This Privacy Statement outlines your rights to privacy and our commitment to safeguarding your personal data.
SignatureSense Ltd (SignatureSense) is a UK based organisation, with its headquarters in Bristol. SignatureSense delivers software and services to private and public businesses (Customers) in Europe. SignatureSense is subject to European privacy legislation, including the General Data Protection Regulation (GDPR).
All major decisions regarding privacy in SignatureSense is supervised by our Data Protection Officers (DPO). This Privacy Statement is available on SignatureSense.com.
Contents
1. How and when the Privacy Statement apply
2. Whose personal data we process
3. How we process personal data as data controller
4. Data collection tools
5. What type of personal data we process
6. Your rights
7. How we protect and store personal data
8. How we protect and store personal data as data processor
9. Subcontractors
10. Statement changes
11. Contact us
1. How and when the Privacy Statement apply
This Privacy Statement applies to all digital products and services provided by SignatureSense.
The Privacy Statement provides information about data processing carried out by SignatureSense when SignatureSense determines the purpose and means of the processing (SignatureSense act as data controller). It also provides information on data processing SignatureSense do on behalf of our Customers based on their instructions (the Customer as data controller and SignatureSense as data processor).
Personal data is information that can identify you as a person, such as an email address, street address or phone number etc. Processing your personal data is necessary for us to serve our Customers. Please do not use SignatureSense services if you do not agree with how we process personal data according to this Privacy Statement.
2. Whose personal data we process
SignatureSense manages personal data about users, recipients and contact persons or software users tied to our Customers. In addition we process personal data about persons representing potential Customers (leads) that approach us via our websites or other lead generating channels. Our statement in these regards is to be found in the data controller section.
We also process data on behalf of our Customers of which the Customer controls. Our statement in these regards is to be found in the data processor section.
In this Privacy Statement data subjects may also be referred to as persons or you.
3. How we process personal data as data controller
Why we process your personal data
About Customer contacts and software users
To manage our Customer relations in general and to meet our Customer commitments, SignatureSense needs information about you in your role as Customer contact person or user of a service. The purposes of processing this personal data are:
A. Execute sales and contract process to Customers
B. Provide requested offers on products and services to Customers
C. Perform deliveries in accordance with agreements made with you or Customers
D. Offer support to users of our products and services
E. Improve and develop the quality, functionality and user experience of our products and services.
F. Detect, mitigate and prevent security threats and perform maintenance and debugging
G. Prevent abuse of our products and services
H. Process orders, invoicing, payments and other financial follow-up
I. Create interest profiles in order to promote relevant products and services
J. Operate user communities to educate and enable interaction between users and SignatureSense
The legal ground for processing personal data according to the above-listed purposes in letter A) to I) is mainly because SignatureSense has a legitimate interest in processing your personal data from a business perspective in a manner that we believe do not conflict with your privacy rights or freedoms.
The legal ground for processing personal data according to the purpose listed in letter J) is your consent.
About Leads
SignatureSense process personal data about Leads for marketing purposes. In order to provide targeted and relevant content to potential Customers, SignatureSense builds an interest profile based on your movement, choices and actions on SignatureSense:s websites as well as your response to marketing content per email. The legal grounds for such processing is mainly your consent.
You can read more about how we create such profiles, how you can adjust the profile as well as withdraw your consent in the sections below.
If you are a job seeker
If you are a jobseeker, we process personal data in order to evaluate your potential to become a SignatureSense employee. The legal grounds for such processing is your consent.
How we collect your personal data
In general, SignatureSense collects personal data directly from you or other persons linked to our Customer. These persons may be a manager or colleague. If the Customer you work for starts a trial or test any of services we may collect information about them and if they add you as a user we also store your information. If you received a contract from an existing SignatureSense user and then you select to store your contract online on SignatureSense, then we collect your personal data, even though this data was pre-added by the other contract party. We will also use cookies and other tracking technologies when you use SignatureSense Sites and interact with us per email or chat, in order to optimise your experience of SignatureSense. Please see the paragraph describing automatic data collection tools for more information on how these technologies function and your rights in this context.
