1.1 E-Sign (UK) limited and E-Sign limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. We are the registered data controller and will process your personal data in accordance with the Data Protection Act 1998 as amended or replaced by the General Data Protection Regulation 2016 and any national laws which relate to the processing of personal data (“data protection legislation”).
Please read the following carefully to understand our views and practices regarding Your Data and how we will treat it. This policy applies to information we collect about:
(a) Visitors to our website(s)
2.1 We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system).
(b) information that you provide to us when registering with our website and updating your profile on our platform. This information includes your contact details including: your name, email address, telephone number, company name, job title, address, VAT number and bank details.
(c) information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (your name and email address).
(d) information that you provide to us when using the services on our website, or that is generated in the course of the use of those services.
(e) information relating to any purchases you make of our or any other transactions that you enter into through our website.
(f) information that you post to our website for publication on the internet.
(g) information contained in or relating to any communication that you send to us or send through our website.
2.2 Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
3.1 Personal information submitted to us through our website and secure software application (https://app.e-sign.co.uk/) will be used for the purposes specified in this policy or on the relevant pages of the website.
3.2 We may use your personal data for our legitimate interests in order to:
(a) administer our website and business.
(b) personalise our website for you.
(c) enable your use of the services available on our website.
(d) supply to you, services purchased through our website.
(e) send statements, invoices and payment reminders to you, collecting payments from you and providing refunds.
(f) send you non-marketing commercial communications.
(g) send you email notifications that you have specifically requested.
(h) send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter)
(i) send you marketing communications relating to our business. We will never supply your details to any third parties whatsoever.
(j) deal with enquiries and complaints made by or about you relating to our website.
(k) keep our website secure and prevent fraud]; and
(l) verify compliance with the terms and conditions governing the use of our website.
3.3 If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
3.4 Our Site may, from time to time, contain links to and from the websites of third parties. Please note that if you follow a link to any of these websites, such websites will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. Please check before you submit your information to these websites.
3.5 We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
3.7 Personal Information We Collect & Process on Behalf of Customers.
When E-Sign customers use our Services, we process and store certain personal information on their behalf as a data processor. For example, when a customer (or the customer’s Authorised Users) uploads contracts or other documents for review or signature, we act as a data processor and process the documents on the customer’s behalf and in accordance with their instructions. In those instances, the customer is the data controller and is responsible for most aspects of the processing of the personal information. If you have any questions or concerns about how personal information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the customer.
4.1 We may disclose your personal information to any of our senior managers, insofar as reasonably necessary for the purposes set out in this policy.
4.2 We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
4.3 We may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
4.4 Except as provided in this policy, we will not provide your personal information to third parties.
5.1 Information that we collect may be securely stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
5.2 Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
5.3 You expressly agree to the transfers of personal information described in this Section 6.
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information. It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
Data protection legislation gives you certain rights in relation to your personal data. You have the right to object to the processing of your personal data in certain circumstances and to withdraw your consent to the processing of your personal data where this has been provided.
You can also ask us to undertake the following:
(a) update or amend your personal data if you feel this is inaccurate;
(b) remove your personal data from our database entirely;
(c) send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract;
(d) restrict the use of your personal data; and
(e) provide you with access to information held about you and for this to be provided in an intelligible form.
(f) Data Stored does not go outside the UK or EEA.
6.2 Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 Without prejudice to Section 6.2, we will usually delete personal data falling within the categories set out below at the date/time set out below:
(a) Signed electronic documents will be deleted upon the 10th annual anniversary of signature application.
6.4 Notwithstanding the other provisions of this Section 6, we will retain documents (including electronic documents) containing personal data:
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Where you have provided your consent to the collection, processing and transfer of your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of data processing based on consent before it is withdrawn. To withdraw your consent please contact us at E-Sign UK ltd, 5th floor Horton House, Exchange Flags, Liverpool L2 3PF
8.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Article 32 of the General Data Protection Regulation (GDPR) requires Data Controllers and Data Processors to implement technical and organisational measures that ensure a level of data security appropriate for the level of risk presented by processing personal data.
