ecoDMS ScanApp (“App”), an automated scanner App provided by ecoDMS GmbH (hereinafter "we"), allows you to transform your device into a powerful document scanner. With cutting-edge AI technology, the features provided (“Services”) help you scan, save, and share documents with clarity and ease. When you use the App, we process personal data about you and access information on your device. Personal data means any information relating to an identified or identifiable natural person. Since protecting your privacy is important to us, we would like to inform you in this Privacy Policy about the processing of your personal data.
1 General Information
Controller
ecoDMS GmbH
Dresdener Straße 1
52068 Aachen
+49 (0)241 47572 01
Data Protection Officer
Stefanie Schmitz
Contact
2 Information on the data processing
2.1 Download of the App
When downloading the App, certain required information is transmitted to the App Store selected by you (e.g., Google Play or Apple App Store). In particular, the user name, the email address, the customer number of your account, the time of the download, payment information, as well as the individual device identification number, may be processed. The processing of this data is carried out exclusively by the respective App Store and is beyond our control.
2.2 App Features
When using our App, you may transform your smartphone into a powerful document scanner. Our App and its AI technology particularly allow you to scan documents, receipts, and other compatible content which may contain personal data (“User Content”).
The Services of our App, including the scan function, are operated on your end device. Therefore, we do not process or store your User Content, the scanned User Content, and any personal data that may be contained therein on our servers to provide you with our Services.
2.3 AI-Training
The scanning feature of our App is based on our own cutting-edge AI technology, enabling automatic capture of User Content. We always strive to improve this technology. To enhance our AI technology, refine our AI models, and ensure the highest accuracy in document scanning and recognition, we also collect, store, and process (a) the adjusted edge coordinates when you manually drag the edge marker, (b) the modified rotation data when you rotate or reject our predicted orientation, and (c) the User Content itself (together “AI-Training Data”) for the purpose of improving our Services.
We store the AI-Training Data only until the next retraining cycle of our AI technology, however, for a maximum of 7 days. As we only use our own AI technology on our own servers hosted in Germany, the AI-Training Data is not transferred to any third party within or outside the European Union.
The legal basis for the processing of personal data for AI training purposes is our legitimate interest in improving our AI technology and Services pursuant to Art. 6 (1) lit. f GDPR. You have the right to object to the processing of your AI-Training Data at any time with effect for the future. In this case, please contact us via
Please note that, according to our Terms of Use, you are prohibited from scanning User Content that may contain personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation (“special categories of personal data”).
2.4 Google Firebase
To improve our Services and the performance of the App, we use Google Firebase. Google Firebase is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase enables us to use analytics services (Firebase Analytics). Firebase Analytics accesses your device and analyses your usage behaviour to collect usage data, including information on when and how long the App is used and which features of the App are clicked. Additionally, information about your end device (e.g., operating system, country, language) is collected. We use this information to improve our Services and to fix issues through interaction data. Firebase Cloud Messaging is used to send you notifications. Google processes your personal data as a processor following our instructions in accordance with Art. 28 GDPR. More details regarding the collection of personal data via Google Firebase can be found in the Google Firebase privacy policy.
The legal basis for the data processing is your consent, regarding access to your device pursuant to Section 25 (1) sentence 1 TDDDG, and with regard to the processing of your personal data pursuant to Art. 6 (1) lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. In the context of using the described Firebase services, there may be a transfer of personal data to so-called “third countries” (located outside the EEA), particularly to the parent company Google LLC in the USA. Google is certified under the EU-US Data Privacy Framework “Trans-Atlantic Data Privacy Framework” and thereby commits to complying with European data protection standards. The legal basis for data transfers to the USA is Art. 45 (1) GDPR.
3 Transfer of data to third parties
3.1 We rely on contractually affiliated companies of the ecoDMS Group and the aforementioned third-party external service providers to provide you with our Services. Any transfer of personal data is justified by the fact that (a) we have a legitimate interest in disclosing the data for administrative purposes within our group companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR do not prevail, and (b) we have carefully selected our external service providers as processors within the framework of Art. 28 (1) GDPR, regularly checked them, and contractually obliged them to process all personal data exclusively in accordance with our instructions.
3.2 Otherwise, we only share your data with third parties to clarify unlawful or abusive use of the App or for legal prosecution, which may require a transfer to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only applies if there are indications of unlawful or abusive behaviour. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities upon request. These include law enforcement agencies, authorities that prosecute administrative offences subject to fines, and tax authorities. Any transfer of personal data is justified by the fact that (a) information must be provided by order of a competent authority insofar as this is necessary to comply with obligations pursuant to Section 21 (1) and (2) TDDDG or Section 22 TDDDG, (b) the processing is necessary to comply with a legal obligation pursuant to Art. 6 (1) lit. c GDPR, or (c) we have a legitimate interest in transferring the data where there are indications of abusive behaviour and your rights and interests do not prevail.
3.3 If we transfer data to recipients in a third country (located outside the EEA), you will be informed about the recipients and the underlying legal basis in accordance with Art. 45 or 46 (2) GDPR. Some third countries are certified by the European Commission through adequacy decisions. A list is available at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en . If no comparable level exists, we ensure appropriate safeguards.
4 Data retention
Unless otherwise stated, we process and store your personal data only for as long as necessary. Personal data is then deleted unless required for:
- Fulfilment of legal storage obligations
- Preservation of evidence
5 Your Rights
5.1 Right to information
You have the right to request information under Art. 15 GDPR.
5.2 Right to rectification
You have the right to rectification under Art. 16 GDPR.
5.3 Right to erasure
You have the right to erasure under Art. 17 GDPR.
5.4 Right to restriction
You have the right under Art. 18 GDPR.
5.5 Right to data portability
You have the right under Art. 20 GDPR.
5.6 Right of objection
You may object under Art. 21 GDPR.
5.7 Right of Appeal
You may lodge a complaint with a supervisory authority.
6 Modifications of this Privacy Policy
We always keep this Privacy Policy up to date. The current version is available at https://shlink.ecodms.cloud/privacy.
