Privacy Policy

Valid from 8 November 2024
Updated on 4 December 2024

I.    Introduction

At READ-COOP, we place a high priority on protecting your privacy and personal information. This Privacy Policy gives you information about how we collect, receive, use, store, share, transfer, and handle your personal data. It also explains your options and rights regarding your Personal Data, including your right to access, correct or delete your information.

Please read the information below carefully. Our goal is to present the description and the handling of your personal information concisely, using clear and simple language to make this policy quick and easy to read and understand.

When stating "READ-COOP," "we," or "us," we are referring to READ-COOP SCE mbH (with limited liability) acting as controller with respect to the collection or processing of your personal data. "Personal Data" means any information that is related to a specific person and can be used to identify them. When we refer to "you" or "your," we mean any individual or user who visits our website or uses our products and services and is affected by this Privacy Policy.

Our Services are not intended for individuals under the age of 16 (the "Minimum Age"). This means you must be at least 16 years old, or older if required by applicable laws in your country. If you are under the Minimum Age, please do not use our Services or provide any personal information to us.

We may provide links to third-party sites. If you choose to access third-party content, you may be required to adhere to their specific terms and conditions, including their cookie policies, which are beyond our control.

You can check out our Terms and Conditions for more information on the definitions of our products and services.

II.    What kind of data do we collect and how do we obtain it?

We collect various categories of data through our products and services, including Transkribus, and via our website. Below is a detailed overview of the data we collect and how we obtain it.

1.    Registration on Transkribus

To use Transkribus or purchase any of our products or services, you are required to create an account. During the registration process, we collect Personal Data, such as your first name, last name, and email address. If you proceed with a purchase, we may also collect additional information required to process the transaction. For further details, please refer to "Payment Information" Section 3.2.

2.    Data required to deliver our products and services

You have full control over the Personal Data you provide and how it is processed through our platforms. Detailed information on data collection and usage for each service is outlined below:

2.1.    Web or Desktop Version of Transkribus

READ-COOP collects the data you transfer to Transkribus, including your uploaded images, recognised text, ground truth data, trained recognition models, and entered metadata. This data is stored hosted on our servers located in Austria and Germany (EU). Please note, this data must not contain Personal Data of any kind unless you are a controller under the GDPR and have signed a Data Processing Addendum ("DPA") with us before transmitting or uploading any Personal Data to Transkribus.

2.2.    Transkribus.ai

When using our Transkribus.ai online tool, the images you upload are processed and stored on our servers only for the duration necessary to complete the text recognition. The uploaded data is promptly deleted after the text recognition process is finished.

2.3.    Transkribus on-premises solution

When using the Transkribus on-premises solution, all data is processed exclusively on your premises after installation by READ-COOP. We do not have access to any data within the images or documents you process, including recognised text, metadata, and trained models. No data is transmitted to our servers, and all processing occurs within your local environment, ensuring you retain full control at all times.

READ-COOP only receives aggregated, non-Personal Data data, such as performance metrics and general usage statistics, for purposes like service improvement, billing and for preventing fraudulent activities. You are solely responsible for ensuring that all data processed through the on-premises solution complies with applicable data protection laws, including the GDPR. This includes implementing appropriate security measures and obtaining any required consents for the processing of Personal Data. Read-Coop does not act as a data controller or data processor in relation to the data handled within your on-premises environment, and we disclaim any responsibility for ensuring compliance with data protection regulations for this data.

2.4.    Metagrapho API

Data transmitted through our Metagrapho API is retained on our servers only for the duration required to facilitate text recognition. Once the process is complete, the data is promptly deleted within 48 hours.

2.5.    DocScan App

The DocScan App offers a synchronisation feature that allows your device to upload images directly to Transkribus. If you activate this function, the images will be transferred and stored on our servers in accordance with Section 2.1.

However, if you choose not to enable this synchronisation feature, the images will remain stored solely on your device and will not be transmitted to Transkribus or any of our servers. In this case, you retain full control over the data, and we have no access to it.

3.    Data Processed Through Our Website

When you visit and interact with our website, we collect and process certain information to provide a seamless user experience and facilitate purchases. The types of data we collect include:

3.1.    Personal Data Provided by You

a.     Contact Information: When you create an account, subscribe to our newsletter, make a purchase, apply for membership, register for a webinar or contact us for support or sales inquiries, we may collect Personal Data such as your name, profession, email address, postal address, telephone number, birth date, and company name.

b.     Membership Applications: Individuals and institutions can apply for membership by completing an application form on our website. We collect information necessary to process your application, including any attachments you provide.

