Privacy policy

This Privacy policy sets out the rules for the collection, processing and use of personal data.

  1. Data is collected by: SIGNIUS S.A., Mielzynskiego 20/5a Street, 61-725 Poznan, Poland, registration number KRS 802318, e-mail: connect@signius.pl
  2. Data of data protection officer of SIGNIUS S.A.: Wojciech Kolasiński, Mielzynskiego 20/5a Street, 61-725 Poznan, Poland, e-mail: rodo@signius.eu
  3. Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection on natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”.
  4. You have the right to: require access to your personal data, rectification, erasure of personal data, or restriction of processing, to object to processing, as well as the right to data portability.
  5. If the processing is based on your consent, you can withdraw it at any time by informing us without affecting the legality of the processing which was previously carried out.
  6. You may lodge a complaint to Polish President of the Office for Personal Data Protection.

SIGNIUS S.A. processes personal data in various areas. Information for each of these areas is presented separately below:

Personal data used to fulfil an order placed on the Signius Website available at: www.signius.eu, www.signius.pl, www.signius.de:

  1. Processing is carried out for the purpose of fulfilling the contract, pursuant to Article 6(1)(b) of the RODO.
  2. The following data is processed: email address, name, telephone number, invoicing data (if this option has been selected).
  3. Data may be stored on external servers. They may also be accessed by external IT companies, in terms of servicing IT software and hardware. Data may be made available to electronic payment services and banks (with regard to payment processing), debt collection companies and law firms (in the event of the assertion of claims). The aforementioned entities may act as processors of personal data at the instruction of SIGNIUS S.A., or as separate data controllers. Apart from that, the data will not be disclosed (made available) to other entities, except as provided for in the applicable legislation.
  4. With regard to payments for services provided, SIGNIUS S.A. does not store bank account, payment card or transfer data. Payments are carried out by an external operator who stores data in this regard and SIGNIUS S.A. only receives information about the payment of the respective service.
  5. Data will not be transferred to third countries or international organisations. The only exception is if your email service provider has its registered office or IT infrastructure outside the European Union.
  6. The data will be retained for a period of 7 years due to applicable tax laws and limitation periods.
  7. Data is collected directly from persons to whom the data relates. Data may be supplemented by external verifiers or by data from publicly available registers to the extent necessary to issue correct accounting documents (invoices).

Personal data used to set up an account on the Signius Platform:

  1. Processing is carried out for the purpose of fulfilling the contract, in accordance with Article 6(1)(b) of the RODO.
  2. The following data is processed: email address, first and last name, telephone number.
  3. The data may be stored on external servers. They may also be accessed by external IT companies, in terms of servicing IT software and hardware. The data may be made available to electronic payment services and banks (in terms of payment processing), debt collection companies and law firms (in the case of the assertion of claims). The aforementioned entities may act as processors of personal data on behalf of SIGNIUS S.A., or as separate data controllers. Apart from this, the data will not be disclosed (made available) to other entities, except as provided for in the applicable legislation.
  4. With regard to payments for services provided, SIGNIUS S.A. does not store bank account, payment card or transfer data. Payments are carried out by an external operator who stores data in this regard and SIGNIUS S.A. only receives information about the payment of the respective service.
  5. Data will not be transferred to third countries or international organisations. The only exception is if your email service provider has its headquarters or IT infrastructure outside the European Union.
  6. Data will be stored for a period of 7 years from the date of cancellation of your account with the service – due to applicable tax and claims limitation periods.

Data is collected directly from persons to whom the data refers. Data may be supplemented by external verifiers or data from publicly available registers to the extent necessary for the issuance of correct accounting documents (invoices).

