Privacy policy for people invited to sign a document


Last updated: 25 January 2024

About us:

Docue Technologies UK Ltd

78 York Street, London, W1H 1DP

Company No: 13949138

ICO number: ZB345032

Overview

You have received an invitation via SMS or email to sign a contract or other document via our service. Welcome to our service! Docue's service is an ecosystem in which users can draw up, sign and store all their agreements. Read more about what the service can offer at docue.com.

This privacy policy describes how we process your personal data. All processing complies with the requirements of the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to the services we offer in the European Economic Area (EEA).

If you have already signed up as a user of our service, we recommend that you review the Privacy Policy for our registered users here.

How we process your personal data

The purpose of processing is determined by the party that invited you to sign a document. This party is a user of our service that has an account with the service. In legal terms, the party is a controller and Docue is a processor acting on behalf of the controller.

On the basis of the service agreement, Docue has no right, without specific authorisation, to view, edit or delete the content of its users’ documents, or to acquire information on who has signed the documents. In addition, we do not send invitations to sign a document; this is done by the user with the help of our technology. Since the user is responsible for entering personal data and for the content of the entries, if you have any questions about these matters please contact the user.

Docue stores all information entered by users, including any personal data, as part of the completed documents. We convey invitations to sign a document to the phone numbers or email addresses entered by the users. We store the signatures and their log data as part of the documents.

We do not store your data in our general customer register, use your data for direct marketing, or sell your data to third parties.

What personal data do we process?

Depending on the signing method, one or more of the following items of personal data will remain in our systems after a document is signed via the service:

  • First and last name

  • Personal identity code

  • Phone number

  • Email address

  • Technical log data (for example, IP address, browser type)

The personal data mentioned above is stored automatically, irrespective of the content of the signed documents. The author of the document (author of the invitation to sign) is responsible for any personal data entered in the actual documents.

Our principles as a processor of your personal data

Technical access to your personal data is restricted to people who need to process the data stored in our databases in order to perform their jobs. All of our employees are bound by a confidentiality agreement.

The data stored in our service, including your personal data, is located and backed up on a server provided by Amazon Web Services Inc. Appropriate written agreements have been concluded with these parties for the confidential processing of the data. Our partner selection process includes an in-depth data protection evaluation, and appropriate written agreements on the processing of personal data have been concluded in accordance with the data protection laws.

We take responsibility for the actions of our partners in processing personal data as if they were our own.

We do not disclose the content of the documents stored in our service or the related personal data to third parties, except when so required by law.

Your personal data may be transferred outside the UK and the EEA for technical reasons. The precondition for such transfer is that the Information Commissioner’s Office (ICO) has found the level of data protection in the target country to be sufficient or that the party receiving the data outside the UK/EEA has agreed to establish the appropriate safeguards to protect personal data.

How long do we store data?

The storage periods of the documents drawn up via our service and the related personal data are decided by the user in whose user account the documents are located.

How do we protect our service?

Access to databases

Access to our databases containing personal data is restricted to people who need such access in order to perform their jobs. The confidentiality of data processing is ensured through monitoring and comprehensive non-disclosure agreements. All processors have individual usernames and passwords to the databases that contain your personal data, enabling their continuous identification. Only employees and other authorised persons can access the premises of Docue.

Servers

Document materials and user information are stored on servers that are subject to best-in-class data security and protection practices. This means, for example, adequate protection of data centres against fire and power failures, as well as careful selection of employees and strict access control. All data is regularly backed up on a separate backup server. Incoming and outgoing server traffic is monitored using firewalls. Server providers monitor data communication in real time and immediately address any threats detected through analysis.

Protection of data communication and documents

We encrypt all communication between a computer and server using SSL. The documents to be signed are encrypted using an encryption code that is sent to the recipient of the signing link. For every document, a 256-bit hash value is created after all signatures have been collected. The hash is stored on the server together with the document, enabling the detection of any changes made to the document after signing. In other words, the hash makes it possible to check, retrospectively, whether or not a document was drawn up via our service. All document materials are stored on the server in an encrypted form.

User login information and permissions

Every user of our service has an individual username and password. Login information is not stored on the server in plain text. If a user logs into our service from an unfamiliar device or browser, the login path includes two-step verification as an additional safeguard. In such a case, the user must enter their password, as well as a one-time code sent to their phone, in order to sign in. This helps us to ensure that the user who logs in is the actual owner of the account.

Contact for additional data protection information

support@docue.com


Old version of privacy policy:

Up to 24 January 2024