4. Data collection tools
SignatureSense uses different digital tracking technologies to collect information about your movements on SignatureSense Sites and when interacting with us.
Cookies and pixel tag
Cookies are small text files that contain a string of characters and uniquely identifies a browser.
They are sent to a computer by website operators or third parties. Most browsers are initially set up to accept cookies, since this is required by most website owners in order to access their sites. You may be, however, able to change your browser settings to cause your browser to refuse cookies in general, block third party cookies or to indicate when a cookie is being sent.
Pixel tags are scripts that executes when a user lands on a website or opens an email. The pixel itself is not visible and can only be seen in the HTML of the site or email. It calls an application on a server that will cause a third party cookie to be downloaded to your computer or registers that the email has been opened.
If you would like to know more about cookies and how they work, please visit www.allaboutcookies.org.
Google cookies and technologies
Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be traced back to individuals. This will help to protect your privacy. Using Google Analytics we can see what content is popular on our websites, and strive to give you more of the things you enjoy reading and watching.
Google tag manager: This helps us track some of the individual clicks you do on our website in order for us to more clearly see what you are interested in. It also helps us understand if some areas of our website is not performing well, in terms of marketing.
Google Analytics Remarketing: Places cookies on your computer which means that after you leave our website, Google can show you advertisements about SignatureSense that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.
Google AdWords: By using Google AdWords code, we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget. This information is not personally identifiable.
Google Adwords Remarketing: Places cookies on your computer which means that after you leave our website Google can show you advertisements about SignatureSense that you might be interested in, based on your previous behaviour on our website. This information is not personally identifiable.
You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser.
5. What type of personal data we process
The type of personal data that SignatureSense process about you may be:
- Basic contact details such as name, address, telephone number and email.
- Employment information such as employer, title, position including preferences and interests in professional context
- Feedback, comments or questions about SignatureSense or concerning our products and services
- Unique user information such as login ID, username, password and security questions
- Financial information such as credit card information (this information is never stored directly on our website, for this we use a secure third party solution called GoCardless Ltd.
- Traffic information as provided by your web browser such as browser type, device, language and the address of the website from which you arrived and other traffic information such as IP address
- Clickstream behaviour and movement on SignatureSense websites and in our products and services
- Email behaviour such as which emails from SignatureSense you open when and how.
As data controller, SignatureSense does not process sensitive personal data about you.
6. Sharing of your personal data
Within the organisations of SignatureSense
As SignatureSense always want to provide the best possible customer service and overall experience, most of our team is connected directly with the different chat or support services we provide.
In order to maintain a complete overview and insight into which Customers and contact persons have relations with within SignatureSense we will therefore share your personal data when needed among our team (Sales, Marketing, Development, Support etc.).
Outside of SignatureSense
SignatureSense may also share your personal data with external third parties in the following contexts:
Business partners
SignatureSense may share your personal information with our partners in the event this is legitimate from a business perspective and according to applicable privacy legislation.
Public Authorities
The police and other authorities may demand the handover of personal information from SignatureSense. In these cases, SignatureSense will only hand over the data if there is a court order etc. to do so.
M&A
In connection with mergers, acquisitions or divestiture of all or parts of SignatureSense’s business, the acquiring entity, as well as its consultants, will obtain access to data managed by the SignatureSense entity/entities involved and this may in some cases include personal data. In such cases, external parties will enter into a NDA with SignatureSense.
7. Your rights
Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from SignatureSense and may do so by either:
(a) Following the instructions for opt-out in the relevant marketing communication
(b) Contacting us via e-mail using support@signaturesense.com
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from SignatureSense, such as order confirmations and notifications necessary to manage your account or the services provided to Customers.
