Menu
We, notarity GmbH (hereinafter referred to as "we" or "notarity"), take the protection of your data very seriously and treat your personal data confidentially and in accordance with the legal requirements (and beyond). This data protection notice informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") on our platform (available at https://app.notarity.com and hereinafter referred to as "web app" or "platform"). This data protection notice also explains the general conditions under which your data is passed on to processors. With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 GDPR. Transparency is important to us, which is why we are providing you with information in this data protection notice that goes beyond the minimum legal requirements.
This data protection notice has been drawn up in German only. The authoritative version of this data protection notice is therefore exclusively the German version. The English translation is automatically generated by a "plug-in". Due to the automatic translation, the English version may contain grammatical errors as well as errors of meaning. notarity does not check or correct the automatic translation. No claims against notarity can be derived from the automatically generated version of this privacy policy. notarity is not liable for translation errors of the plug-in.
We ask you to inform yourself regularly about the content of our data protection information. We will adapt the data protection information if changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your co-operation (e.g. consent) or other individual notification.
This data protection notice first provides you with general information about our data processing at notarity as part of the operation of our web app. Subsequently, you will find specific information about individual data processing in the context of the operation of the web app. You can find out more about our data processing within the scope of our website at https://notarity.com/privacy/ inform.
2. controller (within the meaning of Article 4(7) GDPR)
Notarity GmbH is responsible for the data protection of our web app, Pfeilgasse 23/3, 1080 Vienna responsible.
notarity GmbH is an Austrian technology company based in Vienna. We operate a platform for the digital creation of notarial documents ("Remote Online Notarisations").
We will be happy to answer any questions you may have regarding data protection. You can use the following contact options:
Phone: +43 1 412 01 48
E-mail: [email protected]
If you contact us by e-mail, the data you provide will be stored by us in order to process your enquiry. The data collected in this context will be deleted by us if storage is no longer required. We will store your enquiry and the correspondence relating to it for thirteen months after the end of processing and any follow-up questions so that we can present them in the event of any proceedings before the data protection authority. Longer storage will only take place as long as statutory retention obligations exist or as long as any legal claims for the assertion or defence of which the personal data is required are not yet time-barred.
3. purposes of data processing
The purposes for which we process your data may include:
to provide you with our service on our platform and to maintain it. The purpose is therefore the performance of the contract and the fulfilment of our contractual and pre-contractual obligations (Art 6 (1) lit b GDPR);
To notify you of any changes to our service;
Provide customer services;
improve our service (including through the use and training of AI applications);
monitor the use of our service;
identify, prevent and correct technical problems; provide you with news and general information about other products, services and events offered by us where they are similar to those you have already purchased from or requested from us and you have not opted out of such communications.
There is no obligation to provide us with the personal data we ask you for. However, joint business processes or marketing processes may be delayed or become impossible and it may be impossible for you to participate in our events if you do not provide your personal data. If the provision of your data is required by law in some cases, we will inform you of this separately.
4. legal bases of data processing
We use your data on the basis of
a) your consent (Art 6 (1) lit a GDPR)You have the right to revoke your consent to us at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the point of revocation.
b) the fulfilment of a contract concluded with you or the implementation of pre-contractual measures, insofar as this is necessary (Art 6 (1) lit b GDPR);
c) the necessity for the fulfilment of legal obligations to which we are subject (Art 6 (1) lit c GDPR); or
d) an overriding legitimate interest (Art 6 (1) lit f GDPR), which is to achieve the purposes mentioned in point 3. If we process data on this basis, you have the right to object to the processing of your personal data, taking into account the provisions of Art. 21 GDPR.
There is no obligation to provide us with the personal data we ask you for. However, you may not be able to use all the functions of this website if you do not provide your personal data. If you are required to provide your personal data for legal reasons, we will inform you of this separately.
Under applicable law, you are entitled to do so (if the relevant requirements of the applicable law are met),
to request confirmation as to whether and which of your personal data we process and to receive copies of this data;
to request the rectification or erasure of your personal data;
to request us to restrict the processing of your personal data;
to object to the processing of your personal data;
to withdraw any consent previously given for the processing (the withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal);
to request data portability, and
to lodge a complaint with the data protection authority.
The competent authority for us is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Tel. +43 1 52152 2550
E-mail: [email protected]
To exercise your rights, you can also contact [email protected] at any time.
We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, backup, availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subjects' rights, e.g. to the erasure of data and a response to any threats to the data. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server:
Encryption of our platform (app.notarity.com)
We use SSL/TLS encryption on our website for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and, depending on the browser, by the lock symbol in your browser line.
If SSL or TLS encryption is activated, data and information that you transmit to us cannot be read by third parties.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible without the use of email encryption, such as PGP or S/MIME, and is at your own risk.
