Lawful basis for processing your Personal Data
Processing of Personal Data means every activity that can be carried out in connection with Personal Data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring, or deleting it in accordance with applicable laws.
We normally collect or use personal data from you or others only where we have your consent to do so, where we need the Personal Data to perform a contract with you for the provision of our Services (in accordance with our Terms & Conditions), or where the processing is in our legitimate interest and not overridden by your protection interests or fundamental rights and freedoms.
In some cases, we may have a legal obligation to collect or retain Personal Data or may need personal data to protect ours or your vital interests or those of another person.
For the provision of the Services, we collect your Personal Data associated with creating a digital certificate or digital signature. For details, please visit our Terms and Conditions.
Personal Data we collect
For the provision of our Services the Personal Data we collect about you includes:
- Identification data (full name; date of birth; personal identification number; identification document number, the expiration and issue date);
- Contact data (e-mail address);
- Communications data (e.g. e-mails, messages that have been sent to us when providing feedback or contacting our support);
- Data related to the use of the Site and the Services (e.g. interaction with our Site, the IP address).
We do not collect any special categories of Personal Data about you.
How we collect your personal data
Automatic collection of Personal Data.
We automatically collect Personal Data from you and your devices when you use our Services, even when you visit the Site or apps without logging in or signing up to our Service. We automatically collect Personal Data about how you use our Services and the computers or other devices, such as mobile phones or tablets, your use to access our Services. For example:
- IP address;
- Geolocation information that you allow our apps to access;
- Unique device identifiers and device attributes, like operating system and browser type;
- Usage data, such as: web log data, referring and exit pages and URLs, number of clicks, domain names, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information;
- Names and email address of the persons who are expected to sign the electronic document;
When provided by you.
You provide us with Personal Data about yourself when you:
- Sign-up to our Service or sign-in to your account;
- Verify your identity;
- Create a digital signature;
- Upload, sign or review an electronic document;
- Contact us via email, customer support or any other way, as the case may be.
When provided by third parties.
Personal Data may be provided to us by our third-party partners (for example the service providers connected to our Services) who are legally allowed to share your Personal Data with us.
Provided by other of our clients.
Other clients may give us your Personal Data when using our Services. For example, if a client wants you to sign an electronic document via our Services, he or she will give us your e-mail address and name.
How we use your Personal Data
We only use your Personal Data for our business purposes such as:
- Provide you with the Services and products you request via the Site or apps;
- Collect payments;
- For marketing purposes, if you have consented to receive marketing communication from us;
- Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur;
- Analyse data about our clients how they use our Services;
- Improve and develop our Services;
- Carrying out various analysis to evaluate our Service performance;
- Provide customer support and increase Service security ;
- Prevent, investigate and respond to fraud, unauthorised access to our use of our Services, breaches of terms and policies, or other wrongful behaviour;
- Comply with or as required by any applicable law, court order, an order of a regulatory body, governmental or regulatory requirements, of any jurisdiction applicable to us;
- Store, host, back up your Personal Data;
- Meet the legal retention periods;
- Protect our legal rights.
Should you have any questions about which data is collected or need further information concerning the lawful basis on which we collect and use your Personal Data, you are welcome to contact us using the contact details provided below.
How we share your Personal Data
You acknowledge and understand that for the provision of our Services we may share your Personal Data as follows:
Third-party service providers.
We may share your Personal Data with other companies we use to support the Services. These companies provide services like intelligent search technology, analytics, advertising, payment collection, identification and verification services, fraud detection and customer support. We have contracts with all such service providers that address the safeguarding and proper use of your Personal Data.
We may share your Personal Data with marketing service providers, or other similar parties with whom we may engage regarding marketing activities.
Law enforcement and other governmental agencies.
We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
Our business transactions.
We may share your Personal Data during a corporate transaction like a merger, or sale of our assets or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification to our clients.
Other of Agrello’s clients.
Your Personal Data will be shared with the persons to whom you have sent an electronic document for signing or viewing.
We may share your Personal Data in other ways if you have asked us to do so or have given specific consent (for example, receiving a marketing communication).
Most of the third-party service providers are considered data processors. In certain cases, the third-party service providers may be considered data controllers or organisations processing such Personal Data, not as data intermediaries. These service providers are for example our attorneys, auditors, insurers, banking partners and accountants who perform certain activities on behalf of us and are subject to data processing rules as independent controllers. Some of these third-party service providers may be located outside the country where you accessed the Services.
We require all third-party service providers to maintain appropriate technical and organisational measures to meet the requirement of applicable law and protect your rights.
We may make use of browser "cookies." Cookies are small pieces of information that are stored by your browser on your computer's hard drive when you use our Services. They allow us to see if you have logged in, checked your status as a subscriber or user, and facilitate access to your preferences.
Cookies can be deleted from your device if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Certain parts of our Services will not function properly if the usage of cookies is blocked. We are not liable for any loss of functionality or quality of the Services if usage of cookies is blocked.
We may also use tracking software to monitor customer traffic patterns and the usage of our Services for research and development purposes, customer engagement and also to keep you informed of our activities.
For more details please visit our <Cookies Policy>.
Transferring your Personal Data outside EEA
Should there be a need to transfer your Personal Data from the EEA to a jurisdiction outside these countries/regions, it is done so only subject to appropriate safeguards as set out by applicable law, giving the required protection to your Personal Data under applicable data protection laws.
Your legal rights
You have the following rights in relation to your Personal Data:
Request access to your Personal Data.
This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights).
Request correction of the Personal Data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data.
This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Data
This enables you to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Request restriction of processing of your Personal Data
This enables you to ask us to suspend the processing of your Personal Data.
Request the transfer
This enables you to request the transfer of your Personal Data to you or to a third-party.
This enables you to withdraw consent at any time where we are relying on consent to process your Personal Data, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you.
The right to complain
Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. You can also contact the data protection authority in your country if applicable.
Please send your request to firstname.lastname@example.org We ask you to send your request from an e-mail address you have used to sign up for our Services. In other cases, we reserve the right to ask for additional details about you to help us to identify you. This is a security measure to ensure that your Personal Data is not disclosed to any other person who has no right to receive it.
We try to respond to all legitimate requests within one month.
How long we retain your Personal Data
We only retain the Personal Data collected from you for as long as your account with us is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.
We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
- payment information is retained for a period of 7 years according to the Estonian accounting and taxation laws;
- backups are kept for 6 months;
- information on legal transactions is retained for a period of 10 years in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.
How we protect your Personal Data
We take appropriate technical and organisational measures to ensure the confidentiality and integrity of your Personal Data and the way it’s processed. We apply an internal framework of policies and minimum standards to keep your Personal Data safe. To help us continue to protect your Personal Data, you should always contact us if you suspect that your Personal Data may have been compromised.
We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how we process Personal Data. The changes will be posted on our Site. Where we are required to seek further consents under applicable law, we will do so.
Contact and questions
In order to contact us, please send us an email at email@example.com