Document Insights

Privacy notice

Privacy Statement according to Art. 13, 14 EU General Data Protection Regulation (GDPR)

The following privacy statement is intended to explain to you in an understandable, transparent and clear way how your personal data is processed by us while you use Document Insights. However, if you have any questions of understanding or other queries regarding data protection at PwC Solutions GmbH, hereinafter "PwC", please feel free to contact us using the contact details below.

Document Insights is an application that allows a user to quickly train an AI to specifically extract the information they are looking for from digital documents.

1. Controller

The responsible party within the meaning of Art. 4 (7) GDPR for the processing of your personal data is the

PwC Solutions GmbH
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main

Phone: +49 69 9585-0

as far as the processing operations described in clause 5 are concerned.

The responsibility for the processing referred to in clause 6, on the other hand, lies with the respective client (with whom PwC has concluded a contract for the use of Document Insights and in the context of which you receive access to Document Insights), which uses Document Insights in the course of its own business activities. For this processing referred to in Clause 6, the customer is the sole controller within the meaning of Article 4 (7) of the GDPR, which in this respect is also subject to all obligations under the data protection law applicable in Germany. Considering this, clause 5 merely constitutes information.

2. Data subject rights

You have the following rights under applicable data protection law with respect to personal data concerning you.

Right to access: You can request access from PwC at any time about whether and which personal data PwC stores about you. The provision of information by PwC is free of charge for you. The right to access does not exist or exists only to a limited extent if and insofar as information requiring secrecy would be disclosed by the information, e.g. information subject to professional secrecy.

Right to rectification: If your personal data stored by PwC is inaccurate or incomplete, you have the right to demand PwC to correct this data at any time.

Right to erasure: You have the right to request PwC to erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or, if the processing is based on your consent, you have revoked your consent. In this case, PwC must stop processing your personal data and remove it from its IT systems and databases.

A right to deletion does not exist insofar as

Right to restrict processing: You have the right to request that PwC restrict the processing of your personal data.

Right to data portability: You have the right to receive from PwC the data you have provided in a structured, common and machine-readable format, as well as the right to have this data transferred to another controller. This right exists only if

Right to object to processing: If the processing of your data is based on Art. 6 (1) (f) GDPR, you may object to the processing at any time.

All the data subject rights described above may be asserted against PwC by sending your specific request to the following e-mail address:

3. Right of appeal to a data protection supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

4. Processing operations for which PwC is responsible

Description of the data processing on the website/app and legal basis for the processing

4.1 Recipients of personal data

In order to fulfill the processing purposes listed below, data is also transferred to third parties. This may also include the transfer of personal data to European and non-European countries and the storage of data outside the EU or the European Economic Area (EEA).

Recipients bound by instructions

We share your data with service providers bound by instructions, both within the PwC network and with other third parties, such as IT service providers, who support us in our activities, e.g. in the context of the administration and maintenance of the websites and the associated systems and/or for other internal or administrative purposes.

PwC is a member of the global PwC network, which consists of the individual legally independent PwC companies. In the course of our activities, we use other German or foreign PwC network companies as network-internal IT service providers bound by instructions, which provide services of operation, maintenance and care of the IT systems as well as applications used by the PwC network companies. This is in particular PwC IT Services Ltd. based in the United Kingdom (UK).

If we pass on data to service providers bound by instructions, then we do not require a separate legal basis for this.

For more information on the cloud service providers used by PwC, please consult the following link:

Independent recipients In addition, in individual cases we pass on your data both within the PwC network and with other third parties who use your data on their own responsibility. For example, in individual cases we also transfer personal data to other companies in the PwC network, in particular to PwC WPG, in order to support and improve the effectiveness of our business processes (including coordinated marketing activities).

In addition, in individual cases, we also disclose your data to other third parties, such as public authorities, courts or other bodies, if we are required by law or by official or court order of an EU member state to disclose personal data to these bodies. These bodies also use the data on their own responsibility.