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of your consent or if a legal obligation provides for this (e.g. if a transfer of the data to third parties, such as to our signature partner, is necessary for the fulfilment of the contract in accordance with Art 6 (1) lit b GDPR) or on the basis of our overriding legitimate interests (e.g. prevention of fraud, misuse of services or money laundering, enforcement of claims under private law, etc.). If we commission third parties to process data on the basis of a so-called order processing contract, this is done on the basis of Art. 28 GDPR. If we use external service providers for individual parts of our offer, we will always carefully select and monitor these service providers and inform them in detail about the respective processes. You will find details of our most important processors and cooperation partners in the points below. Apart from this, we have order processing contracts with the following companies, among others:
We generally process your data within the European Union (EU) and the European Economic Area (EEA). Some of the recipients mentioned in point 7 are located outside your country or process your personal data there. The level of data protection in other countries may not be the same as in your country. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection. For example, we conclude standard contractual clauses (2021/914/EC). These are available on request (see contact details under point 5).
Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if the transfer is permitted on the basis of a balancing of interests within the meaning of Art 6 (1) lit f GDPR, if we are legally obliged to pass on the data or if you have given your consent in this respect.
This data will not be passed on to third parties for their advertising purposes.
10. storage period
We follow the principles of data minimisation and storage limitation. This means that we only store your data for as long as is necessary to fulfil the stated purposes or as required by law. As soon as the purpose no longer applies or the statutory periods have expired, your data will be blocked or deleted in accordance with the statutory provisions. If you have given your consent to storage, we will store your personal data until you withdraw your consent.
Our services use cookies and similar technologies. These are usually small text files that are stored on your device when you use our services. These cookies contain a unique string of characters that uniquely identifies your browser or applications when you return to our services. Some functions of our services require the browser or application to be recognised when a new page is called up. We use the following types of cookies:
We use both session cookies and permanent cookies.
Unless cookies and similar technologies are technically necessary to provide a service you have requested, we will only use them with your consent.
Purpose of this data processing
We use cookies and similar technologies to make our services attractive and user-friendly, to improve them and to process enquiries more quickly. Some functions of our services require the browser to be recognised when a new page is called up.
Legal basis for this data processing
The legal basis for the processing of personal data with technically necessary cookies is Art 6 (1) lit f GDPR. For the processing of personal data that is not necessary to provide you with a desired service, your informed consent is required in accordance with Art 6 (1) lit a GDPR.
Duration of storage
Session cookies are deleted as soon as you close the browser. Permanent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie.
On our platform (as well as on our landing page), we use the web analysis service Matomo to analyse and check the use of our platform. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
We operate Matomo in a version that does not require cookies. Thus, no Matomo cookies are stored on your computer for the purpose of web analysis. For the analysis of website usage, your IP address and information such as timestamp, web pages visited and your language settings are collected. We process the information collected in this way exclusively on our server. It is not transmitted to third parties.
This website uses Matomo with the "AnonymiseIP" extension. This means that IP addresses are further processed in abbreviated form and cannot be directly linked to individuals. The IP address transmitted by your browser using Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is our overriding interest in better adapting our platform to the needs of users (Art 6 (1) lit f GDPR).
The Matomo programme is an open source project. Information from the third-party provider on data protection can be found at matomo.org/privacy-policy/
On our platform, we use Hotjar with consent for cookie selection. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).
Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a particular place. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors.
Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting).
If consent has been obtained, this service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.
Disable Hotjar
If you would like to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/
Please note that Hotjar must be deactivated separately for each browser or end device.
In principle, our web app can be visited and used to a very limited extent even before registration. Information such as pages accessed or the name of the file accessed, date and time are stored anonymously on the server for statistical purposes, without this data being able to be directly related to you personally. We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are
IP address in anonymised form;
Date and time of the request Time zone difference from GMT;
Content of the request (specific page);
Browser;
Operating system;
Access status/http status code;
Amount of data transferred;
Website from which the enquiry comes.
This information cannot be assigned to a specific person. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
The digital notary appointment takes place via an audiovisual two-way connection, in which you are connected in real time with the respective notary or notarial substitute and, if applicable, other users (e.g. co-partners, business partners).
The video chat is always peer-to-peer. This means that the video chat is only operated on the end devices of the people participating in the video chat. This allows us to offer the most data protection-friendly solution in this respect. In cases where a server is used as an intermediary (this can be useful for a large number of participants, for example, to ensure the resilience of the web application), a (turn) server hosted in Finland (EU) is used.
During the notary appointment, we make some data available to you and the respective notary or notary substitute by displaying it in the web app (evidence data from the video identification procedure, master data, documents, etc.). We act on behalf of and under the responsibility of the respective notary. The specific process and the associated data processing are based on the specifications of the respective notary or notarial substitute and are described in more detail below.
