{"id":58076,"date":"2024-08-01T10:28:10","date_gmt":"2024-08-01T08:28:10","guid":{"rendered":"https:\/\/www.audiotranskription.de\/f4-features\/f4-gdpr\/"},"modified":"2024-09-20T13:17:18","modified_gmt":"2024-09-20T11:17:18","slug":"f4-gdpr","status":"publish","type":"page","link":"https:\/\/www.audiotranskription.de\/en\/f4-features\/f4-gdpr\/","title":{"rendered":"Working in compliance with GDPR with f4"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_section row_bg_color=&#8221;bg&#8211;color&#8211;grey-5&#8243;][vc_row row_padding=&#8221;&#8221;][vc_column]<div class=\"   wpb_content_element\" ><div class=\"hero hero--c\"><div class=\"hero__bg\"><img decoding=\"async\" src=\"https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled.jpg\" srcset=\"https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled.jpg 2560w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-300x194.jpg 300w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-768x497.jpg 768w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-1024x662.jpg 1024w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-1536x994.jpg 1536w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-2048x1325.jpg 2048w, https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/07\/audiotranskription_Background_06-scaled-1200x776.jpg 1200w\" alt=\"audiotranskription Hintergrund\" \/><\/div><div class=\"hero__title hero__title--with-image vpt-3 vpb-5\"><p class=\"heading--subtitle hero__skyline\">Transparent &amp; secure<\/p><h1 class=\"\"><span>How f4 ensures GDPR-compliant automatic transcription<\/span><\/h1><\/div><\/div><\/div>[\/vc_column][\/vc_row][\/vc_section][vc_section row_padding=&#8221;vpt-7 vpb-7&#8243; row_bg_color=&#8221;bg&#8211;color&#8211;bg-1&#8243;][vc_row content_placement=&#8221;middle&#8221; row_padding=&#8221;&#8221;][vc_column width=&#8221;1\/2&#8243; col_sticky=&#8221;&#8221;]<div class=\"vmb-3 wpb_content_element\" ><div class=\"heading heading--h2\"><p class=\"heading--subtitle \" >We take care of security<\/p><h2 class=\"heading h3 heading--subtitle-top   \" >This is how secure f4 and automatic transcription are<div class=\"heading__libero heading__libero--secondary\"><\/div><\/h2><\/div><\/div>[vc_column_text]The f4 software for manual transcription and qualitative text analysis only works locally on your computer. No research data is transferred to us or third parties.<\/p>\n<p>Automatic transcription in f4 and via https:\/\/f4x.audiotranskription.de is a function that is realized via our servers in Germany. Data will be exchanged between you and us. Below we describe in detail how we have technically designed the automatic transcription process so that it is secure, transparent and GDPR-compliant. Any necessary AVV can be concluded at any time.[\/vc_column_text][\/vc_column][vc_column width=&#8221;5\/12&#8243; col_sticky=&#8221;&#8221; offset=&#8221;vc_col-sm-offset-1&#8243;][vc_column_text elem_margin_bottom=&#8221;&#8221;]<\/p>\n<ul class=\"icon-list icon-list--check\">\n<li><strong>Encrypted transmission<\/strong><\/li>\n<li><strong>Clear deletion concept<\/strong><\/li>\n<li><strong>Certified servers in Germany<\/strong><\/li>\n<li><strong>Clear process concept  <\/strong><\/li>\n<li><strong>GCU in accordance with EU standard clauses<br \/>\n<\/strong><\/li>\n<li><strong>Data separation and purpose limitation<\/strong><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][\/vc_section][vc_section row_padding=&#8221;vpt-7 vpb-7&#8243;][vc_row row_padding=&#8221;custom&#8221;][vc_column width=&#8221;3\/4&#8243; col_sticky=&#8221;&#8221; offset=&#8221;vc_col-md-8 vc_col-sm-offset-2&#8243;]<div class=\"vmb-3 wpb_content_element\" ><div class=\"heading heading--h2\"><h2 class=\"heading     \" >Order data processing according to GDPR<div class=\"heading__libero heading__libero--secondary\"><\/div><\/h2><\/div><\/div>[vc_column_text]Anyone wishing to process personal data of third parties via automatic transcription with f4 requires a DPA to ensure that this is GDPR-compliant. The AVV can be concluded individually in each f4 account<a href=\"https:\/\/f4x.audiotranskription.de\">(https:\/\/f4x.audiotranskription.de)<\/a>. You can download and check the contract in advance as a PDF here.