The following privacy statement is intended to explain to you in an understandable, transparent and clear way how your personal data is processed by us while you use Document Insights. However, if you have any questions of understanding or other queries regarding data protection at PwC Solutions GmbH, hereinafter "PwC", please feel free to contact us using the contact details below.
Document Insights is an application that allows a user to quickly train an AI to specifically extract the information they are looking for from digital documents.
The responsible party within the meaning of Art. 4 (7) GDPR for the processing of your personal data is the
PwC Solutions GmbH
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
E-mail: DE_Kontakt@pwc.com
Phone: +49 69 9585-0
as far as the processing operations described in clause 5 are concerned.
The responsibility for the processing referred to in clause 6, on the other hand, lies with the respective client (with whom PwC has concluded a contract for the use of Document Insights and in the context of which you receive access to Document Insights), which uses Document Insights in the course of its own business activities. For this processing referred to in Clause 6, the customer is the sole controller within the meaning of Article 4 (7) of the GDPR, which in this respect is also subject to all obligations under the data protection law applicable in Germany. Considering this, clause 5 merely constitutes information.
You have the following rights under applicable data protection law with respect to personal data concerning you.
Right to access: You can request access from PwC at any time about whether and which personal data PwC stores about you. The provision of information by PwC is free of charge for you. The right to access does not exist or exists only to a limited extent if and insofar as information requiring secrecy would be disclosed by the information, e.g. information subject to professional secrecy.
Right to rectification: If your personal data stored by PwC is inaccurate or incomplete, you have the right to demand PwC to correct this data at any time.
Right to erasure: You have the right to request PwC to erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have revoked your consent. In this case, PwC must stop processing your personal data and remove it from its IT systems and databases.
A right to deletion does not exist insofar as
Right to restrict processing: You have the right to request that PwC restrict the processing of your personal data.
Right to data portability: You have the right to receive from PwC the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right exists only if
Right to object to processing: If the processing of your data is based on Art. 6 (1) (f) GDPR, you may object to the processing at any time.
All the data subject rights described above may be asserted against PwC by sending your specific request to the following e-mail address:
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.
Description of the data processing on the website/app and legal basis for the processing
In order to fulfill the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).
Recipients bound by instructionsWe share your data with service providers bound by instructions, both within the PwC network and with other third parties, such as IT service providers, who support us in our activities, e.g. in the context of the administration and maintenance of the websites and the associated systems and/or for other internal or administrative purposes.
PwC is a member of the global PwC network, which consists of the individual legally independent PwC companies. In the course of our activities, we use other German or foreign PwC network companies as network-internal IT service providers bound by instructions, which provide services of operation, maintenance and care of the IT systems as well as applications used by the PwC network companies. This is in particular PwC IT Services Ltd. based in the United Kingdom (UK).
If we pass on data to service providers bound by instructions, then we do not require a separate legal basis for this.
For more information on the cloud service providers used by PwC, please consult the following link: https://www.pwc.de/en/disclaimer/cloud-services-providers.html.
Independent recipients In addition, in individual cases we pass on your data both within the PwC network and with other third parties who use your data on their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network, in particular to PwC WPG, in order to support and improve the effectiveness of our business processes (including coordinated marketing activities).
In addition, in individual cases, we also disclose your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.
Insofar as you have explicitly consented, Art. 6 para. 1 lit. a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, Art. 6 para. 1 lit. c) GDPR is the legal basis for the data transfer. If, on the other hand, the disclosure is necessary for the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for the data transfer. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art. 6 para. 1 lit. f) GDPR; we and the other companies in the PwC network have an interest in making our work processes efficient and sharing business processes within the PwC network for this purpose.
Data transfer to recipients in third countries outside EU/EEATo the extent that any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called "third countries"), an adequate level of data protection for the foreign transfer is ensured through appropriate security measures.
For data transfers within the PwC network, the PwC network companies have, among other things, concluded an internal data protection agreement which provides for compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art. 46 para. 2 lit. c) GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.
