- What personal data we collect and process, including from our website AssureSign.net (the “Site”);
- How we use the data;
- Our certification to the EU-US and Swiss-US Privacy Shield to, inter alia, permit transfers under the General Data Protection Regulation (GDPR)
- With whom we may share the personal data;
- Legal grounds for the processing of data
- Protection and storage of your data;
- The rights and choices you may have, including with regard to access, correction and deletion of your data;
- Anti-Spam Policy; and
Information we collect and process
AssureSign’s systems are used by our customers to perform electronic signatures on documents that they request be signed. On behalf of our customers, who are the data controllers, we solicit and process information from signers that is required to complete various types of documents. AssureSign collects personally identifiable information from users at several different points on the Site to fulfill the requirements of the Uniform Electronic Transactions Act (UETA) of 1999, the Electronic Signatures in Global and National Commerce Act (E-SIGN) of 2000, and Regulation (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 (eIDAS). Additionally, AssureSign may gather information as directed by our clients to fulfill the requirements of any document presented to be signed.
Data requested of signers may include without limitation name, address, email address, government identification, financial information, credit card data and banking information. We encrypt such personal information when it is entered using industry standard secure socket layer technology (SSL).
Our Site does not offer services directed to children. Should an individual whom we know to be a child under age 18 send personal information to us, we will delete or destroy such information as soon as reasonably possible.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information, which does not identify individual users (other than the IP address of the user’s device), to analyze trends, to administer the Site, to track users’ movements around the Site and to gather demographic information about our user base as a whole.
Other than tying IP addresses to personally identifiable information to verify the authenticity of the signing party on digitally signed documents, we do not link automatically-collected data to personally identifiable information.
How we use the data we collect
Personal data is not solicited by AssureSign for any other use than to apply information to documents, which are also made available to the signers, on behalf of our customers, and to pass the data through to our customers, on whose behalf such data has been collected for the purposes of electronic signing.
AssureSign does not obtain such data from our customer’s document signers for any internal purposes. Signers of electronic documents are agreeing to conduct business with, and share information with, the specific customer on whose behalf AssureSign is requesting information for the completion and signing of specific documents.
Data that AssureSign solicits from signers:
- is not provided to public information databases;
- is not provided to other third parties not associated with documents being signed by signers.
We may utilize general information in an anonymized and aggregated format that is derived from users’ private data, public data, traffic data, cookies, and the transactions we facilitate (the “Statistical Data”) for purposes of (i) allowing AssureSign to conduct statistical analyses relating to use of our services, (ii) identifying broad demographic trends, (iii) improving our Site and services, (iv) marketing or promoting the Site or our services, or (v) any other lawful purpose. AssureSign does not utilize any Statistical Data to identify any parties, and you may not duplicate or disseminate the Statistical Data that you may receive from AssureSign. For instance, we may publish the total value of all transactions facilitated by us, including any transactions involving you, so long as such publication does not uniquely identify you.
EU-US Privacy Shield and Swiss-U.S. Privacy Shield
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies in the US and Europe with a mechanism to comply with data protection requirements under the EU Data Directive and the General Data Protection Regulation (GDPR) when transferring personal data from Europe to the United States in support of transatlantic commerce.
For personal information of employees, consumers, healthcare professionals, medical research subjects and investigators, customers, investors, and government officials that AssureSign receives from the European Economic Area, AssureSign has committed to handling such personal information in accordance with the EU-US Privacy Shield and Swiss-U.S. Privacy Shield Principles.
With whom we share your personal data
AssureSign is a global provider of services headquartered in the United States, and as such may need to share information with internal personnel located in different geographic locations in order to fulfill our contractual and legal obligations. We may also share your personal data to third parties (within or outside your country of residence) who perform services on our behalf, including our technology providers, administrative personnel and providers, and professional advisors.
Information obtained for the purpose of fulfilling documents presented to be signed is applied to the produced PDF (portable document format) on behalf of our clients. Any presentation of this document is provided using secure socket layer technology (SSL). We do not provide this information to third parties that are not a party or do not have an interest in the electronic document being signed.
AssureSign, LLC may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, and when we believe that disclosure is necessary to protect our rights. The US Federal Trade Commission has jurisdiction over AssureSign, LLC’s compliance with the EU-US and Swiss-US Privacy Shield.
In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, AssureSign is potentially liable.
AssureSign shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless AssureSign proves that it is not responsible for the event giving rise to the damage.
In the context of an onward transfer AssureSign has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. AssureSign shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Legal grounds for data processing
We rely on the following legal grounds to process your personal information:
Performance of a contract.We collect and use your personal information on behalf of third parties in performance of agreements with such third parties.
Protection and storage of your data
The security of your personal information is important to us. We take reasonable administrative, physical and technical precautions to protect your personal data and communications between us. This includes, when required or as we deem appropriate and feasible under the circumstances, written commitments from third parties that may have access to your data that they will protect the data with safeguards that are substantially equivalent to those used by AssureSign. When you enter sensitive information directed to be collected by our clients (such as credit card number and/or social security number) on our forms, we encrypt that information at rest in our database and in transit using secure socket layer technology (SSL).
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and at rest once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Site, you may email your questions to email@example.com.
We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected and to perform our contractual and legal obligations.
The session cookies used on our Site are set to expire when the browser session ends.
Your rights and choices
Prospective signers of electronic documents whose information is received under EU-US and Swiss-US Privacy Shield frameworks may choose to decline to sign documents presented to them or may instead elect to use other available options for signing agreements that AssureSign customers may elect to provide.
- AssureSign, LLC
3423 Piedmont RD NE
Atlanta, GA 30305
AssureSign has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Under certain limited conditions, it may be possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
For human resource data, AssureSign will cooperate with the EU data protection authorities (DPAs), Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice of such authorities with respect to this data. Any human resource data retained by AssureSign is for incidental purposes only related to multi-party signed documents, and may include consumer and organizational human resource data as submitted to us in electronic documents.
AssureSign is opposed to unsolicited commercial e-mail (“spam”). As part of our services, AssureSign clients may request we send e-mail on their behalf to customers with existing business relationships. AssureSign does not provide interfaces or tools in support of unsolicited bulk email campaigns; all e-mail communications are sent in conjunction with a transactional request for a signature on a specific document or set of documents.
If you believe that you have received unsolicited e-mail from us, please contact firstname.lastname@example.org.
Links to Other Sites
Occasionally AssureSign may include links to third party websites on its Site. The inclusion of any link does not imply that we endorse the products and services offered at such linked site. These third party sites have separate and independent privacy policies which we encourage you to review. We therefore have no responsibility or liability for the content and activities of these linked sites.
California Information-Sharing Disclosure: California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by email to email@example.com with “California Privacy Rights” in the subject line.
AssureSign is a Florida limited liability company. The Site is controlled and operated from the United States. If you are an individual from the European Union, Canada or any other jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that we may store the information we collect in the United States or in other countries where we or our third party service providers have operations. Personal data may also be transferred from the country of your residence to other countries, including the United States.