[\/vc_column_text]<div class=\"wpb_content_element\" ><div class=\"btn__wrapper \"><a href=\"https:\/\/www.audiotranskription.de\/wp-content\/uploads\/2024\/03\/AVV-f4x-Spracherkennung-online.pdf\" target=\"\" rel=\"\" title=\"\" class=\"btn--full btn--primary btn--lg\">Download AVV<\/a><\/div><\/div>[\/vc_column][\/vc_row][\/vc_section][vc_section row_padding=&#8221;vpt-7 vpb-7&#8243;][vc_row row_padding=&#8221;custom&#8221; row_padding_bottom=&#8221;vpb-3&#8243;][vc_column width=&#8221;3\/4&#8243; col_sticky=&#8221;&#8221; offset=&#8221;vc_col-md-8 vc_col-sm-offset-2&#8243;]<div class=\"vmb-3 wpb_content_element\" ><div class=\"heading heading--h2\"><h2 class=\"heading     \" >Documentation &amp; process concept<div class=\"heading__libero heading__libero--secondary\"><\/div><\/h2><\/div><\/div>[vc_column_text]<\/p>\n<h2 id=\"data-protection-design-of-the-automatic-transcription-of-audio-files\">Data protection design of the automatic transcription of audio files<\/h2>\n<h3 id=\"i-initial-situation-brief-description-of-the-company\">I. Initial situation \/ brief description of the company<\/h3>\n<p>We are dr. dresing &amp; pehl GmbH, Deutschhausstra\u00dfe 22A, 35037 Marburg, Germany, and have been distributing software under the brand name &#8220;audiotranskription&#8221; since 2005, as well as optional foot controls for the manual transcription of interviews. The software is mainly used in a university context, where it is a central component of qualitative methods training.<\/p>\n<p>In the following, we describe our contractual and technical measures to ensure that automatic speech recognition complies with data protection regulations.<\/p>\n<h3 id=\"ii-important-terms\">II. Important terms<\/h3>\n<p class=\"whitespace-pre-wrap break-words\">For a better understanding, we distinguish between two key terms:<\/p>\n<ul class=\"-mt-1 list-disc space-y-2 pl-8\">\n<li class=\"whitespace-normal break-words\"><strong>Contract data<\/strong>: Your personal information such as name and address. Everything we need for ordering, payment and delivery.<\/li>\n<li class=\"whitespace-normal break-words\"><strong>Order data<\/strong>: Your audio and text files and the transcripts created from them. This data usually also contains personal data of third parties (the interview partners)<\/li>\n<\/ul>\n<h3 id=\"iii-you-can-find-out-about-your-rights-here\">III. you can find out about your rights here:<\/h3>\n<p>We take data protection seriously and comply with the General Data Protection Regulation (GDPR).<\/p>\n<p>You will be informed in detail about data processing before or when creating a customer account in accordance with Art. 13 GDPR, where there is also a prominent link to the privacy policy. This can also be found directly <a href=\"https:\/\/www.audiotranskription.de\/en\/privacy-policy\/\">here<\/a>.<\/p>\n<h3 id=\"iv-overview-of-automatic-transcription\">IV. Overview of automatic transcription<\/h3>\n<p>Interviews or other voice files can be uploaded to our server via the f4 software or a web client. There, the language files are automatically converted into text.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">After conversion, you can download and edit the generated text directly. The data is then only on your own computer again. To protect your data, we delete all information from our server as soon as the transcription has been completed and sent to you.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">How exactly does it all work? We will explain this step by step in the following sections.<\/p>\n<h4 id=\"1-software-installation-registration\">1. software installation\/registration<\/h4>\n<p class=\"whitespace-pre-wrap break-words\">To use our service, you need either f4 on your computer or our web client. Personal registration is required to get started:<\/p>\n<p class=\"whitespace-pre-wrap break-words\">The Register button will guide you through the registration process. In both cases, only a few steps are necessary:<\/p>\n<h5 id=\"step-1-create-user-account\">Step 1: Create user account<\/h5>\n<p class=\"whitespace-pre-wrap break-words\">All you need to create your account is your e-mail address and a secure password. (a combination of upper\/lower case, special characters, numbers, at least 10 characters).<\/p>\n<p class=\"whitespace-pre-wrap break-words\">If you forget your password, you can reset it at any time. We will send you a security code to your registered e-mail address.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">In the registration form we also ask you to agree to our privacy policy. You can find them via a link provided directly in the form or <a href=\"https:\/\/www.audiotranskription.de\/en\/privacy-policy\/\">here<\/a>.<\/p>\n<h5 id=\"step-2-confirmation-of-registration\">Step 2: Confirmation of registration<\/h5>\n<p class=\"whitespace-pre-wrap break-words\">After registration you will receive an e-mail with a confirmation code. Enter this code in the software to activate your account.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">Please note: For security reasons, we will have to delete your data if you do not enter the code within 24 hours.