AI Scanner (“App”), an automated scanner App provided by applord GmbH (hereinafter "we“), allows you to transform your device into a powerful document scanner. With cutting-edge AI technology, the features provided (“Services”) help you scan, save, and share documents with clarity and ease. When you use the App, we process personal data about you and access information on your device. Personal data means any information relating to an identified or identifiable natural person. Since protecting your privacy is important to us, we would like to inform you in this Privacy Policy about the processing of your personal data.
1 General Information
Controller
applord GmbH
Dresdener Straße 1
52068 Aachen
+49 (0)241 47572 10
Data Protection Officer
Stefanie Schmitz
Contact
2 Information on the data processing
2.1 Download of the App
When downloading the App, certain required information is transmitted to the App Store selected by you (e.g., Google Play or Apple App Store), in particular the user name, the email address, the customer number of your account, the time of the download, payment information as well as the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective App store and is beyond our control.
2.2 App Features
When using our App, you may transform your smartphone into a powerful document scanner. Our App and its AI technology particularly allow you to scan documents, receipts, and other compatible content which may contain personal data (“User Content”).
The Services of our App, including the scan function, are operated on your end device. Therefore, we do not process or store your User Content, the scanned User Content and any personal data that may be contained on our servers to provide you with our Services.
2.3 AI Training
The scanning feature of our App is based on our own cutting-edge AI technology, enabling automatic capture of User Content. We always strive to improve this technology. To enhance our AI technology, refine our AI models, and ensure the highest accuracy in document scanning and recognition, we also collect, store, and process (a) the adjusted edge coordinates when you manually drag the edge marker, (b) the modified rotation data when you rotate or reject our predicted orientation, and (c) the User Content itself (together “AI Training Data”) for the purpose of improving our Services.
We store the AI Training Data only until the next re-training cycle of our AI technology, however to a maximum of 7 days. As we do only use our own AI technology on our own servers hosted in Germany, the AI Training Data is not transferred to any third-party in or outside the European Union.
The legal basis for the processing of personal data for AI training purposes is our legitimate interest to improve our AI technology and Services pursuant to Art. 6 (1) lit. f GDPR. You have the right to object to the processing of your AI Training Data at any time for reasons for the future. In this case, please contact us via
Please note that, according to our Terms of Use, you are prohibited from scanning User Content that may contain personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (“special categories of personal data”).
2.4 Google Firebase
To improve our Services and the performance of the App, we use Google Firebase. Google Firebase is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase enables us to use analytics services (Firebase Analytics). Firebase Analytics accesses your device and analyses your usage behaviour to collect usage data, including information on when and how long the App is used and which features of the App are clicked. Additionally, information about your end device (e.g., operating system, country, language) is collected. We use this information to improve our Services and to fix issues through interaction data. Firebase Cloud Messaging is used to send you notifications. Google processes your personal data as a processor following our instructions in accordance with Art. 28 GDPR. More details regarding the collection of personal data via Google Firebase can be found in the Google Firebase privacy policy.
The legal basis for the data processing is your consent, regarding access to your device pursuant to Section 25 (1) sentence 1 TDDDG, and with regard to the processing of your personal data pursuant to Art. 6 (1) lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. In the context of using the described Firebase services, there may be a transfer of personal data to so called “third countries” (located outside the EEA), particularly to the parent company Google LLC in the USA. Google is certified under the US-EU Data Privacy Framework "Trans-Atlantic Data Privacy Framework" and thereby commits to complying with European data protection standards. The legal basis for data transfers to the USA is Art. 45 (1) GDPR.
3 Transfer of data to third parties
3.1 We rely on contractually affiliated companies of the applord Group and the aforementioned third-party external service providers to provide you with our Services. Any transfer of personal data is justified by the fact that (a) we have a legitimate interest in disclosing the data for administrative purposes within our group companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR do not prevail, and (b) we have carefully selected our external service providers as processors within the framework of Art. 28 (1) GDPR, regularly checked them and contractually obliged them to process all personal data exclusively in accordance with our instructions.
3.2 Otherwise, we do only share your data with third parties to clarify unlawful or abusive use of the App or for legal prosecution, which may require a transmission to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only applies if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities. Any transfer of personal data is justified by the fact that (a) information must be provided by order of a competent authority, insofar as this is necessary to comply with obligations to provide information pursuant to Section 21 (1) and (2) TDDDG or pursuant to Section 22 TDDDG (b) the processing is necessary to comply with a legal obligation to which we are subject pursuant to Art. 6 (1) c GDPR in conjunction with national legal requirements to provide data to law enforcement authorities, or (c) we have a legitimate interest in transferring the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f GDPR do not prevail.
3.3 If we transfer data to recipients in a third country (located outside the EEA), you will be informed on the recipients and the underlying legal basis in accordance with Art. 45 or 46 (2) GDPR as part of the description of the respective data processing. Some third countries are certified by the European Commission through so-called adequacy decisions as having a data protection standard that is comparable to the level in the European Economic Area. You can find a list of these countries at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a country does not have a comparable data protection standard, we ensure that data protection is sufficiently guaranteed by other measures. This is possible, for example, through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations, unless expressly stated otherwise in this Privacy Policy.
4 Data retention
Unless otherwise stated, we initially process and store your personal data for the duration for which the respective purpose of use requires storage. On this basis, personal data is regularly deleted within the period required for the fulfilment of our contractual and/or legal obligations, unless its further processing for a limited period is necessary for the following purposes:
- Fulfilment of legal storage obligations (in particular due to commercial or tax law)
- Preservation of evidence, taking into account the statute of limitations
5 Your Rights
5.1 Right to information
You have the right to receive information from us at any time upon request about the personal data processed by us that relate to you within the scope of Art. 15 GDPR. To exercise your right, you can submit a request to the contact details below.
5.2 Right to rectification of inaccurate data
Pursuant to Art. 16 of the GDPR, you have the right to obtain that we rectify personal data relating to you without undue delay if it is inaccurate. Taking into account the purposes of the processing, you also have the right to request us to complete incomplete personal data. To exercise your right, you can submit a request to the contact details below.
5.3 Right to erasure
You have the right to obtain that we erase personal data relating to you under the provisions pursuant to Art. 17 GDPR. This right applies in particular if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, if an objection has been raised or if there is an obligation to erase the data under the laws of the European Union or the laws of the Member State applicable to us. Please also see section 4 of this Privacy policy regarding the retention period of your personal data. To exercise your right, you can submit a request to the contact details below.
5.4 Right to restriction of processing
You have the right to obtain the restriction of processing in accordance with Art. 18 GDPR. This right applies in particular if the accuracy of the personal data is contested between the user and us, for the period enabling us to verify the accuracy of the personal data, as well as in the event that the user obtains his right to restriction of processing instead of erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires them for the establishment, exercise or defence of legal claims, as well as if the successful exercise of an objection is still contested between us and the user. To exercise your right, you can submit a request to the contact details below.
5.5 Right to data portability
You have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right, you can submit a request to the contact details below.
5.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out, inter alia, on the basis of Art. 6 (1) lit. e or f GDPR, in accordance with Article 21 GDPR. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
5.7 Right of Appeal
You also have the right to lodge an appeal with a supervisory authority in the event of complaints.
6 Modifications of this Privacy Policy
We always keep this Privacy Policy up to date. The current version of the Privacy Policy can be found at https://shlink.ecodms.cloud/privacy.