3.2.    Payment Information

We use Stripe as our external payment processor to handle payments. While we do not store your payment details, we may access limited payment information, such as your credit card provider and the last four digits of your card or paypal email account, which you can find in the "Payment Methods" section of your account. We do collect the billing and delivery address you provide during the payment process. You can access, update, delete, or edit this Personal Data anytime by logging into your account at my.readcoop.org.

All other sensitive billing and payment information is sent directly to our payment processor, who handles it securely according to their privacy policies. These payment processors comply with PCI-DSS standards to ensure your payment information is kept safe.

Stripe: https://stripe.com/us/privacy

PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full

3.3.    Technical and Usage Data

We collect certain technical and usage data when you interact with our websites and services, including through the use of Cookies, local storage and log and device information. This helps us enhance your experience and ensure the security and functionality of Transkribus.

a.     Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your interactions with our website. This includes data such as your browsing behaviour, preferences, and settings, which help us improve your user experience and tailor our services to your needs. For more details on the types of cookies we use and the specific information they collect, please refer to Section IV below.

b.     Local storage: We may collect and store information directly on your device using the local storage feature of your browser or application. This allows us to remember your preferences and improve the functionality of our services.

c.     Device Information: We also collect information about your device, including:

○     Browser type and version

○     Operating system

○     Unique Device Identifier, which is a distinctive number assigned to your device to help identify it and distinguish it from other devices.

○     Internet service provider

d.     Log and Device Information: Each time you access our websites, products, or services, we automatically collect and store certain Personal Data in server logs. This includes:

○     The name of the website visited

○     Pages visited

○     Date and time of visit

○     Time spent on a page

○     Usage data

○     Notifications of successful access

○     Referring URL (the website visited before ours)

○     An Internet Protocol (IP) address, which is a unique numerical label assigned to your device when connected to the internet.

In accordance with legal requirements, we strictly use this log data for statistical analysis to operate, secure, and optimise our services. We do not link this data to individual users or create user profiles. However, we reserve the right to review log data if there is evidence or reasonable suspicion of unlawful use.

3.4.    Communication Data

When you contact us through our website for support or sales inquiries, we retain your communications, including your email address, message content, and any attachments, until you withdraw your consent.

3.5.    Newsletter Subscription

Our newsletter provides information about our products, services, promotions, and company updates. To receive it, you must subscribe through our registration process. We use a single opt-in procedure to ensure secure and authorised subscriptions. The process is logged to comply with legal requirements.

a.     Newsletter Providers: We use Twilio and HubSpot as our newsletter providers. All email addresses and relevant data of our newsletter recipients are securely stored on Twilio's and HubSpot"s servers. Both Twilio and HubSpot handle the delivery and analysis of newsletters on our behalf, in full compliance with strict data protection regulations. For more information, please refer to Section V.

b.     Web Beacons: To enhance our newsletter and gain insights for website optimisation and marketing analysis, we utilise a "web beacon." This technology collects technical data such as your email provider and access times when the newsletter is opened. We handle this data responsibly and with respect for your privacy, and do not use web beacons to collect Personal Data without your consent. If you have concerns about our use of web beacons, please contact us for more information.

c.     Unsubscribing: You can unsubscribe from our newsletter at any time by clicking the link provided at the end of each newsletter. By unsubscribing, you revoke your consent to receive further newsletters and statistical evaluations.

3.6.    Webinar Registration

When you register for a webinar, we collect your Personal Data, such as your name, email address, and organisation. This data is collected directly through Zoom, which we use to facilitate the webinar. Zoom processes this data to manage your registration and provide access to the webinar, in line with their Privacy Policy.

Post-registration, we send communications such as reminders, follow-up materials, and the webinar recording via HubSpot. With your explicit consent, we may also use HubSpot to send you updates about future webinars or relevant events. You can opt out of these communications at any time by following the unsubscribe link in our emails or by contacting us at privacy@transkribus.org.

III.    How will we use your data?

Your Personal Data may be used for the following purposes:

4.    To Perform Our Agreement with You

We process your Personal Data where it is necessary to establish and fulfill our contractual obligations to you. This includes:

a.     Fulfilling your orders for products or services and providing the information, products, and technical support you request.

b.     Dispatching ordered products through the Austrian postal service ("sterreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria - Privacy Policy) and the Sendcloud service (Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich, Germany - Privacy Policy).

