Last revised: August 31, 2020
Privacy Shield (for EU Users and Customers)
Please see our Privacy Shield Policy at https://www.signwell.com/privacy-shield/
In addition to the continued compliance with the Privacy Shield Principles, the AWS Service Terms ensures compliance with the General Data Protection Regulation’s cross-border data transfer requirements through the incorporation of a Data Protection Agreement (DPA). SignWell uses AWS to process, transmit and store your data when you use our Service. The DPA applies when your data is processed from the EEA to the U.S. The AWS Data Protection Agreement provides appropriate safeguards to the confidentiality, integrity, and availability of your data through administrative, organizational, and technical controls. If you would like to view the AWS Data Protection Agreement, please visit https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
- “Personal Information” means any information that identifies or can be used to identify or contact a person if used combined together with other pieces of information. Such Personal Information may include, but is not limited to, a name, identification number, an online identifier, mailing or billing address, email address, telephone number, photo, signature, Internet Protocol (“IP”) address location data, cookie identifier, date of birth, billing or credit/debit card information. For users accessing the Service from EU: You will not pass information to SignWell that is classified as special category data under the EU General Data Protection Regulation (GDPR) and identifies one or more unique individuals. This includes the following data types; race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
- “Non-Personal Information” means information that cannot be used to identify or contact a person. Such Non-Personal Information may include, but is not limited to, user’s browser type, browser version, operating system, files viewed, webpages visited, time and date of user’s visit, time spent on each webpage and other anonymous statistical data.
- “Content” means any information, text, documents, graphics, videos, or other materials uploaded, posted, displayed, shared and otherwise made available on or through the Service.
What Information Is Collected, How It Is Used, and When It Is Shared
We collect both Personal Information and Non-Personal Information about you. Here is what information we collect about you, how and why we use it, and under what circumstances your information may be shared with others:
- Your Content. Any information, text, documents, comment you leave for any third party inside any document, graphics, videos, audio files, or other materials uploaded, posted, displayed, shared and otherwise made available by you on or through the Service will be collected and stored by us for the purpose of providing you with the Service or servicing your Subscription. This includes any information you fill out inside any document (for example, when you are asked to fill out and sign an agreement). Your Content is not shared with anyone except those you voluntarily decide to share it with. You are solely responsible for your Content. You assume all risks associated with the use and sharing of your Content, including any reliance on its accuracy, completeness or usefulness by others, or any disclosure of your Content that makes you or any third party personally identifiable.
- Submission of Suggestions and Feedback. If you provide us with any suggestions or feedback about the Service (“Suggestions”), you will automatically assign to us all rights to the Suggestions and agree that we shall have the right to use such Suggestions and related information in any manner we deem appropriate. We will treat any Suggestions you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.
- Cookie Identifiers. “Cookies” are small files created by websites a user visits. They are designed to hold a modest amount of data specific to a particular user and website, and can be accessed either by a web server or such user’s computer. Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. Storing the data on the server without using Cookies would also be problematic because it would be difficult to retrieve a particular user's information without requiring a login on each visit to the website. If there is a large amount of information to store, then a Cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example, the first time a user visits a site he/she may choose a username, which is stored in the Cookie, and then provide data such as password, name, address, preferred font size, and so on. This information would all be stored in a database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the username, and then retrieve all the user's information from the database without making the user to re-enter it.
- Google Analytics and Similar Analytics Tools. Third party services such as Google Analytics and Amplitude help businesses and site owners analyze the traffic to their websites and mobile applications by collecting, monitoring and analyzing Non-Personal Information.
- We also share your email address, name and IP address with Amplitude to help us better analyze the traffic of the Service.
- Facebook’s Remarketing Service. SignWell uses Facebook’s remarketing services to show advertisements (also called interest-based advertising) to you on third-party web sites after you have visited the Service. You can learn more about interest-based advertising from Facebook by visiting www.facebook.com/help/164968693837950. To manage your ad setting or preferences, follow the instructions found here www.facebook.com/about/ads/#568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance (“DAA”). You can also opt-out from Facebook and other participating companies through the DAA in the USA www.aboutads.info/choices/, the DAA of Canada in Canada www.youradchoices.ca or the European Interactive Digital Advertising Alliance in Europe www.youronlinechoices.eu, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy www.facebook.com/privacy/explanation.
- Email Marketing. We and Sendfox (a third-party service provider and email campaign service) may use your email address to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us or our partner by following the unsubscribe links or instructions provided in any emails we or our partners send. To find out how Sendfox uses your email address, please follow this link: https://sendfox.com/privacy.
