The contact information regarding this Policy is:
Signaturit Solutions, S.L.U.
Domicile: Calle Àvila, 29 – 08005 Barcelona
Email contact: [email protected]
Email address for exercising rights regarding Data Protection: [email protected]
Phone number: (+34) 93 551 14 80
1.1. Processes for collecting personal data as the Data Controller
a) Through the contact form on the Website
For any questions or queries regarding the operation of the services, the platform, or anything else, the User may contact SIGNATURIT through the form made available on the website. On this form, you must indicate your name, surname, and email address so that we can contact you, as well as the data that we may require or that you deem appropriate to accompany the message you send to us.
b) Through our Help Centre
In the SIGNATURIT help centre, the User has a series of explanatory and illustrative articles on how to operate the tools and functions offered on our platform. When appropriate, the User may send a request to ask any further questions.
c) Through our Newsletter, blog, and/or Whitepapers download
The User may subscribe to our Newsletter, blog, and/or Whitepapers download if they wish, first allowing the system to collect their email address in order to be able to send news related to the services and/or products that are offered, news published on our blog, news or information that may be considered relevant to the User, as well as offers, discounts, and promotions that may be of interest.
To download and subscribe, the User must fill out a form with the data required to provide this service or provide their email address to receive all the news that is published.
d) Registering as a client
Once the Client registration form has been completed, the User will have access to a private profile within the solution or platform, allowing him or her to view the history of signatures done, documents sent, and their status/current situation. In order to be able to access the platform and/or manage any procedure that must be carried out between the User and the owner of the data, the User will be required to provide a series of personal data, such as his or her name and surname, telephone number, company, or email address at the time the platform was registered.
e) By selecting the free trial of the offered services
The User can benefit from a trial version of the services offered by SIGNATURIT. For this, the User, by selecting said option, must provide a name and surname, email, telephone number, position, and company, where appropriate, to complete the registration process at the end of the trial period.
f) Through our corporate emails
Through our contact email addresses (Website), the User may contact SIGNATURIT for various reasons, such as, for example, to request clarifying information about any questions that may arise regarding our services or about the operation of our platform or blog, among other things.
g) Through social networks
Within the scope of SIGNATURIT’s Social Network, the user may go to his or her profiles of the social networks in question, in accordance with the provisions of section 1.7 of this policy.
h) Through the “Join the team” section
A User who is interested in working with SIGNATURIT may send an application for any of the vacancies in the company by voluntarily presenting the application through the Website, where a specific form is provided for this purpose. The User must also attach their curriculum vitae.
1.2. Purpose of the Processing
The purpose of data collection in all the sections in the aforementioned point is to maintain direct and personalised contact with our Users (Visiting User, Registered User, Candidate User, or Client User). We will use the data to answer the questions or the information requested, manage the requests, and inform about any activities that we believe may be of interest to the user.
Only the data of the Users (Visiting User, Registered User, or Client User) collected as the Data Controller may be used for advertising and/or commercial prospecting purposes, as well as to inform users about our products’ updates, advice, and news if the user is/has been a client or has participated in a free trial of the services offered by SIGNATURIT.
The personal data collected as the Data Controller will be processed exclusively for the following purposes:
- Attending to and resolve the questions or queries asked by the Users.
- Informing about SIGNATURIT’s news or upcoming activities.
- Sending information that may be considered of interest to the User.
- Managing the commercial relationship and/or provide the contracted service.
- Carrying out the billing and collection for the contracted services, as well as the usual client management.
- Sending SIGNATURIT communications for advertising and/or commercial prospecting purposes.
- Providing the contracted trust services.
- Proceeding with the personnel selection processes that may open up and managing candidates.
Warning the User that the information they provide through the Website may reveal or allow others to deduce their nationality, ethnicity, sex, age, or other aspects of their private life. Due to this, we recommend that the user pay special attention to the information and/or personal data provided.
- Legitimate basis for processing and maintaining the data
In accordance with the GDPR and the LOPDGDD, the legal basis for the processing carried out by SIGNATURIT are the user’s consent and, where appropriate, the company’s contractual relationship with the Client User.
The personal data provided will be kept for the time required to fulfil the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose, in addition to the periods established in the rest of the regulations applicable to the company.
1.3. Sharing information with third parties
SIGNATURIT will not provide User data to third parties. In the event that SIGNATURIT intends to communicate your personal data to a third party, it may only do so after requesting your consent, which must be obtained in accordance with the legally established requirements for these cases.
1.4. Other requirements and characteristics
The services, access to content, and product offers on this website are exclusively aimed at those over 18 years of age. SIGNATURIT will not be responsible for any damages that may be caused to the User or to third parties as a result of identity theft or any other negative consequences that may be derived from the breach of this requirement by the User. For this reason, SIGNATURIT expressly informs users that any person who provides their personal data must declare and confirm that they are the required minimum age, or will otherwise be prohibited from contracting SIGNATURIT’s services and the corresponding delivery of personal data when it involves minors.