Personal data used to provide the online electronic signature service:

  1. The processing is carried out for the purpose of performing the contract and for obtaining an electronic signature (pursuing the legitimate interest of the person seeking to obtain the electronic signature), in accordance with art. 6 par. 1 letter b and f GDPR.
  2. The following data is processed: e-mail address, name and surname, telephone number, data of the signing person, data contained on and derived from identity documents, personal ID number, information on citizenship, data for issuing the invoice and other data provided by users (in particular data contained on documents shared in the system). In the case of user verification using electronic banking, we also receive the user’s bank account number from the verifier. We access this information, but do not save or use it. In the case of user video verification, we also process the user’s image (video and photos from video verification).
  3. Data can be stored on external servers. External IT companies in the field of software and IT equipment servicing may also have access to them. Data may be made available to electronic payment services and banks (in the process of making payments), debt collection companies and law firms (in the event of litigation) and to external providers of identity identification, certification services and other services related to obtaining of an electronic signature, electronic seal or other service provided for the client. The entities indicated above may act as entities processing personal data at the request of SIGNIUS S.A., or as separate data controllers. Information on the registration of a given user (in the scope of the given e-mail address, telephone number and whether the user’s data has been verified) may be made available to other users who indicate other persons to make an electronic signature. In addition, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.
  4. In terms of payments for the services provided, SIGNIUS S.A. does not store bank account details, payment cards or transfers details. Payments are made by an external operator that stores data in this regard, and SIGNIUS S.A. only receives information about the payment for a given service.
  5. The data will not be transferred to third countries or to international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  6. The data will be stored for a period of 7 years from the date of signing out from the account – due to applicable tax regulations and limitation periods for claims.
  7. The data is collected directly from the data subjects or from persons seeking to obtain an electronic signature. The data may be supplemented with data from outside verifiers or from publicly available registers to the extent necessary to issue correct accounting documents (invoices).

As part of the provision of qualified signature services, we work with an external entity, Eurocert. They have asked us to inform users about the principles of their data processing:

  1. in order to be able to sign electronic documents, your personal data is transferred to the reputable EuroCert certification centre, which acts as the controller of your personal data.
  2. the full details of the controller are: EuroCert Sp. z o.o., 472 Pulawska St., 02-884 Warsaw, tel. +48 22 390 59 95, e-mail: biuro@eurocert.pl
  3. In all matters related to the processing of personal data by EuroCert, the Data Protection Officer of EuroCert may be contacted at the e-mail address: iod@eurocert.pl
  4. EuroCert processes the following personal data:
    a). names and surnames of Clients and persons signing electronic documents,
    b). telephone numbers of Clients and persons signing electronic documents,
    c). e-mail addresses of Clients and persons signing electronic documents,
    d). data from verification of Customers and persons signing electronic documents in external identification services, in particular recordings from verification calls and data contained in identity documents (date of birth, gender, family name, identification number, document number, date of issue and validity of the document, issuing authority, other data contained in the document;
    e). data necessary for issuing accounting documents (bills, invoices) to Customers;
    f). other personal data contained in documents for electronic signature prepared by Customers in the SIGNIUS system.
  5. The data processed comes from Customers and users of the SIGNIUS service, as well as from external companies verifying the identity of persons performing electronic signatures.
  6. Your personal data will be used by EuroCert for the following purposes:
    a) entering into and performing an agreement, including ensuring the correct quality of electronic signature services (legal basis – Article 6(1)(b) RODO) – “performance of the agreement”,
    b) the performance of EuroCert’s legal obligations, in particular the maintenance of accounting and tax records and the implementation of possible complaint processes (legal basis – Article 6(1)(c) RODO) – “legal obligation”,
    c) acting to obtain an electronic signature of a person who is not a EuroCert Client, at the request of a EuroCert Client (legal basis – Article 6(1)(f) RODO) – “legitimate interest”,
    d) to assert and defend against possible contractual claims (legal basis – Article 6(1)(f) RODO) – “legitimate interest”.
  7. EuroCert will use your data for the duration of the contract and until the time after which claims arising from the contract become time-barred (7 years).
  8. You have the right to request access to your personal data, rectification, erasure, restriction of processing, to object to processing, as well as to data portability, and to lodge a complaint with the President of the Office for Personal Data Protection.
  9. EuroCert protects your data, but they may be transferred to:
    a) SIGNIUS S.A., within the framework of cooperation in the operation of the SIGNIUS portal,
    b) External IT companies, within the scope of servicing and providing IT software and hardware.
    c) Apart from this, your data will not be disclosed (made available) by Eurocert to other entities, except as provided for in the applicable legislation, and in particular will not be transferred to third countries or to international organisations.

