Privacy Policy

Robodocxs GmbH

Seitzstrasse 23, 80538 Munich

Munich Local Court,, HRB 281 065

Email: kontakt@robodocxs.ai

Phone: +49 (0)89-5404557-66

‍

As of: February 2026

‍

‍

‍

1. Controller and Data Protection Officer

‍

The controller within the meaning of the General Data Protection Regulation (GDPR) is Robodocxs GmbH, Seitzstrasse 23, 80538 Munich (hereinafter “Robodocxs” or “we”).

‍
For any data protection inquiries, you can contact us at: datenschutz@robodocxs.ai

‍

‍

2. Subject Matter and Scope

‍

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data when using our website (www.robodocxs.ai) and our SaaS platform for automated document digitization and ERP integration (hereinafter “Platform”).
) and our SaaS platform for automated document digitization and ERP integration (hereinafter “Platform”).

‍
Robodocxs’ services are intended exclusively for entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), legal entities under public law, or special funds under public law. Accordingly, this privacy policy is primarily addressed to our business customers and their representatives, as well as visitors to our website.

‍
Robodocxs operates an Information Security Management System (ISMS) in accordance with ISO 27001. The measures described in this privacy policy are aligned with the requirements of this certification.

‍

3. What Data We Process

‍

3.1 When Visiting Our Website

When accessing our website, the following data is automatically collected by the web server (so-called server log files):

‍

• IP address of the requesting device
• Date and time of access
• Name and URL of the retrieved file
• Referrer URL (previously visited page)
• Browser and operating system used
• Amount of data transferred

‍
This data is processed solely to ensure the smooth operation of the website and to improve our services. It is not merged with other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website).

‍

3.2. During Registration and Use of the Platform

When registering and within the contractual relationship, we process the following data:

‍

• Company name, address, and industry
• Name and contact details of the contact person (email, phone)
• Access credentials (username, encrypted password)
• Payment information (credit card details or billing address)
• Platform usage data (number of processed documents, timestamps, error logs)

‍
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in fraud prevention and platform security).

‍

3.3 Documents Uploaded by Customers

As part of our services, customers upload documents to our platform for automated digitization. These documents may contain personal data of third parties.
In such cases, Robodocxs processes this data solely on behalf of and in accordance with the instructions of the customer as a data processor pursuant to Art. 28 GDPR. Details are governed by a separate Data Processing Agreement (DPA).

‍

3.4 Contacting Us

If you contact us by email, phone, or via a contact form, we process the data you provide (name, email address, content of the inquiry) to handle your request.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

‍

‍

4. Purposes of Data Processing

‍

We process personal data for the following purposes:

‍

• Providing and operating the website and platform
• Establishing, performing, and terminating contractual relationshipsn
• Billing for services used
• Customer support and service
• Ensuring IT security and platform operations
• Compliance with legal retention and documentation obligations
• Further development and improvement of our services (based on anonymized or aggregated data)

‍

5. Data Processing on Behalf (Art. 28 GDPR)

‍

Where Robodocxs processes personal data on behalf of the customer in the context of document digitization, we conclude a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

‍
This agreement regulates in particular:

‍

• Subject matter and duration of processing
• Nature and purpose of processing
• Type of personal data and categories of data subjects
• Obligations and rights of the controller
• Technical and organizational measures
• Use of subprocessors

‍
The DPA can be requested at kontakt@robodocxs.ai

‍

‍

6. Recipients and Disclosure of Data

‍

Personal data is only shared with third parties if necessary for contract performance, if there is a legal obligation, or if you have given your consent. Possible recipients include:

‍

Hosting and infrastructure providers: We use cloud infrastructure services to operate our platform. Servers are located within the European Union.

‍
Payment service providers: We use certified payment providers compliant with PCI DSS standards to process credit card payments.

‍
Tax advisors and auditors: As required by law.

‍

All service providers are contractually bound to comply with GDPR. Where data processing on behalf takes place, we have concluded agreements in accordance with Art. 28 GDPR.

‍

‍

7. Data Transfers to Third Countries

‍

As a rule, personal data is not transferred to countries outside the European Economic Area (EEA). Should this be necessary in individual cases, we ensure that an adequate level of data protection is maintained, for example through EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) or an adequacy decision by the European Commission (Art. 45 GDPR).
If such a transfer is necessary in individual cases, we ensure an adequate level of data protection, for example through EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) or an adequacy decision of the European Commission (Art. 45 GDPR).

