Yousign & the GDPR
Yousign has introduced a series of measures to guarantee its compliance with the GDPR.
This page informs you of the measures taken by Yousign regarding the collection, storage, protection and use of data.
- Has Yousign appointed a data protection officer?
- What personal data does Yousign collect?
- What measures does Yousign put in place to protect my data?
- Is Yousign contractually committed to its customers regarding the GDPR?
- What is the role of Yousign in the framework of the GDPR ?
- How to exercise my rights ?
- Who do I contact if I have questions about the GDPR ?
Has Yousign appointed a data protection officer?
Yes, you can contact him at firstname.lastname@example.org
Where are my personal data hosted?
All data is stored on storage spaces located in France with three service providers: OVH, Amazon AWS and Microsoft Azure. The physical security of these data centers is managed by these partners.
Among the security measures put in place are:
- A 24/7 surveillance staff;
- An access control system;
- Video surveillance;
- Motion detection system.
We are working to spread our services over several physical locations to ensure maximum resiliency of our services.
In addition, documents are stored encrypted in our partners' data centers using the AES256 encryption algorithm, with the encryption keys operated and maintained by Yousign.
What personal data does Yousign collect?
Yousign may collect different types of personal data, depending on the services you use.
- I am a visitor to the Yousign website
- I am a client of Yousign
The personal data that may be collected depends on the services you have subscribed to. The data may include your first and last name, email address, phone number, IP address or your ID.
- I am an external signatory
Your data is entered by the client of Yousign when he creates a signature request. Among the data entered are your last name, first name, email address and phone number. Depending on the service used, Yousign may collect your IP address, or your ID.
What measures does Yousign put in place to protect my data?
Yousign is committed to respecting your data. We have implemented a variety of technical and organizational measures to ensure the security of the personal data you provide to us, including:
- encryption of documents;
- data segregation;
- internal and external security audits;
- data availability and resilience.
For more information, please visit our GDPR page dedicated to the subject.
Is Yousign contractually committed to its customers regarding the GDPR?
Yes. The RGPD requires that the subcontracting of a data processing is framed by a contract. Yousign has integrated directly into its Terms and Conditions data protection clauses providing for the duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, as well as the obligations and rights of the controller.
What is the role of Yousign in the framework of the GDPR ?
Yousign is both a processor and a controller under the GDPR.
- Yousign acts as a subprocessor when its customers use its services as described in the Terms and Conditions. Customers can use the features available in the Yousign application to manage personal data.
- Yousign acts as a data controller when Yousign determines the purposes and means of processing the personal data collected (for example, when Yousign stores account information for administration purposes, managing access to services or providing customer support).
How to exercise my rights ?
Yousign is committed to protecting your data, which is why we respect your rights of access, rectification, deletion, limitation of processing, opposition to processing, portability, or not to be subject to an automated individual decision.
- I am a Yousign customer or a visitor to the Yousign website
You can send your request by email to our data protection officer at email@example.com.
- I am an external signatory / not a Yousign customer
In this case, Yousign acts as a subprocessor of these data, we are not entitled to manage your requests for rights. You must therefore contact the organization that uses Yousign's services directly for your electronic signature request. Naturally, Yousign is committed to collaborating with its customers for whom it acts as a subprocessor to respond to requests.
Whatever your status, you can lodge a complaint with your national Data Protection Authority.
Who do I contact if I have questions about the GDPR ?
You can contact our DPO at firstname.lastname@example.org
Was this article helpful?
1 out of 1 found this helpful