Register holder

Avaintec Oy
Kansakoulukuja 3
00100 Helsinki, Finland

For inquiries regarding the register

E-mail: privacy@avaintec.com

Purpose of register

eSignature cloud service

Basis for data collection and processing

  • Individualisation of user within signing process
  • Authorisation of user for account access and management
  • Privacy of service

Data content of register

  • Signed documents
  • First name, surname, and email address of signature requester
  • Whole name and email address of signer
    • In case of advanced signature, social security number and date of birth
  • Time of signing event and the signer’s IP address

Data retention period

See Table 2: Retention periods

Regular sources of data

Data has been collected from the person in question or from the signature requester.

Regular disclosure of data

Data are only disclosed to relevant entities.

Transfer of data outside the EU

Data are not transferred outside of the EU.

Use of cookies

We use cookies only to manage a user’s session. The data does not include personal data. Users cannot be identified based on cookies alone.

Register security

  • access to the register is restricted
  • backups of register are taken periodically
  • access is monitored to those premises where data is processed
  • servers, databases, and their backups exist in a data centre on secure premises that require particular permission to access
  • register’s network and hardware are protected by a firewall as well as other necessary technical measures
  • personnel have been instructed on how to properly handle personal data

Automated decision-making

Data of the person in question is not subjected to automated decision-making.

Rights of the registered

See Table 1: Do I have a right..?

Tracking use

SignHero collects individualizable data only for the purpose of ratifying a legally valid electronic signature. Read sections "Basis for data collection and processing" and "Data content of register" for more details.

Metadata on SignHero usage is collected in order to improve user experience and to develop the service further.

SignHero for Gmail

SignHero for Gmail is an add-on for the purpose of using the service directly inside user’s Gmail account. This add-on allows a user to sign PDF’s attached to an email message, store signed documents in user’s Google Drive account and create email drafts of signed documents. All the data that is collected by SignHero via this add-on is only for the purpose of eSigning. See "SignHero for Gmail data collection activities" for more details.

SignHero for Zapier

Zapier is an online automation tool that connects other apps and services. Connecting other apps to SignHero via Zapier will help you automate your document management life-cycle. Third-party apps in Zapier only have access to your SignHero data which you explicitly provide to them. You can withdraw your authorisation for third-party apps anytime at all.

Removal of data

Data can be removed by request or when the customer status of a person ends.

Table 1: Do I have a right…

SignHero account admin

Not applicable for account management. Users cannot object after they have signed, as data is needed to validate the signature. See column for request recipient.

SignHero account user

Users can object processing of data for account management by declining to activate their account or by requesting the account be deleted. Users cannot object after they have signed, as data is needed to validate the signature. See column for request recipient.

Invited signer

Personal data is used only for necessary actions when signing. Signers cannot object retroactively since the data in question is needed to validate the signature. If signers wish to object the processing of their data they must decline to sign.

SignHero account admin

Yes. Users can access personal data by logging into the service.

SignHero account user

Yes. Users can access personal data by logging into the service.

Invited signer

Yes. Signers can access personal data for all signature invitations they were involved in.

SignHero account admin

Not applicable. Personal data is obtained from users themselves.

SignHero account user

Yes. From the account activation email users can view data source and recipient information. The email contains a Privacy Policy Statement, which outlines the purpose of personal data processing as well as the retention periods.

Invited signer

Yes. From the signing invitation email signers can view data source and recipient information. The email contains a Privacy Policy Statement, which outlines the purpose of personal data processing as well as the retention periods.

SignHero account admin

Users can correct their name and organisation’s name. However, personal data in signature requests cannot be changed retroactively. Users can cancel signature requests or let them deprecate.

SignHero account user

Users can correct their name. However, personal data in signature requests cannot be changed retroactively. Users may cancel signature requests or let them deprecate.

Invited signer

Personal data cannot be changed retroactively since the data in question is needed to validate the signature. Signers must decline to sign if the request or PDF file contain false information.

SignHero account admin

Yes. Users can delete their account. Other personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.

SignHero account user

Yes. Users can ask to be deleted. Other personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.

Invited signer

Yes. Personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.

SignHero account admin

Yes. Users can obtain all of their organisation’s user accounts and process data in a JSON file. Documents can be extracted as PDF files.

SignHero account user

No. The account belongs to the organisation it is a part of and users may therefore not move data without permission.

Invited signer

Not applicable. Signers do not submit their personal data.

SignHero account admin

Users’ personal data is processed only for necessary account management and signing actions.

SignHero account user

Users’ personal data is processed only for necessary account management and signing actions.

Invited signer

Signers’ personal data is processed only for necessary account management and signing actions.

Table 2: Retention periods

Process data

Signing process data are retained for a maximum of one year from when the process was started.

Audit trail

The audit trail is retained for a maximum of one year.

PDF files

PDF files are retained for a maximum of one year.

Process data

The organisation can archive the data from complete signing processes.

Audit trail

The audit trail is retained for five years from when the signing process was complete. If you did not sign, your personal data is not a part of the audit trail.

PDF files

The organisation can archive the PDF files that belong to a completed signing process.

Process data

Signing process data are retained for a maximum of 30 days from when the signing process was cancelled.

Audit trail

The audit trail is not retained.

PDF files

The PDF files are retained for a maximum of 30 days from when the signing process was cancelled.

Table 3: Why does SignHero for GMail request permission...

Purpose

To find attachments that can be signed in your emails. No other content from your emails is processed by the add-on.

Purpose

To create empty drafts with attachments you signed. The add-on won't send any emails by itself.

Purpose

To connect to SignHero for uploading, signing, and downloading documents.

Purpose

To save signed documents in a designated folder in your Google Drive. None of your personal files are downloaded, edited or deleted by the add-on.

Purpose

To get your time zone and correctly display signing times. No other information from your calendars is used by the add-on.