- 29.10.2024: SignHero Light section removed.
- 12.06.2024: Addition to section Data content of register.
- 14.08.2020: SignHero for Zapier section added.
- 11.03.2020: SignHero for GMail section added.
Register holder
Avaintec Oy
Kansakoulukuja 3
00100 Helsinki, Finland
For inquiries regarding the register
E-mail: privacy@avaintec.com
Purpose of register
eSignature cloud service
Basis for data collection and processing
- Individualisation of user within signing process
- Authorisation of user for account access and management
- Privacy of service
Data content of register
- Signed documents
- First name, surname, and email address of signature requester
- Whole name and email address of signer
- In case of advanced signature, social security number and date of birth
- Time of signing event and the signer’s IP address
Data retention period
See Table 2: Retention periods
Regular sources of data
Data has been collected from the person in question or from the signature requester.
Regular disclosure of data
Data are only disclosed to relevant entities.
Transfer of data outside the EU
Data are not transferred outside of the EU.
Use of cookies
We use cookies only to manage a user’s session. The data does not include personal data. Users cannot be identified based on cookies alone.
Register security
- access to the register is restricted
- backups of register are taken periodically
- access is monitored to those premises where data is processed
- servers, databases, and their backups exist in a data centre on secure premises that require particular permission to access
- register’s network and hardware are protected by a firewall as well as other necessary technical measures
- personnel have been instructed on how to properly handle personal data
Automated decision-making
Data of the person in question is not subjected to automated decision-making.
Rights of the registered
See Table 1: Do I have a right..?
Tracking use
SignHero collects individualizable data only for the purpose of ratifying a legally valid electronic signature. Read sections "Basis for data collection and processing" and "Data content of register" for more details.
Metadata on SignHero usage is collected in order to improve user experience and to develop the service further.
SignHero for Gmail
SignHero for Gmail is an add-on for the purpose of using the service directly inside user’s Gmail account. This add-on allows a user to sign PDF’s attached to an email message, store signed documents in user’s Google Drive account and create email drafts of signed documents. All the data that is collected by SignHero via this add-on is only for the purpose of eSigning. See "SignHero for Gmail data collection activities" for more details.
SignHero for Zapier
Zapier is an online automation tool that connects other apps and services. Connecting other apps to SignHero via Zapier will help you automate your document management life-cycle. Third-party apps in Zapier only have access to your SignHero data which you explicitly provide to them. You can withdraw your authorisation for third-party apps anytime at all.
Removal of data
Data can be removed by request or when the customer status of a person ends.
Table 1: Do I have a right…
SignHero account admin
Not applicable for account management. Users cannot object after they have signed, as data is needed to validate the signature. See column for request recipient.
SignHero account user
Users can object processing of data for account management by declining to activate their account or by requesting the account be deleted. Users cannot object after they have signed, as data is needed to validate the signature. See column for request recipient.
Invited signer
Personal data is used only for necessary actions when signing. Signers cannot object retroactively since the data in question is needed to validate the signature. If signers wish to object the processing of their data they must decline to sign.
SignHero account admin
Yes. Users can access personal data by logging into the service.
SignHero account user
Yes. Users can access personal data by logging into the service.
Invited signer
Yes. Signers can access personal data for all signature invitations they were involved in.
SignHero account admin
Not applicable. Personal data is obtained from users themselves.
SignHero account user
Yes. From the account activation email users can view data source and recipient information. The email contains a Privacy Policy Statement, which outlines the purpose of personal data processing as well as the retention periods.
Invited signer
Yes. From the signing invitation email signers can view data source and recipient information. The email contains a Privacy Policy Statement, which outlines the purpose of personal data processing as well as the retention periods.
SignHero account admin
Users can correct their name and organisation’s name. However, personal data in signature requests cannot be changed retroactively. Users can cancel signature requests or let them deprecate.
SignHero account user
Users can correct their name. However, personal data in signature requests cannot be changed retroactively. Users may cancel signature requests or let them deprecate.
Invited signer
Personal data cannot be changed retroactively since the data in question is needed to validate the signature. Signers must decline to sign if the request or PDF file contain false information.
SignHero account admin
Yes. Users can delete their account. Other personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.
SignHero account user
Yes. Users can ask to be deleted. Other personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.
Invited signer
Yes. Personal data is used only to validate signatures. Data is deleted automatically once there is no burden of proof.
SignHero account admin
Yes. Users can obtain all of their organisation’s user accounts and process data in a JSON file. Documents can be extracted as PDF files.
SignHero account user
No. The account belongs to the organisation it is a part of and users may therefore not move data without permission.
Invited signer
Not applicable. Signers do not submit their personal data.
SignHero account admin
Users’ personal data is processed only for necessary account management and signing actions.
SignHero account user
Users’ personal data is processed only for necessary account management and signing actions.
Invited signer
Signers’ personal data is processed only for necessary account management and signing actions.
Table 2: Retention periods
Process data
Signing process data are retained for a maximum of one year from when the process was started.
Audit trail
The audit trail is retained for a maximum of one year.
PDF files
PDF files are retained for a maximum of one year.
Process data
The organisation can archive the data from complete signing processes.
Audit trail
The audit trail is retained for five years from when the signing process was complete. If you did not sign, your personal data is not a part of the audit trail.
PDF files
The organisation can archive the PDF files that belong to a completed signing process.
Process data
Signing process data are retained for a maximum of 30 days from when the signing process was cancelled.
Audit trail
The audit trail is not retained.
PDF files
The PDF files are retained for a maximum of 30 days from when the signing process was cancelled.
Table 3: Why does SignHero for GMail request permission...
Purpose
To find attachments that can be signed in your emails. No other content from your emails is processed by the add-on.
Purpose
To create empty drafts with attachments you signed. The add-on won't send any emails by itself.
Purpose
To connect to SignHero for uploading, signing, and downloading documents.
Purpose
To save signed documents in a designated folder in your Google Drive. None of your personal files are downloaded, edited or deleted by the add-on.
Purpose
To get your time zone and correctly display signing times. No other information from your calendars is used by the add-on.