<\/p>\n<h5 id=\"step-3-conclusion-of-a-data-processing-agreement-dpa\">Step 3: Conclusion of a data processing agreement (DPA)<\/h5>\n<p class=\"whitespace-pre-wrap break-words\">In the next step, we present you with the order processing contract (AVV). This contract is essential for anyone who processes data from third parties, e.g. wants to evaluate interviews. The contract is required under the GDPR.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">This documents in detail how we ensure data protection in technical and organizational terms.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">To ensure that everything is GDPR-compliant, please specify the exact purpose of the data processing and the type of personal data to be processed. After your approval, we will send you the contract by e-mail. This means that the conclusion of the contract pursuant to Art. 28 para. 9 GDPR and if your project is ever audited by data protection officers, you can prove that you meet the legal requirements.<\/p>\n<p>Once you have completed these steps, your registration is complete and you can start using our automatic transcription service.<\/p>\n<h5 id=\"step-3a-optional-obligation-to-maintain-confidentiality-in-accordance-with-%c2%a7-203-stgb\">Step 3a (optional): Obligation to maintain confidentiality in accordance with \u00a7 203 StGB<\/h5>\n<p>For professional groups with special confidentiality obligations (e.g. in the legal or medical field), we offer an additional confidentiality agreement on request. This ensures compliance with legal requirements.<\/p>\n<h4 id=\"2-activation-for-the-upload-of-order-data\">2. activation for the upload of order data<\/h4>\n<p>After completing the registration, the account is activated for uploading audio files to our server. We store your registration data securely on our speech recognition server. This information is kept strictly separate from your billing data in the store &#8211; both physically and in the data structure. You can find more details on the technical implementation in the section &#8220;Infrastructure for data processing&#8221; under point VII.<\/p>\n<h4 id=\"3-purchase-of-time-quotas-via-the-online-store\">3. purchase of time quotas via the online store<\/h4>\n<p class=\"whitespace-pre-wrap break-words\">To use our automatic transcription, you work with time quotas. You can easily purchase these as credit codes in our online store. Here are a few important points: You will receive the codes conveniently by e-mail. The codes are not tied to you personally. This means you can use them flexibly or even pass them on. The only important thing is that the user is registered with us.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">When you shop with us, we store certain information: Name, address, e-mail address, telephone number, order date and items purchased. We need this data for our accounting and billing. We store them on the server of our web store and on our own server in Marburg. In doing so, we comply with the statutory retention periods.<\/p>\n<p class=\"whitespace-pre-wrap break-words\">We treat your payment data, especially credit card information, with the utmost care: we do not store any credit card data ourselves. We process payment via secure systems (so-called iframes) or direct payment pages from Stripe and PayPal.<\/p>\n<h3 id=\"v-processing-of-individual-orders\">V. Processing of individual orders<\/h3>\n<p class=\"whitespace-pre-wrap break-words\">This is how an individual order (i.e. the transcription of an interview) works for us<\/p>\n<p class=\"whitespace-pre-wrap break-words\">When you use our service, your order goes through several steps:<\/p>\n<ol class=\"-mt-1 list-decimal space-y-2 pl-8\">\n<li class=\"whitespace-normal break-words\">You upload your audio file to our server.<\/li>\n<li class=\"whitespace-normal break-words\">We process the file on our server.<\/li>\n<li class=\"whitespace-normal break-words\">You download the finished result.<\/li>\n<li class=\"whitespace-normal break-words\">We delete the order data from our server.<\/li>\n<\/ol>\n<p class=\"whitespace-pre-wrap break-words\">Important for you to know: We only store your order data on our server for as long as is absolutely necessary for processing. As soon as you have downloaded the result, the data will be transferred to your computer. You can then save them locally and continue working with them.