5.    For Legitimate Business Interests

We may process your Personal Data where it is necessary for READ-COOP"s legitimate interests, as long as these interests do not override your data protection rights. This includes:

a.     Providing effective customer service and technical support.

b.     Maintaining, improving and optimising Transkribus and other products and services we offer.

c.     Ensuring the security of Transkribus, our websites, and other products.

d.     Conducting statistical analysis, including for billing and internal reporting purposes.

e.     Monitoring for potentially unlawful actions, such as fraud prevention.

f.      Keeping you informed about new developments, features, and changes related to Transkribus and the cooperative.

g.     Internal audits and risk assessments

h.     Defending READ-COOP, its employees, agents, and subcontractors against legal claims or disputes

In some cases, the above purposes may involve gathering aggregated or anonymised data to introduce new features or address operational needs. You have the right to object to the processing of your Personal Data based on our legitimate interests at any time. If you wish to exercise this right, please contact us at privacy@transkribus.org.

6.    To Comply with Legal Obligations

We may process your Personal Data when required to comply with legal obligations, such as accounting, reporting, or responding to legal requests from authorities.

7.    For Marketing Purposes

With your explicit consent, we may process your Personal Data for marketing purposes, such as sending newsletters or other direct communications about our products and services. You have the right to withdraw your consent at any time by emailing privacy@transkribus.org or by following the opt-out instructions provided in the communication.

IV.    Cookies

8.    What are Cookies?

A cookie is a small text file that a website stores on your computer or mobile device when you visit the site.

First party cookies are cookies set by the website you"re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.

Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser. The purpose of persistent cookies is to enable our website to remember your preferences (such as user name, language, etc.) for a certain period of time. That way, you don"t have to re-enter them when browsing around the site during the same visit.

Cookies can also be used to establish anonymised statistics about the browsing experience on our sites.

9.    How do we use cookies?

Our websites use cookies to improve your experience while you navigate through the websites. Our websites use a mixture of first-party and third-party cookies, session and persistent cookies. The cookies that are categorised as "essential" are stored on your browser as they are essential for the working of basic functionalities of our websites.

We also use third-party cookies that help us analyse and understand how you use our websites. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

10.    What types of cookies do we use?

10.1.    Essential Cookies:

These cookies are necessary for the basic functioning of our websites, products or services. They enable core features such as secure logins, page navigation, and session management. Without these cookies, the website may not function properly or perform optimally. As these cookies are essential for the operation of the site, they cannot be disabled. Details about the third parties involved, the information they collect, their purposes, and links to their privacy policies can be found here.

10.2.    Optional Cookies:

a.     Functional cookies enhance the performance and usability of our website. They remember your preferences, such as language settings, and support interactive features like forms. These cookies also allow integrations with third-party tools that improve your experience. Details about the third parties involved, the information they collect, their purposes, and links to their privacy policies can be found here.

b.     Analytics cookies help us understand how users interact with our site, track performance, and improve the website"s functionality. Details about the third parties involved, the information they collect, their purposes, and links to their privacy policies can be found here.

c.     Marketing cookies track your browsing habits across websites to deliver more relevant ads based on your interests. They help us assess the effectiveness of our advertising campaigns and limit the number of times you see an advertisement. Details about the third parties involved, the information they collect, their purposes, and links to their privacy policies can be found here.

11.    How can you manage cookies?

When you first visit our website, you can select your cookie preferences via the cookie banner at the bottom of the page. This banner provides detailed information about each cookie, including its purpose, the Personal Data it collects, and links to the privacy policies and Data Protection Officers (DPO) of third-party providers.

You can also manage or delete cookies through your browser settings. Most browsers allow you to block or remove cookies, or notify you when they are being placed. Keep in mind that disabling essential or functional cookies may affect the website's performance and limit certain features.

You have the right to withdraw your consent to non-essential cookies at any time. If you wish to do so, you can update your cookie settings through your browser settings.

V.    With whom do we share information collected?

We use third-party service providers to help deliver our products and services, enhance the functionality of our website, analyse usage, and improve your overall experience. These providers may process your Personal Data under strict DPA to ensure its security and compliance with applicable laws. Below is a list of the key third-party services we use, along with their purposes and links to their privacy policies.

12.    Google Analytics, Marketing, and Remarketing Services

We use Google Analytics, from Google LLC, to track and analyse how users interact with our website. Data such as your IP address and browsing behaviour is collected via cookies and transmitted to Google's servers, typically in the United States. To ensure your privacy, IP anonymization is enabled before the data is transferred outside of the EEA. Cookies related to Google Analytics are stored for up to 24 months and are automatically deleted thereafter.

