Security and data protection

Security

We comply with the highest security standards and guarantee the highest level of confidentiality, integrity, and accessibility in our services, by implementing our Information Security Management System (ISMS).

ISO/IEC 27001:2014

We passed the corresponding audit that certifies that our ISMS complies with the ISO/IEC 27001:2014 standard.

ISO 27001 is an information security standard that was originally published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

This standard’s security approach is based on globally recognised standards. These standards describe the requirements that any organisation’s information security management systems (ISMS) must meet to be considered secure.

Safety by Design

We have defined development processes for creating safe products. These processes guide the activities that product teams must follow in the different stages of development (requirements, design, implementation, and launch). We also perform numerous security activities for trust services, including:

internal security reviews before launching the product;
periodic penetration tests (PENTEST) performed by independent third-party contractors;
modelling service threats, including documenting any detected attacks.

Employee training

All Signaturit employees periodically take security and privacy training, which covers security policies and practices, and the company’s privacy principles, among other topics.

We also do phishing awareness campaigns, and notify employees of emerging threats.

Data Protection

As qualified trust service providers and trusted third parties, it’s our duty and commitment to comply with the highest security standards in terms of information security and data protection.

Your data is safe with Signaturit

We fully comply with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and with Spanish Organic Law 3/2018 on data protection and guaranteeing digital rights. It is our priority to properly manage personal data protection through our platform.

Proactive Responsibility Principle and Security Measures

In order to comply with all our obligations regarding the protection of personal data, we’ve implemented various security measures to put the proactive responsibility principle into practice. Here are some of them:

We have appointed a DPO, who can be contacted at [email protected].
We keep an updated Data Processing Activity Registry.
We double encrypt data, both when signing and storing information.
All our signature requests contain a time-stamp that ensures the document is completely inalterable from the moment it is signed.
We have identification systems for the media we work with.
We have a daily backup routine to make copies of our computer systems, in line with our Back-up Policy.
We carry out Data Protection Impact Assessments every two years.
We carry the ISO 27001 certification regarding our Information Security Management System.

On biometric data processing

According to the GDPR, biometric data is understood as “personal data obtained from a specific technical process, related to the physical, physiological, or behavioural characteristics of a natural person that allow for or confirm the unique identification of said person, such as facial images or fingerprint data.”

Given that the GDPR considers biometric data to be a special category of personal data, the consent of the owner is required to process that data, in compliance with article 9.2 of the GDPR. With this in mind, before collecting biometric data, Signaturit requests the express consent of the signatory, by having them fill in a mandatory checkbox in the signing process.