Insofar as you have explicitly consented, Art. 6 para. 1 lit. a) GDPR is the legal basis for the data transfer. If there is a legal obligation to disclose the data, Art. 6 para. 1 lit. c) GDPR is the legal basis for the data transfer. If, on the other hand, the disclosure is necessary for the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for the data transfer. Otherwise, the transfer is based on our legitimate interests and the legal basis is Art. 6 para. 1 lit. f) GDPR; we and the other companies in the PwC network have an interest in making our work processes efficient and sharing business processes within the PwC network for this purpose.

Data transfer to recipients in third countries outside EU/EEA

To the extent that any of the above-mentioned data transfers are made to a recipient outside the EEA (to so-called "third countries"), an adequate level of data protection for the foreign transfer is ensured through appropriate security measures.

For data transfers within the PwC network, the PwC network companies have, among other things, concluded an internal data protection agreement which provides for compliance with the EU standard contractual clauses of the EU Commission within the meaning of Art. 46 para. 2 lit. c) GDPR for the transfer of personal data from EU/EEA countries to PwC network companies outside the EU/EEA.

If you have any questions about such data protection agreements based on the EU standard contractual clauses or if you would like to have more information about further security mechanisms and security measures for data transfers to third countries, please feel free to use the data protection contact

4.2 Processing of personal data when accessing and using the website

When you access our website, we collect the data that is technically necessary to display this website to you. This is the following personal data, which is automatically transmitted to our server by your browser:

The processing of this personal data is based on Art. 6 para. 1 lit. f) GDPR. The website cannot be accessed and offered to users without the use of this data; there is a legitimate interest in making the access and use of the website technically possible. In addition, the data is stored in order to technically secure the website. The controller has an interest in the security and availability of this website.

The log file information is stored for 90 days and then deleted.

This website is hosted by the service provider Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA, the data collected on our website is therefore stored on the servers of the service provider. The server locations are in Germany and in other EU countries.

Data is transferred abroad, but only to countries in the European Union or the European Economic Area.

4.3 Registration and login

The access and use of our website is generally possible without login in or registering. However, some functionalities of the website can only be used after registration, these include in particular:

Registration via the website is not possible. A registration is carried out by the provider after the contract has been concluded. For this purpose, the user receives his initial user information by e-mail and can thus carry out the registration.

For registration we process the following information:

All data will be erased by us after termination of the contract. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation.

4.4 Appointment booking and contact requests by email

We offer special appointment bookings on our website so you can contact us with questions about PwC, our website and other inquiries. In addition, you can contact us by email. The independent booking of appointments does not take place via the application, but via Google Calendar. During this appointment booking as well as when contacting us via email, the data you provide (in particular your email address, your first and last name and the text of your request as well as any other information you provided via email) will be stored by us in order to process your inquiry and answer your questions.

The data processing is based on Art. 6 para. 1 lit. f) GDPR. We have an interest in contacting you via the website in response to your inquiry. Insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for the data processing.

We erase the data generated in the course of your inquiry as soon as it is no longer required for processing your inquiry. Insofar as legal retention obligations exist, the data will be stored for the duration of the legally prescribed retention obligation.

The use of the independent appointment booking is completely voluntary for you and is not a condition for the use of the website. A Google account is required to use this function.

We are not responsible for the processing of data in this function. Here, the responsibility for the processing of data lies with Google LLC. The terms of use and privacy policy of Google LLC then apply.

4.5 Use of cookies

In order to make visiting our website attractive and to enable the use of certain functions, we and certain third parties use cookies on our website. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognize your browser on your next visit (so-called persistent cookies).

The following cookie categories are used:

These cookies are technically necessary for the operation and functionality of the website. They make the website technically accessible, secure and usable and provide essential and basic functionalities, such as navigation on the website, the correct display of the website in the internet browser or consent management.

ProviderNameCookie categoryFunctionDuration
PwCppms_privacytechnically required cookieStores the visitor's consent to data collection and use365 days
PwCincap_ses_<id>technically required cookieA session token that correlates HTTP requests to a sessionSession
PwCvisid_incap_<id>technically required cookieA visitor token that correlates an HTTP session to a particular machine365 days
PwCnibi_<id>technically required cookieA load balancer token that ensures requests by a client are sent to the same origin serverSession
PwCpwcGlobalSSIDtechnically required cookieA session token that indicates whether the user started a valid session with authenticated credentials. It is generated after logging into a PwC application90 days
PwCNEXT_LOCALEtechnically required cookieStores the choosen language on the landingpage90 days
font.net__cf_bmtechnically required cookieThis cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.1 day

Analytics cookies allow us to collect data in an aggregate form about our website visitors and their experience on our website. We use this data to fix bugs and improve the experience for all visitors.