Google Remarketing Services use cookies to record your interaction on our website, allowing Google to display personalised ads based on your activity across other websites. Google processes user data pseudonymously as part of its Marketing Services, meaning it does not associate the data with a user's name or email address but processes it based on cookies and pseudonymized user profiles. Advertisements are managed and displayed for the cookie owner, not for a specific individual, unless the user has expressly allowed Google to process their data without pseudonymization. Data collected by "DoubleClick," a Google Marketing Service, is transmitted to Google and stored on its servers in the United States.

Additionally, we use other Google Marketing Services, such as "Google AdWords" and "AdSense", which also use cookies to display relevant ads on our website. We integrate these services using the "Google Tag Manager."

Safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your Personal Data during transfers to the United States, in compliance with EU data protection regulations.

Google processes this data based on your consent. You can prevent data collection by adjusting your browser settings, rejecting functional and marketing cookies in our consent cookie banner, or using Google"s opt-out tools:

○     For Google Analytics opt-out here.

     For Google Marketing and Remarketing services, opt-out here.

For more details on how Google processes your data and your available options, please visit Google's Privacy Policy.

13.    Hubspot

HubSpot, Inc., located at 25 First Street, Cambridge, MA 02141, USA, offers a user database management service known as HubSpot. We utilise HubSpot to support our online customer activities.

As controllers of the data collected on our websites, we manage the Personal Data" according to this privacy policy. HubSpot acts as the data processor, providing the user database management service and processing the data on our behalf. We ensure that HubSpot adheres to our DPA and comply with applicable regulations. For more details regarding the specific data processing activities carried out by HubSpot, please refer to their privacy policy available at https://legal.hubspot.com/privacy-policy.

We use HubSpot's chatbot feature to allow users to interact with our helpdesk and receive real-time responses. This chatbot utilises OpenAI"s GPT technology to generate replies based on user input. The chatbot only processes data that you voluntarily provide during the chat, such as your email address, which may be collected for follow-up responses. HubSpot engages OpenAI as a subprocessor for this feature. If you prefer not to have your information processed by OpenAI, you can choose not to use the chatbot feature. In this case, you can reach out to us for support directly via email at info@transkribus.org.

In the course of using HubSpot on our website, certain cookies are employed for various purposes, including tracking preferences and website engagement. Please be aware that your use of HubSpot and its associated cookies is subject to HubSpot's own privacy policy, and we encourage you to review it to better understand how your data is processed and protected by HubSpot:

   More information about HubSpot's privacy policy.

    More information from HubSpot regarding the EU data protection regulations.

   More information about the cookies used by HubSpot can be found here & here .

14.    Usersnap

We use Usersnap, a web feedback tool designed to make it easy for you to send us your feedback. With Usersnap, you can report any errors or suggest improvements and also get in touch with us. Usersnap GmbH is located at Industriezeile 35, 4020 Linz, Austria. When you submit feedback, it goes through Usersnap GmbH's server in the European Union before reaching us, ensuring secure transfer.

As an Austrian company, Usersnap adheres to the DSGVO and follows European data protection standards. You can find more information about their data protection policy at https://usersnap.com/privacy-policy. Additionally, we have established a DPA with Usersnap, ensuring that they are committed to protecting our customers' data and will not disclose it to any third parties.

15.    SevDesk

We use sevDesk for our accounting and financial management needs. sevDesk is provided by sevDesk GmbH, located at Roteb"hlplatz 21, 70178 Stuttgart, Germany. Any Personal Data stored in sevDesk is used exclusively for accounting purposes and maintaining accurate financial records. To learn more about sevDesk's privacy practices, you can review their privacy policy at https://sevdesk.de/datenschutz/.

16.    Twilio

Twilio (Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 or Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland) serves as our newsletter provider. They play a crucial role in delivering and analysing our newsletters on our behalf. Your email addresses and other relevant data are securely stored on Twilio's servers. As a responsible data processor, Twilio strictly adheres to data protection regulations, ensuring the confidentiality and security of your information. They do not share your data with any third parties. To learn more about Twilio's approach to privacy, you can review their privacy policy at https://www.twilio.com/legal/privacy.

