Personal Data Protection Policy

The purpose of this Personal Data Protection Policy (PDPP) is to explain how the company Cryptolog International (hereinafter referred to as “Universign” or “we/us”), Trust Service Provider, collects and processes personal data of users of its services acting as a data controller. 

The PDPP is intended for users of Universign services (hereinafter referred to as “users” or “you”).

The PDPP does not concern processing of personal data that Universign might perform as a processor, which is the case of processing for which our customers determine on their own the purposes and means of their implementation. 

Neither does the PDPP concern processing of personal data collected via our websites.

Finally, there is a separate notice regarding the collection and processing of personal data of our staff and applicants for a job at Universign.

In this PDPP, ”personal data” or data of a personal nature is any information relating to a natural person identified or identifiable directly or indirectly based on these data and the term “processing” refers to any operation or set of operations which is performed on personal data, irrespective of the process used.

Collection of personal data

To use Universign services, the transmission of certain information is mandatory. Non-transmission of the data will make it impossible for Universign to process your request to use a service or to obtain information on this service.

Personal data used in connection with our services are collected:

  • directly from users of our services;
  • by our customers or business partners with which we offer shared services and/or who transfer data to us for the use of the service;
  • by your use of our services.

The PDPP is applicable irrespective of the method of collection of your personal data.

The data that we collect from you depend on your use of the service(s) and may include:

  • identification and contact details (surname, first name, gender, e-mail address, telephone number);
  • service login details (user name and password);
  • payment method (bank account details, credit card number);
  • information that you send to customer service;
  • communication preferences (preferred language).

The data that are transmitted to us by our customers or our partners depend on their use of the service(s) and may include:

  • identification and contact details (surname, first name, gender, e-mail address, telephone number);
  • service login details (user name and password);
  • other data such as your user name with our customer or our partner;
  • communication preferences (preferred language).

Data on the use of our services are collected automatically, this information depends on the way in which you interact with the service and may include:

  • information on the computer, the login environment, i.e. IP address, technical user name(s), error reports and operational data;
  • data on your use, such as the features you have used, the settings you have selected, the data on which you have clicked, including the date and time and the webpages visited;
  • geographical information on services based on the IP address localisation.


The cookie policy that supplements this policy is available at the following address:

Use of personal data

Depending on your use of the service(s), personal data are used by Universign to:

Personal data retention period

All personal data collected are retained for a limited period depending on the purpose of the processing and on the retention period stipulated by the legislation applicable to our services.

PurposesData retention periods prior to their deletion
To create your Universign account and manage your access to the service(s)12 months after the end of the relationship with Universign
To enable you to use Universign services12 months after the end of the relationship with Universign
To create your electronic signature or stamp certificate17 years after the issuance of the certificate
To retain evidence of electronic transactions in the event of an audit by supervisory authorities or to be submitted in case of litigationFrom 15 to 99 years according to applicable contractual terms
To enable you to request information on Universign services12 months after the end of the relationship with Universign
To identify your needs using cookies to provide you with the most appropriate services13 months after installation of the cookie
To process and respond to a request or service subscription12 months after the end of the relationship with Universign
To provide technical support and enable the proper functioning and securing of the service12 months after the end of the relationship with Universign
To improve our services and adapt their features as well as develop new ones12 months after the end of the relationship with Universign
To offer custom content to make the services more relevant and better meet your expectations;12 months after the end of the relationship with Universign
To report modifications, updates and other announcements relating to services;12 months after the end of the relationship with Universign

Upon expiry of the periods specified, the data shall be, if necessary, archived for a period not exceeding the periods stipulated by the applicable archiving regulations.

Transmission and transfer of personal data

Other than in the cases stipulated in this PDPP, your personal data shall never be sold, shared or transmitted to third parties by Universign.

If you access the service(s) using a subscription administered by your organisation, your personal data and certain use of data collected by the service can be accessible and shared with your organisation’s administrator for the purposes of analysing the use of the service, managing service subscriptions or providing technical assistance.

Your personal data may be transmitted to our service providers with the sole aim of performing the processing for which they were initially collected. In this context, our service providers are personal data processors in accordance with the regulation, they act on our instructions and on our behalf. They are required to process them in accordance with this Policy. They are not authorised to sell the data or to disclose them to other third parties.

To guarantee the provision of Universign services worldwide, particularly the sending of text messages containing confidential codes enabling users of the electronic signature service to log in, personal data may be transferred to our service providers located outside the European Union. Accordingly, we enter into standard contract clauses approved by the European Commission with these service providers in order to guarantee an appropriate protective framework for the transfer of data.

In case of pre-litigation or litigation proceedings, certain of your personal data may also be shared with other service users to confirm or demonstrate the validity of the electronic signatures added using the Universign service. In this context, only personal data necessary to prove the validity of the transaction shall be transmitted.

Furthermore, if you access the Universign service(s) via a third-party application, your personal data may be shared with the editor of this third-party application to enable the latter to provide you with access to the application, under the terms of a license and confidentiality policy specific to this editor.

Finally, personal data may be disclosed if we are required to do so by law or by a regulatory provision or if this disclosure is necessary in connection with a judicial or administrative request.

Security and confidentiality

Our concern is to preserve the quality, confidentiality and integrity of your personal data.

To ensure the security and confidentiality of the personal data we collect, we use technical means (networks protected by standard systems such as firewalls, network partitioning, appropriate physical hosting, etc.) and organisational means (strict and individual access control, procedures, security policy, etc.).

When processing your personal data, we take all reasonable measures to protect them against any loss, misuse, unauthorised access, disclosure, alteration or destruction.

People with access to your personal data are bound by a confidentiality undertaking; they shall face disciplinary measures and/or be held liable if they do not comply with these obligations.

In spite of our efforts to protect your personal data, we cannot guarantee on our own the infallibility of this protection given the inevitable risks that are out of our control. Furthermore, if you have a Universign account, it is important for you to be careful and to prevent any unauthorised access to this account by keeping your password confidential and by ensuring you log out in case of shared use of the same computer.

Right of access, to rectification, to erasure and to objection

Whenever we process personal data, we take all reasonable measures to ensure the accuracy and relevance of your personal data based on the purposes for which we collect them and guarantee that you can exercise your rights regarding these data.

You have a right to access your data, the right to correct them if they are incorrect and in the cases and according to the limits stipulated by the regulation, to object to, to erase some of these data, to restrict their use or to request their portability for their transmission to a third party.

If you have to update your data, you may do so directly via your browser regarding cookies or by contacting the Data Protection Officer at the address:

Universign – Data Protection Officer

7 rue du Faubourg Poissonnière 75009 Paris.

The written request must be sent by letter with acknowledgement of receipt and include a copy of your identity document. This allows us to ensure that you are the person who submitted the request.

Data Protection Officer

Universign has appointed a Data Protection Officer responsible for ensuring the protection of personal data and the compliance with the related legal and regulatory requirements.

For any additional information or claims regarding the implementation of the Personal Data Protection Policy, you may contact the latter at the address:

In case of unresolved issues relating to the use of your personal data, you may contact the CNIL, the French Data Protection Authority.

Modifications of the Personal Data Protection Policy

This Policy can be updated based on changes made to the Universign service or if required by the applicable regulation.