Website
App
Barcode Demo

Privacy Policy

Website

Last updated: March 08, 2022

This Privacy Policy provides you with information regarding which personal data (hereinafter also referred to simply as “data”) we collect when you use our website scanbot.io, the purposes for which your data are processed and your rights in relation to the processing of your data. You can access this Privacy Policy at any time by visiting our website: https://scanbot.io/privacy/.

1. Controller/contact

The controller within the meaning of applicable data protection law is:

Scanbot SDK GmbH (hereinafter also “we” and “us”)
Adenauerallee 120-122
53113 Bonn
Germany

If you have questions or suggestions regarding any data protection matter, you can also write to us via email; our email address is legal@scanbot.io

You can reach our data protection officer at dataprivacy@scanbot.io

2. The data protected

The data protected are personal data. Article 4(1) General Data Protection Regulation (“GDPR”) defines personal data as any information relating to an identified or identifiable natural person.

3. Website hosting

For hosting our website, we use the services of Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (“Webflow”). Webflow processes personal data on our behalf, i.e., only in accordance with our instructions (cf. Article 4(8), 28 GDPR). Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Webflow entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

4. Making contact

4.1 Making contact by using our contact details

If you send us a request (via email, telephone or letter post) by using our contact details, we process your name, type, subject and contents of your enquiry as well as the time and date of your enquiry and any information you provide in your enquiry. Depending on the method of communication you choose the contact information provided there (your email address, your phone number and / or your postal address) in order to respond to that request.

4.2 Online meeting

If you schedule an online meeting with us, we process any information you provide in your meeting request (name, email address, and the content of your request) in order to schedule the meeting requested and to send you invitations to the online meeting and to respond to your request.

If you provide email addresses of other participants, we also process those email addresses for the abovementioned purposes.

We will send to the email addresses you provide an invitation to the meeting you requested, together with any dial-in credentials required to join the online meeting. Once you confirm the invitation, we also process your confirmation for the abovementioned purposes.

4.3 Purpose and legal basis for the processing

We process said data not only during the contact process and online meetings, as the case may be, so that we can take into receipt and process your response; we also collect said data whenever a request is made in connection with contracts, so that we can initiate and perform each contractual relationship (Article 6(1)(1)(f) GDPR). Therein also lies our legitimate interest. If you yourself make a request and become a (potential) party to a contract with us, then data are processed for purposes of initiating and performing the corresponding contractual relationship (Article 6(1)(1)(b) GDPR).

4.4 Storage of your personal data

In the case of requests, which have potential legal relevance, we reserve the right to retain the requests for a period equal to the respective statutes of limitation, that is: three years, commencing as of the end of the year in which we have received your request. Apart from said cases, we erase requests once we no longer need them for the purpose for which we collected them. Such is the case once we have processed your request completely.

The storage takes place based on our legitimate interest, the proper documentation of our business operations and the securing of our legal positions (Article 6(1)(1)(f) GDPR).

5. Carrying out online meetings

5.1 Data, which you yourself provide

We use Zoom to carry out online meetings. Zoom is a service of Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, whose registered office is located in the United States (“Zoom, Inc.”).

If you visit the Zoom website, Zoom, Inc. is the controller. However, using Zoom requires that you visit its website only when you download the Zoom software.

You can also use Zoom, if you enter, directly into the Zoom app, your meeting ID and, where applicable, further meeting dial-in credentials. If you prefer not to use the Zoom app, you also have the option of using the basic browser version, which you will also find on the Zoom website.

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Zoom, Inc. entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Your personal data are processed whenever you use Zoom.

These data include

  • your name, 
  • your email address, 
  • your password,
  • your IP address,
  • your end device information, and 
  • the topic of the online meeting.

Beyond the foregoing, you have the option to provide further information. Such includes

  • your telephone number,
  • your department, and 
  • your profile picture.

If you dial in by telephone, the following data are processed:

  • incoming and outgoing number, 
  • country name, 
  • start and end time of the online meeting, and
  • where applicable, additional connection data such as your device’s IP address.

To the extent that you use the question or polling features during an online meeting, the text you input will be processed in order to display it in the online meeting and, where applicable, to log it. Displaying video and relaying audio requires that, for the duration of the meeting, the data from your device’s microphone and, where applicable, that from your end device’s video camera be processed. However, in the Zoom applications, you can turn off or mute your camera or microphone at any time.

The legal basis for the data processed during online meetings is Article 6(1)(1)(f) GDPR. We have a legitimate interest in effectively carrying out the online meetings, whenever you request a meeting; in responding to your requests, whenever you make one; and in allowing the initiation and performance of each contractual relationship, whenever you inquire about one. If you yourself become the (potential) party to a contract with us, then data are processed for the purposes of initiating and performing the respective contractual relationship (Article 6(1)(1)(b) GDPR).

If you are already a registered Zoom user, online meeting reports (meeting meta data; dial-in credentials, webinar polling features) can be saved for up to one month on Zoom. 

We store information pertaining to contract inquiries or of potential legal relevance for a time period equal to the general statute of limitation, that is: three years, commencing as of the end of the year in which we have received your request. Apart from said cases, we erase your data as soon as we no longer need them for the purpose for which we collected them. Such is the case once we have processed your request completely.

5.2 Personal data that we have not obtained directly from you during online meetings

If you become an online meeting participate, because you were so designated by a third party (such as by one of your colleagues), and this third party specifies your email address for purposes of scheduling and sending the invitation, we process your email address for those purposes.

The legal basis for this processing is Article 6(1)(1)(f) GDPR. We have a legitimate interest in inviting you to the meeting on behalf of the third party.

We erase your email address once we no longer need it for the purpose for which we collected it. Such is the case once we completed the transaction in connection with the online meeting.

You can find additional information regarding the collection of online meeting data under Section 5.1 of this Privacy Policy.

