1. This Policy governs our processing of your personal information and the way in which we deal with other data that is not personal information. “Personal information” is the New Zealand term for “personal data” as defined in the European Union’s General Data Protection Regulation EU2016/679 (“GDPR”) and corresponding US law. The term “processing” is used as defined in the GDPR. It includes collection, storage, and all of the ways we use, and allow you to use, personal information, when we provide our services. You are the data controller under the GDPR of the personal information you provide to us as part of your Account Data (see below). Secured Signing Limited (New Zealand Business Number 9429031413220) (“Secured Signing”, “we”, “us” or “our”) of Unit 202, 29 Apollo Drive, Rosedale, Auckland 0632, New Zealand.
2. We, along with our affiliate Secured Signing, Inc. store data collected in New Zealand on servers in New Zealand datacentres. If you access your data or give someone else access to your data using our services and you or they are not in New Zealand, you or they may be accessing that data from a country that does not give adequate protection to personal information when compared to that to that given under the New Zealand Privacy Act 2020 or the GDPR. You authorise us to grant this access. We anticipate, but do not guaranty, that information collected outside New Zealand will be stored in the country where it is collected, specifically the US for data of US residents dealing with Secured Signing, Inc., which we anticipate to be eventually stored in a US data centre.
3. This Policy is divided into four sections to make it easier for you to see which provisions apply to different types of data.
4. The sections of this Policy are:
4.1 This Introduction section.
4.2 The “Customer Materials” section. This covers the files you submit to our website when you use our services.
4.3 The “Account Data” section. This covers the metadata that is collected and generated by our systems when you use our services, and the information that you provide to us when you register and communicate with us.
4.4 The “Usage Data” section. This covers the data that is collected and generated when you use our services.
4.5 The “General” section, which applies to all our services and all types of data.
5. The GDPR provides rights to European users, but we make GDPR protections and rights available to all our users globally in respect of their personal data (or “personal information” as we refer to it in New Zealand), wherever you may live.
Your Customer Materials
6. This is the section of this Policy that covers the actual files that you upload, access and share using our services (“Your Customer Materials”). The following specific terms apply:
6.1 When you upload a file, we gather metadata about the file. See the section of this Policy specifically covering Account Data.
6.2 Your Customer Materials may contain personal information and, if so, we will handle it in accordance with the New Zealand Privacy Act 2020 and other applicable laws, our terms of service
(“Terms”) and this policy.
6.3 We collect Your Customer Materials because that is necessary for us to provide our services and in particular so that you can digitally sign documents and invite others to digitally sign them.
6.4 In doing so you may upload and allow us to store your signature and initials to be applied to digitally sign documents plus names and email addresses of people you invite to sign documents. We do not use these for any other purpose, and they are not knowingly made available to anyone else via our system.
6.5 We store your Customer Materials and make them available from servers that are owned and controlled by us, in datacentres in New Zealand and, in general, to the extent practical with respect to other countries, in the country from which the data emanates, and in countries that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR or utilizes other mechanisms approved by the European Commission (such as the prescribed Standard Contractual Clauses) and which have comparable protections to those given by the New Zealand Privacy Act 2020, depending where you are based.
6.6 We keep Your Customer Materials while you are subscribed to our services but subject to our suspension and termination rights set out in our Terms
. You must maintain copies of Your Customer Materials. We do not make any guarantees that there will be no loss of data or the services will be bug free. You should download Your Customer Materials prior to termination of services including where the administrator of a business account, within which you have used the services, terminates that business account.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In addition, an activity log with respect to Customer Material will be retained for the same time period as the Customer Material to which it relates but will then be deleted, unless we decide to retain it for the purposes of enforcing our rights or for law enforcement purposes.
6.7 When you delete one of Your Customer Materials it will be made inaccessible, marked for deletion, and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our Terms. After account termination, all Your Customer Materials will be marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our Terms.
6.8 Customer Materials will be deleted after 7 days from signing process has been completed or signing due date has been expired. Unless you enable document long term archiving (history tab), using 3rd party encrypted cloud storage.
6.9 We may, but shall not be obliged to, keep Your Customer Materials after your account has been suspended or terminated. In particular, we may, but shall not be obliged to, keep Your Customer Materials where we consider it necessary for evidential purposes relating to a breach of our Terms
or with respect to current or anticipated action by any competent enforcement authority or other third party.
6.10 See also the General section of this Policy which applies to all types of data, including Your Customer Materials.
7 This is the section of this Policy that covers account information you give us, and metadata and records of financial transactions that we generate in relation to Your Customer Materials and your account. This includes the log data generated for each document signing process. The following specific terms apply:
7.1 When you sign up for particular services you will need to give us the details required in our registration form and will need to keep that information up to date, including any payment token details.
7.2 When you use our services, our systems generate and retain for at least 12 (and longer as needed for archival purposes or legal compliance, potentially up to 10 years) months various log files and related information such as user/participant IP addresses:
7.3 Access to your account is by way of nominated email address and password. It is your responsibility to keep these confidential and secure.
7.4 We will collect, store, use and otherwise process Account Data so that we can provide the services you have contracted to obtain from us under our Terms
. We also have a legitimate interest in processing Account Data so that we can maintain and improve our systems and services and communicate with you as referenced in this Policy.
7.5 We retain Account Data as long as your account is active and in all cases for at least 12 months. After account suspension or termination, including where the administrator of a business or enterprise account, within which you have used the services, terminates that business or enterprise account, we may, but shall not be obliged to, retain all Account Data if enforcement action is likely or commenced under our Terms or for 12 months, whichever is longer, or in the case of records of financial transactions relating to your account for such period of time as we are legally required to retain such information. Users sometimes request that an account be re-activated, so we keep Account Data for at least 12 months (and longer as needed for archival purposes or legal compliance, potentially up to 10 years for that purpose.) Where there is no enforcement action likely or commenced and the 12 month period has expired, or after such longer period as is applicable in the case of records of financial transactions relating to your account that we are legally required to retain. See also the General section of this Policy with regard to retention.
