Privacy Policy
Updated 4 March 2024
About us:
Docue Technologies UK Ltd
78 York Street, London, W1H 1DP
Company number: 13949138
ICO number: ZB345032
1. General
This privacy policy sets out how we, as the data controller, collect and process your personal data in connection with you registering for and using the docue.com service (the “Web Service"). We process all personal data in accordance with the requirements of the UK GDPR.
We keep our privacy policy under regular review. This version was last updated on 25 January 2024. Docue reserves the right to make changes to this policy from time to time.
2. Basis and purpose of processing of personal data
We process personal data so that we can identify the users of the Web Service and forward the documents you created in the service to the desired recipients. In addition, we may use the personal data for notifications about the service, direct marketing, invoicing and statistics.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you - for example, providing the information required during the registration process is a prerequisite for opening your user account;
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
where we need to comply with a legal obligation.
Where required by applicable law and regulation, we will get your consent before sending direct marketing communications to you. You have the right to withdraw consent to (or opt out of) receiving marketing at any time by contacting us via support@docue.com (or by clicking the relevant unsubscribe or opt-out link or button within any of our communications or other materials). Our communications may be personally targeted. Our purpose is to filter out the messages that are unlikely to interest you. The processing of your personal data is based on the customer agreement you enter into with us when you register in our service.
We have set out below, in a table format, a summary of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Purpose/Activity | Lawful basis for processing (including basis of legitimate interest) | |
---|---|---|
1 | To process, monitor and deliver our Service including: (a) managing transactions, payments, fees and charges, (b) collecting and recovering money owed to us, (c) giving you a free trial, (d) controlling and providing access to our Service, (e) providing training and technical support to you in respect of our Service, (f) responding to your enquiries about our Service, (g) recording our calls/emails/other contact with you for quality, security, monitoring and training purposes, including for improvement of our customer service, development of our business and Service, and ensuring we are delivering the Service in line with your instructions, (h) to administrate or perform our contract with you, (i) to send you updates about the Service you have bought (and how to access the Service), (j) to allow you to create, sign, store, and manage contracts and legal documents using the Service, and (k) to carry out relevant administration in relation to our contract with you, for example, to issue invoices or renewal reminders. | a) Performance of a contract with you, (b) Necessary for our legitimate interests (e.g. to recover debts due to us and to grow our business by effectively improving, developing, delivering and marketing our Service). |
2 | To manage our relationship with you which will include: (a) notifying you about changes to our Terms of Use or Privacy Policy, (b) where we send you information to comply with a legal obligation (e.g. where we send you information about your legal rights), (c) asking you (directly or via third party review websites) to leave a review or take a survey. | a) Performance of a contract with you, (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests (e.g. to keep our records updated and to study how customers use our Services). |
3 | To administer, monitor and protect our business, Service and our Website (including protection of Docue against legal claims, retention of information to allow Docue to bring or defend legal claims, enhanced security, fraud prevention, credit checking, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data and prevention of unlawful or potentially unlawful activity). | (a) Necessary for our legitimate interests (e.g. for running our business, administration, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise), (b) Necessary to comply with a legal obligation. |
4 | To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | Necessary for our legitimate interests (e.g. to study and develop our Website and advertisements in order to grow our business and inform our marketing strategy). |
5 | To use data analytics to improve our Website, Services, marketing, customer relationships and experiences. | Necessary for our legitimate interests (e.g. to define types of customers for our Services, to keep our Website updated and relevant, and to develop our business and to inform our marketing strategy). |
6 | To make suggestions and recommendations to you about our Service that may be of interest to you and to record your preferences (e.g. marketing) to ensure that we comply with data protection laws. | (a) Necessary to comply with a legal obligation, and (b) Necessary for our legitimate interests (e.g. to market our Services and grow our business). |
3. Personal data being processed
We may process one or more of the following types of personal data about you:
first and last name;
postal address and billing address;
telephone number;
email address;
professional reference group (employee, student, etc.);
technical data collected through cookies (e.g. IP address, browser type);
user ID information for the Web Service; and/or
credit card details and bank account information.