6. CRM System

We store your personal data in our CRM system in order to manage our customer relationships. By doing so, we can respond, specifically, to your requests contemplated under the foregoing sections. Processing data in connection therewith is based on the legitimate interests we have in managing our customer relationships, Article 6(1)(1)(f) GDPR.

We erase these data from our CRM system once the customer relationship has ended or you cease to be our contact person on the side of our customer.

7. Newsletter and performance measurement

We offer a free newsletter. The newsletter provides you with information about our company, our product trends, and everything you need to know about our products and services.

To receive our newsletter, you need to only provide your email address when you visit the following link: https://scanbot.io/. Once you register, we will send you a registration confirmation email. Only after you have confirmed your registration will you receive our newsletter.

We send our newsletter with “HubSpot”, an email marketing service of the service provider of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (“HubSpot”).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and HubSpot entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

HubSpot processes your email address to send you our newsletter on our behalf. Furthermore, HubSpot processes, on our behalf, further personal data of yours, as part of its so-called performance measurement service, for the purpose of evaluating and optimizing our newsletter.

For performance measurement purposes, our newsletters contain a so-called tracking pixel, also called a web beacon. A web beacon is an invisible image that connects to our service provider’s, HubSpot’s, server when you open the newsletter. Depending on the functionality of your email software, you can prevent this by disabling the download of embedded images.

As part of this retrieval, information is collected regarding your sign-up page and your IP address. Your IP address will also be used to identify where the newsletter was retrieved. Moreover, the time of retrieval – that is, whether and when you have opened the newsletter – and information regarding the links, on which you clicked in our newsletter, and further interactions of yours are collected. We can associate these data with your email address. We evaluate these data in order to continue optimizing our newsletter and to align our efforts with the needs of our users.

You not only provide your email address freely, but also participate in the performance measurement freely. In this case, your personal data are collected and processed based on your consent (Article 6(1)(1)(a) GDPR).

You can withdraw your consent at any time with effect for the future, by unsubscribing from our newsletter. Each newsletter contains information regarding how one can unsubscribe with effect for the future.

What is more, we store information that enables us to demonstrate that you have given your consent. This information includes (1) the date and time you registered for the newsletter and you confirmed your registration, and (2) the location of your end device. This processing is based on Article 6(1)(1)(c) in conjunction with Article 7(1) GDPR.

If you withdraw your consent, we will erase your data without undue delay. We will erase information, which we have stored to demonstrate that you have given your consent, once the statute of limitation has lapsed, that is, after three years, commencing as of the end of the year in which we received your withdrawal.

8. Document search

For searching and indexing the contents of our SDK documentation on the subpage https://docs.scanbot.io, we have integrated DocSearch of Algolia, Inc., 301 Howard Street, Suite 300, San Francisco, CA 94105, whose registered office is located in the United States (“Algolia”).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and ZoomInfo entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

If you search on our subpage https://docs.scanbot.io, your search terms entered are transmitted to servers of Algolia and stored 12 months. We receive aggregated and anonymized reports on the searches performed to learn how often a particular term was searched for and whether the search result was clicked on. We are also able to see if something could not be found.

The legal basis for the processing of your data is Article 6(1)(1)(f) GDPR. We have legitimate interests in offering you an efficient search function to make it easier for you to find specific sections of our SDK documentation and to find out what is searched for most frequently enabling us to continuously optimise our documentation.

9. Cookies and similar technologies

We use so-called cookies and similar technologies, which make it possible for us to offer you all the features of our website and to make our website more user-friendly. Cookies are small files that are stored on your end device, with the aid of your browser. Similar technologies may include, in particular, tracking pixels, scripts, local storage or other comparable technologies for storing information (hereinafter also referred to collectively as “cookies”).

If you prefer to avoid cookies or similar technologies, you can prevent storage of cookies and similar technologies on your end device by setting your browser accordingly or by visiting https://www.youronlinechoices.com/uk/. 

Please note that the functionality and the scope of our website’s features can be limited if you deactivate or disallow cookies and similar technologies.

Specifically, we use (unless additional cookies are mentioned at another juncture of this Privacy Policy) the following cookies:

9.1 Strictly necessary cookies:

These cookies are strictly necessary for the operation and functionality of our website. They allow our website to be accessible and available; they provide essential and basic functionalities such as the navigation to our website, the correct presentation of our website in your browser, or consent management. Without these cookies, our website cannot function properly.

9.2 Analysis cookies (evaluation):

These cookies permit us to measure online traffic and to analyze your behavior, so that we can not only understand better your use of our website, but also improve our services.

9.3 Remarketing Cookies (Targeting & Advertising):

With the help of these cookies, our advertising partners can display ads tailored to your interests on our website and on third-party site.

Strictly necessary cookies are used without your consent, § 25(2) No 2 German Telemdia and Telecommunication Data Protection Act (“TTDSG”). Insofar as personal data is processed in connection with these cookies, the processing is carried out in order to ensure that

  • our website can be operated properly, we can identify and block abuse, and enabling us to provide you with the functions you have requested. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.
  • your cookie settings, in particular whether you have consented to the use of cookies, is stored properly, Article (6)(1)(1)(c) GDPR, § 25 TTDSG.

Apart from the foregoing, we use cookies in accordance with § 25(1) TTDSG on the basis of the consent given by you, Article 6(1)(1)(a) GDPR. Insofar as personal data is processed in connection with these cookies, this processing is also based on your consent.

To the extent that we use cookies based on your consent, you have the right to withdraw your consent at any time with effect for the future. You can withdraw your consent at any time with effect for the future, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. 

For cookie consent management on our website, we use iubenda of iubenda s.r.l., Via San Raffaele, 1 – 20121 Milano, Italy (“iubenda”).

As our processor (cf. Article 4 No 8, 28 GDPR), iubenda processes your cookie settings, including if you have given, rejected or withdrawn consent, for the purpose of legally compliant consent management. To store your cookie settings including the status of your consent, we store a strictly necessary cookie on your end device.

