Personal data protection policy
The security of your personal data, as well as ensuring secure and simple signing of documents, is a priority for us and we pay great attention to what happens to your data. Our company, Digital factory s.r.o., company number: 06988377, with its registered office at Pražákova 1008/69, Štýřice, 639 00 Brno (hereinafter also “we”) may be in the position of both the Controller and the Processor of your data. In both of these roles, we take full care to protect your privacy and your other rights. Below, we describe the way in which personal data are handled in our company. If a term is used in capital letters, it is defined either further below in this Personal Data Protection Policy or in the Terms and Conditions.
Our company as a Controller and a Processor of data
We are the Personal Data Controller, i.e. the one who decides on the processing of data, determines its purpose and, in particular, is liable therefor and for the processing of data that are necessary for the following purposes:
- Setting up, maintaining, and managing a User Profile; this processing is necessary for the performance of the Contract on the Use of the Application
- Service communication with the User; this processing is necessary for the performance of the Contract on the Use of the Application
- Signing the contracts or other documents; we need your explicit consent for this processing
- Proof of signature of a specific document; data processing for this purpose is necessary to protect our legitimate interest in proving the proper functioning of the Application
- Internal User records; data processing for this purpose is necessary to protect our legitimate interest in the proper functioning of the Application
- Ensuring the functionality, security, stability, and development of the Application; data processing for this purpose is necessary to protect our legitimate interest in the proper functioning and development of the Application and our services
- Informing about new functionalities of the Application that are necessary for our legitimate interest in communicating with customers and developing and achieving our business goals, and with your consent, if given, informing of any third-party offers
Where our Application is used by the User for their own personal use or by a natural person or legal entity to secure the commercial, business, or similar activities through individual Users, the Personal Data Controller is the User or the Client and we act as the Data Processor. This concerns in particular the processing necessary for:
- Signing the contract or other document in the Application environment
- Setting up access for other persons to his/her User Account, or to the Workspace
- Proof of signing the contract for the needs of the User or the Client
- Retaining and archiving of documents for the needs of the User or the Client
- Compliance with sectoral regulation which affects a specific User or Client, such as in the field of healthcare, energy, or prevention of money laundering
How can you contact us?
You can contact us at:
- e-mail: firstname.lastname@example.org
- the address of the registered office or at the address Kavčí Hory Office Park, Building B, Na Hřebenech II 1718/8, 140 00 Prague 4
You can also exercise all your rights as described below using the above-mentioned contacts.
Which personal data do we process and why?
We need your basic identification data (name, surname, date of birth, company name) and address data listed in the following section in order to be able to identify you and enable you to use our tool for creating documents that can be signed electronically (hereafter referred to as the “Application”). We process these data in our capacity as the Controller for all the above-mentioned purposes, but we also process them in our capacity as the Processor for the provision of services for individual Users and Clients.
We need your address data (street name and house number, city, postal code, state) as part of your identification and also to properly fill in the header of the documents you create from the templates. We process these data in our capacity as the Controller for all the above-mentioned purposes, but we also process them in our capacity as the Processor for the provision of services for individual Users and Clients.
We use your contact details (telephone number and e-mail) as follows: the e-mail address is used to log in to the Application, we also send notifications of new documents for signing and at the same time we send a concluded (signed) document to this e-mail address. If you have agreed to the sending of commercial communications and news regarding the Application, we send occasional newsletters to this e-mail address. The telephone number is used to verify the identity of the User before signing the document and we also send a SMS notification thereto about the new document to be signed. Our telephone support representative may also contact you on that telephone number and offer you advice and assistance with setting up the Application and its use, or in order to resolve your request. We process these data in our capacity as the Controller for all the above-mentioned purposes, but we also process them in our capacity as the Processor for the provision of services for individual Users and Clients.
If you run a business and have a company number, it is necessary to provide it too. We need the company number for issuing tax documents and complete identification when setting up the User Account in the Application. We process these data in our capacity as the Controller for all the above-mentioned purposes. In case where you, as an entrepreneur, enter into a contract with the Client or the User, we also process your company number for this purpose in our capacity as the Processor.