<\/p>\n<h4 id=\"1-uploading-audio-files\">1. uploading audio files<\/h4>\n<p>Audio files can be uploaded to our server if you are registered and logged in to a client. The client generates an asymmetric key password for each audio file during upload. The public key is sent to the server together with the audio file during the upload (job key). When using f4transkript, the private key is encrypted with your secret password and stored on the client computer. This ensures that the order data can only be decrypted from the registered client. When using f4x via the browser, this password is stored in encrypted form on a separate server (separate from the speech recognition).<\/p>\n<p>The upload to our server takes place via a secure connection. File names are pseudonymized with random but unique names before processing. When using f4 already during the upload.<\/p>\n<h4 id=\"2-editing\">2. editing<\/h4>\n<p>For processing, the audio file is decoded by the speech recognition algorithm and converted into a text file. The audio file is deleted immediately after successful conversion to a text file. The finished text file is encrypted with the job&#8217;s public key and stored temporarily on the server for retrieval.<\/p>\n<p>The server reports a status to the client for each job. Successfully implemented jobs report the status to the client and activate the &#8220;Download&#8221; button there.<\/p>\n<h4 id=\"3-download\">3. download<\/h4>\n<p>The finished text files can be downloaded from the client. After a successful download, the text file is decrypted by the private key on the client. When using f, the combination of public and private key ensures that the results can only be decrypted on the computer from which the job was uploaded. When used via the browser, the result can only be decrypted with correct login data.<\/p>\n<h4 id=\"4-deletion\">4. deletion<\/h4>\n<p>As soon as the server receives the message about the successful download, the file is permanently deleted from the server.<\/p>\n<p>If an error occurs during the upload, e.g. because a file format is not recognized or the connection is interrupted, the incomplete audio file is immediately deleted from the server. The client then receives a corresponding message<\/p>\n<p>If a result is not collected after 14 days, we will send a notification by e-mail. If this notice remains unanswered, there will be another reminder after 7 days. If the 7-day collection period specified therein expires, the order data will be deleted and we will inform you of this by e-mail.<\/p>\n<h3 id=\"vi-duration-of-data-storage-and-data-deletion\">VI Duration of data storage and data deletion<\/h3>\n<p>With regard to the duration of data storage and data erasure, a distinction must be made as follows:<\/p>\n<p>Contract data is initially stored permanently on the voice recognition server for legitimization and order control. The contract data will be deleted when the account is deleted, provided that there are no contractual and\/or statutory retention periods to prevent deletion. Order data, i.e. the audio files and the corresponding text files, are stored for the duration of processing until they are downloaded by you or until the agreed deletion period has expired and are then automatically deleted. Additional information on the order data, such as file size and date of upload, is stored to enable the processing and invoicing of individual orders and to document these. This data is stored for as long as the account is active for the purpose of traceability by you and the documentation of possible claims. The data will be deleted when the account is deleted. Order data when purchasing time quotas (e.g. name, address, e-mail address, telephone number (optional), date of order and number of items ordered) are uploaded to the webshop server and to our in-house server in Marburg for billing and accounting purposes and stored in accordance with statutory retention periods.<\/p>\n<p>Detailed information on the exact data, processing purposes and storage periods is provided in the privacy policy.<\/p>\n<h3 id=\"vii-infrastructure-for-data-processing\">VII. Infrastructure for data processing<\/h3>\n<p>The infrastructure used for data processing is divided into four physically independent areas. You will be informed about the infrastructure used by the TOMs in the appendix to the GCU. In detail:<\/p>\n<h4 id=\"1-speech-recognition-server\">1. speech recognition server<\/h4>\n<p>The &#8220;speech recognition server&#8221; contains the speech recognition algorithm and manages order processing and user administration. The order data is temporarily stored here during processing. This data is processed on a dedicated root server of Hetzner Online GmbH in Nuremberg or Falkenstein.<\/p>\n<p>The data center is DIN-ISO\/IEC-27001-certified (German accreditation body D-ZM-18855-01-00, certificate number ZN-2016-04). A contract for order processing was concluded on 29.10.2018.