We use the following cookies:

NameProviderPurposeExpiryCategory
_sb-langdoo GmbHTo save language settings.3 monthsStrictly necessary
_cfduidCloudflareNecessary to identify and to block abusive users on our website.30 daysStrictly necessary
_iub_cs-252372; _iub_cs- Iubenda S.r.l. Saving information whether you have given your consent for a certain cookie category. 1 year Strictly necessary
smct_sessionIubenda S.r.l. Session Cookie will be deleted after the session ends. SessionStrictly necessary
_ga Google LLC Registering an unique ID used to generate statistical data regarding your use of our website. 2 years Measurement
UULEGoogle LLC Google advertising cookie used for user tracking and ad targeting purposes. 1 minute Targeting & Advertising
DV
OTZGoogle LLC Used by Google Analytics that provides an aggregate analysis of Website visitors. 14 days Measurement
1P_Jar Google LLC This Google cookie is used for optimization of advertising, to provide relevant ads to users, provide reports on campaign performance reports, improve campaign performance reports, or to avoid a user from seeing the same ads more than once. 30 days Targeting & Advertising
_gat_UA Google LLC Serves to throttle user inquiries. 1 Minute Measurement
_gcl_auGoogle LLCZum Speichern und Verfolgen von Konversionen.90 TageBewertung
_gidGoogle LLC Registers an unique ID used to generate statistical data regarding how visitors use the website. 24 hours Measurement
__Secure-3PSIDCC Google LLC Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalized Google advertising. 1 year Targeting & Advertising
__Secure-1PSIDCC 1 year
__Secure-1PAPISID 2 years
__Secure-3PSID 2 years
__Secure-1PSID 2 years
__Secure-3PAPISID 2 years
APISID, SAPISID, SSID Google LLC These cookies are used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions. 2 years Targeting & Advertising
SIDCCGoogle LLC This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. 1 year Targeting & Advertising
SIDGoogle LLC Google uses security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties. 2 years Measurement
HSID Google LLC Contains encrypted entries of your Google account and the last login time to protect against attacks and data theft from form entries. 2 years
__hssc HubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates Tracks your session. Serves to identify whether the HubSpot software must increase the session number and the time stamp in the __hstc-cookie. 30 minutes Measurement
__hssrc HubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates This cookie is always dropped whenever the HubSpot software changes the session cookie. This identifies whether you have restarted your browser. If this cookie is not available when HubSpot cookies are managed, your session will be regarded as a new session. SessionMeasurement
__hstc HubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates This is the primary cookie for visitor tracking. It contains the domain, the user token (utk), the initial time stamp (of the initial visit), the most recent time stamp (of the most recent visit), the current time stamp (for this visit), and the session number (is increased with each subsequent session). Used by Hubspot Forms as well. 13 months Measurement
hubspotutkHubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates This cookie tracks the identity of the user. This cookie is transmitted when a form is sent to the HubSpot software and is used to de-duplicate contacts. Used by Hubspot Forms as well. 13 months Measurement
csrf.app HubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates Used for website analytics to improve the Scanbot website and to measure the effectiveness of our marketing campaigns. 12 months Measurement
Hubspotapi-prefs
hs_c2l HubSpot, Inc., HubSpot Ireland Limited and HubSpot Affiliates HubSpot Authentication. 12 months Measurement
lms_ads LinkedIn Ireland Unlimited Company Used to identify LinkedIn Members off LinkedIn in the Designated Countries for advertising 30 days Targeting & Advertising
lms_analytics LinkedIn Ireland Unlimited Company Used to identify LinkedIn Members off LinkedIn in the Designated Countries for advertising 30 days Targeting & Advertising
liapLinkedIn Ireland Unlimited Company Used by non-www.domains to denote the logged in status of a member. 1 year Targeting & Advertising
bookie LinkedIn Ireland Unlimited Company Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. 2 years Targeting & Advertising
visitorId ZoomInfo Technologies, LLC. Is used to enhance customer data. Preserves user session state across page requests. 12 months Measurement
_pxvidZoomInfo Technologies, LLC. Is used to enhance customer data. Preserves user session state across page requests. 12 months Measurement
_uetvidBing (Microsoft Ireland Operations Limited) Is used by Microsoft Bing Ads to store a unique, non-personally identifiable ID that represents a unique user. It allows us to contact users if they have visited our website before. 1 year Targeting & Advertising
_uetsidBing (Microsoft Ireland Operations Limited) This cookie is used by Bing to gather anonymous information on how visitors are using our website. 1 day Targeting & Advertising
_RwBf Bing (Microsoft Ireland Operations Limited) This is used for the purpose of ad tracking. 1 Year Targeting & Advertising

In the following, we describe the services we use in connection with analysis and remarketing cookies as well as similar technologies in more detail:

10. Google services

We use the services, described below, of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). 

Your data are also processed by Google LLC in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Google LLC entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR. Basic information concerning your personal data, as processed by Google, can be found here: https://policies.google.com/privacy?hl=en

Google also provides you with the following settings options: 

•          You can deactivate personalized Google advertising: https://adssettings.google.com/authenticated

•          You can deactivate device-based personalized advertising:
https://support.google.com/ads/answer/1660762?hl=en and https://support.google.com/ads/answer/2662922?hl=en 

•          You can deactivate browser-based personalized advertising: https://www.youronlinechoices.com/uk/

10.1 Google Analytics

Provided you have given your consent, we use Google Analytics, a web-based service. Google Analytics uses cookies and collects pseudonymized data from you concerning your use of our website, including your truncated IP address. The information generated by the cookies regarding your use of the website (including your truncated IP address) are transferred to, and stored on, a Google server located in the United States. Google will use this information to evaluate your use of the website, to compile website activity reports for the website operator, and to generate further analyses and evaluations in conjunction with the use of our website and internet use. Google can also link these data with other data such as your search history, your personal account, the usage data of other devices, and additional data, which Google has stored regarding you. Where applicable, Google will also transfer this information to third parties insofar as such is required by law (such as government authorities) or to the extent that third parties process such data on behalf of Google.