- Business Transfers or Bankruptcy. We may sell, transfer or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
- Disclosures for Legal Purposes. We may disclose your Personally Identifiable Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of Service users or the public, or (iv) protect us from legal liability.
- Use and Disclosure of Non-Personal Information. We reserve the right to use and disclose Non-Personal Information for any purpose and to share it with any third party at our sole discretion.
Your connection to the Service is secure and encrypted using SSL (Secure Sockets Layer), which is the standard “secure” connection used in the HTTPS protocol.
We host information about you in a secure server and cloud-based environment provided by Amazon.com, Inc. (“AWS”). AWS takes top security measures in order to ensure safe retention and storage of Personal Information. In order to read more about AWS’ security measures, please refer to https://aws.amazon.com/compliance/data-center/controls/.
Despite these measures, however, you should know that we cannot fully eliminate security risks associated with your information. You are also responsible for helping us protect the security of your Personal Information. For instance, never give out your password, and remember to log out of your account after each session.
Location of Servers
If you are located outside the United States and choose to use the Service, please note that we will store information about you including your Content on servers located in the United States.
FOR USERS FROM EU: YOUR RIGHTS WITH REGARD TO INFORMATION WE COLLECT ABOUT YOU
If you are accessing the Service from one of EU Member States, you have the following rights with regard to information about you:
- the right of access (you can request us to provide you verbally or in writing with the Personal Information and Non-Personal Information that we store about you and we have a month to respond to your request);
- the right to rectify any Personal Information that is inaccurate;
- the right to erasure (some conditions apply, see Section 7 below);
- the right to restrict processing your Personal Information, however, if you restrict us from processing a part of Personal Information that is essential to our provision of the Service, you may be asked to terminate your account and stop using the Service;
- the right to data portability; the right to data portability allows users of the Service to obtain and reuse their Personal Information for their own purposes across different services; you may request us to transmit your Personal Information directly from our servers to another company’s servers and we will do so where it is technically feasible;
- the right to object (you have an absolute right to stop Personal Information being used for direct marketing, read our opt-out instructions below); you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your Personal Information if we are able to show that we have a compelling reason for doing so;
- the rights in relation to automated decision making and profiling.
If you would like to exercise any of the above rights, please an email to: firstname.lastname@example.org.
List of Sub-Processors
Description of Processing (including a clear delimitation of responsibilities in case several sub-processors are authorized):
Amazon Web Services
1200 12th Ave S, Ste 1200, Seattle, WA 98144
Hosting services and document storage
1600 Amphitheatre Pkwy, Mountain View, CA 94043
Email communication with Gmail and documentation tools
510 Townsend St, San Francisco, California, 94103
Customer billing and invoicing
201 3rd St Ste 200, San Francisco, California, 94103, United States
Application usage analytics
11410 NE 124th Street #246 Kirkland, WA 98034
6595 Roswell Road, STE G2130 Atlanta, GA 30328, United States
500 Howard Street, San Francisco, California 94105, United States
Office communication services
177 Huntington Ave Ste 1703, Boston, Massachusetts, 02115, United States
Customer support platform
Hotjar Limited Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta, Europe
Application usage analytics and qualitative research
For users accessing the Service from EU: According to EU’s General Data Protection Regulation Personal Information must be erased immediately as long as such information is no longer needed for its original processing purpose, or the impacted person has withdrawn his/her consent and there is no other reason for justification, the impacted person has objected and there is no preferential justified reason for the processing, or erasure is required to fulfil a statutory obligation under the EU law or the right of the Member States. Therefore, if using the Service from one of the EU Member States, your Personal Information will be erased under all of the above circumstances. You may request us to erase your Personal Information verbally or in writing and we have a month to respond to any such request.
For users accessing the Service from outside of EU: We will retain your information for as long as your account is active or as needed to provide you with the Service. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Do Not Track Disclosure
We support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the preferences or settings page of your web browser.
Links to Third-Party Web Sites
Our Service may contain links to third-party web sites (through ads that they post in the Service) about products or services that are not owned or controlled by SignWell.
SignWell has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third-party web sites. We do not warrant the offerings of any of these entities/individuals or their websites.
You acknowledge and agree that SignWell shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, goods or services available on or through any such third-party web site.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web site that you access through link available in the Service.
Only persons age 18 or older have permission to access our Service. We do not knowingly collect Personal Information from anyone under the age of 18. If you are a parent or guardian and you learn that your child has provided us with Personal Information, please contact us immediate. If we become aware that we have collected Personal Information from anyone who is under 18 without verification of parental consent, we will take steps to remove that information from our servers.
Docsketch, LLC (DBA SignWell)
12042 SE Sunnyside RD
Portland, OR 97015
Telephone: (503) 908-4130