7.6 You can download your Account Data while you are logged into your account. This will provide your Account Data but not Your Customer Materials. You can request correction of Account Data if it is considered incorrect, in accordance with the New Zealand Privacy Act 2020 and the GDPR. Any requests for access to, or correction of, Account Data that is not available to you when you are logged into your account, or if you cannot log in to your account, should be made to email@example.com
specifying the information in question. The information will be provided promptly, and at least within one month, without charge unless the request is manifestly unfounded or excessive. Corrections will be promptly considered and actioned if appropriate.
7.7 See also the General section of this Policy which applies to all types of data, including Account Data.
In addition to our own cookies, we may also use various third-party cookies to report usage statistics of our service, and so on
8.1 We may:
8.1.1 collect Usage Date to assist in the operation and improvement of our services;
8.1.2 join Usage Data with other users' data and give it to advertisers in a way which does not personally identify any particular user;
8.1.3 analyse and use Usage Data for marketing or statistical purposes as well as to improve the way we do business with our users; and
8.2 We collect and keep Usage Data with your consent to provide services and support related to our services, for market and product research and to be able to give users promotional material and special offers on our services.
8.3 See also the General section of this Policy which applies to all types of data, including Usage Data.
9 This is the section of this Policy that covers all types of data.
Basis of processing and dealing with data
10 We process your personal information because we have contracted with you to do so under our Terms and this Policy. We cannot provide our services without that data. Other data that is not personal information is also dealt with by us in accordance with our Terms and this Policy.
Giving access to other users
11 You must ensure that anyone to whom you give access to any of Your Customer Materials complies with our Terms and this Policy. You are responsible for their compliance. This applies particularly where you are the administrator of a business account.
12 For business and enterprise accounts, the administrator of that account can see and deal with the files and data associated with all users within that account (including any data and any personal information). In addition:
12.1 if the business or enterprise account is suspended or terminated, the action will affect the data and personal information of every user within that account;
12.2 the administrator of the account will be able to see and deal with, change, or delete the files and data associated with every user within that account; and
12.3 the administrator of the account will be able to terminate any user’s account within the business and enterprise account, restrict or disable usage of the account, and otherwise deny access to the account and you will then lose access to all Your Customer Materials, Account Data and all personal information associated with your usage of the business account.
Your own security practices are critical
13 We strongly urge you to use best practices for ensuring the safety of your systems and devices (e.g., via strong unique passwords, security upgrades, firewall protection, anti-virus software, securing devices). We will never send an email asking for your password. We cannot guarantee the security of computers or devices nor of transmission from and to your device over the Internet and thus cannot guarantee there will be no unauthorised access. Using the same password for our services as you have used at other sites can lead to others accessing and taking control of your Secured Signing account if one of those other sites is breached or hacked.
Disclosure for civil or criminal enforcement
14 If we think it is necessary or we are obliged by law in any jurisdiction, then we are entitled to give Your Customer Materials, any Account Data, and any Usage Data to competent authorities. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to data breach notification processes, subpoenas, search warrants and court orders initiated by enforcement authorities or other third parties. We may disclose Your Customer Materials, any Account Data, and any Usage Data to enforce or apply our Terms and this Policy or any other agreement we have with you, or to protect the rights, property, or safety of us or our other users, third parties or the operation of our services.
Secured Signing Limited and its related or affiliated entities
15 If you are based in New Zealand, Australia, UK, Canada or anywhere else outside of United State of America your contract is with Secured Signing Limited (NZBN 9429031413220). If you are based in United States of America, your contract is with Secured Signing, Inc. You authorise each of those entities to collect, store, share and otherwise process Your Customer Materials, any Account Data, and any Usage Data among themselves, as necessary to provide the services, subject to applicable laws. Except for our US entity, all such entities are located in New Zealand or other countries that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR or which utilize a comparable mechanism as determined by the European Commission or which have comparable protections to those given under the New Zealand Privacy Act 2020.
No commercial sale of data
16 We will never sell Your Customer Materials, any Account Data, or any Usage Data. We will not disclose or otherwise provide Your Customer Materials, any Account Data, or any Usage Data to a third party, or make any other use of Your Customer Materials, any Account Data, or any Usage Data, for any purpose which is not specifically allowed under this Policy or our Terms or is not incidental to the normal use of our services.
Our data security
17 Data security is very important to us, whether that is your personal information or any other data. However, there is no such thing as perfect security, so use of our services shall be at your own risk.
Law: US and Elsewhere
18 Subject to the rights that those in the European Union have under the GDPR and those in the US have under applicable US law, this Policy and its interpretation and operation are governed solely by New Zealand law. Subject to the rights that those in the US and European Union have under the GDPR and applicable US law, you, Secured Signing, and all users, submit to the exclusive jurisdiction of the New Zealand arbitral tribunals and courts as further described in our Terms and you agree not to raise any jurisdictional issue if we need to enforce an arbitral award or judgment in New Zealand or another country.
Claims by US residents are governed by US law and shall be resolved exclusively in single panel arbitration in Tampa FL under the auspices of the American Arbitration Association.
Contact and complaints
19 Questions and comments regarding this Policy are welcomed and should be addressed to the Privacy Officer at firstname.lastname@example.org. For a comprehensive list of contact details for each Secured Signing entity, together with details of how to contact our privacy officer and data protection officer, see our contacts page.
Changes to our Policy
20 We may make changes to this Policy in the future. Any changes will be notified to all users via online posting.