The data logged with Google Analytics are stored for a time period of 14 months. Once this time period has lapsed, only aggregated statistics will be retained by Google Analytics. Google Analytics is used in accordance with § 25(1) TTDSG on the basis of your consent (Article 6(1)(1)(a) GDPR).

You can deactivate Google Analytics through your browser add-ons, if you prefer not to allow the website analysis it performs. You can download this here: https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, you can withdraw your consent at any time with effect for the future by clicking here to deactivate Google Analytics.

You also have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. 

10.2 Google Ads

10.2.1 Google Ads Conversion Tracking

Provided you have given your consent, we use Google Ads Conversion Tracking to analyze and to improve the performance and effectiveness of our advertising efforts within the Google network. For this purpose, we incorporate a Google tag into our website. If you interact with an advertisement within the Google network, a cookie will be dropped on your end device. With the help of this cookie, we know that users have clicked on our advertisements. From Google, we receive information regarding the number of users, who have clicked on our advertisements, and additional information regarding user interactions, after they have clicked on our advertisements. The cookie is deleted automatically 30 days after you clicked on an advertisement.

The legal basis for using said tag and said cookies is in accordance with § 25(1) TTDSG your consent (Article 6(1)(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website.

11. HubSpot Analytics

We use the service HubSpot Analytics of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (“HubSpot”).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and HubSpot entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent, we use HubSpot on our website to analyze and optimize your interactions with us on our website as well to improve the management of requests via our contact form and our customer relationships. For these purposes, we collect information about your visit (including, but not limited to, the referring URL, pages visited, time and duration of your visit).

The legal basis for the processing is in accordance with § 25(1) TTDSG your consent (Article 6(1)(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. 

Further, the legal basis for the processing of your data is Article 6(1)(1)(f) GDPR. We have legitimate interests in the efficient management of your requests as well as the management of our customer relationships

12. Microsoft Advertising

Provided you have given your consent; we use Microsoft Advertising of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P52 Ireland (“Microsoft”).

Your data are also processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Microsoft entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent; we use Microsoft Advertising conversion tracking cookies. If you have accessed our website via a Microsoft Bing ad, these cookies allow us to recognise that you have interacted with our ad and have been redirected to our website. For more information about how Microsoft processes your data, please see Microsoft’s privacy policy at https://privacy.microsoft.com/en-GB/privacystatement.

Microsoft uses Cookies to track how you use our website to display interest-based advertising for our products across devices on other sites within the Microsoft advertising network. Microsoft uses these cookies to process information from which pseudonymous usage profiles are created. These usage profiles are used to analyse visitor behaviour and to display ads. This includes, but is not limited to, Bing search and other sites operated by Microsoft and its subsidiaries, as well as sites operated by Microsoft’s advertising partners. Further data processing will only take place if you have consented to Microsoft linking your browsing history to your Microsoft account and using information from your Microsoft account to personalize ads that see you on the Internet. In this case, if you are logged into Microsoft while visiting our website, Microsoft will use your information to create and define targeting lists for cross-device remarketing.

The data collected are transferred to Microsoft servers and stored for 13 months.

The legal basis for the processing is in accordance with § 25(1) TTDSG your consent (Article 6(1)(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website. 

You can prevent Microsoft from collecting your data generated by the cookie and related to your use of the website, as well as the processing of this data by withdrawing your consent here: https://account.microsoft.com/privacy/ad-settings/.

13. LinkedIn Insights

13.1 LinkedIn Insight Tag

Provided you have given your consent; we use the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Dublin 2, Ireland (“LinkedIn”).

LinkedIn transfers personal data to the United States and other third countries outside the European Economic Area, for which no adequacy decision of the EU Commission exists. You can find relevant information at https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. According to the text linked to, LinkedIn relies on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

We use the LinkedIn Insight Tag, a conversion tracking cookie. If you have accessed our website via LinkedIn, this will allow us to recognise that you have interacted with our ad and have been redirected to our website. For more information about how LinkedIn processes your data, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?.

LinkedIn processes the URL, referrer, IP address, information about your device and browser (user agent), time of access and your usage behaviour on our website. We receive aggregated anonymized reports about the demographics of our target audience and the performance of our campaigns and can use this to draw conclusions for our product. We also have the ability to retarget, which allows us to display targeted advertising outside of our website.

The data are transferred to LinkedIn servers and stored for 90 days.

The legal basis for the processing is in accordance with § 25(1) TTDSG your consent (Article 6(1)(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings here. Alternatively, you can change your settings at any time by clicking on the link “Cookie settings.” The link is located in the footer of our website.

You can prevent LinkedIn from collecting your data generated by the cookie and related to your use of the website, as well as the processing of this data by withdrawing your consent here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If you are a LinkedIn member, you can control the use of your data for advertising purposes through your account settings here: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.

13.2 LinkedIn campaign forms

On LinkedIn, we publish posts with knowledgeable content that include a form to download the content. If you fill out one of our forms to download the content provided in the respective posting, we process your data to provide you with the requested content. Entering your email address is required so that we can send you the requested content. The legal basis for the processing is Article 6(1)(1)(b) GDPR.

In addition, we receive further information from LinkedIn when you use the form that you have already provided in your LinkedIn profile. That information includes, for instance, your name, your email address, your profile ID, your job title information and industry. This processing serves our legitimate interests in the optimisation and needs-based design of our LinkedIn campaigns, Article 6(1)(1)(f) GDPR.

The data is stored for 90 days.

14. Webinsights

We use the service Webinsights of ZoomInfo Technologies, LLC., 170 Data Drive, Waltham, MA 02451, whose registered office is located in the United States („ZoomInfo“).

