Legal

Privacy Policy

In accordance with the EU General Data Protection Regulation (GDPR / DSGVO) and German data protection law. Written in English.

Last updated: November 2024

DN Deliveries ("we", "our", "us"), operating at dn-deliveries.de, takes the protection of your personal data very seriously. This Privacy Policy explains what data we collect, how we process it, on what legal basis, and what rights you have as a data subject under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller (Verantwortliche Stelle)

The data controller responsible for processing your personal data on this website is:

DN Deliveries
[Company Legal Name]
[Street], [Postal Code] [City], Germany
Email: contact@dn-deliveries.de
Website: https://www.dn-deliveries.de

For data protection inquiries, please contact us at: contact@dn-deliveries.de

2. Data We Collect and How We Use It

2.1 Website Access Logs

When you access our website, our web server automatically records the following information in server log files:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file requested
  • Browser type and version
  • Referrer URL (previously visited page)
  • HTTP status code and data volume transferred

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in ensuring the technical security and stable operation of the website.
Retention period: Log files are deleted after 30 days unless required for the investigation of ongoing incidents.

2.2 Document Signing (DNSign)

When a document is signed via our DNSign service, we collect and process the following data to create a verifiable certificate:

  • Signature image: The handwritten signature provided by the signer, captured and stored as an image.
  • Timestamp: The exact date and time (UTC) at which the signing event occurred, recorded server-side.
  • IP address of the signer: The public IP address from which the signing action was performed.
  • Geolocation data: If available and if the signer has not opted out, the approximate geolocation derived from the IP address or provided by the browser (city and country level).
  • Unique certificate / reference ID: A system-generated unique identifier assigned to each signing event.
  • Signature hash: A cryptographic hash (SHA-256) of the signature data, used for tamper detection.

Purpose: This data is processed to generate a legally meaningful, tamper-evident digital certificate that can be verified at any time by parties with a legitimate interest in the document's authenticity.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and/or Art. 6(1)(f) GDPR (legitimate interests in creating verifiable audit trails for document integrity).

Retention period: Certificate data is retained for as long as the associated document or service agreement remains in effect, or as required by applicable German or EU law. We will provide information about specific retention periods upon request.

2.3 Certificate Verification

When a user visits the certificate verification endpoint (sign.dn-deliveries.de/signcert.php), we process:

  • The certificate ID submitted in the verification request
  • The IP address of the person performing the verification
  • Timestamp of the verification request

Purpose: To return the verification result for the requested certificate and to maintain an audit log of verification events.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in operating a reliable and auditable verification service.

2.4 DNVerify API Access

When developers or third-party systems access the DNVerify API, we process:

  • API authentication credentials (tokens — stored in hashed form only)
  • Certificate IDs submitted in API requests
  • IP addresses of API clients
  • Timestamps of API calls

Purpose: To authenticate API access, provide verification results, and maintain usage logs for security and billing purposes.

Legal basis: Art. 6(1)(b) GDPR (contractual relationship with API users) and Art. 6(1)(f) GDPR (legitimate interests in API security).

2.5 DNFlow Automation Service

When using DNFlow to connect signing events to external systems, we may process:

  • Certificate and document metadata required to execute the configured automation rules
  • Webhook endpoint URLs configured by the user
  • Execution logs of automation actions

Purpose: To execute the automation workflows as configured by the user.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

3. IP Addresses — Specific Notice

IP addresses are collected and processed in connection with the DNSign signing service, certificate verification, and API usage. An IP address constitutes personal data under GDPR when it can be linked to an identifiable individual.

The IP address of a signer is embedded in the certificate as part of the audit trail. This serves the legitimate purpose of establishing the technical circumstances of a signing event and is proportionate to the goal of maintaining document integrity. Signers are informed of this at the point of use.

4. Cookies and Tracking

DN Deliveries does not use advertising cookies, tracking cookies, or third-party analytics services on its main website. We may use technically necessary session cookies for operational purposes only, which do not require consent under Art. 5(3) ePrivacy Directive as transposed into German law (TTDSG).

We do not use Google Analytics, Facebook Pixel, or any similar tracking tools.

5. Data Sharing and Third Parties

We do not sell personal data to third parties. We may share data in the following limited circumstances:

  • Hosting providers: Infrastructure services (servers, storage) used to operate our platform. These providers act as data processors under Art. 28 GDPR and are bound by data processing agreements.
  • Legal obligations: If required by applicable law, court order, or regulatory authority, we may be obliged to disclose data to public authorities.
  • DNFlow integrations: When users configure automations that push data to external systems (e.g. CRMs), data is transferred to those systems as instructed by the user. The user is responsible for the lawfulness of such transfers.

6. Data Transfers Outside the EU/EEA

We aim to store and process all data within the EU/EEA. If any data processing involves transfers to third countries, we ensure that appropriate safeguards are in place as required by Chapter V GDPR (e.g. standard contractual clauses or adequacy decisions).

7. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You have the right to receive a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data under certain conditions.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: contact@dn-deliveries.de

Please note that certain data embedded in certificates (e.g. the signer's IP address and timestamp) forms part of a tamper-evident audit record. Deletion of this data may affect the verifiability of the associated document. We will advise you of any such implications when responding to deletion requests.

8. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for DN Deliveries in Germany is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
(or the relevant supervisory authority for the registered Bundesland)
Website: www.datenschutz-berlin.de

9. Data Security

We use industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. Connections to our services are encrypted via TLS (HTTPS). Signature hashes use SHA-256. Access to production data is restricted on a need-to-know basis.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services or applicable law. We will publish the updated version on this page with a revised "last updated" date. For significant changes, we will provide more prominent notice.

Last updated: November 2024 — dn-deliveries.de
Questions? contact@dn-deliveries.de