Likewise, the User will be solely responsible for the security measures that he or she implements regarding the protection of his or her own personal data, and SIGNATURIT is not responsible for any situations arising as a result of not having implemented those corresponding security measures or a lack of diligence on the user’s part, nor will it assume responsibility for lawsuits or damages caused by third parties outside SIGNATURIT, including acts of God and/or force majeure.
1.5. On the rights of access, rectification, cancellation, opposition, portability, and erasure
SIGNATURIT makes necessary means available to the User to exercise their rights of Access, Rectification, Cancellation, Opposition, Portability, and Erasure at any time, whenever the user considers it convenient. To do this, the User may exercise the aforementioned rights through the email address enabled for this purpose or to the postal mail address indicated at the beginning of this policy; in either case, the user must attach a copy of his or her passport or ID (data owner), expressly indicating in the subject line the right being exercised: access, rectification, cancellation, opposition, portability, or erasure.
In order to comply with the principles of information and transparency, basic information on the rights provided is briefly detailed below:
|By exercising this right, you can find out what personal data of yours are being processed by SIGNATURIT: its purpose, origin, or possible transfer to third parties.
|It consists of modifying any of your personal data that are inaccurate or incomplete; in the request, specify which data you want to be modified.
|It allows for the cancellation of your personal data as inappropriate or excessive.
|With the right of opposition, you can object to the processing of your data being carried out in cases such as: advertising activities, commercial prospecting, or when said processing has the purpose of making any decision regarding you based solely on the automated processing of your personal information.
|You can receive your personal data provided in a structured, commonly used, and machine-readable format, and be able to transmit it to another manager, whenever technically possible.
|Deletion or erasure
|You may request the deletion of personal data without due delay when any of the elaborated cases occurs. For example, illicit data processing, or when the purpose that motivated the processing or collection has gone away.
Additionally, and in order to carry out the corresponding data processing, SIGNATURIT will safeguard and manage your personal data with the greatest possible diligence, applying limitations and minimising criteria.
Likewise, in accordance with the provisions of Article 15 of the GDPR regarding the provisions of Article 13 of the LOPDGDD, the user may file a claim related to the exercise of their rights of access, rectification, deletion, and portability of their data, limiting and opposing its processing, as well as not being subject to decisions based solely on the automated processing of your data, where appropriate, before the AEPD (Spanish Agency for Data Protection), at C/ Jorge Juan, 6, 28001- Madrid, or at the address e-mail address [email protected]
1.6 Security measures in data collection
SIGNATURIT maintains the security levels of protection for your data required by the European Regulation and has provided all the technical means at its disposal to avoid the loss, misuse, alteration, unauthorised access, and theft of the data that the User provides through the platform.
In addition, SIGNATURIT informs users that, as a result of the service it provides on behalf of its clients and in order to carry out said service with all the guarantees, it collects, among other things, the following User data: date and time of signature, action taken (signed or rejected), operating system used, browser used, geo-location data, signature status, and the IP address and biometric data of said signature (pressure, writing angle, speed, acceleration, letter formation, and the direction of the signature’s strokes).
- SIGNATURIT commits to informing you of any situation that may have endangered the confidentiality and availability of both the aforementioned documents and your data, as well as adopting all the measures at its disposal to resolve the incident as soon as possible.However, the above obligation will not be enforceable when the communication of the incident to the Users may pose a greater risk to the data or documentation processed. In any case, and as the law establishes, it will follow the mandatory notification protocols to either the competent authority or to the User/s affected by the possible incident that may have occurred.
- Security measures applied by SIGNATURIT:
- All accesses to SIGNATURIT are made through secure connections through an https security certificate.
- The digital documents archived in SIGNATURIT will be stored as encrypted files.
- The access password for SIGNATURIT will be stored in an encrypted form while it is active.
- This is done in order to guarantee the confidentiality, accessibility, and availability of the files stored, which will be kept in distributed replicated systems at SIGNATURIT.
- The User’s collection and consent forms are included in this text, but the User and/or client must be aware that SIGNATURIT uses cloud services; that is, it has its servers within the space set aside by the client. In this sense, SIGNATURIT informs users that it uses Amazon Web Services servers located in the European Union (Dublin, Ireland).
- SIGNATURIT may contract the provision of certain services with third parties that, in order to be able to provide the User with our services, may imply the access or storage of their data or documents by said third parties. In any case, this access will not be considered to be a communication of your data by SIGNATURIT to third parties, because it acts as the “Data Processor” in this case, and in accordance with the GDPR.
For more information about the security measures used, see the Security and data protection section.
1.7. Social media policy
SIGNATURIT has a corporate profile on the social networks Facebook, Twitter, LinkedIn, Google+, and Instagram. The User is thereby informed that, in these cases, he or she can “follow” SIGNATURIT’s activity or be “followed.” These accounts have been created with the main purpose of advertising the products and services that SIGNATURIT offers.