Your data are processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and ZoomInfo entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

Provided you have given your consent; we use tracking pixels of the service Webinsights. Webinsights allows us to determine whether we can match the IP address with which you access our website to a specific company. In case, we can successfully match your IP address, we can then identify whether a specific company is interested in our products. These insights help us to customize and adapt our approach in contractual negations. However, we will not process your data to identify you personally or to gain personal insights about you. IP addresses that we cannot match to a specific company are immediately discarded and not subject to further processing.

If we can match your IP address to a specific company, these tracking pixels allow us to track which pages a specific company visits on our website. These insights enable us to optimize our website and tailor it to our corporate customers’ needs. For example, if companies regularly abandon our website after accessing a certain subpage, we can deduct, that this subpage is not optimally tailored to the interests of our corporate customers and modify this subpage accordingly.

We use the tracking pixels in accordance with § 25(1) TTDSG based on your consent (Article 6(1)(1)(a) GDPR). You have the option to withdraw your consent at any time, by adjusting your cookie settings by clicking on the link “Cookie settings.” The link is located in the footer of our website. 

In addition, the legal basis for the processing of your IP address for the matching process is Article 6(1)(1)(f) GDPR. The processing serves the legitimate interests we have in determining whether we can match your IP address to a company so that we measure the performance of our business operations and customize our website to our corporate customers’ needs.

15. Google Fonts

We use Fonts, a service of Google LLC, 1600 Amphitheatre Pkwy Mountain View, California 94043, United States (“Google”), to incorporate typefaces into our website. In using this service, we do not transfer personal data to Google. Nor does Google use cookies. Upon loading our website, however, your browser establishes a connection to Google servers and loads the required Google Font from your browser to your cache. While making this connection and loading the Google Font, it is necessary for technical reasons to transmit the following data to Google: your IP address, the version and the name of your browser, your monitor resolution, and your language settings. These data are transmitted to ensure that our website is presented homogeneously. Google will use your data only to present Google Fonts and will not compile your data with other data from other Google services. However, Google will evaluate your user data in aggregated form in order to measure the popularity of Google Fonts.

Google Fonts are saved for a period of one year in your cache. Google itself stores the data transmitted to Google for a time period of 12 months.

Google’s Privacy Policy can be found here: https://policies.google.com/privacy?hl=en; additional information regarding Google Fonts and processing can be found here: https://developers.google.com/fonts/faq.

16. Our social media efforts

16.1 Facebook fan page

You will also find us on Facebook at https://www.facebook.com/ScanbotSDK/. For users outside the United States and Canada, Facebook is operated by Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Platforms Ireland Limited ”). For users inside the United States and Canada, Facebook is operated by Meta Platforms, Inc. (formerly Facebook, Inc.), 1601 Willow Road Menlo Park, CA 94025, USA,.

Even if you are not a registered Facebook user and you visit our Facebook fan page, Meta Platforms can collect pseudonymized usage data from you. You can find additional information in Meta Platforms Ireland Limited’s Privacy Policy not only at https://facebook.com/about/privacy/, but also at https://www.facebook.com/legal/terms/information_about_page_insights_data. This Privacy Policy also contains information regarding settings options for your Facebook account.

It is possible that Meta Platforms Ireland Limited will share your data within the Meta group and with other third parties. That sharing can entail that personal data are transferred to the United States and to other third countries, for which no adequacy decision of the EU Commission exists. In this case, Meta Platforms Ireland Limited relies on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR. Here, too, you can find additional information in Meta Platforms Ireland Limited’s Privacy Policy.

In addition, we and Meta Platforms Ireland Limited are joint controllers for so-called insights data, which are generated whenever you visit our Facebook fan page. Insights data help Meta Platforms Ireland Limited to analyze the behavior exhibited on our Facebook fan page, and Meta Platforms Ireland Limited provides these data to us in anonymized form. For this purpose, we have entered into a joint controller addendum with Meta Platforms Ireland Limited, which you can review here: https://facebook.com/legal/terms/page_controller_addendum. In this addendum, Meta Platforms Ireland Limited agrees to assume primary responsibility under the GDPR for the processing of insights data and to comply with all applicable obligations under the GDPR with respect to its processing of insights data. This processing serves the legitimate interests we have in optimizing and curating our Facebook fan page to align with our needs, Article 6(1)(1)(f) GDPR. Furthermore, we advise you of the following:

Meta Platforms Ireland Limited collects personal data from you whenever you visit, or if or like, our Facebook fan page as a registered Facebook user. If you are not a registered Facebook user and if you visit our Facebook fan page, Meta Platforms Ireland Limited can collect pseudonymized data from you.

Specifically, the following information is collected by Meta Platforms Ireland Limited:

  • viewing a page, post, or video associated with a page;
  • following or unfollowing a page;
  • liking or unliking a page or post;
  • recommending a page in a post or comment;
  • commenting on, sharing, or reacting to a page’s post (including the type of reaction);
  • hiding a page’s post or reporting it as spam;
  • clicking on the link to another Facebook page or on a link on a website outside Facebook, which directs to the page;
  • hovering over a link to a page or a page’s name or profile picture to see a preview of the page’s content;
  • clicking on a website, phone number, “Get Directions” button, or other button on a page;
  • the information whether you are registered through a computer or a mobile device while you visit a page or interact with it or its content.

You can find additional information in Meta Platforms Ireland Limited’s Privacy Policy for Page Insights Data at https://www.facebook.com/legal/terms/information_about_page_insights_data.

16.2 Twitter

We maintain a Twitter page. You can find our profile at https://twitter.com/scanbotsdk.

For users outside the United States, Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland (“Twitter International”). For users inside the United States, Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. You can find Twitter’s Privacy Policy at https://twitter.com/en/privacy. This Privacy Policy also contains information regarding settings options for your Twitter account.

We use Twitter Analytics. By using Twitter Analytics, we receive from Twitter International non-personal information regarding the use of our account. With this information, we are able to analyze and to optimize the effectivity of our Twitter activities.

Please note that Twitter International also transfers personal data to the United States and other third countries outside the European Economic Area, for which no adequacy decision of the EU Commission exists. In this case, Twitter International relies on the standard contractual clauses adopted by the Commission in accordance with Article 46(2)(c) GDPR.