We do not knowingly collect any special categories of personal data about you (this includes, for example, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data). Nor do we knowingly collect any information about your criminal convictions and offences.
Without your separate consent or other legal obligation, we will not review, edit or delete any contractual materials or documentation, or related signatures, on your user account. You can independently invite people as users in our Web Service. You are responsible for having the right to process the personal data that you enter into our Web Service when you create content and invite others. You are also responsible for other obligations under data protection law in relation to such data, with the exception of the safeguards we have undertaken ourselves in accordance with Section 7 below. For example, you should make sure that you do not share the user rights to your account with people who do not have the right to review the information and documents within your account. You are the data controller for the personal data you enter yourself in the document and signature database on your account, while we are the personal data processor. The terms of Docue's data processing agreement (DPA) will apply in such instances.
4. How we collect personal data
As a rule, we collect the necessary personal data from you, either directly or via cookies, when you register in our Web Service and update the information in your user account. In some cases, your information may be entered into our system by a third party – for example, your colleague who invites you to use the joint account for your company. In these cases, you have the opportunity to correct and delete your data from our service in accordance with the section titled "The data subject's rights" below. In these situations, we encourage you to contact the party that provided your information in the first instance.
5. Our data processors
Only people who have reason to access the data due to their work or position have access to your personal data. All our employees are bound by appropriate confidentiality obligations. Our partners who process personal data on our behalf, as well as their employees and subcontractors, are covered by similar confidentiality obligations. The selection of our partners includes a detailed data protection assessment.
Important partners and group companies that process personal data on our behalf are:
Server: Amazon Web Services Inc.
Customer and User Communications: Intercom Inc. & HubSpot Inc.
Customer Service: Chargebee Inc.
Payment services: Paytrail Oyj & Stripe Inc.
Financial management software: Accountor Finago Oy
Monitoring of network traffic: Google Ireland Ltd & Meta Platforms Ireland Ltd & LinkedIn Ireland
We may share your personal data within the Docue group for internal group reporting purposes and for the Web Services provision, for monitoring and administration purposes (the Docue group includes Docue Technologies UK Ltd in the UK, Docue Technologies Oy in Finland, Docue Technologies Sweden AB in Sweden and Docue Technologies Germany GmbH in Germany).
Personal data may also be processed to a limited extent by service providers, customer service providers, software developers, auditors and consultants (e.g. for the SMS and email generators we use). The selection of these partners includes an equally thorough data protection assessment. We will inform you about any significant changes regarding our partners before the changes are implemented. We agree on the processing in writing with each of our partners and expect our partners to comply with the level of data protection set out in this privacy policy. When processing personal data, we are responsible for our partners' actions as for our own. We do not disclose document content saved in our service or related personal data to third parties unless required by law.
For technical reasons, your personal data may be transferred outside the UK and European Economic Area (EEA). A prerequisite for the transfer is that the Information Commissioner’s Office (ICO) has established that the level of data protection in the country of destination is sufficient or that the receiving party outside the UK undertakes to take the appropriate protective measures required by the data protection legislation. Upon request, we will provide you with up-to-date information on all our partners that process personal data and further clarify the safeguards mentioned in this paragraph in the event that the data is possibly transferred outside the UK and EEA.
6. Retention period for personal data
As a rule, we will store your personal data as long as reasonably necessary to fulfil the purposes we collected it for. In most cases, this is the period for which you have a user account to use our Web Service. Your account can be deleted by contacting us via the support chat feature when logged into the account (in your request, you should state if you wish to delete your personal workspace as well as your company workspace (if you've created one). In some cases, we may delete user accounts that have been inactive for a long time. In these cases, we will notify you in advance of possible deletion actions.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
7. Protection of personal data
Access to databases
Our users' personal data is only accessible to people who, due to their work or position, have the right to access such data. The processing of personal data is confidential, which is ensured by supervision and appropriate confidentiality agreements. All processors have individual usernames and passwords to the databases that contain your personal data, enabling their continuous identification.