In addition, Article 32 specifies that the Data Controller or Data Processor must take steps to ensure that any natural person with access to personal data does not process the data except on instruction of the controller, processor, European Union law, or member state law.
8.2 We will ensure compliance with article 32 of the GDPR by adhering to the following:
(a) Pseudonymizing or encrypting personal data.
(b) Maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services.
(c) Restoring the availability of and access to personal data, in the event of a physical or technical security breach.
(d) Testing and evaluating the effectiveness of technical and organisation measures.
8.3 All electronic financial transactions entered into through our website will be protected by encryption technology.
8.4 You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
8.5 You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
In specific relation to article 32 of GDPR E-Sign has organisational and technical strategies, both in its information and security management policy and service level agreement to ensure compliance. These include but are not limited to:
(a) Change management: Monitors, logs, and reports on data structure changes. Shows compliance auditors that changes to the database can be traced to accepted change tickets.
(b) Data discovery and classification: Discovers and provides visibility into the location, volume, and context of data on premises, in the cloud, and in legacy databases. Classifies the discovered data according to its personal information data type (credit card number, email address, medical records, etc.) and its security risk level.
(c) Data loss prevention: Monitors and protects data in motion on networks, at rest in data storage, or in use on endpoint devices. Blocks attacks, privilege abuse, unauthorised access, malicious web requests, and unusual activity to prevent data theft.
(d) Data masking: Anonymises data via encryption/hashing, generalisation, perturbation, etc. Pseudonymizes data by replacing sensitive data with realistic fictional data that maintains operational and statistical accuracy.
(e) Data protection: Ensures data integrity and confidentiality through change control reconciliation, data-across-borders controls, query whitelisting, etc.
(f) Ethical walls: Maintains strict separation between business.
(g) Privileged user monitoring: Monitors privileged user database access and activities. Blocks access or activity, if necessary.
(h) Secure audit trail archiving: Secures the audit trail from tampering, modification, or deletion, and provides forensic visibility.
(i) Sensitive data access auditing: Monitors access to and changes of data protected by law, compliance regulations, and contractual agreements. Triggers alarms for unauthorised access or changes. Creates an audit trail for forensics.
(j) User rights management: Identifies excessive, inappropriate, and unused privileges.
(k) User tracking: Maps the web application end user to the shared application/database user to the final data accessed.
10.1 We may update this policy from time to time by publishing a new version on our website.
10.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
10.3 We may notify you of changes to this policy [by email or through the private messaging system on our website].
11.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) the supply of appropriate evidence of your identity.
11.2 We may withhold personal information that you request to the extent permitted by law.
11.3 You may instruct us at any time not to process your personal information for marketing purposes.
11.4 In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
12.1 Our website includes hyperlinks to, and details of, third party websites.
12.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
13.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
14.2 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
14.3 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
14.4 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
14.5 We use session cookies on our website.
14.6 The names of the cookies that we use on our website, and the purposes for which they are used, are set out below:
(a) we use session cookies to prevent fraud and improve the security of the website.
14.7 Most browsers allow you to refuse to accept cookies; for example:
(a) in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
(b) in Firefox (version 47) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
(c) in Chrome (version 52), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
14.8 Blocking all cookies will have a negative impact upon the usability of many websites.
14.9 If you block cookies, you will not be able to use all the features on our website.
14.10 You can delete cookies already stored on your computer; for example:
(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-managecookies#ie=ie-11);
(b) in Firefox (version 47), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and
(c) in Chrome (version 52), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.
14.11 Deleting cookies will have a negative impact on the usability of many websites.
15.1 We are registered as a data processor with the UK Information Commissioner’s Office.
15.2 Our data protection registration number is ZA058294
16.1 This website is owned and operated by E-Sign (UK ltd)
16.2 We are registered in [England and Wales] under registration number 7937425 and our registered office is at 5th Floor, Horton House, Exchange Flags, Liverpool L2 3PF
16.3 Our principal place of business is as above.
16.4 You can contact us:
(a) by post, using the postal address given above;
(b) using our website contact form;
(c) by telephone, on the contact number published on our website from time to time; or 0151 244 5566
(d) by email, using the email address published on our website from time to time.