The purpose of this Personal Data Protection Policy (PDPP) is to explain how the company Cryptolog International (hereinafter referred to as “Universign” or “we/us”), Trust Service Provider, collects and processes personal data of users of its services acting as a data controller.
The PDPP is intended for users of Universign services (hereinafter referred to as “users” or “you”).
The PDPP does not concern processing of personal data that Universign might perform as a processor, which is the case of processing for which our customers determine on their own the purposes and means of their implementation.
Neither does the PDPP concern processing of personal data collected via our websites.
Finally, there is a separate notice regarding the collection and processing of personal data of our staff and applicants for a job at Universign.
In this PDPP, ”personal data” or data of a personal nature is any information relating to a natural person identified or identifiable directly or indirectly based on these data and the term “processing” refers to any operation or set of operations which is performed on personal data, irrespective of the process used.
To use Universign services, the transmission of certain information is mandatory. Non-transmission of the data will make it impossible for Universign to process your request to use a service or to obtain information on this service.
Personal data used in connection with our services are collected:
The PDPP is applicable irrespective of the method of collection of your personal data.
The data that we collect from you depend on your use of the service(s) and may include:
The data that are transmitted to us by our customers or our partners depend on their use of the service(s) and may include:
Data on the use of our services are collected automatically, this information depends on the way in which you interact with the service and may include:
We may use these technologies to store your preferences and settings, help you through registration, and analyse the service’s technical operations.
Only Universign can read or modify the information that is contained in its own cookies.
Universign uses two types of cookies:
You have two options to manage cookies.
However, if you block certain cookies, you will no longer be able to register, log in or access and use the Universign service(s) fully.
Depending on your use of the service(s), personal data are used by Universign to:
All personal data collected are retained for a limited period depending on the purpose of the processing and on the retention period stipulated by the legislation applicable to our services.
|Purposes||Data retention periods prior to their deletion|
|To create your Universign account and manage your access to the service(s)||12 months after the end of the relationship with Universign|
|To enable you to use Universign services||12 months after the end of the relationship with Universign|
|To create your electronic signature or stamp certificate||17 years after the issuance of the certificate|
|To retain evidence of electronic transactions in the event of an audit by supervisory authorities or to be submitted in case of litigation||From 15 to 99 years according to applicable contractual terms|
|To enable you to request information on Universign services||12 months after the end of the relationship with Universign|
|To identify your needs using cookies to provide you with the most appropriate services||13 months after installation of the cookie|
|To process and respond to a request or service subscription||12 months after the end of the relationship with Universign|
|To provide technical support and enable the proper functioning and securing of the service||12 months after the end of the relationship with Universign|
|To improve our services and adapt their features as well as develop new ones||12 months after the end of the relationship with Universign|
|To offer custom content to make the services more relevant and better meet your expectations||12 months after the end of the relationship with Universign|
|To report modifications, updates and other announcements relating to services||12 months after the end of the relationship with Universign|
Upon expiry of the periods specified, the data shall be, if necessary, archived for a period not exceeding the periods stipulated by the applicable archiving regulations.
Other than in the cases stipulated in this PDPP, your personal data shall never be sold, shared or transmitted to third parties by Universign.
If you access the service(s) using a subscription administered by your organisation, your personal data and certain use of data collected by the service can be accessible and shared with your organisation’s administrator for the purposes of analysing the use of the service, managing service subscriptions or providing technical assistance.
Your personal data may be transmitted to our service providers with the sole aim of performing the processing for which they were initially collected. In this context, our service providers are personal data processors in accordance with the regulation, they act on our instructions and on our behalf. They are required to process them in accordance with this Policy. They are not authorised to sell the data or to disclose them to other third parties.
To guarantee the provision of Universign services worldwide, particularly the sending of text messages containing confidential codes enabling users of the electronic signature service to log in, personal data may be transferred to our service providers located outside the European Union. Accordingly, we enter into standard contract clauses approved by the European Commission with these service providers in order to guarantee an appropriate protective framework for the transfer of data.
In case of pre-litigation or litigation proceedings, certain of your personal data may also be shared with other service users to confirm or demonstrate the validity of the electronic signatures added using the Universign service. In this context, only personal data necessary to prove the validity of the transaction shall be transmitted.
Furthermore, if you access the Universign service(s) via a third-party application, your personal data may be shared with the editor of this third-party application to enable the latter to provide you with access to the application, under the terms of a license and confidentiality policy specific to this editor.
Finally, personal data may be disclosed if we are required to do so by law or by a regulatory provision or if this disclosure is necessary in connection with a judicial or administrative request.
Our concern is to preserve the quality, confidentiality and integrity of your personal data.
To ensure the security and confidentiality of the personal data we collect, we use technical means (networks protected by standard systems such as firewalls, network partitioning, appropriate physical hosting, etc.) and organisational means (strict and individual access control, procedures, security policy, etc.).
When processing your personal data, we take all reasonable measures to protect them against any loss, misuse, unauthorised access, disclosure, alteration or destruction.
People with access to your personal data are bound by a confidentiality undertaking; they shall face disciplinary measures and/or be held liable if they do not comply with these obligations.
In spite of our efforts to protect your personal data, we cannot guarantee on our own the infallibility of this protection given the inevitable risks that are out of our control. Furthermore, if you have a Universign account, it is important for you to be careful and to prevent any unauthorised access to this account by keeping your password confidential and by ensuring you log out in case of shared use of the same computer.
Whenever we process personal data, we take all reasonable measures to ensure the accuracy and relevance of your personal data based on the purposes for which we collect them and guarantee that you can exercise your rights regarding these data.
You have a right to access your data, the right to correct them if they are incorrect and in the cases and according to the limits stipulated by the regulation, to object to, to erase some of these data, to restrict their use or to request their portability for their transmission to a third party.
If you have to update your data, you may do so directly via your browser regarding cookies or by contacting the Data Protection Officer at the address:
Universign – Data Protection Officer
7 rue du Faubourg Poissonnière 75009 Paris.
The written request must be sent by letter with acknowledgement of receipt and include a copy of your identity document. This allows us to ensure that you are the person who submitted the request.
Universign has appointed a Data Protection Officer responsible for ensuring the protection of personal data and the compliance with the related legal and regulatory requirements.
For any additional information or claims regarding the implementation of the Personal Data Protection Policy, you may contact the latter at the address: firstname.lastname@example.org
In case of unresolved issues relating to the use of your personal data, you may contact the CNIL, the French Data Protection Authority.
This Policy can be updated based on changes made to the Universign service or if required by the applicable regulation.