Servers
Document material and user information are stored on servers for which proven security and protection principles are used. This means, among other things, that extensive protection against fire and power outages is used, and that a careful selection process and access control is applied to employees. All data is regularly backed up on a separate backup server. Incoming and outgoing data communications on the servers are monitored using firewalls. Incoming and outgoing server traffic is monitored using firewalls. Server providers monitor data communication in real time and immediately address any threats detected through analysis.
Protection of data communications and documents
We encrypt all our data communication between the computer and the server through SSL technology. The documents to be signed are encrypted with a security code that is sent to the recipient of the signature link. A 256-bit HASH seal is calculated for each document after all signatures have been collected. The seal is stored on the server together with the document and with its help it is possible to discover afterwards if the document is changed after the signatures. In other words, the seal can be used to check afterwards whether or not a document was drawn up via our service. All documentation is stored in encrypted form on the server.
Users' login details and user rights
Each user has a personal username and password. If the user logs into our service from a different device or browser than usual, the login includes two-step verification for additional verification. Then, in addition to their password, the user must enter the one-time code that is sent to the user's phone to log in. In this way, we confirm that the user who logs in is the true owner of the user account.
Data breach information
Even careful procedures cannot guarantee that a data breach in a computer system is impossible. If we become aware of a data breach concerning personal data that we hold, and the breach is likely to lead to a high risk to your rights or freedoms, we will inform you of the breach without undue delay. All probable risk situations will be investigated in detail and reported to the regulatory authority.
8. Rights of the data subject
As a registered user, you have several rights regarding your personal data. Please email support@docue.com if you wish to take any of the actions listed below or have questions about your rights.
Please note that as we are not responsible for the content of the documentation or related signatures produced by our users - you or others - on their own accounts and do not review these materials for confidentiality reasons, we cannot extend the measures below to any personal information contained in this material.
Right to request access to personal data
You have the right to ask us to provide you with all your personal information we have in our customer register. We will provide the information to you in a structured, commonly used and machine-readable format. You can also check your most recently entered contact and payment information in your user account settings.
Right to rectification
At your request, we will correct incorrect personal data about you that is stored in our customer register. You can also update your contact and payment information yourself from the settings of your user account.
Right to erasure
At your request, we will delete all personal data relating to you from our customer register, unless there is a specific legal basis for retaining the data (e.g. unpaid invoices). Invoking the right to erasure means that your user account will be closed.
Right to restrict processing
You can limit our processing of your personal data if you have a legal basis for this (e.g. incorrect data).
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes. If we contact you, we will likely do so by email. At the end of each of our direct marketing messages, there is an unsubscribe button, with which you can easily remove yourself from our direct marketing list.
Right to complain
For any questions, concerns, or complaints concerning our privacy practices/personal data practices that cannot be handled by Docue itself, please contact the UK Information Commissioner's Office (“ICO”) (www.ico.org.uk). The ICO may direct you to independent dispute resolution mechanisms to address your complaints and provide appropriate recourse free of charge. For clarity, you have the right to make a complaint at any time to the ICO about our privacy practices/personal data practices. We would, however, appreciate the chance to deal with your concerns/complaints before you approach the ICO, so please contact us in the first instance with any concerns/complaints you may have about our privacy practices/personal data practices.
9. Our Cookie Policy
We reserve the right to change this cookie policy when deemed necessary. Please check this cookie policy when using our website to ensure that you understand the current policy at the time.
We continuously update this cookie policy. The latest version was updated on 25 January 2024.
Our website uses cookies and similar technologies. It helps us to provide you with a good user experience when you visit our website and it helps us to improve the website.
Cookies are small text files consisting of letters and numbers that we store in your browser or on the hard drive of your computer - provided that you agree to this when you visit our website. Cookies contain information that is transferred to your computer's hard drive.
