Personal Data Protection Policy

The purpose of this Personal Data Protection Policy (PDPP) is to explain how the company Cryptolog International (hereinafter Universign or “we”), Trust Service Provider, collects and processes the personal data of the users of its services as data controller. 

The PDPP is intended for users of Universign services (hereinafter the “users” or “you”). 

The PDPP does not apply to the personal data processing that Universign may carry out as sub-processor, as is the case for any processing for which our customers alone determine the purposes and means of implementation. 

The PDPP also does not apply to the processing of personal data collected through our websites. 

Finally, the collection and processing of our employees’ personal data and that of any applicants for positions within Universign are also the subject of a separate information notice. 

Within this PDPP, “personal data” means any information relating to an identified natural person or one who may be directly or indirectly identified though this data, and the term “processing” refers to an operation or set of operations carried out on personal data, whatever the procedure employed. 

Collection of personal data 

The communication of certain information is mandatory in order to use Universign services. If this data is not communicated, it will not be possible for Universign to process your request to use a service or for information about this service. 

The personal data used as part of our services is collected: 

  • directly from the users of our services; 
  • by our commercial customers or partners with whom we offer joint services and/or who transmit this data to us for the use of the service; 
  • through your use of our services. 

The PDPP will apply regardless of how your personal data is collected. 

The data that we collect from you depends on your use of the service(s) and may include: 

  • identity and contact details (surname, given name, sex, email address, phone number); 
  • your service login details (username and password); 
  • means of payment (bank details, credit card number); 
  • the information that you send to customer service; 
  • communication preferences (preferred language). 

The data transmitted to us by our customers or partners depends on their use of the service(s) and may include: 

  • identity and contact details (surname, given name, sex, email address, phone number); 
  • your service login details (username and password); 
  • other data such as your username with our customer or partner; 
  • communication preferences (preferred language). 

The data derived from the use of our services is collected automatically. This information depends on the way in which you interact with the service and may include: 

  • information about your computer and your connection environment, including IP address, technical identifier(s), error reports and performance data; 
  • use data, such as the features you have used, the settings you have selected, the data on which you have clicked, including date and time, and pages viewed; 
  • geographic information for services based on IP address localisation. 

Cookies 

The information regarding the way in which you interact with the service is collected through our servers and through the use of cookies and other similar technologies (trackers). Cookies are small text files that may be read by the Universign web server, which has placed the cookie on your hard drive. 

We may use these technologies to store your preferences and settings, to help you during registration and to analyse the service’s technical operations. 

Only Universign can read or modify the information contained on its own cookies. 

Universign uses two types of cookies: 

  • session cookies which disappear after you close the Universign service; 
  • permanent cookies which remain on your device until the expiration of their lifetime or until they are deleted through the features of your browser. 

You have two options to manage cookies. 

  • You can set your browser to choose to accept all cookies or to automatically reject them, or to choose which should be accepted depending on their sender. 
  • You can also regularly delete cookies from your device via your browser. 

However, if you block certain cookies, you will no longer be able to register, log in or access and fully use the Universign service(s). 

Use of personal data 

According to your use of the service(s), personal data is used by Universign to: 

  • create your Universign account and manage your access to the service(s) 
  • allow you to use one or more of our services (signature, storage and preservation of signed documents, electronic seal and timestamping) 
  • preserve proof of electronic transactions carried out through Universign 
  • allow you to request information about Universign services 
  • analyse your needs and preferences through cookies in order to provide you with the most appropriate services 
  • process and respond to a request, an order or a subscription to a service or services 
  • provide technical support and allow for the proper functioning and security of the service 
  • improve our services, adapt their features and develop new ones 
  • offer personalised content to offer the most relevant services and/or those which meet your expectations 
  • notify of any modifications, updates and other announcements concerning the services 
  • comply with our legal obligations, resolve any potential disputes and enforce our contracts 

Personal data preservation period 

All personal data collected is preserved for a limited duration according to the purpose of the processing and the preservation period provided for by the legislation applicable to our services. 