‍

‍

‍

8. Technical and Organizational Measures

‍

Robodocxs implements appropriate technical and organizational measures to protect your personal data in accordance with Art. 32 GDPR. These include, among others:

‍

• Encryption of data transmission (TLS/SSL)
• Encryption of stored data (encryption at rest)
• Access controls and role-based authorization systems
• Regular security audits and penetration tests
• Logging of security-relevant events
• Emergency and recovery concepts (business continuity management)
• Regular employee training

‍
These measures are continuously reviewed and improved as part of our ISO 27001-certified ISMS.

‍

‍

9. Storage Duration and Deletion

‍

Personal data is stored only as long as necessary for the respective processing purpose or as required by statutory retention periods:

‍

Contract data: For the duration of the contractual relationship and thereafter in accordance with statutory retention periods (generally 6 or 10 years under § 257 HGB and § 147 AO).
‍

Documents uploaded by customers: Deleted within 30 days after termination of the contractual relationship, unless statutory retention obligations apply.
‍

Server log files: Deleted after a maximum of 90 days.
‍

Contact inquiries: Deleted after processing is completed and any applicable warranty periods have expired.

‍
10. Your Rights as a Data Subject

‍

You have the following rights regarding your personal data:

‍

• Right of access (Art. 15 GDPR): You may request information about the personal data we process.
• Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): You may request the deletion of your data, provided there are no legal retention obligations to the contrary.
• Right to restriction of processing (Art. 18 GDPR): You may request the restriction of the processing of your data.
• Right to data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): You may object at any time to the processing of your data based on Art. 6(1)(f) GDPR.
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

‍

To exercise your rights, please contact: datenschutz@robodocxs.ai

‍

‍

11. Right to Lodge a Complaint with a Supervisory Authority

‍

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The authority responsible for Robodocxs is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
poststelle@lda.bayern.de

‍
Promenade 18, 91522 Ansbach
poststelle@lda.bayern.de

www.lda.bayern.de

‍

‍

12. Cookies and Tracking

‍
Our website uses technically necessary cookies required for its operation. These are set on the basis of Art. 6(1)(f) GDPR.
Where we use additional cookies or tracking technologies (e.g., for web analytics), we obtain your prior consent in accordance with Art. 6(1)(a) GDPR and Section 25 TDDDG. You can withdraw your consent at any time via our cookie banner.

‍
Where we use additional cookies or tracking technologies (e.g., for web analytics), we obtain your prior consent in accordance with Art. 6(1)(a) GDPR and Section 25 TDDDG. You can withdraw your consent at any time via our cookie banner.

‍

‍

13. Data Protection Incidents

‍
Robodocxs has a documented procedure for detecting, reporting, and handling data protection incidents. In the event of a personal data breach (Art. 33 GDPR), we will report it to the competent supervisory authority without undue delay and, where possible, within 72 hours of becoming aware of it, provided the breach is likely to result in a risk to the rights and freedoms of natural persons. If the risk is high, we will also inform affected individuals without undue delay in accordance with Art. 34 GDPR.

‍
Customers whose data is affected will be informed immediately so they can meet their own reporting obligations.

‍

‍

14. Data Protection Impact Assessment

‍
Where processing is likely to result in a high risk to the rights and freedoms of natural persons, Robodocxs conducts a Data Protection Impact Assessment (DPIA) in accordance with Art. 35 GDPR. This applies in particular to new processing activities or significant changes to existing processing related to document digitization.

‍

‍

15. Changes to This Privacy Policy

‍
We reserve the right to amend this privacy policy as necessary to reflect changes in legal requirements, technical developments, or our services. The current version is always available on our website. We will inform customers separately of any significant changes.

‍

‍

16. Information Security in Accordance with ISO 27001

‍
Robodocxs operates an Information Security Management System (ISMS) in accordance with ISO 27001. This includes policies, processes, and controls to protect the confidentiality, integrity, and availability of all processed information.
Data protection requirements under the GDPR are an integral part of our ISMS. Regular internal and external audits ensure the effectiveness of the implemented measures.

‍
Data protection requirements under the GDPR are an integral part of our ISMS. Regular internal and external audits ensure the effectiveness of the implemented measures.