In the following, we describe in detail how we have technically designed the speech recognition process so that it is secure and transparent.
The procedural concept was submitted to the Hessian Data Protection Commissioner. Since then, we have added further security measures, e.g. a so-called Mandatory Access Control that only allows processes on our servers that are required for speech recognition.
dr. dresing & pehl GmbH, Deutschhausstraße 22A, 35037 Marburg, Germany (hereinafter also referred to as “we”) has been distributing software under the brand name “audiotranskription” since 2005 as well as (as an optional supplement to this) so-called “foot switches” for the manual transcription of interviews. The transcription software is mainly used in a university context and is a central component of qualitative methods training.
In the following, we therefore describe our contractual and technical measures to ensure that automatic speech recognition complies with data protection regulations. The transcription service will be offered to customers on this basis in the future.
In the following, a distinction is made between:
“Contract data”, i.e. data of the user (hereinafter “you”) (i.e. name, address, etc.) and “order data”, i.e. audio files and the corresponding text files that the users upload to order our services as well as the respective transcribed data. These files may contain both personal voice data of the user and voice data of third parties (the recorded persons).
You will be informed in detail about the data processing before or when creating a customer account in accordance with Art. 13 GDPR.
Specifically, information is provided on the website via the privacy policy, in which, among other things, information is provided in accordance with this document. The privacy policy is also prominently displayed when creating a user account.
You will upload interviews or other language files to a dr. dresing & pehl GmbH server via a software client (f4transcript or a web client). There, the language files are automatically converted into text. The generated text is displayed in the software client and can be processed locally. All data uploaded to the server will be deleted after transcription and transfer to the software client. The individual steps of this process are explained in more detail below:
A prerequisite for using the service is the installation of the f4transcript software or a corresponding web client. Here you must register personally before using the speech recognition service. A corresponding dialog is displayed by the software to be installed locally. Your registration takes place in the following steps:
In a first step, you will be asked for your e-mail address, a password of your choice and confirmation that you have read the privacy policy (which can be viewed via a link). The password to be selected must meet certain minimum requirements (a combination of upper/lower case letters, special characters, numbers, at least 10 characters).
The password can be changed by e-mail after authentication. When the e-mail address is entered in the corresponding field of the client, a code is sent to the e-mail address provided. The password can only be changed by entering this code.
A code will be sent to the account on file to verify the e-mail address provided. The account is only activated once the customer has entered this code via the login dialog in the client. Unconfirmed data will be deleted after 24 hours.
After confirming your registration, you will receive a dialog to conclude an AVV. The contract text including a list of technical and organizational measures and sub-processors (server hosters) are listed here. You have the option of entering the purpose of the processing and the type of personal data to be processed separately. The text of the contract will be sent by e-mail after confirmation by you (conclusion of contract in accordance with Art. 28 para. 9 GDPR).
Some groups of persons (e.g. in legal or medical activities) are subject to special provisions on confidentiality in accordance with Section 203 StGB. In order to enable the processing of data, it is necessary in these cases for us and subcontractors to explicitly commit to confidentiality in accordance with Section 203 of the German Criminal Code (StGB) (over and above the provisions of the AVV). On request, you can optionally receive a corresponding commitment in electronic form.
The account will only be activated for uploading order data to our server once registration has been completed. The registration information is stored on the speech recognition server and is physically and logically separated from billing data (see Section VII. Data processing infrastructure).
The use of automated speech recognition is made possible on the basis of time quotas. The time quotas can be purchased in advance in the form of credit codes via our online store. These codes are generated by our activation server (logically and physically separate from the speech recognition server) and sent by e-mail. The codes are not personal and can be used by any (but registered) person to top up their own time quota.
Order data such as name, address, e-mail address, telephone number, date of order and number of items ordered are loaded on the webshop server and on our in-house server in Marburg for billing and accounting purposes and stored in accordance with the statutory retention periods. Payment information (credit card data) is not collected by us, but transmitted directly to the payment processing companies (PayOne, PayPal) via so-called iframes or via payment pages of the respective payment processors. The webshop’s privacy policy has been checked by Trusted Shops. The billing data is logically and physically separated from the order data.
Here we describe the “processing of individual orders” as the uploading of an audio file to our server, the processing there and the downloading of the finished results until the deletion of the individual order data. The order data is only stored on the server for as long as is necessary for the purposes of processing. The order data is then transferred back to your computer, where you save it locally.
Audio files can be uploaded to our server if you are registered and logged in to a client. The client generates an asymmetric key password for each audio file during upload. The public key is sent to the server together with the audio file during the upload (job key). When using f4transkript, the private key is encrypted with your secret password and stored on the client computer. This ensures that the order data can only be decrypted from the registered client. When using f4x via the browser, this password is stored in encrypted form on a separate server (separate from the speech recognition).
The upload to our server takes place via a secure connection. File names are pseudonymized with random but unique names before processing. When using f4transkript already during the upload.
For processing, the audio file is decoded by the speech recognition algorithm and converted into a text file. The audio file is deleted immediately after successful conversion to a text file. The finished text file is encrypted with the job’s public key and stored temporarily on the server for retrieval.