In order to be able to offer our service in accordance with the requirements of the Notarial Code, our partner notaries are legally obliged to verify your identity (see §§ 69b and 79 (9) NO as amended). For appointments with Austrian notaries, verification using ID Austria or the video identification procedure complies with the legal requirements; the automated identification procedure is also authorised for the validity of international appointments.
In order to make this possible on behalf of the partner notary's offices, we work together with identity Trust Management GmbH and nect GmbH and transmit data to them in this context for the purpose of verifying your identity. We have concluded a contract with identity Trust Management GmbH for the commissioned processing of your data, in which we act as the controller within the meaning of the GDPR. In the course of the video identification procedure, your data is transmitted and processed exclusively via encrypted transmission channels. In particular, your data will not be transmitted via (insecure) e-mail traffic.
As part of the video identification process, you will be asked to identify yourself directly via live video. After you have given your consent, identity Trust Management GmbH will take screenshots of your face and the front and back of your ID document. At the beginning of the video identification process, the employee will obtain your express consent in accordance with Art 6 (1) lit a GDPR to take the photos and record the conversation. At the end of the video identification procedure, an SMS-TAN will be sent to the telephone number you have provided for verification purposes. Once you have entered the correct SMS-TAN, the video identification procedure is complete. In addition to the signature password or the Mobile ID app, your telephone number serves as a second factor for the qualified electronic signature.
As part of the automated identification procedure, you carry out the verification yourself. You confirm your identity by taking a selfie using the nect app by taking photos of your face and the front and back of your ID document. At the start of this process, your express consent is obtained in accordance with Art 6 (1) lit a GDPR. At the end of the procedure, an SMS-TAN will be sent to the telephone number you have provided for verification purposes. Once you have entered the correct SMS-TAN, the automated identification procedure is complete. Your telephone number serves as a second factor for the Qualified Electronic Signature in addition to the signature password or the Mobile ID app.
Following the video identification procedure or the automated identification procedure, identity Trust Management GmbH or nect GmbH provides us with the evidence data collected in a data package via an encrypted interface. We retrieve your evidence data from this interface and store it in our encrypted database to enable you to make online notarial appointments and draw up notarised deeds via the Internet.
We would like to point out that it is not possible to attend notary appointments via our web app without such an identification procedure. Personal identification on site is not possible, nor is it sufficient to send a copy of an identity document. This is due to legal provisions, in particular those of the notarial regulations.
The data package with your evidence data contains the following data:
First name, middle name and surname as per ID document;
Address (street, house number, postcode, town);
Place and date of birth;
Nationality;
the data and type of identity document, such as the validity date of issue, the issuing authority and the ID number as proof of the existence of a valid, official identity document;
Mobile phone number;
E-mail address;
Photos/screenshots of you and the front and back of the ID document; and
an audio and visual recording of the video conference.
identity Trust Management GmbH, nect GmbH or Persona also provides our signing partner, Swisscom IT Service Finance SE, with a data package of your evidence data via an encrypted interface. The interface is independent of our interface and we naturally have no access to the interface between Swisscom IT Service Finance SE and identity Trust Management GmbH.
In this context, we refer you to the General Terms and Conditions of Business including the Privacy Policy of identity Trust Management GmbH, which will be made available to you prior to the identification process.
The legal basis for this data processing is Art 6 (1) lit b and c GDPR (contractual and legal obligation).
The data collected in the video identification procedure ("evidence data") is linked to your user account after successful completion. Other users (clients) cannot view this data. Partner notaries also do not have access to your evidence data without further ado. Only after you accept an appointment invitation will the respective partner notary have access to your record data. By accepting the notary appointment, you acknowledge that the partner notary will have access to your personal data (including data from the verification procedure). Before accepting the notary appointment, no partner notary has access to the data collected in the video identification procedure.
As soon as you have been added to an appointment - by notarity or a partner notary's office - and therefore before accepting the appointment invitation, the other participants in the respective appointment (therefore clients and partner notaries, if you have been added to the appointment) can view your identification status. This information is limited to your email address and the progress of the onboarding process (pending, started, completed, etc.).
Of course, we will not pass on your e-mail address to the partner notary without your consent.
We work together with our signing partner Swisscom IT Service Finance SE to issue signature certificates. As described in section 13.7, Swisscom IT Service Finance SE requires your evidence data from the video identification procedure to issue the qualified signature certificates for the qualified electronic signature (QES). These are made available to it directly by identity Trust Management GmbH via an encrypted interface.
Swisscom IT Service Finance SE and Identity Trust Management GmbH act as joint controllers with regard to your identification for the issuance of the qualified signature certificate. In this context, please note the data protection declarations of Swisscom IT Service Finance SE and Identity Trust Management GmbH.
After successful registration and verification using the video identification procedure, Swisscom IT Service Finance SE creates a signature profile with your data (including a private signature key). The signature profile is necessary so that you can sign electronically via our web app as part of an online notarisation process. The unique ID of your signature profile is made available to us via an encrypted interface and is also stored in our encrypted database.