If you have any questions about such data protection agreements based on the EU standard contractual clauses or if you would like to have more information about further security mechanisms and security measures for data transfers to third countries, please feel free to use the data protection contact DE_Datenschutz@pwc.com.
When you access our website, we collect the data that is technically necessary to display this website to you. This is the following personal data, which is automatically transmitted to our server by your browser:
The processing of this personal data is based on Art. 6 para. 1 lit. f) GDPR. The website cannot be accessed and offered to users without the use of this data; there is a legitimate interest in making the access and use of the website technically possible. In addition, the data is stored in order to technically secure the website. The controller has an interest in the security and availability of this website.
The log file information is stored for 90 days and then deleted.
This website is hosted by the service provider Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA, the data collected on our website is therefore stored on the servers of the service provider. The server locations are in Germany and in other EU countries.
Data is transferred abroad, but only to countries in the European Union or the European Economic Area.
The access and use of our website is generally possible without login in or registering. However, some functionalities of the website can only be used after registration, these include in particular:
Registration via the website is not possible. A registration is carried out by the provider after the contract has been concluded. For this purpose, the user receives his initial user information by e-mail and can thus carry out the registration.
For registration we process the following information:
All data will be erased by us after termination of the contract. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation.
We offer special appointment bookings on our website so you can contact us with questions about PwC, our website and other inquiries. In addition, you can contact us by email. The independent booking of appointments does not take place via the application, but via Google Calendar. During this appointment booking as well as when contacting us via email, the data you provide (in particular your email address, your first and last name and the text of your request as well as any other information you provided via email) will be stored by us in order to process your inquiry and answer your questions.
The data processing is based on Art. 6 para. 1 lit. f) GDPR. We have an interest in contacting you via the website in response to your inquiry. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for the data processing.
We erase the data generated in the course of your inquiry as soon as it is no longer required for processing your inquiry. Insofar as legal retention obligations exist, the data will be stored for the duration of the legally prescribed retention obligation.
The use of the independent appointment booking is completely voluntary for you and is not a condition for the use of the website. A Google account is required to use this function.
We are not responsible for the processing of data in this function. Here, the responsibility for the processing of data lies with Google LLC. The terms of use and privacy policy of Google LLC then apply.
In order to make visiting our website attractive and to enable the use of certain functions, we and certain third parties use cookies on our website. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognize your browser on your next visit (so-called persistent cookies).
The following cookie categories are used:
These cookies are technically necessary for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, the correct display of the website in the internet browser or consent management.
| Provider | Name | Cookie category | Function | Duration |
|---|---|---|---|---|
| PwC | ppms_privacy | technically required cookie | Stores the visitor's consent to data collection and use | 365 days |
| PwC | incap_ses_<id> | technically required cookie | A session token that correlates HTTP requests to a session | Session |
| PwC | visid_incap_<id> | technically required cookie | A visitor token that correlates an HTTP session to a particular machine | 365 days |
| PwC | nibi_<id> | technically required cookie | A load balancer token that ensures requests by a client are sent to the same origin server | Session |
| PwC | pwcGlobalSSID | technically required cookie | A session token that indicates whether the user started a valid session with authenticated credentials. It is generated after logging into a PwC application | 90 days |
| PwC | NEXT_LOCALE | technically required cookie | Stores the choosen language on the landingpage | 90 days |
| font.net | __cf_bm | technically required cookie | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | 1 day |
Analytics cookies allow us to collect data in an aggregate form about our website visitors and their experience on our website. We use this data to fix bugs and improve the experience for all visitors.
