Search Sign in Try for free

Privacy Policy

Updated 6th November 2023

About us:
Docue Technologies UK Ltd
78 York Street, London, W1H 1DP
Company number: 13949138
ICO number: ZB345032

1. General

In this policy “Docue”, “our”, “us” “we”, “Customer”, “Users”, “User Information”, “Services”,Account”, “Free Trial”, “Template Documents”, and “Subscriptionshave the same meanings as are assigned to them in our Terms of Use.

This policy covers Website users/visitors, Customers, Users, and prospective customers and users of the Services (“you”, “your”). Docue is committed to respecting your privacy. Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit. Once you choose to provide personal data to us, it will only be used in the context of your relationship with Docue. Docue will not sell, rent, or lease your personal data to others. Docue will only share your personal data with other Docue entities and/or third parties who are acting on Docue’s behalf in connection with the provision to you of Services or the provision to you of content of this Website.

This policy describes how we, as a data controller, collect and process your personal data when you visit or use our Website or when you register for and/or use our Services at www.docue.com (the “Website"). This policy determines how we use your personal data where this personal data is not covered by the definition of Customer Personal Data within clause 11 of our Terms of Use

This policy describes the personal data we collect from you and how we use and share that information. It is important that you read this policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This policy supplements our other notices and privacy policies and is not intended to override them. Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (e.g. anonymous data).

If you have any questions about this policy or wish to submit a complaint/request to Docue concerning its privacy practices/personal data practices, please contact Docue by email at support@docue.com or by mail to the address above. You may also contact Data Protection Officer Jaakko Laukia (email address: jaakko@docue.com), if you have any questions about Docue’s privacy policy or wish to submit a complaint/request to Docue concerning its privacy practices/personal data practices. For any questions, concerns, or complaints concerning our privacy practices/personal data practices that cannot be handled by Docue itself, please contact the UK Information Commissioner's Office (“ICO”) (www.ico.org.uk). The ICO may direct you to independent dispute resolution mechanisms to address your complaints and provide appropriate recourse free of charge. For clarity, you have the right to make a complaint at any time to the ICO about our privacy practices/personal data practices. We would, however, appreciate the chance to deal with your concerns/complaints before you approach the ICO, so please contact us in the first instance with any concerns/complaints you may have about our privacy practices/personal data practices.

We will comply with applicable data protection law and principles, which means that your personal data will be:

  • Used lawfully, fairly and in a transparent way.

  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

  • Relevant to the purposes we have told you about and limited only to those purposes.

  • Accurate and kept up to date.

  • Kept only as long as necessary for the purposes we have told you about.

  • Kept securely.

We keep our privacy policy under regular review. This version was last updated on 22nd September 2022. Docue reserves the right to make changes to this policy from time to time.

2. Personal data being processed

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username, or similar identifier, title, and gender.

  • Contact Data includes billing address, business address, email address and telephone numbers.

  • Financial Data includes bank account and payment card details.

  • Transaction Data includes details about payments to and from you and other details of Services you have purchased from us.

  • Technical Data includes internet protocol (IP) address, your login data for the Services, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website or Services.

  • Profile Data includes your username and password for the Services, purchases or orders made by you, your interests, preferences, and feedback, your reviews of our Services, and your survey responses.

  • Usage Data includes information about how you use our Website and Services. This may also include reviews that you provide regarding our Services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not knowingly collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we knowingly collect any information about your criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.

We use different methods to collect personal data from and about you including those summarised below:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in fields within the Services platform or within other forms, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for, purchase, use, access, enquire about, enter into a contract for, enter into negotiations for, or trial, our Services;

  • create an account on our Website;

  • subscribe to our Services or publications;

  • request marketing to be sent to you;

  • enter a competition, promotion or survey; or

  • give us feedback or reviews about our Services, or contact us.

Automated technologies or interactions. As you interact with our Website or Services, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookies policy below in section 8 for further details.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from the following parties:

    (a) analytics providers (such as Google); and

    (b) search information providers (such as Google).

  • Contact, Financial and Transaction Data from providers of credit reference/check services, technical, and payment services.

