Yousign & GDPR

As a Trusted Service Provider, the security and confidentiality of the data we collect has always been at the heart of our concerns. Yousign has therefore ensured that it complies with GDPR across all its activities and guarantees the confidentiality of documents and information processed and hosted on our servers and those of our subcontractors.

Our key principles

  • Yousign does not under any circumstances sell your data to third parties.
  • We only collect the data necessary for the performance of our services.
  • We keep your data for the time necessary to meet our contractual and regulatory obligations and then we delete or anonymise them.
  • All data is encrypted.

What data are we talking about?

Yousign collects, processes and stores confidential data of its customers and third-party signatories such as first and last name, email address, telephone number and IP address. This processing is carried out within the framework of the electronic signature service agreement binding Yousign to its customers. Yousign retains this data for the entire duration of the agreement.

The data in the audit trail, created during each signature procedure, is retained by the third-party archiver for a period of 10 years from its creation without the expiry or termination of the agreement being able to call into question this retention period.

Details of the data collected, processed and stored by Yousign are set out in Yousign's Privacy Policy.

Who is the controller?

When our customers use our Services, we collect and process certain information on their behalf. Our customers are therefore controllers of the data in accordance with Article 4 of GDPR. Yousign, as a service provider, then acts as a processor. As such, we undertake to assist our customers in ensuring the compliance of their processing.

How does Yousign protect your data?

We have technical and organisational measures in place for the security and protection of your data.

For more details, please see our security page.

What are our commitments?

Yousign has put in place a series of measures to ensure compliance with GDPR.

  • We have a multidisciplinary team with experienced members of the Legal, Technical and Quality teams who ensure Yousign's compliance.
  • We train our employees and raise their awareness of cybersecurity and data protection.
  • We apply the principle of data protection by design when developing new services or improving our existing services.
  • We guarantee the exercise of your rights in accordance with the law.
  • We guarantee the traceability and control of our processing operations by keeping a record of processing activities.
  • We have a procedure for notifying personal data breaches.

Does Yousign use subcontractors?

Yes. We keep up to date a comprehensive list of all our subcontractors and have ensured that all those who might process personal data undertake to comply with existing legal frameworks. We can provide you with this list upon request.

Are there Cookies?

Yes. Like most sites, we use cookies to facilitate the use of our site, improve its performance and security, converse with you, analyse your visit and better understand your needs in order to support you. We have ensured that the cookies we use comply with privacy rules.

For more details, please refer to our Cookies Policy.

How to access, amend or delete your data or make a complaint?

If you are a Yousign customer

From your customer space you have the option to amend and update your personal information. For more details, please refer to the Help center.

You may also exercise your right of access, rights to rectification, erasure and data portability, and rights to object and restrict processing, in accordance with the regulations in force. To do so, you may exercise these rights by completing the form available here.

If you feel that we have not respected your rights, you may refer the matter to the Supervisory Authority in the country in which you reside.

If you are an external signatory (not a Yousign customer)

Yousign is authorised to process the personal data necessary on behalf of its customers to provide the services to which they have subscribed.

In this case, Yousign acts as the processor of this data, so we are not authorised to manage your requests regarding right of access, rights to rectification, erasure and data portability, and rights to object and restrict processing. Therefore, you should directly contact the organisation that uses Yousign's services as part of your electronic signature process.

Of course, Yousign is committed to working with its customers to respond to the requests submitted.