When registering in the Application, our system stores the information necessary for you to log in to your Account, i.e. in addition to your name, it also stores the password. We store the password exclusively in a hashed form wherefrom we cannot derive your original password. Without this information, we would not be able to allow you to log in, at the same time, it is necessary that you, as well as us, are able to prove that a specific activity made from your Account was performed by you. We process these data in our capacity as the Controller for the purpose of ensuring the functionality, security, non-repudiation, and stability of the Application.
Dynamic Biometric Signature (DBS)
We need these data for signing documents and this DBS is always and exclusively stored for signing a specific document. This means that after the signature is executed and inserted into the document in which it will be stored, DBS is not otherwise stored by the Application. This is necessary to ensure the authenticity of your signature as well as the verifiability and non-repudiation of your activities. We process these data in our capacity as the Processor.
Photocopies of your documents
We process a photocopy of your documents only if the Client or the User with whom you enter into a contract so requests. Neither the Application nor we can “see” the contents of the photocopy, and the Application treats it as an image, which it inserts in a specified place in the document that is to be signed. Otherwise, neither the Application nor we process the contents of the photocopy (regardless of what personal data it may contain) in any way. If you decide to save the photocopy of the documents to your profile, we will process it for you in our capacity as the Processor, i.e. we will ensure its storage in the Profile in the Application, so that you could use it repeatedly. If the use of the photocopy for a specific document is required by the Client or another User, it may be either a necessary step to comply with a legal obligation to identify a specific person, or processing based on your consent.
If you fail to provide us with your name and surname, e-mail, telephone number and password, we will not be able to allow you to use the Application.
How else do we use your personal data in our capacity as the Controller?
As we are interested in staying in touch with the persons we cooperate with, we will retain your e-mail after registration to which we may send you a so-called commercial communication if you give your consent thereto. These are e-mails in which we shall inform you about our news or interesting events related to the use of the Application. We send these communications on the basis of our so-called legitimate interest. In each e-mail, you shall naturally have the option to unsubscribe from these e-mails, or you may refuse to receive such e-mails in advance by e-mail sent to email@example.com.
As we are interested in making the best use of the Application, and we try to make it easier for you to use it, we will call you at the telephone number you provided within 48 hours after you register. The telephone call is made by a trained employee of Digital factory s.r.o. We shall not provide your telephone number to any third party.
If you have given us your consent thereto, we may retain your e-mail for purposes other than those mentioned above, such as sending information about our events and services that are not related to the service, we have provided to you. Based on your consent, we also may retain your name and surname so that we are able to deal with you in a better way and address you correctly.
We treat the information you write in the contracts concluded through the Application as highly confidential. Therefore, only you, the persons with whom you enter into the contract, and the persons to whom you have authorized you to do so have access thereto. We store the data on secure servers, they are encrypted, and we also use a number of other organizational and technical measures so you do not have to worry that anyone other than you could read it.
To whom do we transfer your personal data?
To provide our services, we use the services of some suppliers, who may also participate in the processing of your personal data. These are, for example, companies involved in sending SMS text messages, payment gateway operators, issuing tax documents, etc.
List of these suppliers:
- Information about browsing is processed for us by Google, Inc., using the tool Google Analytics, Google Data studio, Google Tag manager, which, thanks to cookies (see above), allows us to measure and evaluate the way our website is used.
- We transfer your identification and address data only within the Application to other users so that the purpose of its operation can be met.
- For sending e-mail commercial communications, we use the paid service of Ecomail to which we forward your e-mail address. The operator of the Ecomail service is the company ECOMAIL.CZ, s.r.o., company number: 02762943.
- We use the tool for online creation of Survio questionnaires to find out customer satisfaction with Signi. The Survio service is operated by Survio s.r.o., company number: 28300785.
- For automated data collection, we use the tool for online creation of forms and questionnaires of Typeform. The service is operated by Typeform SL. with the registered office in Spain.
- For marketing analyses and consultations, we use the services of a specialist Dominika Ratulovská, company number: 08304718.
- For sending transactional e-mails, we use the service of Mailgun to which we forward your e-mail address. The service is operated by Mailgun Technologies, Inc. with the registered office in the USA.
- For sending short text messages (SMS), we use the paid service of Profisms to which we forward your telephone number. The operator of the Profisms service is the company Profi SMS s.r.o., company number: 03676307.
- If you pay for one of our services, your payment will be processed by the payment gateway of GoPay. The operator of the GoPay payment gateway is the company GOPAY s.r.o., company number: 26046768.
