PERSONAL DATA PROCESSING AGREEMENT
Introduction
This Personal Data Processing Agreement (“Agreement”) applies to all products and services provided by signdoc.io (“Signdoc”) to the Customer agreeing to these terms (“Customer”).
The purpose of this Agreement is to outline the privacy and data protection responsibilities regarding the Customer’s Personal Data within the services of Signdoc. This Agreement serves as a written contract under the EU General Data Protection Regulation (679/2016) (“Regulation”). The obligations based on the Regulation take effect from the Regulation’s application date, 25 May 2018.
In case of conflict between the terms of this Agreement and any other agreement, the terms in this Agreement shall prevail concerning data protection.
Definitions
Under the EU General Data Protection Regulation:
-
“Controller” refers to the Customer or their client, who determines the purposes and means of the Processing of Personal Data.
-
“Processor” refers to Signdoc, who Processes Personal Data on behalf of the Controller.
-
“Processing” includes any operation performed on Personal Data (e.g., collection, storage, use, deletion).
-
“Personal Data” refers to any information related to an identified or identifiable natural person (“Data Subject”).
-
“Personal Data Breach” refers to a breach leading to unlawful or accidental access, destruction, or alteration of Personal Data.
Data Protection and Processing of Personal Data
Responsibilities of Signdoc and the Customer
Signdoc Processes the Controller’s Personal Data on behalf of the Customer based on this Agreement. This data may relate to individuals signing, sending, or receiving documents. The Customer (or their client) is the Controller, and Signdoc is the Processor.
Both parties agree to comply with applicable data protection laws in the UK and EU.
The Customer is responsible for ensuring all necessary rights, consents, and lawful bases for Processing are in place. The Customer must provide accurate Personal Data and prepare the privacy policy for Data Subjects.
The Controller defines the purpose and method of Processing. Details are outlined in the product/service agreement or annexes to this document (Annex 1).
Signdoc may only Process data in accordance with this Agreement and the Customer’s written instructions. Signdoc will notify the Customer if those instructions conflict with EU/UK laws and may suspend Processing in such cases.
Where required, Signdoc shall maintain documentation of its Processing Activities. Signdoc may also collect anonymized usage statistics for internal service improvements.
Deletion or Returning of Data
Upon termination of this Agreement, Signdoc shall delete or return all Personal Data per the Customer’s instructions, unless required by law to retain it.
Subcontractors
Signdoc may use subcontractors for Processing Personal Data. Signdoc remains fully liable for their performance and ensures subcontractors are bound by data protection terms. Customers will be informed in advance of any subcontractors involved (see Annex 1).
PROCESSING SPECIFICATION FORM (ANNEX 1)
To be attached separately and customized per service agreement.