In this context, we refer to the General Terms and Conditions including the Privacy Policy of Swisscom IT Service Finance SE, which will be made available to you before the identification process. Data processing is authorised in accordance with Art 6 (1) lit c GDPR.
To trigger the actual signature during a notary appointment via our platform, the notary releases the document for signature via a button. You then sign the document using your telephone number, signature password and SMS-TAN via a Swisscom IT Service Finance SE plug-in. In this context, we transmit the following data to Swisscom IT Service Finance SE:
Document hash (pseudonymised data point);
First name, middle name and surname;
Mobile phone number;
Nationality;
Unique ID of your signature profile at Swisscom IT Service Finance SE.
The transmission of this data is necessary so that Swisscom IT Service Finance SE can clearly assign your signature profile.
After a successful signature, Swisscom IT Service Finance SE stores an encrypted data object at an encrypted data interface. We retrieve this and place and save it in the metadata of the signed document. The signatory, time of signature and content of the signed document can thus be verified beyond doubt.
Cooperation with notaries and notarial substitutes
When you register on our web app, we collect your data and verify your identity for the purpose of executing the contract and fulfilling our contractual and pre-contractual obligations. The data collection and data processing is necessary for the fulfilment of the contract concluded with you and is based on Art 6 (1) lit b GDPR.
The master data and contact details from your profile are transmitted to the respective notary's office when you confirm an appointment request from a notary or notary's substitute. For an appointment request to you, the notary or notary substitute only needs your e-mail address. He will receive this e-mail address from other participants in the planned notary appointment, for example. By accepting the notary appointment, you acknowledge that the respective notary or notary substitute will have access to your data (including the data from the verification procedure).
Your data will be passed on on the basis of your consent (Art 6 (1) lit a GDPR) and for the fulfilment of the contract concluded with you (Art 6 (1) lit b GDPR). Before accepting the notary appointment, our partner notary's offices only have access to your e-mail address and the status of your verification (pending, started, completed, etc.). No notary or notary substitute has access to any other data. It goes without saying that we will not pass on your e-mail address without your consent.
From the time the appointment is accepted, the respective notary or notary substitute processes your personal data as an independent controller. We act on his behalf and according to his instructions as a processor within the meaning of Art 28 GDPR. This means that the respective notary or substitute notary is responsible for individual data processing operations.
The order processing relates in particular to the actual processing of the digital notarial appointment by means of an audiovisual two-way connection and the associated features (e.g. processing of the evidence data from the verification procedure or electronic signature) and the data processing in the appointment dashboard on the platform. Further data processing before and after the notarial appointment is the responsibility of our own data protection officers or the notaries/notary substitutes.
We have concluded a corresponding agreement on order processing with each notary or notarial substitute.
Our partner notaries are obliged by various legal regulations to store your documents and personal data. We provide them with storage space on our servers for this purpose, which they can (but do not have to) use. We have also concluded an order processing agreement with the partner notaries for such cases.
Hosting and backend infrastructure (PaaS - Platform as a Service)
Data protection, data security and reliability have the highest priority for us. We therefore use a high-security back-end infrastructure that meets the highest security standards and is continuously maintained and improved by leading IT security experts. This enables us to guarantee the highest possible IT security.
All of the backend services we source are certified to key data protection and security standards (ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 and SOC 3).
All backend services sourced from us encrypt data in transit using HTTPS and logically isolate customer data. In addition, the backend services sourced from us also encrypt your data at rest.
We have concluded an agreement with the service provider to ensure that notarised deeds and documents are stored and processed exclusively on servers located in Frankfurt am Main. If it is necessary to process personal data in third countries, we have ensured that this only takes place in compliance with the conditions set out in Chapter V GDPR.
Additional information and a copy of the relevant standard contractual clauses for data processing and transfer can be requested from us by e-mail.
User feedback
In order to continuously improve our service, we conduct a short user survey at the end of each notary appointment. This involves processing some of your data (such as time/date, user ID, etc.).
Participation in the user survey is of course voluntary. You can simply close the pop-up if you do not wish to take part.
The relevant processing takes place exclusively for internal purposes.
Search queries (matching process)
If you are interested in notarial services but are not in contact with a notary in this regard, you can let us know via our platform or via our website (www.notarity.com).
You can confirm this by clicking the button ("I don't have a notary yet") in the web app. In addition, we offer forms on our website where you can search for partner notaries for predefined notarial services.
In this way, you can send us details of your service requirements or legal concerns.
We will then endeavour to find a suitable partner notary for you from our pool of partner notaries. In doing so, we process your data in accordance with this declaration with maximum security and integrity. The data collected in this context will be deleted by us if storage is no longer necessary.
German German 
English
Spanish