Data Protection Policy

GDPR Icon

The protection of your personal data plays an important role for us. We would therefore like to inform you in detail about how we handle your personal data.

General notes and mandatory information

Version 2.3 from 24.04.2024

Designation of the responsible body

The controller responsible for data processing on this website is:

PlagAware GmbH
Dr.-Ing. Dirk Malthan
Brumersweg 35/1
89233 Neu-Ulm

The controller is responsible for compliance with data protection regulations in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Its tasks include in particular

  • Determination of the purposes and means of data processing: The controller decides alone or jointly with others on the purposes for which personal data are processed and the manner in which they are processed.
  • Ensuring the lawfulness of data processing: Ensuring that personal data is only processed on a lawful basis, e.g. on the basis of consent, to fulfill a contract or on the basis of legitimate interests.
  • Information and transparency: The controller shall ensure that data subjects are informed clearly and comprehensibly about the processing of their personal data, including through this privacy policy.
  • Ensuring the rights of data subjects: The controller shall ensure that data subjects can assert their rights, such as the right to information, rectification, erasure or objection.
  • Implementation of technical and organizational measures: The controller implements suitable technical and organizational measures to protect personal data from loss, misuse or unauthorized access.
  • Cooperation with supervisory authorities: In the event of inquiries from data protection supervisory authorities, the controller works closely with them and provides the necessary information.

Purpose of data processing and legal basis

We process personal data exclusively within the framework of the applicable legal provisions, in particular the GDPR. Processing is carried out for the following purposes

Purpose Legal basis Data categories
Creation and management of customer accounts Art. 6 para. 1 lit. b GDPR (fulfillment of contract) Login data (e.g. email address, encrypted password, SSO identification), license affiliation, API key
Carrying out the plagiarism check Art. 6 para. 1 lit. b GDPR (fulfillment of contract) Uploaded test texts, comparative data (library)
Organization and structuring of test texts and reference texts Art. 6 para. 1 lit. b GDPR (fulfillment of contract) Metadata entered by the user (e.g. name of the author, name of projects)
Ensuring operational safety and protection against misuse Art. 6 para. 1 lit. f GDPR (legitimate interest in protection against misuse) Session identifier (cookie), IP address, browser fingerprint, usage statistics, scope and time of checks carried out
Accounting and statutory retention obligations Art. 6 para. 1 lit. c GDPR (legal obligation) Name, address, organization, contact person, order and billing data

Your rights under the GDPR

Withdrawal of your consent to data processing

You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority

As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to information, correction, blocking, deletion

You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed in the legal notice if you have any further questions on the subject of personal data.

Data origin and transfer

Data origin

All personal data is provided directly by users in the course of using our service. There is no collection of personal data from other sources.

Data transfer

Internal receiver

Employees of our company, to the extent necessary for the execution of the contract.

External receivers

  • Hetzner Online GmbH, Gunzenhausen (Germany) - Hosting service provider (order processing).

    A contract for order processing in accordance with Art. 28 GDPR exists.

  • Mollie B.V., Keizersgracht 126, 1015CW Amsterdam (Netherlands) - Payment service provider.

    Mollie acts as an independent controller within the meaning of the GDPR when processing payments (see below).

Data transmission to search engines

To carry out the plagiarism check, randomized sentence fragments are sent to public search engines such as Google or Bing. These fragments do not contain any personal data and do not allow any conclusions to be drawn about the entire test text. They are not passed on in the sense of data protection law, as they cannot be linked to individuals.

Storage period and data deletion

Data type Storage duration
Session data (e.g. user IP, display filter, activation code) 48 hours
Application data (e.g. check texts, library texts, metadata) Until manual or automatic deletion by the user. Automatic deletion can be set in the profile settings.
Data backups (encrypted archive files) 3 months
Billing data (e.g. invoices, usage statistics, audit statistics) 10 years (according to § 147 AO)

If you delete your PlagAware account, all application data associated with your account will be irrevocably deleted. Larger data sets are marked for deletion and deleted in the background within 24 hours. Your email address will be pseudonymized when your account is deleted. Billing data such as invoices, usage and test statistics are subject to the statutory retention period of 10 years and will only be deleted after the statutory retention period has expired.

Data security

All data is transmitted in encrypted form and stored in German data centers. We use technical and organizational measures to protect your data from loss, manipulation or unauthorized access.

Regular backups are created to protect against data loss. These backups are stored in encrypted form and are completely deleted after 3 months.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies are necessary to assign visits to our website to a common session.

Some cookies are "session cookies". Such cookies are deleted automatically at the end of your browser session. Other cookies, on the other hand, remain on your device until you delete them yourself. Such cookies help us to recognize you when you return to our website.

With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the program is closed. Deactivating cookies will limit the functionality of our website.

The setting of cookies, which are necessary for the performance of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), takes place on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services.

Automated decision-making and profiling

Automated decision-making within the meaning of Art. 22 GDPR does not take place. No profiling within the meaning of the GDPR is carried out either. All review processes are purely analytical and relate exclusively to the text content.

Use of (generative) AI and large language models (LLMs)

Certain processing steps (e.g. the recognition of personal data in sentence fragments) are carried out locally by generative AI models (LLMs). There is no transfer to external AI services. The results are used exclusively for internal processing of the test texts.

Customer data is not used for the training of AI models.

Payment processing

For payment processing, we use the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. The payment is processed directly via Mollie, i.e. when you make a payment in our system, you will be redirected to a secure page of Mollie for payment processing.

Mollie processes personal data as part of the payment process. This data is processed for the purpose of payment processing, to prevent fraud and to fulfill legal obligations. The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in secure and efficient payment processing). Mollie acts as an independent controller within the meaning of the GDPR. Further information on data processing by Mollie can be found in Mollie's privacy policy at: https://www.mollie.com/de/privacy.

Display of video content

Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When a page with an integrated YouTube plugin is accessed, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Details on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Changes and release notes

This privacy policy may be amended in the event of legal changes or changes to the service. The current version can be found on our website.

Version 2.3 / 24.04.2025 Updating the payment processing. Addition of information on generative AI and profiling.
Version 2.2 / 19.12.2024 Listing of the tasks of the responsible body. Removal of Google Analytics. Removal of Goolge Adsense. Removal of Sofortüberweisung. Removal of Klarna.

Further topics on data protection at PlagAware

For further information or questions about data protection at PlagAware GmbH, please send us an e-mail to datenschutz@plagaware.com.

Encrypted transmission of documents and secure payment options

  • encrypted data transmission
  • Payment of plagiarism check by PayPal
  • Payment of plagiarism scan by Sofortueberweisung