ProviderNameCookie categoryFunctionDuration
PwC_pk_ses.<websiteID>.<domainHash>Analysis cookieIndicates an active session of the visitor. If the cookie is not present, the session ended over 30 minutes ago and was counted in a pk_id cookie.30 minutes
PwC_pk_id.<websiteID>.<domainHash>Analysis cookieUsed to recognise visitors and record their various characteristics.13 months
PwCpiwik_authAnalysis cookieStores session information for the user interface (UI) of Piwik PRO. As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered to be logged in and a PIWIK_SESSID cookie is updated.24 minutes
PwCPIWIK_SESSIDAnalysis cookieStores a PHP-Session-ID.24 minutes
PwCstg_traffic_source_priorityAnalysis cookieStores the type of traffic source that explains how the visitor arrived at your website.30 minutes
PwCstg_last_interactionAnalysis cookieDetermines whether the session of the last visitor is still running or a new session has started.365 days
PwCstg_returning_visitorAnalysis cookieDetermines whether the visitor has been on your website before - these are returning visitors.365 days
PwCstg_fired__Analysis cookieDetermines whether the combination of a tag and a trigger was triggered during the current visitor session.Session
PwCstg_utm_campaignAnalysis cookieStores a name of the campaign that directed the visitor to your website.Session
PwCstg_pk_campaignAnalysis cookieStores a name of the campaign that directed the visitor to your website.Session
PwCstg_externalReferrerAnalysis cookieStores a URL of a web page that referred a visitor to your website.Session
PwC_stg_optoutAnalysis cookieUsed to disable all tracking tags in the tested domain.365 days
PwCppms_webstorageAnalysis cookieA so-called stringified object that contains information about created cookies for each module. It stores data about each cookie created, such as a key, a value, an expiry date, a path, a domain and more. This is the same data that was used to create a cookie.A ppms_webstorage item is not automatically removed. However, a visitor can delete it manually. Individual entries in the item are removed after a corresponding cookie has expired.
PwCppms_data_storeAnalysis cookieStores information from forms on your website. After a visitor submits a form, the data is passed to Audience Manager. However, if a form redirects a visitor to another page, the data can be lost. Therefore, form data is kept as a backup in local storage. (A page to which a visitor is redirected must have a form tracker, otherwise Piwik PRO cannot collect form data).After the form tracker has sent data to the server. This can happen directly after a visitor submits a form or after a new page is loaded in his browser.
Hotjar_hjSession_{site_id}Performance cookieUser Tracking: Stores current session data30 Minuten
Hotjar_hjSessionUser_{site_id}Performance cookieUser Tracking: Stores the Hotjar User ID365 Tage
Hotjar_hjSessionTooLargePerformance cookieUser Tracking: Stops the session recording if the session gets to bigSession
Hotjar_hjSessionRejectedPerformance cookieUser Tracking: Used to check if the current session recording was rejected by HotJarSession
Hotjar_hjSessionResumedPerformance cookieUser Tracking: Wird verwendet, um die Aufzeichnung von der Sitzung wieder aufzunehmenSession
Hotjar_hjClosedSurveyInvitesPerformance cookieUser Tracking: Used to prevent the user from filling out the same survey multiple times.365 days
Hotjar_hjDonePollsPerformance cookieUser Tracking: Used to prevent the user from filling out the same survey multiple times.365 days
Hotjar_hjMinimizedPollsPerformance cookieUser Tracking: Used to ensure that a minimized survey remains minimized even when navigated365 days
Hotjar_hjShownFeedbackMessagePerformance cookieUser Tracking: Used to minimize incoming feedback if the user has already filled it in or minimized it365 days
Hotjar_hjidPerformance cookieUser Tracking: Used to distinguish between users365 days
Hotjar_hjRecordingEnabledPerformance cookieUser Tracking: Set when a session recording startsSession
Hotjar_hjRecordingLastActivityPerformance cookieUser Tracking: Used for recording a sessionSession
Hotjar_hjTLDTestPerformance cookieUser tracking: cookie sharing from Hotjar across different subdomainsSession
Hotjar_hjUserAttributesHashPerformance cookieUser Tracking: Backup of user attributes as hash to check if there are any changesSession
Hotjar_hjCachedUserAttributesPerformance cookieUser Tracking: User attributes that are necessary for Hotjar to process the information.Session
Hotjar_hjLocalStorageTestPerformance cookieUser Tracking: Test if the LocalStorage is usableUnder 100ms
Hotjar_hjIncludedInPageviewSamplePerformance cookieUser tracking: indication for Hotjar if user is in daily sample of users (pageview limit)30 minutes
Hotjar_hjIncludedInSessionSamplePerformance cookieUser tracking: indication for Hotjar if user is in daily sample of users (session limit)30 minutes
Hotjar_hjAbsoluteSessionInProgressPerformance cookieUser tracking: deciding whether the user is visiting the page for the first time30 minutes
Hotjar_hjFirstSeenPerformance cookieUser Tracking: Identifies if this is the first session of a new userSession
Hotjar_hjUserAttributesHashPerformance cookieUser Tracking: Stores the user data during the sessionSession
Hotjar_hjCachedUserAttributesPerformance cookieUser Tracking: Stores the user data during the sessionSession
Hotjar_hjViewportIdPerformance cookieUser Tracking: Stores user viewport details such as size and dimensionsSession

