Privacy Policy

1. Who provides this service?

The RockDoc web app (hereinafter the "App") and its associated servers (hereinafter together the "RockDoc System" or "RockDoc") are operated by:

RockDoc GmbH

Marktgasse 34

A-7434 Bernstein

Austria

FN: 554292k

Email: support@rockdoc.at

Whenever this text refers to "we" or "us", it means RockDoc GmbH. Under the General Data Protection Regulation (GDPR), we are the controller. Data protection matters to us. The RockDoc System was developed from the outset with a focus on data security, and we strictly comply with the GDPR and the Austrian Data Protection Act (DSG). In this privacy information we explain which personal data we process, for what purpose, on what legal bases, and which rights you as a data subject have when using RockDoc.

2. What is the purpose of RockDoc?

RockDoc is a system that allows its users to automatically transform conventional PDF documents into accessible PDF/UA documents. The goal is to prepare digital documents in such a way that they can be read and used without difficulty by all people, including those with visual or cognitive impairments, using assistive technologies (e.g. screen readers).

3. What is personal data?

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, name, email address or IP addresses. If the PDF documents you upload for conversion contain information about natural persons, that content is also covered by the term personal data.

4. Which personal data is processed?

Depending on your specific use of the App, we process the following data:

Data required for the technical operation of the App

Any communication over the Internet requires processing of certain data. To provide and use the App, the following data is required for communication between your device and our server:

  • IP address
  • Date and time of the request
  • Configuration (language settings, browser type, device type and operating-system version)

This data is processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR): temporary processing is necessary to enable a secure and stable connection between the device and the server and to ensure the App functions correctly. This data is not combined with other personal data about you. It is deleted as soon as it is no longer required for the purposes for which it was collected (typically after the end of the relevant session or after standard server-log retention periods of 7 days).

Data required to create and operate a RockDoc account

To create a RockDoc account you must provide your email address, where applicable your first and last name, and a password. This data is processed on the basis of contract performance or pre-contractual measures (Art. 6(1)(b) GDPR), as it is strictly necessary for using RockDoc, associating your documents with you and contacting you.

Data in uploaded PDF documents

To make your documents accessible, you must upload them to the RockDoc System. The documents (and any personal data they may contain) are analysed and structured by our servers in order to carry out the PDF/UA conversion. We process this data exclusively for the purpose of the technical transformation on your behalf (contract performance, Art. 6(1)(b) GDPR). We do not read this data for our own purposes, do not use it for profiling and do not pass it on to unauthorised third parties.

Note for B2B customers: If you use RockDoc commercially and upload large volumes of personal data of third parties, RockDoc GmbH acts as a processor. In that case we offer the conclusion of a data-processing agreement pursuant to Art. 28 GDPR.

5. Disclosure of personal data

Beyond the cases explicitly mentioned in this privacy information, your personal data is generally not disclosed. Disclosure may occur in the following cases:

Processors and external services

To provide our service we rely on external service providers acting as processors under Art. 28 GDPR. We have carefully selected and contractually bound these providers and review them regularly to ensure that all data is processed exclusively in accordance with our instructions and in line with the GDPR.

  • Hosting: RockDoc uses Timewarp IT Consulting GmbH, Diefenbachgasse 5/7, 1150 Wien, as its hosting provider.
  • Payment processing: For paid services we use the payment provider Stripe, to whom the data required for payment processing is transmitted.

Abuse and law enforcement

Where required to investigate unlawful or abusive use of the App or to pursue legal claims, personal data will be transferred to law-enforcement authorities or Austrian courts. The legal basis is our legitimate interest in preventing and investigating legal violations (Art. 6(1)(f) GDPR).

Transfer to third countries

As a rule, personal data is not transferred to third countries unless strictly necessary through specific service providers — for example, US payment providers with EU standard contractual clauses.

6. When do we delete your data?

We delete or anonymise your personal data as soon as it is no longer required for the purposes for which we collected it.

  • User account: When you delete your RockDoc account, your account data is deleted immediately, provided no statutory retention obligations apply (e.g. tax-law requirements under the BAO for invoices).
  • Uploaded documents: PDF documents uploaded by you for conversion, as well as the generated accessible versions, are retained in your account for 7 days after being made available for download, then automatically and irrevocably deleted from our servers.

7. What rights do you have?

  • Right of access: You have the right to obtain information from us at any time about the personal data we process about you, in accordance with Art. 15 GDPR.
  • Right to rectification: You have the right to require the immediate correction of inaccurate data.
  • Right to erasure: You have the right to require us to erase your data under the conditions of Art. 17 GDPR.
  • Right to restriction of processing: You can request restriction of processing in accordance with Art. 18 GDPR.
  • Right to data portability: You have the right to receive the data concerning you in a structured, commonly used, machine-readable format (Art. 20 GDPR).
  • Right to object: Where processing is based on our legitimate interest (Art. 6(1)(f) GDPR), you have a right to object pursuant to Art. 21 GDPR. Please send any objection by email to support@rockdoc.at or by post to RockDoc GmbH, Marktgasse 34, 7434 Bernstein.
  • Right to lodge a complaint: You have the right to lodge complaints with the competent supervisory authority. In Austria this is:

Österreichische Datenschutzbehörde (DSB)

Barichgasse 40-42

1030 Wien

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

Web: www.dsb.gv.at

8. Data protection impact assessment

A data protection impact assessment was carried out alongside the development of the underlying system architecture in order to give the best possible consideration to data protection and possible risks when handling sensitive information.

9. How current is this privacy information?

We keep this privacy policy up to date at all times. We therefore reserve the right to amend it from time to time and to reflect technical or legal changes. The current version is always available at https://www.rockdoc.at/datenschutz and within the App.

Last updated: May 2026