  • Identity and Contact Data from publicly available sources such as Companies House and from biographical information posted by you on the internet.

Moreover, we collect personal data that you or others provide to us in connection with your use of our Services. Examples include Services setup information, Services configurations and settings, User-created, saved or stored documents or content on the Services, and email and text communications. Our systems also generate reports and information regarding each Account. We maintain this system-generated information in connection with each Account. 

Generally speaking, we collect the necessary personal data in principle from you, either directly via the Services platform or through cookies (see our cookies policy in section 8 below for more details), when you register for and/or use our Services or input information for an Account. In some cases, User Information may be entered into our Services platform by a third party – for example, by one of a Customer’s existing Users who invites a colleague to become a User of our Services under a Customer’s central account or workspace for the Services.

Children (under eighteen years old) are not eligible to use our Website or Services, and we ask that children do not submit personal data to us. We do not knowingly collect data relating to children.

3. Basis and purpose of processing personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

Where required by applicable law and regulation, we will get your consent before sending direct marketing communications to you. You have the right to withdraw consent to (or opt out of) receiving marketing at any time by contacting us via support@docue.com (or by clicking the relevant unsubscribe or opt out link or button within any of our communications or other materials).

We have set out below, in a table format, a summary of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Lawful basis for processing (including basis of legitimate interest)
1 To process, monitor and deliver our Services including: (a) managing transactions, payments, fees and charges, (b) collecting and recovering money owed to us, (c) giving you a Free Trial, (d) controlling and providing access to our Services, (e) providing training and technical support to you in respect of our Services, (f) responding to your enquiries about our Services, (g) recording our calls/emails/other contact with you for quality, security, monitoring and training purposes, including for improvement of our customer service, development of our business and Services, and ensuring we are delivering the Services in line with your instructions, (h) to administrate or perform our contract with you, (i) to send you updates about the Services you have bought (and how to access the Services), (j) to allow you to create, sign, store, and manage contracts and legal documents using the Services, and (k) to carry out relevant administration in relation to our contract with you, for example, to issue invoices or renewal reminders. a) Performance of a contract with you, (b) Necessary for our legitimate interests (e.g. to recover debts due to us and to grow our business by effectively improving, developing, delivering and marketing our Services).
2 To manage our relationship with you which will include: (a) notifying you about changes to our Terms of Use or Privacy Policy, (b) where we send you information to comply with a legal obligation (e.g. where we send you information about your legal rights), (c) asking you (directly or via third party review websites) to leave a review or take a survey. a) Performance of a contract with you, (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests (e.g. to keep our records updated and to study how customers use our Services).
3 To enable you to partake in a prize draw, competition or complete a survey. Necessary for our legitimate interests (e.g. to study how customers use our Services in order to develop them and grow our business).
4 To administer, monitor and protect our business, Services and our Website (including protection of Docue against legal claims, retention of information to allow Docue to bring or defend legal claims, enhanced security, fraud prevention, credit checking, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data and prevention of unlawful or potentially unlawful activity). (a) Necessary for our legitimate interests (e.g. for running our business, administration, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise), (b) Necessary to comply with a legal obligation.
5 To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. Necessary for our legitimate interests (e.g. to study and develop our Website and advertisements in order to grow our business and inform our marketing strategy).
6 To use data analytics to improve our Website, Services, marketing, customer relationships and experiences. Necessary for our legitimate interests (e.g. to define types of customers for our Services, to keep our Website updated and relevant, and to develop our business and to inform our marketing strategy).
7 To make suggestions and recommendations to you about our Services that may be of interest to you and to record your preferences (e.g. marketing) to ensure that we comply with data protection laws. (a) Necessary to comply with a legal obligation, and (b) Necessary for our legitimate interests (e.g. to market our Services and grow our business).

Where we use your personal data for our legitimate interests, we have assessed whether such use is necessary and that such use will not infringe on your other rights and freedoms. 

In some cases (for example where required by law or where we have simply chosen to obtain your consent) we will have gained your consent as the lawful basis to process your personal data. In such cases, that consent is the lawful basis to process your personal data instead of the grounds specified above in the table (rather than the consent being a back-up, alternative or additional lawful basis to process your personal data). Such consent may be withdrawn by you at any time by contacting us via support@docue.com (or by clicking the relevant unsubscribe or opt out link or button within any of our communications or other materials in relation to receipt of marketing from us). This may apply in the following scenarios: (a) where you have provided your consent for us to use or share your information, or (b) where you have consented to receive marketing material from us.

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased Services from us and you have not opted out of receiving that marketing. We will get your express opt-in consent before we share your personal data with any third party for that third party’s own marketing purposes. 

You can ask us or third parties to stop sending you marketing messages (or to stop collecting your data for the purposes of third parties carrying out targeted advertising for us on other sites based on your activity on this Website or interacting with you via chat bots (and similar tools) based on your activity on this Website) at any time by contacting us at support@docue.com (or via any unsubscribe or opt out link or button which we provide to you within our emails, correspondence, Website, or other Services related material). Opting out of the receipt of marketing communications from us will not affect our processing of your personal data in relation to any contract you have entered into with us in respect of which we are required to use your personal data to fulfil that contract or are required to provide you with certain information. 

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly. For more information about the cookies we use, please see below our cookies policy within section 8 of this privacy policy.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via support@docue.com. If we need to use your personal data for an unrelated purpose, we may notify you and we may explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

4. Sharing and transfer of personal data

We may share your personal data with the parties set out below:

  • Internal Third Parties as set out in the Glossary part of section 9 below.

  • External Third Parties as set out in the Glossary part of section 9 below.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data within the Docue group for internal group reporting purposes and for Services provision, monitoring and administration purposes (the Docue group includes Docue Technologies UK Ltd in the UK, Docue Technologies Oy in Finland, and Docue Technologies Sweden AB in Sweden).

Some of our External Third Parties are based outside of the UK so their processing of your personal data will involve a transfer of your personal data outside of the UK.

Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the ICO.

  2. Where we transfer your personal data to third parties which are not covered by point 1 above, we enter into standard contractual clauses with them which have been approved by the ICO (and which give personal data the same protection it has in the UK).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK.

We also may share or disclose your personal data if we receive a request or demand for such information in the form of:

  • A court order to disclose such information;

  • What we believe (in our sole discretion) is lawful process in a criminal investigation or proceeding, such as a search warrant or court order;

  • Judicial or administrative process in civil proceedings, such as discovery requests; or

  • A national security letter or similar request from any regulatory, government, or law enforcement agency.

We also reserve the right to share or transfer your personal data if we believe (in our sole discretion) that such sharing or transfer is required under applicable law.

Your personal data is only accessible by those who have a justification for access to the information due to their work, business or position. All of our employees and representatives are bound by appropriate confidentiality and data protection obligations regarding your personal data. Our suppliers and other third parties who process your personal data on our behalf, as well as their employees, representatives and subcontractors, are bound by appropriate confidentiality and data protection obligations also. The process of selecting our suppliers or third parties who process your personal data on our behalf includes a detailed data protection assessment.

The main suppliers and third parties who process your personal data on our behalf are:

  • Server: Amazon Web Services EMEA SARL (Luxembourg)

  • Customer communication: Intercom R&D Unlimited Company (Ireland)

  • Customer management: HubSpot Ireland Limited (Ireland) & Chargebee Inc. (USA)

  • Payments: Stripe Payments Europe, Limited (Ireland)

  • Financial management software: QuickBooks (Intuit Limited) (UK)

  • Network traffic monitoring and analysis: Google Ireland Ltd (Ireland) & Facebook Ireland Ltd (Ireland) & PostHog, Inc. (USA)

5. Retention of personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We store and process your personal data for as long as you have one or more Accounts on our Services platform. Each Account can be deleted by you through the settings available within our Services. If you no longer have access to the relevant Account or Services to carry out any desired deletion of any Account(s) then please contact us via support@docue.com. In certain cases, we may delete Accounts that have been inactive for a long time. In these cases, we will use reasonable endeavours to give you advance notice of any deletion.

Where you have entered into a contract with us regarding any Free Trial(s) or Subscription(s), we may keep your personal data for up to seven years after the end of the relevant contractual relationship between you and us.

Where you have used our Services in relation to any Template Documents (or other documents), these documents will be kept by us for at least 2 years after the end of the relevant contractual relationship between you and us. If you wish to delete any document earlier, then you are able to do so through the settings/functionality available within our Services. If you no longer have access to the relevant Account or Services to carry out any desired deletion of documents then please contact us via support@docue.com

If you browse our Website, we keep your personal data collected through our analytics tools for only as long as necessary to fulfil the purposes we collected it for (see below our cookies policy within section 8 of this privacy policy for further information). 

If you have asked for information from us or you have subscribed to our mailing list, we keep your personal data for a reasonable time or until you ask us to stop contacting you.

6. Protection of personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (e.g. the ICO) of a breach where we are legally required to do so.

Docue implements practices to ensure that personal data is accurate, complete, and current. If you wish to access the personal data we have on file for you, or to change, add to, or delete the personal data we hold about you, please email us at support@docue.com. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Access to databases

Access to our databases containing personal data is restricted to people who need such access in order to perform their jobs. The confidentiality of data processing is ensured through monitoring and appropriate confidentiality obligations. All processors have individual usernames and passwords to the databases that contain your personal data, enabling their continuous identification. Only employees and other authorised persons can access our work premises.

Servers

Your personal data is stored on servers that are subject to best-in-class data security and data protection practices. This means, for example, adequate protection of data centres against fire and power failures, as well as careful selection of employees and strict access control. All data is regularly backed up on a separate backup server. Incoming and outgoing server traffic is monitored using firewalls. We monitor data communication in real time and immediately address any threats detected through analysis.

Protection of data communication and documents

We encrypt all communication between a computer and server using SSL. Documents signed via the Services are encrypted using an encryption code that is sent to the recipient of the signing link. For every document signed via the Services, a 256-bit hash value is created after all signatures have been collected. The hash is stored on the server together with the document signed via the Services, enabling the detection of any changes made to the document after signing. In other words, the hash makes it possible to check, retrospectively, whether or not a document was drawn up via our Services. All document materials arising in connection with the Services are stored on the server in an encrypted form.

User login information and permissions

Every User of our Services has an individual username and password. Login information of Users is not stored on the server in plain text. If a User logs into our Service from an unfamiliar device or browser, the login path includes two-step verification as an additional safeguard. In such a case, the User must enter their password, as well as a one-time code sent to their phone number, in order to sign in to the Service. This helps us to ensure that the User who logs in to the Service is the actual owner of the relevant Account which they log in to.

7. Your data protection rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that you can check your most recently entered contact and payment information via the settings of the relevant Account(s).

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Please note that you can also update your contact and payment information via the settings of the relevant Account(s).

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Please note that where you wish to erase personal data contained in documents you have created and/or stored via the Services, you can do this through accessing the document via the relevant Account and using the appropriate functionality or by contacting us via support@docue.com if you are no longer able to access the relevant Account(s). If you ask us to erase all your personal data, please be aware that exercising the right to erasure also means closing the relevant Account(s).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.

  • Where our use of the data is unlawful but you do not want us to erase it.

  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you wish to exercise any of the rights set out above please contact us by email at support@docue.com or by mail to Docue’s address stated at the beginning of this policy. You may also contact Data Protection Officer Jaakko Laukia (email address: jaakko@docue.com) if you wish to exercise any of the rights set out above.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is valid. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Please note that since we are not responsible for the document content or signatures produced by you via the Services and do not review these materials for confidentiality reasons, you may have to take steps (without our assistance) to exercise any of the rights above via the relevant functionality/settings within your relevant Account(s).

8. Our cookies policy 

We amend this cookies policy from time to time. Every time you wish to use our Website, please check this cookies policy to ensure you understand the policy which applies at that time.

We keep our cookies policy under regular review. This version was last updated on 22nd September 2022.

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Cookies contain uniquely generated references which are used to distinguish you from other Website users. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing our Website to provide you with a personalised experience (like remembering your favourites) and provide us with statistics about how you interact with our Website.

Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).

We use the following types of cookies:

  • Strictly necessary or essential cookies. These are cookies that are required for the operation of our Website.

  • Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily. Analytics cookies are used to understand how visitors interact with the Website. These cookies help provide information on metrics (number of visitors, bounce rate, etc.).

  • Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences.

  • Advertising cookies. These cookies are used to analyse our marketing performance.

  • Personalisation cookies. These cookies tailor online adverts to reflect the content you have previously browsed.

  • Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Please note that the third parties in the table below may also use cookies, over which we have no control. These named third parties may include, for example, customer management and communication suppliers, advertising/marketing suppliers, review websites, and providers of external services like web traffic analysis services and chat bot services. These third-party cookies are likely to be analytical cookies or functionality cookies or targeting cookies.

Aside from the strictly necessary/essential cookies we use, the main cookies we use (and which third parties use) in connection with our Website are set out in the table below:

Cookie Purpose What it does How long it lasts
_ga Analytics cookie This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of Website usage for the Website's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors 2 years
CookieConsent Functionality cookie Stores information about your cookie consent 1 year
docue_country Functionality cookie Stores information about your language preference 1 year
active_account Functionality cookie Stores information about logged in workspace 1 month
api_token Functionality cookie Stores information about logged in Account 1 month
hubspotutk Analytics cookie Installed by Hubspot to track Website visitor information 6 months
__hssc Analytics cookie Installed by Hubspot to track Website visitor sessions 30 minutes
intercom-session-n5oxoy80 Analytics/ Personalisation cookie Installed by Intercom to track Website visitor session 7 days
intercom-id-n5oxoy80 Analytics cookie Installed by Intercom to track Website visitor id 1 year
_fbp Advertising cookie Installed by Facebook to track Website visitor session 3 months

We may use cookies to:

  • To track how visitors use our Website.

  • To record whether you have seen specific messages we display on our Website.

  • To keep you signed into our Website.

  • To capture and analyse information such as number of views and shares of content.

We can only use cookies with your permission (you will be prompted by a message when you first visit our Website, also known as a cookie banner, where you can choose to accept or decline our cookies).

You can update your cookie settings on our Website by re-opening the cookie banner at any time. It is available in the footer of our Website.

You can block cookies by activating the setting on your browser or device that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary/essential cookies) you may not be able to access all or parts of our Website, and some pages and functions on our Website may not work properly.

You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics cookies on their website).

9. Additional information & Glossary

Additional information

We are happy to provide more information about our data processing and your rights related to data protection. We also allow audits of our data protection practices within the framework of industry practice and good custom.

Glossary

Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best and most secure experience in the context of your relationship with us. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of a contract means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

Internal Third Parties means other companies in the Docue group acting as joint controllers or processors.

External Third Parties means:

Service/goods providers and email and SMS generators, acting as processors or controllers, such as:

  • Server: Amazon Web Services EMEA SARL (Luxembourg)

  • Customer communication: Intercom R&D Unlimited Company (Ireland)

  • Customer management: HubSpot Ireland Limited (Ireland) & Chargebee Inc.(USA)

  • Payments: Stripe Payments Europe, Limited (Ireland)

  • Financial management software: QuickBooks (Intuit Limited) (UK)

  • Network traffic monitoring: Google Ireland Ltd (Ireland) & Facebook Ireland Ltd (Ireland)

Third parties who collect your personal data for the purposes of carrying out target advertising for us on other sites based on your activity on this Website or interacting with you via chat bots (and similar tools) based on your activity on this Website.

Third parties (such as review websites) who may use your personal data to contact you to request that you provide a review in respect of your use of our Services and who may also use your personal data collected via cookies on this Website to inform us of Website visitors who navigate between our Website and our profile on the review website.

Professional advisers acting as processors or joint controllers including lawyers, company secretaries, brokers, registrars, bankers, auditors, accountants, consultants, and insurers based in UK and Finland who provide investment, company secretarial, auditing, consultancy, banking, legal, insurance and accounting services.

HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.