16.3 LinkedIn

We also have a LinkedIn profile, located at https://www.linkedin.com/company/10507725/.

For users residing within the European Economic Area and in Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). For all other users, LinkedIn is operated by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, United States. LinkedIn Ireland’s Privacy Policy can be found at https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. This Privacy Policy also contains information regarding settings options for your LinkedIn profile.

LinkedIn Ireland also transfers personal data to the United States and other third countries outside the European Economic Area, for which no adequacy decision of the EU Commission exists. You can find relevant information at https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. According to the text linked to, LinkedIn relies on the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

In addition, we and LinkedIn Ireland are joint controllers for so-called page insights data, which are generated whenever you visit our LinkedIn page. For this purpose, we have entered into a joint controller addendum with LinkedIn Ireland, which you can review here: https://legal.linkedin.com/pages-joint-controller-addendum. In this addendum, LinkedIn Ireland agrees to assume primary responsibility under the GDPR for the processing of page insights data and to comply with all applicable obligations under the GDPR with respect to its processing of page insights data. This processing serves the legitimate interests we have in optimizing and curating our LinkedIn page to align with our needs, Article 6(1)(1)(f) GDPR. Furthermore, we advise you of the following:

From LinkedIn Ireland, we receive non-personal information and analyses regarding the use of our account and interactions with our posts in connection with page insights. With this information, we are able to analyze and to optimize the effectivity of our LinkedIn activities. For this purpose, LinkedIn Ireland processes data including, but not limited to, the data you have provided to LinkedIn Ireland through the information in your profile. That information includes, for instance, the following data:

  • job title information, 
  • country, 
  • industry,
  • age,
  • company size, and 
  • employment status.

LinkedIn Ireland also processes information regarding how you interact with our LinkedIn page: for example, whether you follow us on LinkedIn.

16.4 Community features

Whenever you visit us on social media (Facebook fan page, Twitter, LinkedIn), we process certain data of yours: for instance, whenever you interact with our page or our account; whenever you like, respond, or comment on a post; or whenever you provide other content. As a matter of routine, such data are processed based on the legitimate interest we have in providing you with relevant social media features (Article 6(1)(1)(f) GDPR) and on the consent you have given to the respective platform operators (such as Meta Platforms Ireland Limited, Twitter International, LinkedIn Ireland), Article 6(1)(1)(a) GDPR; or on your contractual relationship with the operators of the respective platforms (Article 6(1)(1)(b) GDPR).

We advise that these areas are publicly accessible and that all personal information, which you give or provide during registration, can be seen by others. We cannot control how other users use this information. In particular, we cannot prevent undesirable messages from being sent to you by third parties. 

Content uploaded to community areas can be stored for an unlimited period of time. If you would like us to remove content uploaded by you, send us an email with your request by using the address specified in Section 1 above.

17. Job applications

If you apply for a job via our website, we process your email address and the additional contact information provided by you and the information contained therein in order to process your application or to decide whether we wish to pursue your candidacy. Your application will be made available only to the persons responsible for job applications within our company. The legal basis for processing these data is § 26(1) and § 26(3) of the Bundesdatenschutzgesetz (Federal Data Protection Act, the “BDSG”).

Should we be in the unfortunate position of not being able to offer you a position, we will retain your application for up to 3 months after the application process has been completed, so that we are able to respond to any questions you might have in connection with your application. Further storage takes place insofar it is necessary for the provision of evidence, in particular for the defense, assertion or enforcement of claims (Article 6(1)(1)(f) respectively Article 9(2)(f) GDPR).

18. Sharing data

Unless otherwise specified in this privacy policy, your personal data will be shared without your express prior consent only in the cases specified below:

18.1

If necessary for purposes of investigating the unlawful use of our services or for purposes of establishing our rights, personal data will be shared with external advisors (e.g. lawyers), law enforcement agencies and, where applicable, with injured third parties. Personal data will be shared, however, only if specific evidence exists, which is indicative of illicit or abusive conduct. Personal data can also be shared, when sharing that data serves for purposes of establishing, securing, or defending against claims. Furthermore, we are required by law to provide information to certain public agencies. These include law enforcement agencies, government authorities that prosecute misdemeanors subject to fines, and fiscal authorities.

Personal data will be shared not only on the basis of the legitimate interest we have in combatting abuse; in prosecuting crimes; and in securing, establishing, and enforcing claims, Article 6(1)(1)(f) GDPR, but also on the basis of a statutory obligation, as contemplated by Article 6(1)(1)(c) GDPR.

18.2

In providing our services, we rely on third-party undertakings and outside service providers who process personal data on our behalf and strictly bound by our instructions, so-called processors (cf. Article 4(8), 28 GDPR). 

Beyond the processers already specified in this privacy policy, we engage the following categories of processers:

  • IT service provider
  • Hosting service provider
  • Software service provider

18.3

Within the scope of administrative processes as well as the organization of our operations, financial accounting, and compliance with legal obligations, such as archiving, we disclose or transfer data to the financial administration, consultants such as tax advisors or auditors as well as accounting service providers and payment service providers and similar bodies. The transfer is based on our legitimate interest in the proper operation of our business, the performance of our duties, establishing, securing, or defending against claims (Article 6(1)(1)(f) GDPR) or we are obliged to do so (Article 6(1)(1)(c) GDPR).

18.4

In the course of developing our business, it is possible that the structure of our company will be changed, by changing its legal form; by establishing, selling, or buying subsidiaries or business divisions. In the event of such transactions, customer information will be passed on, together with any portion of the business to be transferred. In the event personal data are shared with third parties within the scope described above, we shall ensure that those data are shared in accordance with this Privacy Policy and with applicable data protection law.

Sharing personal data is justified on the grounds that we have a legitimate interest in changing the form of our undertaking to align, whenever necessary, with the economic and legal particularities on the ground, Article 6(1)(f) GDPR.