- If you purchase a credit or a monthly subscription in the Application, we transfer your billing details and e-mail address to the service of Vyfakturuj, which will issue a tax document for you. The operator of the service of Vyfakturuj is RedBit s.r.o., company number: 24197190.
- The conversion of documents from html format to pdf format is provided for us by the cloudconvert tool operated by the German company Lunaweb GmbH. As part of this conversion, no documents are stored anywhere on Lunaweb GmbH’s servers and Lunaweb GmbH has no access to the content of your documents under any circumstances.
- The servers on which your data are stored are located in the Czech Republic, at Master Internet s.r.o., company number: 26277577.
How long do we retain your personal data?
- We retain your data which we process as the Controller for as long as you have your User Account with us, and then for another 5 years. We retain them for this period in order to be able to respond correctly in the event of any possible litigation, or to document financial or tax-significant activities.
- If we have certain data based on your consent, you may withdraw your consent at any time and then we must erase such data, or no longer use them for the purpose for which we had the consent.
- In addition, the retention of certain documents containing personal data is required by law. For example, we have to retain invoices for 10 years. We retain accounting documents for 5 years.
- We retain the encrypted data that we hold as the Processor due to the fact that you have concluded a contract or participated in the conclusion of a contract through the Application for a period of 2 years and then erase it. As long as we have them with us, until 14 days before we erase them, you may ask us to transfer them and we will transfer them to you. If you request erasure during this time, we cannot make such erasure without the consent of the other Parties.
What rights do you have in relation to your personal data?
- The right to request access to your personal data – i.e. you may ask us what personal data we record about you and what have happened, is happening and will happen to them during the time they are in our possession.
- Right to rectification – if your personal data about us are no longer up to date or they are incorrect, you may request us to rectify them.
- The right to object – If you believe that we are processing personal data beyond our legitimate interest, you may object to such processing which we are obliged to tackle.
- The right to erasure (the so-called right to “be forgotten”) – i.e. upon your request we are obliged to erase all the personal data that we record about you, for example if you no longer wish to be registered with us. However, there may be another reason that entitles or obliges us to retain the data (such as an obligation under the Accounting Act, etc.), in which case we cannot erase it.
- The right to restriction of processing – in some cases we may retain personal data, but we may not handle them in any way; this concerns the following situations:
- if you contest the accuracy of the data and we need to verify your notification
- if personal data are processed unlawfully but you do not wish us to erase them and instead of erasing you only request the restriction of processing
- if we no longer need the personal data but you request us to retain them in order to exercise your legal claim
- if you object to processing pending the verification whether the legitimate grounds entitle us to process the personal data further on or not
- The right to data portability – if you request us to do so we shall provide you with your personal data which we process on the basis of the contract we have concluded with you, or your consent, and at the same time we process them by automated means. If you have your Profile in the Application, such data are available in your Profile at any time and you can download it yourself at any time. This procedure ensures that your data are disclosed only to you or the recipients you designate. If you do not have a Profile in the Application then, after we securely verify your authorization to access the required data, we shall provide you with such data in a commonly used, machine-readable format. Alternatively, we may transmit these data to another controller you determine provided that the controller consents thereto.
- The right to lodge a complaint – if you believe that we are in any way violating the rules of personal data processing, you have the right to lodge a complaint with the Office for Personal Data Protection. However, we will be happy if you first contact us and together, we will resolve your dissatisfaction and any discrepancy there may be.
If we process your personal data in the capacity of the Controller, in particular in relation to your User Profile, we shall respond to your request for the exercise of some of the rights ourselves. In the event that your request concerns the processing of personal data that we perform for our Client or User, this in particular applies to the processing of personal data in connection with signing documents in the Application, your request for exercise of any of the rights shall be forwarded to the relevant controller. In order to correctly distinguish which right you are exercising and in relation to which data you are contacting us, and in order to process it as soon as possible to your satisfaction, please specify it as exactly as possible. If we are not entirely clear which right your complaint concerns or in relation to which data it applies, we shall kindly ask you for clarification.
As ensuring the security of the entrusted data is absolutely essential for us, please note that a prerequisite for meeting the requirements arising from your above-mentioned rights, in particular those that lead to changes in data or transfer of data outside the Application, is secure verification of the applicant’s identity.
Do you have any questions?