.ai

§ 2 Your Rights under Chapter 3, Articles 12 - 23 GDPR

You have the following rights with regard to personal data concerning you:

  • Right to access
  • Right to rectification or deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

You also have the right to file a complaint with the competent data protection supervisory authority regarding the processing of your personal data by us in case of data protection violations.

§ 3 Collection of Personal Data when Visiting our Website

When using the website, your browser transmits technical data to our server that is necessary for displaying the website. However, our web server does not store access logs and does not persistently store this data.

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of browser software

Important: None of this data is logged, stored, or retained by our server. The data is processed only in memory for the duration required to serve your request and is immediately discarded. We do not maintain access logs or combine this data with any other sources.

Cookies, Tracking, Analytics

No cookies are set, and no tracking or analytics tools are used.

§ 4 YouTube Videos

Our website may display YouTube videos, which are operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). YouTube is operated by Google Ireland Limited ("Google Ireland"), Gordon House, Barrow Street, Dublin 4, Ireland.

Privacy-friendly approach: We do not automatically load YouTube videos. Instead, we show you a consent dialog before any connection to YouTube servers is established. YouTube videos are only loaded after you explicitly click "Accept" to consent to data transfer to YouTube.

Once you consent to video playback, a connection to YouTube servers is established. YouTube then receives information about which of our pages you have visited. If you are logged into your YouTube account, YouTube may associate your browsing behavior with your personal profile.

The legal basis for processing is your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by declining to watch videos or closing the video player.

Further information about YouTube's handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy

§ 5 Microsoft 365 Email Processing

When you contact us via email, we use Microsoft 365 services operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, and Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland for email processing and storage.

Your inquiry including all resulting personal data (name, inquiry) is stored and processed with us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6 para. 1 lit. f GDPR).

The data you send to us via contact inquiries remain with us until you ask us to delete them, revoke your consent to storage or the purpose for data storage ceases to apply (e.g. after completion of your request). Mandatory legal provisions - especially retention periods - remain unaffected. We typically retain email correspondence for up to 12 months for documentation purposes.

§ 6 Data Security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. Whether an individual page of our website is transmitted encrypted can be recognized by the closed representation of the lock symbol in your browser's address input field.

§ 7 Data Transfer

We do not transfer your personal data to third parties. We only share your personal data with third parties if this is necessary for contract fulfillment, if we are legally obligated to do so, or if you have given your consent.

Back to Home