The legal basis for the use of technically necessary cookies is § 25 para. 2 (2) Telecommunications Telemedia Data Protection Act (TTDSG) or on the basis of Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests. Our legitimate interests here lie in particular in being able to provide you with a technically optimized website that is user-friendly and tailored to your needs, as well as to ensure the security of our systems. The legal basis for consent with regard to the storage and reading of information is Section 25 (1) TTDSG and, with regard to the processing of personal data, Article 6 (1) lit. a) GDPR.

The consent includes all cookies selected by you and the storage of information associated with them on your terminal device, as well as their subsequent reading and subsequent processing of personal data.

Insofar as we use cookies based on your consent, you can withdraw your consent at any time with effect for the future, e.g. by adjusting your cookie settings here:

Your withdrawal does not affect the lawfulness of the processing carried out until the withdrawal.


We use Hotjar's anonymization function for the collection and further processing of the data. This shortens your IP address and ensures that the analysis data is not personally identifiable. We do not merge the data with other personal data.

We only use the functions of Hotjar in case of your consent, which you can give via the Consent Manager, legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR. You can also opt out of the analysis function by simply activating the standard "Do not Track" function in your browser. In this case, we will not process your personal data in the manner described here. An explanation of how you can activate the "Do not Track" function can be found at this link:

Disable Hotjar

If you wish to disable data collection by Hotjar, click on the following link and follow the instructions: Please note that disabling Hotjar must be done separately for each browser or device. For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link:

Data Processing Agreement

We have entered into an order processing agreement with Hotjar to implement the strict European data protection regulations.

Deactivation of cookie settings

Most browsers are preset to accept cookies automatically. You can object to the generation of cookies by deactivating cookies in the system settings of your browser. However, please note that some cookies are absolutely necessary for the function of our website, otherwise the page cannot be accessed and displayed. By disabling cookies, you will not be able to use parts of the website (without restrictions). We generally only use cookies that are not absolutely necessary for the function of our website with your prior express consent. In addition, you can also control the installation of cookies yourself at any time by changing your browser settings and/or deleting all cookies.

5. Processing operations for which the customer is responsible

Processing of customer data within Document Insights

Insofar as you upload data of the client, in particular the documents and their content ("client data") for the purpose of training a "Machine Learning Model" in Document Insights, this data and the related processing remain the responsibility of the client (Art. 4 (7) GDPR). In this respect, PwC acts as a Software-as-a-Service (SaaS) provider for the client as a processor within the meaning of Art. 4 (8) GDPR.

Contact us and get a product demo