<\/p>\n<h4 id=\"2-webshop\">2. webshop<\/h4>\n<p>The webshop for the purchase of time quotas and e-mail services run via a server of ALL-INKL.COM Neue Medien M\u00fcnnich with server locations in Dresden and Friedersdorf. The address data provided by you, the items purchased and correspondence by e-mail are stored here. A contract for order processing was concluded on 25.05.2018.<\/p>\n<h4 id=\"3-internal-order-processing\">3. internal order processing<\/h4>\n<p>For billing and accounting purposes, customer data is stored on our own servers at the offices of dr. dresing &amp; pehl GmbH in Marburg and archived in accordance with statutory retention periods. Access to the data is regulated in particular by an access concept (password, restrictive assignment of rights, etc.).<\/p>\n<h4 id=\"4-payment-processing\">4. payment processing<\/h4>\n<p>We do not store data for credit card payments or direct debit orders. The processing of these payment methods is forwarded directly to the payment service provider BS PAYONE GmbH in Frankfurt am Main via so-called iframes.<\/p>\n<p>Payments via PayPal are made by you directly on the payment page of PayPal (for European customers PayPal (Europe) S.\u00e0 r.l. et Cie, S.C.A., in Luxembourg).<\/p>\n<h4 id=\"5-server-infrastructure\"><strong>5. server infrastructure<\/strong><\/h4>\n<p>Communication between clients and the server for automatic speech recognition takes place via a REST API provided by the server. SSL\/TLS 1.2 is used for transport encryption. The server for automatic speech recognition is located in an ISO-certified data center in Germany.<br \/>\nAuthentication is carried out for each request using Basic Authentication (user name \/ password). The user&#8217;s password is stored in the voice recognition server&#8217;s database as a bcrypt hash (salt 128 bit). The password must follow our password guidelines (minimum 10 characters, at least one lowercase and one uppercase letter, one number and one special character).<br \/>\nThe clients can be f4 or a browser. The browser application is made available on a server in Hetzner&#8217;s data center.<br \/>\nThe media file remains unencrypted on the speech recognition server until the end of speech recognition and is deleted immediately after recognition is complete.<br \/>\nThe transcript is created after recognition is complete and asymmetrically encrypted using ECC curve secp256k1. A separate key pair is generated for each order. When using f4, the key remains locally on the client computer and is never stored on one of our servers. This means that the transcript cannot be decoded by us.<br \/>\nWhen used via browser, the private key is stored on the server in a keyring. All private keys for all of a user&#8217;s orders are stored in a separate keyring. The keyring is symmetrically encrypted with the customer&#8217;s password (AES 256). When a transcript is retrieved via the browser, the private key of the transcript is retrieved from the keyring using the password determined for authentication and transferred to the server for speech recognition for decryption. The decrypted transcript can then be downloaded. A transcript decrypted in this way is automatically deleted after 60 seconds at the latest.<br \/>\nAfter successful retrieval, the encrypted transcript remains on the server for approximately one hour for speech recognition and is then automatically deleted.<\/p>\n<p><em>Status: 10.09.2024<\/em>[\/vc_column_text][\/vc_column][\/vc_row][\/vc_section]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_section row_bg_color=&#8221;bg&#8211;color&#8211;grey-5&#8243;][vc_row row_padding=&#8221;&#8221;][vc_column][\/vc_column][\/vc_row][\/vc_section][vc_section row_padding=&#8221;vpt-7 vpb-7&#8243; row_bg_color=&#8221;bg&#8211;color&#8211;bg-1&#8243;][vc_row content_placement=&#8221;middle&#8221; row_padding=&#8221;&#8221;][vc_column width=&#8221;1\/2&#8243; col_sticky=&#8221;&#8221;][vc_column_text]The f4 software for manual transcription and qualitative text analysis only \u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":57890,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-58076","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/pages\/58076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/comments?post=58076"}],"version-history":[{"count":4,"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/pages\/58076\/revisions"}],"predecessor-version":[{"id":60536,"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/pages\/58076\/revisions\/60536"}],"up":[{"embeddable":true,"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/pages\/57890"}],"wp:attachment":[{"href":"https:\/\/www.audiotranskription.de\/en\/wp-json\/wp\/v2\/media?parent=58076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}