| Provider | Name | Cookie category | Function | Duration |
|---|---|---|---|---|
| PwC | _pk_ses.<websiteID>.<domainHash> | Analysis cookie | Indicates an active session of the visitor. If the cookie is not present, the session ended over 30 minutes ago and was counted in a pk_id cookie. | 30 minutes |
| PwC | _pk_id.<websiteID>.<domainHash> | Analysis cookie | Used to recognise visitors and record their various characteristics. | 13 months |
| PwC | piwik_auth | Analysis cookie | Stores session information for the user interface (UI) of Piwik PRO. As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered to be logged in and a PIWIK_SESSID cookie is updated. | 24 minutes |
| PwC | PIWIK_SESSID | Analysis cookie | Stores a PHP-Session-ID. | 24 minutes |
| PwC | stg_traffic_source_priority | Analysis cookie | Stores the type of traffic source that explains how the visitor arrived at your website. | 30 minutes |
| PwC | stg_last_interaction | Analysis cookie | Determines whether the session of the last visitor is still running or a new session has started. | 365 days |
| PwC | stg_returning_visitor | Analysis cookie | Determines whether the visitor has been on your website before - these are returning visitors. | 365 days |
| PwC | stg_fired__ | Analysis cookie | Determines whether the combination of a tag and a trigger was triggered during the current visitor session. | Session |
| PwC | stg_utm_campaign | Analysis cookie | Stores a name of the campaign that directed the visitor to your website. | Session |
| PwC | stg_pk_campaign | Analysis cookie | Stores a name of the campaign that directed the visitor to your website. | Session |
| PwC | stg_externalReferrer | Analysis cookie | Stores a URL of a web page that referred a visitor to your website. | Session |
| PwC | _stg_optout | Analysis cookie | Used to disable all tracking tags in the tested domain. | 365 days |
| PwC | ppms_webstorage | Analysis cookie | A so-called stringified object that contains information about created cookies for each module. It stores data about each cookie created, such as a key, a value, an expiry date, a path, a domain and more. This is the same data that was used to create a cookie. | A ppms_webstorage item is not automatically removed. However, a visitor can delete it manually. Individual entries in the item are removed after a corresponding cookie has expired. |
| PwC | ppms_data_store | Analysis cookie | Stores information from forms on your website. After a visitor submits a form, the data is passed to Audience Manager. However, if a form redirects a visitor to another page, the data can be lost. Therefore, form data is kept as a backup in local storage. (A page to which a visitor is redirected must have a form tracker, otherwise Piwik PRO cannot collect form data). | After the form tracker has sent data to the server. This can happen directly after a visitor submits a form or after a new page is loaded in his browser. |
| Hotjar | _hjSession_{site_id} | Performance cookie | User Tracking: Stores current session data | 30 Minuten |
| Hotjar | _hjSessionUser_{site_id} | Performance cookie | User Tracking: Stores the Hotjar User ID | 365 Tage |
| Hotjar | _hjSessionTooLarge | Performance cookie | User Tracking: Stops the session recording if the session gets to big | Session |
| Hotjar | _hjSessionRejected | Performance cookie | User Tracking: Used to check if the current session recording was rejected by HotJar | Session |
| Hotjar | _hjSessionResumed | Performance cookie | User Tracking: Wird verwendet, um die Aufzeichnung von der Sitzung wieder aufzunehmen | Session |
| Hotjar | _hjClosedSurveyInvites | Performance cookie | User Tracking: Used to prevent the user from filling out the same survey multiple times. | 365 days |
| Hotjar | _hjDonePolls | Performance cookie | User Tracking: Used to prevent the user from filling out the same survey multiple times. | 365 days |
| Hotjar | _hjMinimizedPolls | Performance cookie | User Tracking: Used to ensure that a minimized survey remains minimized even when navigated | 365 days |
| Hotjar | _hjShownFeedbackMessage | Performance cookie | User Tracking: Used to minimize incoming feedback if the user has already filled it in or minimized it | 365 days |
| Hotjar | _hjid | Performance cookie | User Tracking: Used to distinguish between users | 365 days |
| Hotjar | _hjRecordingEnabled | Performance cookie | User Tracking: Set when a session recording starts | Session |
| Hotjar | _hjRecordingLastActivity | Performance cookie | User Tracking: Used for recording a session | Session |
| Hotjar | _hjTLDTest | Performance cookie | User tracking: cookie sharing from Hotjar across different subdomains | Session |