Your basic rights
You have the right to access your personal data by requesting an overview of the personal data we process about you and you may have a right to data portability. You also have the right to request that SignatureSense corrects inaccuracies in your personal data. If you have an account on SignatureSense this can be done through your profile settings. Further, you have a right to request deletion of personal data, and to restrict or object to our processing of your personal data according to this Privacy Statement or other service specific terms. Finally, you also have a right to file a complaint with the data protection authorities with regards to our processing of your personal data.
8. How we protect and store personal data
How we keep your personal data secure
SignatureSense takes the trust you and our Customers place in us very seriously. SignatureSense is committed to preventing unauthorised access, disclosure or other deviant processing of personal data.
SignatureSense shall ensure the confidentiality of personal data we process, maintain the personal data integrity and secure its availability according to applicable privacy legislation.
As part of our commitments, we utilise reasonable and appropriate organisational, technical and physical procedures and measures to safeguard the information we collect and process, taking into account the type of personal data and risk posed to you and our Customers upon breach.
Since root causes for privacy breaches are most likely to be found internally, we believe that building a strong internal culture where respect for and awareness around privacy among our employees are fundamental to ensure lawful processing and protection of your data. How long we store your personal data
SignatureSense will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
This means that SignatureSense may retain your personal data for a reasonable period after you and our Customer’s last interaction with us. When the personal data that we collected is no longer required we erase it.
How we protect and store personal data as data processor
SignatureSense provides different services to our Customers. Most of our services involves processing of the Customers’ data, hereunder their personal data. The purposes of processing is determined by our Customers not by SignatureSense, making the Customer the data controller.
SignatureSense does in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. The relation between the Customer as data controller and SignatureSense as data processor shall be regulated by a data processing agreement.
Customer and SignatureSense obligations
When the Customer act as data controller the Customer shall, according to applicable privacy legislation, ensure the legal grounds for processing the personal data. Further, the Customer shall assess and establish ownership to the risks posed to data subjects by processing their personal data.
Another important aspect of the Customer’s duty as data controller is to comply with the information duty towards data subjects.
SignatureSense is a natural part of the Customers duties as data controller, in the sense that SignatureSense’s services constitutes parts of the processing of personal data that the Customer must ensure are compliant with applicable privacy legislation. Thus, when SignatureSense processes personal data on behalf of its Customers, we must do so in accordance with privacy legislation applicable for data processors.
In short, the Customer and SignatureSense are obligated to cooperate to ensure privacy for data subjects. SignatureSense shall provide the information necessary for the Customer to be compliant with applicable privacy legislation.
9. Subcontractors
SignatureSense uses subcontractors to process personal data. These subcontractors are typically vendors of cloud services or other IT hosting services.
When using subcontractors, SignatureSense will enter into a data processing agreement (DPA) with subcontractors in order to safeguard your privacy rights and to fulfil our obligations towards our Customers.
When subcontractors are located outside the EU, SignatureSense ensures legal grounds for such international transfers on behalf of you or our Customers, hereunder by relying on Privacy Shield (US) or using the EU Model Clauses.
Subcontractors include but are not limited to:
- PostMark, provider of email distribution services (US)
- Google, provider of internal email services, AdWord and website tracking services, and office automation (US)
- Amazon Web Services, provider of file storage services (EU)
- UKFast.net, provider of web hosting services (EU)
In any case, you are always welcome to request an overview and more detailed information on SignatureSense’s subcontractors, hereunder documentation of legal grounds for international transfers mentioned above.
10. Statement changes
If we make significant changes to our Statement that materially alter our privacy practices, we will notify you such as sending an email or posting a notice on our website and/or social media pages prior to the changes taking effect.
11. Contact us
We value your opinion. If you have any comments or questions about our Privacy Statement, any unresolved privacy or data use concerns that we have not addressed satisfactorily, or concerning a possible breach of your privacy, please send them to support@signaturesense.com
If you want to make a request you can easiest do that by contacting us via e-mail at support@signaturesense.com.
We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.