19. Transfers to third countries

We also process data in countries outside the European Economic Area (“EEA”), in so-called third countries, and/or transfer data to recipients in these third countries. The foregoing also includes the United States. Please note that, at present, there exists no adequacy decision of the EU Commission; that, in general, these third countries have an adequate level of data protection. In particular, there exists, at present, no adequacy decision of the EU Commission for the United States. 

Where we transfer personal data outside of the EEA, we will ensure one of the following requirements is fulfilled:

  • the transfer is to a third country which has an adequacy decision by the EU Commission, Article 45 GDPR;
  • the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to third countries, in particular standard contractual clauses (or also called standard data protection clauses) pursuant to Article 46(2)(c) GDPR adopted by the EU Commission extended by additional safeguards according to the European Court of Justice findings in Schrems-II;
  • the transfer is to an organization which has binding corporate rules approved by an EU data protection authority, Article 46(2)(b), 47 GDPR; 
  • the transfer is covered by other approved safeguards pursuant to Article 46 GDPR in order to protect your personal data in a degree that equals the level of data protection in the European Union; or
  • the transfer is subject to a specific derogation in the GDPR pursuant to Article 49 GDPR, e.g. where you have provided your explicit consent for the transfer or your personal data or the transfer is necessary for the establishment, exercise or defence of legal claims

You can request further details about the safeguards that we have implemented, including, where applicable a copy of the standard contractual clauses by contacting us using our contact details provided in sec 1 above.

20. Changes in purpose

Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).

21. Erasure of your data

Unless otherwise specified in this Privacy Policy, we erase or anonymize your personal data once they are no longer needed for the purposes for which we have collected or used them in accordance with the foregoing sections.

Further storage only takes place,

  • if we are legally obliged to do so, Article 6(1)(1)(c) GDPR. To the extent that we are bound by law to retain your data, we will store your data throughout the time period prescribed by law. In particular, statutory rules and regulations governing storage of data can arise from the retention periods contemplated by the Handelsgesetzbuch (Commercial Code) or by the Abgabenordnung (German Fiscal Code). As a rule, the retention periods contemplated by these statutes are usually between 6 and 10 years from the end of the year in which the corresponding process was completed, e.g. we have finally processed your enquiry.
  • insofar as your data are relevant for purposes of initiating a contract or performing contracts, they are stored for purposes of initiating and performing each individual contractual relationship (Article 6(1)(1)(b) GDPR).
  • if the data is needed for criminal prosecution or for purposes of establishing, securing, or defending against claims. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR. In these cases, the data is stored until the corresponding process has been completed plus the statutory retention period.

Insofar as we continue to retain your personal data for legal reasons, the processing is strictly restricted. This means that this personal data is blocked for processing for other purposes

22. Providing your personal data

Neither by law nor by contract are you required to provide your personal data, nor is the provision of your data a requirement necessary to enter into a contract.

To some extent, however, it is necessary that you provide personal data, so that we can provide you with our services and the features available on our website. In particular, it is necessary that you provide your personal data, so that 

  • we can take into receipt and process any requests you send to us;
  • you can participate in requested online meetings;
  • we can allow for contract initiations and performances;
  • you can use available social media community features;
  • we can send you our newsletter you have requested; and
  • we can take into receipt and process your job application and decide about whether we establish an employment relationship with you.

Wherever it is necessary for you to provide certain data, we have identified that data by making it a required field. Providing further data is voluntary. The consequence of not providing required data is that we will be unable to provide the relevant services and features (on our website). In particular, we will

  • be unable to take into receipt and to process your requests;
  • be unable allow your participation in online meetings;
  • be unable initiate or to perform contracts;
  • be unable to provide you with our social media community features;
  • be unable to send our newsletter to you; and
  • be unable to consider your job application.

In other cases, the consequence of your not providing it will be that we will be unable to provide the relevant features and services (on our website) or that we will be unable to provide them as they are intended to be provided or only being able to process your enquiries to a limited extent.

23. Automated individual decisions or profiling measures

We do not use automated processing processes to make decisions or profiling.

24. Your rights as data subject

Unless otherwise specified in this privacy policy, please use the contact address specified in Section 1 to exercise your right, as set out below.

24.1 Right of access

Within the scope of Article 15 GDPR and § 34 BDSG, you have the right to obtain from us, access to the personal data concerning you.

24.2 Right to rectify inaccurate data

You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you.

24.3 Right to erasure

Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you.

24.4 Right to restriction of processing

Under Article 18 GDPR, you have the right to obtain from us the restriction of processing.

24.5 Right to data portability

Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

24.6 Right to object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1)(1) GDPR. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.

24.7 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority of your choice.

24.8 Data processed when you exercise your rights

Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Article 7(3)(1) GDPR as well as Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. Further, we will process your personal data to defend our legal position.

Your personal data will be stored for three years after your data subject right request was fully processed by us.

This processing is based upon the legal basis of Article 6(1)(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG. Further, we will process your personal data in connection with your data subject right request to defend our legal position. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.

Neither by law nor by contract are you required to provide your personal data. However, we can refuse to act on your data subject right request pursuant to Article 12(2)(2) GDPR if you do not provide us with the data required to enable us to clearly identify you, if necessary after we request you to do so.

App

Last updated: June 17, 2022

In this Privacy Policy, we inform you about which personal data (hereinafter also referred to simply as “data”) we collect in the context of your use of the Scanbot SDK Demo App for iOS and Android (hereinafter also “App”), the purposes for which your data are processed and your rights in relation to the processing of your data. You can access this Privacy Policy at any time under https://scanbot.io/privacy#app.

1. Controller/contact

The controller within the meaning of applicable data protection laws is:

Scanbot SDK GmbH (hereinafter also “we” and “us”)

Adenauerallee 120-122
53113 Bonn
Germany

If you have any questions or suggestions concerning data protection, please email us at legal@scanbot.io.

You can reach our data protection officer at dataprivacy@scanbot.io.