| Hotjar | _hjUserAttributesHash | Performance cookie | User Tracking: Backup of user attributes as hash to check if there are any changes | Session |
| Hotjar | _hjCachedUserAttributes | Performance cookie | User Tracking: User attributes that are necessary for Hotjar to process the information. | Session |
| Hotjar | _hjLocalStorageTest | Performance cookie | User Tracking: Test if the LocalStorage is usable | Under 100ms |
| Hotjar | _hjIncludedInPageviewSample | Performance cookie | User tracking: indication for Hotjar if user is in daily sample of users (pageview limit) | 30 minutes |
| Hotjar | _hjIncludedInSessionSample | Performance cookie | User tracking: indication for Hotjar if user is in daily sample of users (session limit) | 30 minutes |
| Hotjar | _hjAbsoluteSessionInProgress | Performance cookie | User tracking: deciding whether the user is visiting the page for the first time | 30 minutes |
| Hotjar | _hjFirstSeen | Performance cookie | User Tracking: Identifies if this is the first session of a new user | Session |
| Hotjar | _hjUserAttributesHash | Performance cookie | User Tracking: Stores the user data during the session | Session |
| Hotjar | _hjCachedUserAttributes | Performance cookie | User Tracking: Stores the user data during the session | Session |
| Hotjar | _hjViewportId | Performance cookie | User Tracking: Stores user viewport details such as size and dimensions | Session |
The legal basis for the use of technically necessary cookies is § 25 para. 2 (2) Telecommunications Telemedia Data Protection Act (TTDSG) or on the basis of Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests. Our legitimate interests here lie in particular in being able to provide you with a technically optimized website that is user-friendly and tailored to your needs, as well as to ensure the security of our systems. The legal basis for consent with regard to the storage and reading of information is Section 25 (1) TTDSG and, with regard to the processing of personal data, Article 6 (1) lit. a) GDPR.
The consent includes all cookies selected by you and the storage of information associated with them on your terminal device, as well as their subsequent reading and subsequent processing of personal data.
Insofar as we use cookies based on your consent, you can withdraw your consent at any time with effect for the future, e.g. by adjusting your cookie settings here:
Your withdrawal does not affect the lawfulness of the processing carried out until the withdrawal.
Hotjar
We use Hotjar's anonymization function for the collection and further processing of the data. This shortens your IP address and ensures that the analysis data is not personally identifiable. We do not merge the data with other personal data.
We only use the functions of Hotjar in case of your consent, which you can give via the Consent Manager, legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR. You can also opt out of the analysis function by simply activating the standard "Do not Track" function in your browser. In this case, we will not process your personal data in the manner described here. An explanation of how you can activate the "Do not Track" function can be found at this link: https://www.hotjar.com/policies/do-not-track/
Disable Hotjar
If you wish to disable data collection by Hotjar, click on the following link and follow the instructions: https://www.hotjar.com/opt-out Please note that disabling Hotjar must be done separately for each browser or device. For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy
Data Processing Agreement
We have entered into an order processing agreement with Hotjar to implement the strict European data protection regulations.
Deactivation of cookie settings
Most browsers are preset to accept cookies automatically. You can object to the generation of cookies by deactivating cookies in the system settings of your browser. However, please note that some cookies are absolutely necessary for the function of our website, otherwise the page cannot be accessed and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions). We generally only use cookies that are not absolutely necessary for the function of our website with your prior express consent. In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.
Processing of customer data within Document Insights
Insofar as you upload data of the client, in particular the documents and their content ("client data") for the purpose of training a "Machine Learning Model" in Document Insights, this data and the related processing remain the responsibility of the client (Art. 4 (7) GDPR). In this respect, PwC acts as a Software-as-a-Service (SaaS) provider for the client as a processor within the meaning of Art. 4 (8) GDPR.