Personal data used for marketing purposes (newsletter):

  1. The processing is carried out on the basis of the consent of the data subject or for the purposes of the legitimate interests pursued by the controller (marketing of own services), in accordance with art. 6 par. 1 letter a or f of GDPR.
  2. The following data are being processed: e-mail address, first and last name, telephone number.
  3. Data can be stored on external servers. External IT companies in the field of software and IT equipment servicing may also have access to them. In addition, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.
  4. The data will not be transferred to third countries or to international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  5. The data will be stored for a period of 7 years from the date of signing out from the account – due to applicable limitation periods for claims.
  6. The data is collected directly from the data subjects.

Personal data in e-mail correspondence and via the contact form:

  1. The processing is carried out in order to implement the legitimate interests of the controller – that is, keeping e-mail correspondence, in accordance with art. 6 par. 1 letter f GDPR.
  2. The following data are processed: e-mail address, first and last name, phone number and any other data that you provide to us in e-mail correspondence or via the form available on the website.
  3. Data can be stored on an external hosting or mail server. External IT companies can also have access to them in the field of servicing and delivering software and IT equipment. Otherwise, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.
  4. Data will not be transferred to third countries or international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.
  6. The data is collected directly from the data subjects.

Personal data included in invoices and other accounting documents:

  1. The processing is carried out in order to comply with a legal obligation to which the controller is subject (keeping the accounting and tax documentation) and on grounds of the legitimate interests of a controller (possible exercise or defence of legal claims), in accordance with art. 6 par. 1 letter c and f GDPR.
  2. The following data are processed: name and address of the seller and buyer, tax ID numbers, possible data of the signatory and other data placed on invoices and other accounting documents.
  3. The controller may entrust the processing of your data to external accounting firms and law firms. Access to them is also allowed for external IT companies, in the field of servicing and delivering software and IT equipment, as well as postal and courier companies, in the case of sending correspondence. Your payment details will be transferred to banks or other payment service providers. In the remaining range, the data will not be disclosed (made available) to other entities, except for the cases provided for in the applicable regulations.
  4. Data will not be transferred to third countries or international organizations.
  5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.
  6. Data is obtained from you and from public registers.

Personal data included in recruitment processes (CVs, cover letters):

  1. Processing is carried out in order to comply with a legal obligation to which the controller is subject (in accordance with art. 22[1] § 1 of Polish Labour Code) and on the basis of consent, in accordance with art. 6 par. 1 letter a and c of GDPR.
  2. Providing data is voluntary, it is not required by any regulations, but refusal to provide data will prevent participation in the recruitment process.
  3. We process the data provided by you in the application.
  4. Data may be accessed by external IT companies in the scope of servicing and delivering software and IT equipment. In addition, the data will not be disclosed (disclosed) to other entities, except as provided for in the applicable regulations.
  5. Data will not be transferred to third countries or international organizations.
  6. The data will be stored during recruitment and up to six months later, unless the candidate withdraws the consent granted for the processing of data.
  7. The data is collected directly from the data subjects.