2. Subject matter of data protection

The subject matter of data protection is personal data. Under Article 4(1) General Data Protection Regulation (“GDPR”), this means any information relating to an identified or identifiable natural person.

3. Processing of personal data when using the app

We process personal data when using the app as described below.

3.1 Firebase Crashlytics

Provided you have given your consent, we use the service Firebase Crashlytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Crashlytics”).

Your data are also processed in the United States. There exists no adequacy decision of the EU Commission for the United States. For this reason, we and Google entered into the standard contractual clauses adopted by the EU Commission in accordance with Article 46(2)(c) GDPR.

In the event of a crash or other technical error of the app, data on this specific event (e.g., which function of the app, which operating system, which type of device you were using, which type of error occurred and when it occurred) is processed using Crashlytics. We receive an anonymized crash report about the event.

The legal basis for using Crashlytics is in accordance with § 25(1) TTDSG your consent (Article 6(1)(1)(a) GDPR). At any time, you have the option to withdraw your consent with effect for the future by deactivating the corresponding setting within the app. On iOS, you can find the option to deactivate anonymous crash reports within the application settings of the app. On Android, you can find the option at the bottom of the main screen of the app under the tab “Crash Reporting”.

The collected data will be deleted within a period of 90 days as soon as the troubleshooting is completed.

4. Processing of personal data outside the app

Regarding information on the processing of personal data outside the App – for example, if you contact us by e-mail with questions, please refer to our privacy policy at https://scanbot.io/en/privacy.

5. Changes in purpose

Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).

6. Providing your personal data

Neither by law nor by contract are you required to provide your personal data. nor is the provision of your data a requirement necessary to enter into a contract.

7. Automated individual decisions or profiling measures

We do not use automated processing processes to make decisions or profiling.

8. Your rights as data subject

Unless otherwise specified in this privacy policy, please use the contact address specified in Section 1 to exercise your right, as set out below.

8.1 Right of access

Within the scope of Article 15 GDPR and § 34 Federal Data Protection Act (“BDSG”), you have the right to obtain from us, access to the personal data concerning you.

8.2 Right to rectification of inaccurate data

You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you. 

8.3 Right to erasure

Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you. 

8.4 Right to restriction of processing

Under Article 18 GDPR, you have the right to obtain from us the restriction of processing.

8.5 Right to data portability

Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

8.6 Right to object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1)(1) GDPR. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.

8.7 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority of your choice.

8.8 Data processed when you exercise your rights

Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Article 7(3)(1) GDPR as well as Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. Further, we will process your personal data to defend our legal position.

Your personal data will be stored for three years after your data subject right request was fully processed by us.

This processing is based upon the legal basis of Article 6(1)(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG. Further, we will process your personal data in connection with your data subject right request to defend our legal position. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.

Neither by law nor by contract are you required to provide your personal data. However, we can refuse to act on your data subject right request pursuant to Article 12(2)(2) GDPR if you do not provide us with the data required to enable us to clearly identify you, if necessary after we request you to do so.

App (Barcode Demo)

Last updated: September 20, 2022

In this Privacy Policy, we inform you about which personal data (hereinafter also referred to simply as “data”) we collect in the context of your use of the Scanbot SDK: Barcode Scanning App for iOS and Android (hereinafter also “App”), the purposes for which your data are processed and your rights in relation to the processing of your data. You can access this Privacy Policy at any time under https://scanbot.io/privacy#barcodedemo.

1. Controller/contact

The controller within the meaning of applicable data protection laws is:

Scanbot SDK GmbH (hereinafter also “we” and “us”)

Adenauerallee 120-122
53113 Bonn
Germany

If you have any questions or suggestions concerning data protection, please email us at legal@scanbot.io.

You can reach our data protection officer at dataprivacy@scanbot.io.

2. Subject matter of data protection

The subject matter of data protection is personal data. Under Article 4(1) General Data Protection Regulation (“GDPR”), this means any information relating to an identified or identifiable natural person.

3. Processing of personal data when using the app

We do not process personal data when using the app.

4. Processing of personal data outside the app

Regarding information on the processing of personal data outside the App – for example, if you contact us, please refer to our privacy policy at https://scanbot.io/en/privacy.

5. Changes in purpose

Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).

6. Providing your personal data

Neither by law nor by contract are you required to provide your personal data, nor is the provision of your data a requirement necessary to enter into a contract.

7. Automated individual decisions or profiling measures

We do not use automated processing processes to make decisions or profiling.

8. Your rights as data subject

Unless otherwise specified in this privacy policy, please use the contact address specified in Section 1 to exercise your right, as set out below.

8.1 Right of access

Within the scope of Article 15 GDPR and § 34 Federal Data Protection Act (“BDSG”), you have the right to obtain from us, access to the personal data concerning you.

8.2 Right to rectification of inaccurate data

You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you.

8.3 Right to erasure

Given the prerequisites described in Article 17 GDPR and § 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you.

8.4 Right to restriction of processing

Under Article 18 GDPR, you have the right to obtain from us the restriction of processing.

8.5 Right to data portability

Under Article 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

8.6 Right to object

Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1)(1) GDPR. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.

8.7 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority of your choice.

8.8 Data processed when you exercise your rights

Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Article 7(3)(1) GDPR as well as Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. Further, we will process your personal data to defend our legal position.


Your personal data will be stored for three years after your data subject right request was fully processed by us.


This processing is based upon the legal basis of Article 6(1)(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG. Further, we will process your personal data in connection with your data subject right request to defend our legal position. Therein lies our legitimate interest, Article 6(1)(1)(f) GDPR.


Neither by law nor by contract are you required to provide your personal data. However, we can refuse to act on your data subject right request pursuant to Article 12(2)(2) GDPR if you do not provide us with the data required to enable us to clearly identify you, if necessary after we request you to do so.

Available on all major platforms

Developers, ready to get started?

Adding our free trial to your app is easy. Download the Scanbot SDK now and discover the power of mobile data capture.

Try it