17.    PostHog

PostHog is an analytics platform that helps us track user behaviour and website performance in real-time. We use PostHog to gain insights into how users interact with our website and services, which helps us improve the user experience. Data collected by PostHog includes usage patterns, device information, IP address, and interactions with the site. Your data is securely hosted by PostHog within the European Union (Germany). For more details on how PostHog handles your usage data, please refer to their Privacy Policy.

18.    Typeform

We use Typeform, headquartered in Barcelona, Spain, to collect data through surveys and forms. Typeform stores and processes data on servers located within the European Union. It collects user responses, IP addresses, and device information to enhance user experience and interaction. Typeform also uses cookies to track engagement and form completion. Data is processed securely and in compliance with applicable regulations. You can find more details in Typeform's Privacy Policy.

19.    Sentry

We use Sentry, a cloud-based application monitoring tool provided by Sentry, Inc., to help us detect, diagnose, and resolve errors in real-time. Sentry collects data related to error reports, such as IP addresses, device information, and details about the error or crash. This helps us maintain the stability and reliability of our services.

The data collected by Sentry is securely processed and stored in compliance with applicable data protection regulations. Sentry's servers are located in the European Union and the United States, we have choosen the European Union as data location for the data we send to sentry. You can find more information about how Sentry handles your data by reviewing their privacy policy at https://sentry.io/privacy/.

VI.    Where and how long do we store your Personal Data?

20.    Where We Store Your Personal Data

We securely store your Personal Data on our servers located in the European Union (Austria and Germany), as well as with trusted third-party service providers listed in Section V. We ensure that any third parties processing personal data on our behalf do so under a DPA. This agreement requires third parties to process your data in compliance with our instructions, GDPR, and relevant legal frameworks.

21.    International Data Transfers

If we transfer or host your data outside the European Economic Area (EEA), we ensure it is protected by appropriate safeguards. This includes using mechanisms such as Standard Contractual Clauses (SCCs) and ensuring that any third-party processors have robust measures in place through DPAs to protect your data.

22.    Data Minimization

We apply data minimization principles, meaning we only collect, store, and process the minimum amount of Personal Data necessary for the purposes outlined in this Privacy Policy.

23.    How Long We Keep Your Data?

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected. If you withdraw your consent or object to the processing of your data, we will delete it unless we are legally required to retain it, such as for tax, accounting, or other statutory legal obligations. In certain cases, we may retain data for an appropriate period to protect ourselves from legal claims.

VII.    What are your data protection rights?

Right to access - you have the right to request READ-COOP for copies of your personal data. We may charge you a small fee for this service.

Right to rectification - you have the right to request that READ-COOP correct any information you believe is inaccurate. You also have the right to request READ-COOP to complete information you believe to be incomplete.

Right to erasure - you have the right to request that READ-COOP erase your personal data, under certain conditions.

Right to restrict processing - you have the right to request that READ-COOP restrict the processing of your personal data, under certain conditions.

Right to object processing - you have the right to object to READ-COOP processing of your personal data, under certain conditions.

Right to data portability - you have the right to request that READ-COOP transfers the data that we have collected to another organisation, or directly to you, under certain conditions.

VIII.    How to contact us and the appropriate authorities

If you have any questions about READ-COOP"s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us:

READ-COOP SCE (with limited liability)

Kranebitter Allee, 22 6020 Innsbruck

Austria / Europe

E-Mail: privacy@readcoop.eu

We are dedicated to resolving any privacy-related complaints or concerns you may have in a fair and amicable manner. If, for any reason, you feel that we have been unable to address your complaint satisfactorily, you have the right to lodge a complaint with the data protection authority. Before taking this step, we kindly request that you reach out to us, as we would greatly appreciate the opportunity to address your concerns directly and find a resolution together. Your feedback is valuable, and we are here to ensure your privacy is protected to the best of our ability.

The Austrian Data Protection Authority (Österreichische Datenschutzbehörde) can be contacted as follows:

Österreichische Datenschutzbehörde

Barichgasse 40-42 1030 Vienna

Austria / Europe

Phone number: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

IX.    How and when will we change this policy?

We reserve the right to update or modify this Privacy Policy from time to time to reflect changes in legal requirements, our data processing activities, or our services. Any updates or changes will be posted on this page, and we will revise the "last updated" date at the top of the policy accordingly.

If the changes significantly affect how we process your Personal Data or have a substantial impact on your rights, we will provide you with advance notice, as required by applicable law. This notice may be delivered via email or through a notification on our website (such as a pop-up banner) to give you the opportunity to review and exercise your rights, if applicable.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your Personal Data.