Personal data processed on the administrator’s social network profiles:

  1. Processing takes place in order to implement legitimate interests of the administrator – that is, maintaining link with clients and potential clients on the social network, in accordance with art. 6 par. 1 lit. f GDPR.
  2. The following data are processed: name, surname, image, other data provided by users on their profiles.
  3. Data will be available to provider of given social media provider and its users. Data may be also accessed by external IT companies in the scope of servicing and delivering software and IT equipment. In addition, the data will not be disclosed (disclosed) to other entities, except as provided for in the applicable regulations.
  4. The data will not be transferred to third countries or international organizations, subject to point 3 above. When using social networks, you must be aware that the regulations on the protection of personal data of countries outside the European Union may be less restrictive.
  5. The actions of the user of the social networking site are tracked by that site provider using e.g. cookies (cookies). Also SIGNIUS S.A. has access to numerous statistical data about visitors and followers of the profile. The statistics provide information about the characteristics and habits of visitors to the profile, thus allowing the controller to better adjust the content presented.
  6. The data will be stored for a period when a given user will follow the administrator’s profile on given social network.
  7. The data is collected directly from the data subjects and obtained from the provider of the social network.

Cookies:

    1. In order to ensure the greatest possible comfort of using our website, when browsing it, small files are saved on your device, so-called cookie. They can only be read by the information and communication system that stored them; they allow you to be subsequently identified if you use the same service again, and they allow us to tailor the nature of the service provided to your expectations by displaying the page in the most appropriate manner for a particular user. We also use other technologies similar to cookies that allow you to access information stored on your device or browser (e.g., through Local Storage accessing information stored while using the SIGNIUS Platform in a dedicated part of your browser’s memory). Cookies and other technologies support the provision of electronic services to you and the improvement of the quality of these services. They allow us to collect statistical data and to identify your device so that we can develop the site according to the preferences of our users.
    2. We use permanent and session cookies on the SIGNIUS Platform. Session cookies involve monitoring user activity only during a given session; once you close your browser, the data previously obtained can no longer be retrieved. Persistent cookies are placed on the disk of the device through which the user connects to the network, for an extended period of time until they are deleted by the user. Permanent cookies are helpful for remembering your settings and preferences making your next visit to the SIGNIUS Platform more convenient. Below you will find a list of cookies, together with an indication of their lifespan:
    3. We use necessary cookies in order to provide you with access to the Signius Platform and its basic functions that you wish to use. The implementation of essential cookies on your end device does not require your consent. Without the necessary cookies, we are unable to provide you with the services of the Signius Platform. We process the personal data collected by means of the necessary cookies on the basis of Article 6(1)(f) RODO (performance of a contract to which the data subject is a party).
    4. We use statistical cookies to check the number of visits and traffic sources on the Signius Platform. These cookies allow us to identify less popular pages and to understand how users navigate the Signius Platform. Failure to agree to the cookies indicated does not affect your use of the Signius Platform. We process the personal data collected with statistical cookies on the basis of Article 6(1)(a) RODO (user consent).
    5. We use advertising cookies that enable us to deliver advertisements according to your preferences. Thanks to advertising cookies and activity on other services, a profile of your interests is built up. Advertising cookies can also be used to personalise advertising and to display advertisements outside the websites. Lack of consent for the indicated cookies does not affect the use of the Signius Platform. We process the personal data collected by means of advertising cookies on the basis of Article 6(1)(a) RODO (user consent).
    6. The first time you visit our website, you can decide whether you consent to the operation of cookies, bearing in mind that refusal of the necessary cookies means that you cannot make full use of our website’s offer.
    7. You may block or restrict the storage of cookies on your device at any time, but there is a risk that this operation will hinder your use of the website. You can find out how to configure the cookie settings of the most popular browsers at the following addresses, among others:
      – Google Chrome
      – Mozilla Firefox
      – Microsoft Edge
    8. We reserve the right to modify the cookies currently used on our website.

     

    Other online tools:

    In order to ensure the optimal operation of the website, as well as the appropriate selection of displayed content, we use third-party software which collects anonymous data on the behaviour of users and to facilitate marketing activities. These data are not combined with other data sets and are collected anonymously and do not allow to identify a specific user.

    Summary:

    1. All personal data processed by us are secured in accordance with the requirements of the GDPR. We make every effort to protect your data and to guard them from the actions of third parties.
    2. We reserve the right to update and change this privacy policy by publishing a new version on this site.
    3. In case of any doubts or additional questions regarding the protection of privacy, please contact us.