Updated on March 13, 2023.
- Edusign never sells your data to third parties.
- We strive for maximum transparency and remain at your disposal for any questions.
- We only collect data necessary for the execution of our services.
- We retain your data for the duration of our contractual and regulatory obligations, then we delete or anonymize it.
- We do not process sensitive data by default. Only absence justifications may contain sensitive data, and special consent is required for this type of document.
- All data is encrypted. Learn more about security at Edusign.
- You can sign our Standard Contractual Clauses online.
Types of Data Collected
Edusign collects, processes, and stores confidential data from its customers and third-party signatories, such as name, email address, and IP address. This processing is carried out within the framework of the service contract that binds Edusign to its customers. Edusign retains this data for the duration of the contract and for a maximum of 10 years from the end of the contract, depending on regulatory storage periods.
The data from the evidence file and attendance sheets generated on Edusign are retained by the third-party archiver for a period of 10 years from their establishment, and the expiration or termination of the contract cannot affect this retention period.
Data that may be collected:
- Last Name
- First Name
- IP Address
- Device Model
- Professional Title
- Phone Number
- Profile Picture
- Messages to our Customer Service
- Reasons for Absence
- Banking Information
- NPS Score
- Timestamp and Visit Duration Information
- Pages Visited
- Clicks and Other Interactions on Different Pages
- Geolocation (No storage, collected only through a specific signature method).
- Any other data added by an Edusign User
When our customers use our services, we collect and process certain information on their behalf. Our customers are therefore responsible for data processing in accordance with Article 4 of the GDPR. Edusign, as a service provider, acts as a data processor. In this capacity, we are committed to assisting our customers in ensuring compliance with their data processing.
We have implemented technical and organizational measures aimed at the security and protection of your data.
Our Additional Measures
- Edusign employees are regularly trained and updated on cybersecurity and data protection developments.
- Our applications are designed with “Privacy by Design” principles. This means we strive to consider security before starting the development of our services.
- A register of processing activities is kept up to date to track changes in service management.
- We have a procedure for notifying personal data breaches. In the event of a breach, you will be informed as soon as possible, with full transparency.
- Our servers are located in France, and our subcontractors are analyzed to verify their GDPR-related measures.
Does Edusign Use Subprocessors?
Yes. We maintain a list of all our subprocessors, and we have ensured that all those likely to process personal data commit to complying with existing legal frameworks. We can provide you with this list upon request. A data processing register is kept up to date to ensure the monitoring of the use of personal data by Edusign and its partners.
Our subprocessors, a non-exhaustive and non-contractual list, include:
|Subcontractors||Purpose of Processing||Concerned Individuals|
|Intercom||Customer communication and support||Users|
|Celonis (Make)||Support and data processing||Users & visitors|
|Amazon Web Services||Data hosting||Users|
|Hubspot||Support, communication, and analytics||Users and visitors|
|Google Suite (Gmail & Drive)||Support||Users|
Where Are the Data Stored?
The data is stored on our servers in France. However, Edusign uses services such as Sendgrid or Intercom with servers in the United States. These partner services are used to enhance the experience of users and visitors to Edusign’s services. EDUSIGN has verified the compliance with GDPR by these providers, including by signing Standard Contractual Clauses, DPAs, and other documents related to the security of your personal data.
How Long Are the Data Retained?
Edusign retains data for the duration of the contract and for a maximum of 10 years from the end of the contract, depending on the type of data. For more information on data retention periods based on the type of data, please contact us.
At the end of the contract, the Customer can request their data, following the GDPR reversibility clause.
How to Access, Modify, Delete Your Data, or File a Complaint?
For Edusign Customers
You can access, modify, add, export, or delete your data from your administrator or intervenor account. To learn all the functionalities related to this, visit our help center.
To exercise your rights of access, modification, or deletion of your data, you can make a request to firstname.lastname@example.org. Our team is committed to responding to all requests as quickly as possible.
For External Users
Edusign is authorized to process the personal data necessary to provide the services subscribed to by its customers.
In this case, Edusign acts as a data processor for this data, so we are not authorized to handle your requests for access, rectification, erasure, objection, restriction of processing, or data portability. Therefore, you should contact the organization using Edusign’s services in the context of your electronic signature process.
Edusign is committed to collaborating with its customers to respond to submitted requests.
Definitions and Legal References
Personal Data (or Data)
Any information concerning a natural person or legal entity, an institution, or an association that is, or can be identified, even indirectly, by reference to other information, including a personal identification number.
Information collected automatically from our website and applications (or from third-party services used by our website and applications), which may include IP addresses or domain names of the computers used by the User using our website and applications, URI addresses (Uniform Resource Identifier or uniform resource identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (successful result, error, etc.), the country of origin, the characteristics of the browser and operating system used by the User, various details regarding the time spent on each page of our website and applications, and details regarding the path followed within our website and applications with special reference to the sequence of pages visited, and other parameters related to the User’s operating system or computing environment.
The person using our website and applications, who must correspond to the Data Subject or be authorized by the Data Subject, to whom Personal Data refers.
The natural or legal person to whom the Personal Data refers.
Data Processing Service (or Data Controller)
Data Controller (or Owner)
The natural or legal person, public authority, or any other entity, association, or organization that is authorized, even jointly with another Data Controller, to make decisions regarding the purposes and methods of processing Personal Data and the means used, including security measures concerning the operation and use of this Application. Unless otherwise specified, the Data Controller is the Owner of our website and applications. To date, EDUSIGN.
You also have the right to lodge a complaint with the CNIL (www.cnil.fr).
Standard Contractual Clauses
Need to sign Standard Contractual Clauses? Edusign follows the recommendations of the CNIL and offers you the opportunity to sign the Standard Contractual Clauses (SCCs) online.
Click this link to access the Standard Contractual Clauses.