Purposes Duration of data preservation before its deletion 
To create your Universign account and manage your access to the service(s) 12 months after the end of relations with Universign 
To allow you to use Universign services 12 months after the end of relations with Universign 
To create your electronic signature or seal certificates 17 years after the date of issue of the certificate 
To preserve proof of electronic transactions for the purposes of audits carried out by supervisory bodies or to be produced in case of dispute From 15 to 99 years according to the applicable contractual conditions 
To allow you to request information about Universign services 12 months after the end of relations with Universign 
To analyse your needs through cookies in order to provide you with the most appropriate services 13 months after the cookie’s installation 
To process and respond to a request or a subscription to a service or services 12 months after the end of relations with Universign 
To provide technical support and allow for the proper functioning and security of the service 12 months after the end of relations with Universign 
To improve our services, adapt their features and develop new ones 12 months after the end of relations with Universign 
To offer personalised content to offer the most relevant services and/or those which meet your expectations 12 months after the end of relations with Universign 
To notify of any modifications, updates and other announcements concerning the services 12 months after the end of relations with Universign 

At the end of the indicated periods, the data will, if necessary, be archived for a duration which shall not exceed the periods provided by the applicable archiving regulations. 

Communication and transfer of personal data 

Outside of the situations provided for by this PDPP, your personal data will never be sold, shared or communicated to third parties by Universign. 

If you access the service(s) through a subscription administered by your organisation, your personal data and certain user data collected by the service may be accessible and shared with the administrator of your organisation in order to analyse use, manage service subscriptions or provide technical assistance. 

Your personal data may be communicated to our service providers for the sole purpose of carrying out the processing for which they were initially collected. In this case, our service providers are personal data sub-processors within the meaning of the regulation, acting under our instruction and on our behalf. They are required to process said data in accordance with this Policy. They are not authorised to sell or disclose this data to third parties. 

To ensure the provision of Universign services across the world, and in particular the delivery of SMS messages containing the confidential codes which allows users of the electronic signature service to identify themselves, personal data may be transferred to our service providers located outside of the European Union. In this case, we enter into standard contractual clauses with our service providers, approved by the European Commission, in order to guarantee an adequate framework of protection for the transfer of data. 

As part of a pre-litigation or litigation procedure, some of your personal data may also be shared with other users of the service to confirm or demonstrate the validity of the electronic signatures you have created through the Universign service. In this case, only the relevant personal data required to prove the validity of the transaction will be transmitted. 

Furthermore, if you access Universign services via a third party, your personal data may be shared with the publisher of this third-party application, to allow them to provide you with access to the application, under the terms of a licence and confidentiality policy specific to this publisher. 

Finally, personal data may be disclosed if we are required to do so by law or by a regulatory provision, or if this disclosure is necessary as part of a legal or administrative request. 

Security and confidentiality 

Our main concern is to preserve the quality, confidentiality and integrity of your personal data. 

To ensure the security and confidentiality of the personal data we collect, we make use of both technical means (networks protected by standard devices such as firewalls, network partitioning, adapted physical hosting, etc.) and organisational means (strict, nominative access control, procedures, security policy, etc.). 

During the processing of your personal data, we take all reasonable measures to protect it from loss, misuse, unauthorised use, disclosure, alteration or destruction. 

All those with access to your personal data are bound by an obligation of confidentiality and will be subjected to disciplinary measures and/or incur liability if they fail to comply with these obligations. 

Despite our efforts to protect your personal data, we alone cannot guarantee the infallibility of this protection, given the inevitable risks which escape our control. Furthermore, if you have a Universign account, it is important that you exercise caution to avoid all unauthorised access to this account, by keeping your password confidential and ensuring that you log out if using a shared computer. 

Right to access, rectification, erasure and objection 

Whenever we process personal data, we take all reasonable measures to ensure the accuracy and relevance of your personal data in relation to the purposes for which it is collected and guarantee that you may exercise your rights on this data. 

You have a right to access your data, to rectify it if it is incorrect and, in the cases and within the limits provided for by the regulations, may exercise your right to object to or delete some of this data, to limit its use or to request its portability with a view to its transmission to a third party. 

If you need to update your data, you can do this directly from your browser with regard to cookies, or by contacting the Data Protection Officer at: 
Universign – Data Protection Officer 
7 Rue du Faubourg Poissonnière 75009 Paris. 

The signed request must be delivered by post with acknowledgement of receipt and should include a copy of your identity document. This allows us to make sure that it is you who has made this request. 

Data Protection Officer 

Universign has designated a Data Protection Officer responsible for monitoring the protection of personal data and compliance with legal and regulatory requirements in this respect. 

For any additional information or any complaint regarding the application of the Personal Data Protection Policy, you may contact the officer at: privacy@universign.com 

In case of any unresolved issues with regard to the use of your personal data, you may refer the matter to the CNIL (French Data Protection Agency). 

Changes to the Personal Data Protection Policy 

This Policy may be updated according developments in the Universign service or if required by regulations. 

risus. quis ipsum at mattis Praesent nec libero.