The server reports a status to the client for each job. Successfully implemented jobs report the status to the client and activate the “Download” button there.
The finished text files can be downloaded from the client. After a successful download, the text file is decrypted by the private key on the client. When using f4transkript, the combination of public and private key ensures that the results can only be decrypted on the computer from which the job was uploaded. When using f4x via the browser, the result can only be decrypted with correct login data.
As soon as the server receives the message about the successful download, the file is permanently deleted from the server.
If an error occurs during the upload, e.g. because a file format is not recognized or the connection is interrupted, the incomplete audio file is immediately deleted from the server. The client then receives a corresponding message
If a result is not collected after 14 days, you will receive a notification by e-mail. If this notice remains unanswered, you will receive another reminder after 7 days. If the 7-day collection period specified therein expires, the order data will be deleted and the customer will be informed of this by e-mail.
With regard to the duration of data storage and data erasure, a distinction must be made as follows:
Contract data is initially stored permanently on the voice recognition server for legitimization and order control. The contract data will be deleted when the account is deleted, provided that there are no contractual and/or statutory retention periods to prevent deletion. Order data, i.e. the audio files and the corresponding text files, are stored for the duration of processing until they are downloaded by you or until the agreed deletion period has expired and are then automatically deleted. Additional information on the order data, such as file size and date of upload, is stored to enable the processing and invoicing of individual orders and to document these. This data is stored for as long as the account is active for the purpose of traceability by you and the documentation of possible claims. The data will be deleted when the account is deleted. Order data when purchasing time quotas (e.g. name, address, e-mail address, telephone number (optional), date of order and number of items ordered) are uploaded to the webshop server and to our in-house server in Marburg for billing and accounting purposes and stored in accordance with statutory retention periods.
Detailed information on the exact data, processing purposes and storage periods is provided in the privacy policy.
The infrastructure used for data processing is divided into four physically independent areas. You will be informed about the infrastructure used by the TOMs in the appendix to the GCU. In detail:
The “speech recognition server” contains the speech recognition algorithm and manages order processing and user administration. The order data is temporarily stored here during processing. This data is processed on a dedicated root server of Hetzner Online GmbH in Nuremberg or Falkenstein.
The data center is DIN-ISO/IEC-27001-certified (German accreditation body D-ZM-18855-01-00, certificate number ZN-2016-04). A contract for order processing was concluded on 29.10.2018.
The webshop for the purchase of time quotas and e-mail services run via a server of ALL-INKL.COM Neue Medien Münnich with server locations in Dresden and Friedersdorf. The address data provided by you, the items purchased and correspondence by e-mail are stored here. A contract for order processing was concluded on 25.05.2018.
For billing and accounting purposes, customer data is stored on our own servers at the offices of dr. dresing & pehl GmbH in Marburg and archived in accordance with statutory retention periods. Access to the data is regulated in particular by an access concept (password, restrictive assignment of rights, etc.).
We do not store data for credit card payments or direct debit orders. The processing of these payment methods is forwarded directly to the payment service provider BS PAYONE GmbH in Frankfurt am Main via so-called iframes.
Payments via PayPal are made by you directly on the payment page of PayPal (for European customers PayPal (Europe) S.à r.l. et Cie, S.C.A., in Luxembourg).
Communication between clients and the server for automatic speech recognition takes place via a REST API provided by the server. SSL/TLS 1.2 is used for transport encryption. The server for automatic speech recognition is located in an ISO-certified data center in Germany.
Authentication is carried out for each request using Basic Authentication (user name / password). The user’s password is stored in the voice recognition server’s database as a bcrypt hash (salt 128 bit). The password must follow our password guidelines (minimum 10 characters, at least one lowercase and one uppercase letter, one number and one special character).
Clients can be f4transkript for macOS and f4xWeb(http://f4x.audiotranskription.de ). f4xWeb is provided on a server in Hetzner’s data center. Communication with f4xWeb takes place via a web browser.
The media file remains unencrypted on the speech recognition server until the end of speech recognition and is deleted immediately after recognition is complete.
The transcript is created after recognition is complete and asymmetrically encrypted using ECC curve secp256k1. A separate key pair is generated for each order. In the case of f4transkript for macOS, the key remains with the customer on the client computer and is never stored on one of our servers. This means that the transcript cannot be decoded by us.
In the case of f4xWeb, the private key is stored on the server for f4xWeb in a keyring. All private keys for all of a user’s orders are stored in a separate keyring. The keyring is symmetrically encrypted with the customer’s password (AES 256). When a transcript is retrieved via f4xWeb, the private key of the transcript is retrieved from the keyring using the password determined for authentication and transferred to the server for speech recognition for decryption. The decrypted transcript can then be downloaded by the customer via f4xWeb. A transcript decrypted in this way is automatically deleted after 60 seconds at the latest.
After successful retrieval, the encrypted transcript remains on the server for approximately one hour for speech recognition and is then automatically deleted.
Status: 06.03.2024,