Cookies contain unique references that are used to distinguish you from other users. Cookies also enable information from the website to be collected. This means that our website can give you a personalised experience by, for example, remembering your settings and preferences (such as the choice of language on the website), while we are provided with statistics about how you interact with our website.
Cookies are not harmful to your devices (like viruses or malware are). Some still prefer not to share their information, for example, to avoid targeted advertising.
We use the following types of cookies:
Necessary cookies: Necessary cookies are required for the operation of our website.
Analytical cookies: Analytical cookies allow us to identify and count the number of visitors and see how visitors move around the website when they use it. This helps us to improve the website, for example by making sure that users can easily find what they are looking for. Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information about metrics (number of visitors, bounce rate, etc.).
Functional cookies: Functional cookies are used to identify you when you return to our website. This allows us to adapt our content to you personally, and thereby, for example, greet you by name and remember your preferences.
Marketing cookies: Marketing cookies are used to analyse our marketing results.
Personal cookies: Personal cookies tailor online ads to reflect the content you've previously shown interest in.
Targeted cookies: Targeted cookies record your visit to our website, which pages you visited and which links you followed. We use this information to make our website and the advertising displayed on it more relevant to you. For this purpose, we may also share information with third parties.
Please note that third parties in the table below may also use cookies, which is something we have no control over. The third parties listed below may include, for example, customer service and communication providers, advertising/marketing providers, review sites, and providers of external services such as web traffic analysis services and chatbot services. These third-party cookies are likely to be analytical, functional or targeted cookies. For more information on how third parties handle cookies, see the respective party's privacy policy/cookie policy.
Apart from strictly necessary cookies, the main cookies we (and third parties) use in connection with our website are listed in the table below:
Cookie | Purpose | What it does | How long it lasts |
---|---|---|---|
_go | Analytical cookie | Installed by Google Analytics. The cookie is used to calculate visitors and sessions and to keep track of website usage for the website analytics report. The data is assigned randomly generated numbers and is therefore stored anonymously. | 2 years |
CookieConsent | Functional cookie | Collects information about your consent to cookies. | 1 year |
docue_country | Functional cookie | Collects information about your language preferences. | 1 year |
active_account | Functional cookie | Collects information about your logged-in workspace. | 1 month |
api_token | Functional cookie | Collects information about your logged in account. | 1 month |
hubspotutk | Analytical cookie | Installed by Hubspot to track information about website visitors. | 6 months |
__hssc | Analytical cookie | Installed by Hubspot to track website visitor sessions. | 30 minutes |
intercom-session-n5oxoy80 | Analytical/Personal cookie | Installed by Intercom to track website visitor sessions. | 7 days |
intercom-id-n5oxoy80 | Analytical cookie | Installed by Intercom to track website visitor IDs. | 1 year |
_fbp | Marketing cookie | Installed by Facebook to track website visitors' sessions. | 3 months |
We use cookies:
To track how visitors use our website.
To record whether you have seen specific messages that we display on our website.
To keep you logged in to our website.
To capture and analyse information such as the number of views and shares of content.
We can only use cookies if you have given your consent. When you visit our website for the first time, you will be greeted by a cookie banner where you can choose to accept or decline our cookies.
You can update your cookie settings and your consent on our website by opening the cookie banner again. The cookie banner can be found in the footer of our website.
You can always choose to decline the use of cookies. However, if you turn off necessary cookies, some pages and functions of our website may not work correctly. You can also manage cookies via your browser settings or device settings.
Use the links below for information on how to manage cookies in different browsers:
You can delete cookies or choose not to be tracked by cookies directly by relevant third parties (for example, you can disable Google Analytics on their website).
10. Additional information
We are happy to provide you with more information about how we use your personal data and your rights in connection with data protection. As part of industry practice and good practice, we also allow audits of our data protection practices.
For further questions:
Old version of privacy policy: