The European General Data Protection Regulation (GDPR) seeks to provide enhanced protection for the personal data of citizens of the European Union. This regulation makes it possible to harmonise data processing methods and gives everyone the possibility to control how their personal data is used and stored. In the course of its activities, Yousign processes certain personal data belonging to its clients and users. In our capacity as a Trusted Third Party, the security and privacy of the data we collect has always been a key priority for us. Yousign therefore ensures that it is fully compliant with the GDPR for its complete range of activities, guaranteeing you of the privacy of the documents and information processed and hosted on our servers and those of our subcontractors.
Yousign has introduced a series of measures to guarantee its compliance with the GDPR and the modified “Loi Informatique et Libertés” (French data protection act).
The GDPR further extends people’s rights. You already have the right to access, rectify, delete and oppose the use of your data and to refer any complaint relating to the said processing to a Regulatory Authority in the event of a dispute. In addition to these rights, you now have the right to limit the processing of your personal data and also the right to data portability regarding your personal data.
We have introduced a more transparent personal data collection system with a double opt-in when creating a Yousign account and when subscribing to our e-mails. This consent procedure makes it possible to ensure that we have people’s explicit consent concerning the collection and use of their data.
As the Data Controller, we maintain a register of processing operations making it possible to draw up a complete inventory of the types of data processing we perform, of the types of data necessary to this processing and its retention periods. Among other things, the objective is to ensure that only data necessary to each processing operation is collected. This register is updated in real time and undergoes periodical verifications.
When developing new services or improving our existing services, the GDPR officers are systematically consulted to anticipate the “personal data protection” aspects. Yousign aims to maintain its users’ trust and confidence by guaranteeing security and transparency.
We have introduced an alert procedure to be used in the event of any accidental breach, non-availability, alteration, deletion or loss of data and in the case of security issues arising. Among other things, this procedure makes it possible to take the necessary security measures and to inform the data subjects within 72 hours in addition to the supervisory authority when necessary. To meet our legal obligations on this point, we maintain a register of data breaches.
We maintain an exhaustive list of all of our subcontractors and we have ensured that those likely to process personal data are committed to ensuring compliance with the existing and future legal frameworks.
In order to comply with the legal framework, we also maintain a register of our subcontracting activities for each of our clients.
Yousign’s staff are regularly informed of the challenges of cybersecurity and all have taken the MOOC run by the ANSSI (the French IT security agency) dealing with these issues.
We have appointed a DPO with the task of ensuring compliance with the GDPR within our organisation. He is also the key point of contact for clients and users requiring any information concerning data protection. To contact our DPO: firstname.lastname@example.org.
Yousign is responsible for processing the personal data of its staff and clients. In doing so, only data necessary to managing our clients and prospective customers is collected.
This data is collected for the end purpose of providing information to clients and prospective customers and managing the contracts established between Yousign and its clients. The data is stored in compliance with the end purposes for which it is collected. Pursuant to the “Loi Informatique et Libertés” (the French data protection act) and the GDPR, the data subjects may exercise their right to access, rectify or delete their data, to oppose its use or to limit its processing, to data portability, and their right not to be subject to an individual automated decision. You may submit your request by simply e-mailing the following address: email@example.com.
If you consider that we are not respecting your rights, you may also refer the matter to the Supervisory Authority of the country in which you live.
Any request to exercise your rights submitted by post must be accompanied by a copy of a valid identity document.
On behalf of its clients, Yousign is authorised to process personal data needed to supply the services to which the said clients have subscribed.
The processing of the signatories’ personal data includes among other things the collection and hosting of personal data belonging to the signatories of the clients’ documents. The legal basis for this processing is the provision of services.
When Yousign is involved as a data processor, unless expressly agreed otherwise we are not authorised to manage your rights-related requests such as rights to access, rectify, delete or oppose the use of data, to limit its processing, the right to data portability or the right not to be subject to an individual automated decision. For this, you should directly contact the organisation using Yousign’s services as part of your electronic signature procedure. Naturally, Yousign will cooperate fully with its clients, for whom it operates as a subcontractor, in order to respond to any requests from clients.
For all requests for information concerning the processing of your personal data please contact the following address: firstname.lastname@example.org.