If the User has a profile in any of the aforementioned Social Networks, he or she can join the page created by SIGNATURIT, showing interest in the information that is advertised on the corresponding Social Network. By joining the SIGNATURIT page, the User is giving consent for the processing of personal data published on his or her profile by SIGNATURIT.
The User can access the privacy policies of the Social Network itself at any time, as well as configure his or her profile in such a way that guarantees privacy.
The User’s data on the Social Network will be processed by SIGNATURIT only within the Social Network itself and will, in no case, be processed outside of it.
The exercise of the right by the user will be defined by the functionality of the Social Network and SIGNATURIT’s ability to access the information on the User profiles.
SIGNATURIT reserves the right to carry out contests and promotions in which the User may participate if he or she follows the page. When the Social Network is used for this purpose, the legal basis of each promotion will be published on the Social Network itself, always complying with the Law on Information Society Services and E-Commerce (LSSICE) and with any other applicable regulation. Likewise, the Social Network will be used to advertise products and services. In any case, if contact data is processed in order to carry out direct commercial prospecting actions, it will always be done complying with the legal requirements of the data protection and information society regulations.
2.1. Intervention of SIGNATURIT as Data Processor or Sub-Processor
Recipient Users whose data are processed by SIGNATURIT in its capacity as Data Processor or Sub-Processor are informed that the personal data provided will be stored in order to be able to provide the services that the Data Controller or, where appropriate, the Data Processor, had contracted or indicated, to send out certain information regarding specific documentation or to prove the veracity of certain data related to the sending and/or delivery of the same, such as the verification of the receipt of a specific email by a User, the signature of the documentation sent, the authentication of the parties’ identity, the verification of the date the signature was made, or the time and place where the document was signed or validated or the information was received.
In this regard, SIGNATURIT will not use your data for any purpose not covered in this policy, in the contract for the provision of services, and/or the contract of the data processor, committing to storing them and ensure compliance with security measures provided for suppliers of electronic trust and privacy or data protection services, established by applicable laws.
- Through the collection of the User’s signatureThe advanced electronic signature provided by SIGNATURIT incorporates biometric technology, which allows us to capture biometric data from the signatory’s writing, such as speed, acceleration, pressure, or pseudo-pressure. Therefore, when a signatory signs a document using our advanced electronic signature, we will be collecting their biometric data on behalf of our clients after obtaining express consent in accordance with the provisions of European Regulation 679/2016 (Art. 9.2).
2.2. Security measures and international transfers applied as the Data Processor or Sub-Processor.
For more information about the security measures used and the possible international transfers with adequate guarantees made by Signaturit in its role as a Trust Service Provider, consult the Security and Data Protection section and the Security and Data Protection Manual.
2.2. Exercising the rights of the Interested Party
In the event that the interested party (recipient User) wants to exercise their data protection rights when Signaturit acts as a Trust Service Provider (Data Processor or Sub-Processor), they must direct the request to the Data Controller (physical or legal person), that is, the company or natural person that has sent a request for a signature or certified communication. Likewise, SIGNATURIT, in its functions as Data Processor or Sub-Processor will provide support for such a process.
SIGNATURIT reserves the right to modify this policy to adapt it to future legislative or jurisprudential developments, as well as future uses that it plans to make of the personal data of the Users of the website or trust services.
Integration with the rest of the legal texts of the website
Consent for personal data processing
5.1. As a Visiting User and/or Registered User
Responses to requests or queries can be sought through the channels that we have on our platform.
Likewise, in the case of Registered Users, its purpose is to provide the requested service and answer any questions or queries you may have regarding the platform, provide you with information about our service or the conditions applicable to it, as well as manage the commercial relationship and carry out billing and collection for the contracted services. It may also be to send information about company news or various content that we consider may be of interest to the User, including subscribing to our newsletter, blog, and/or sending other types of corporate and/or commercial communications.*
5.2. As a Recipient User, when a third party sends a document or information using our platform
The processing that SIGNATURIT will carry out in this case is for providing trust services to its clients (Data Controllers) and to be able to validate the information that has been received, accepted, and/or signed through the platform.
5.3. As a User that is a follower of social networks
Processing for the purpose of managing and publishing content or information that may appear on your profile or wall that are associated with our company or collaborators and we think may be of interest to you.
5.4. As a User who is a candidate for a job
5.5. Consent for biometric signature processing
By virtue of the provisions of the GDPR (Article 9.2), the User will be previously informed about the use and processing of their biometric signature for signing the documents through our solution, being required to freely, expressly, and unequivocally accept the use, processing, and storage of your personal biometric data (a special category of personal data) by SIGNATURIT (the Data Processor or, where appropriate, Sub-Processor) and on behalf of its Clients or Data Controllers or, where appropriate, Processors, who will apply the necessary measures for their storage and security in accordance with the GDPR and for the purposes expressed in this Policy.
Likewise, once the express consent to the processing of these biometric data has been obtained, they will be encrypted within the document and may not be used by Signaturit under any circumstances, without prejudice to the exceptions provided by the regulations regarding the protection of personal data, such as a court summons.