Privacy policy

This Privacy policy sets out the rules for the collection, processing and use of personal data.

  1. Data is collected by: SIGNIUS S.A., Krasinskiego 16 Street, 60-830 Poznan, Poland, registration number KRS 802318, e-mail: connect@signius.pl
  2. Data of data protection officer of SIGNIUS S.A.: Wojciech Kolasiński, Krasinskiego 16 Street, 60-830 Poznan, Poland, e-mail: rodo@signius.eu
  3. Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection on natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”.
  4. You have the right to: require access to your personal data, rectification, erasure of personal data, or restriction of processing, to object to processing, as well as the right to data portability.
  5. If the processing is based on your consent, you can withdraw it at any time by informing us without affecting the legality of the processing which was previously carried out.
  6. You may lodge a complaint to Polish President of the Office for Personal Data Protection.

SIGNIUS S.A. processes personal data in various areas. Information for each of these areas is presented separately below:

Personal data used to provide the online electronic signature service:

  1. The processing is carried out for the purpose of performing the contract and for obtaining an electronic signature (pursuing the legitimate interest of the person seeking to obtain the electronic signature), in accordance with art. 6 par. 1 letter b and f GDPR.
  2. The following data is processed: e-mail address, name and surname, telephone number, data of the signing person, data contained on and derived from identity documents, personal ID number, information on citizenship, data for issuing the invoice and other data provided by users (in particular data contained on documents shared in the system). In the case of user verification using electronic banking, we also receive the user’s bank account number from the verifier. We access this information, but do not save or use it. In the case of user video verification, we also process the user’s image (video and photos from video verification).
  3. Data can be stored on external servers. External IT companies in the field of software and IT equipment servicing may also have access to them. Data may be made available to electronic payment services and banks (in the process of making payments), debt collection companies and law firms (in the event of litigation) and to external providers of identity identification, certification services and other services related to obtaining of an electronic signature, electronic seal or other service provided for the client. The entities indicated above may act as entities processing personal data at the request of SIGNIUS S.A., or as separate data controllers. Information on the registration of a given user (in the scope of the given e-mail address, telephone number and whether the user’s data has been verified) may be made available to other users who indicate other persons to make an electronic signature. In addition, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.
  4. In terms of payments for the services provided, SIGNIUS S.A. does not store bank account details, payment cards or transfers details. Payments are made by an external operator that stores data in this regard, and SIGNIUS S.A. only receives information about the payment for a given service.
  5. In order to develop and improve the quality of the services provided, the controller records user behaviour when using the controller portal with the FullStory tool. The user’s sessions on the portal are saved, however, these recordings do not contain the user’s personal data, nor the data about or from the documents.
  6. The data will not be transferred to third countries or to international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  7. The data will be stored for a period of 7 years from the date of signing out from the account – due to applicable tax regulations and limitation periods for claims.
  8. The data is collected directly from the data subjects or from persons seeking to obtain an electronic signature. The data may be supplemented with data from outside verifiers or from publicly available registers to the extent necessary to issue correct accounting documents (invoices).

Personal data used for marketing purposes (newsletter):

  1. The processing is carried out on the basis of the consent of the data subject or for the purposes of the legitimate interests pursued by the controller (marketing of own services for own clients), in accordance with art. 6 par. 1 letter a or f of GDPR.
  2. The following data are being processed: e-mail address, first and last name, telephone number.
  3. Data can be stored on external servers. External IT companies in the field of software and IT equipment servicing may also have access to them. In addition, the data will not be disclosed (made available) to other entities, except as provided for in applicable regulations.
  4. The data will not be transferred to third countries or to international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  5. The data will be stored for a period of 7 years from the date of signing out from the account – due to applicable limitation periods for claims.
  6. The data is collected directly from the data subjects.

Personal data in e-mail correspondence and via the contact form:

  1. The processing is carried out in order to implement the legitimate interests of the controller – that is, keeping e-mail correspondence, in accordance with art. 6 par. 1 letter f GDPR.
  2. The following data are processed: e-mail address, first and last name, phone number and any other data that you provide to us in e-mail correspondence or via the form available on the website.
  3. Data can be stored on an external hosting or mail server. External IT companies can also have access to them in the field of servicing and delivering software and IT equipment. Otherwise, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.
  4. Data will not be transferred to third countries or international organizations. The only exception is if your email service provider has an office or IT infrastructure outside the European Union.
  5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.
  6. The data is collected directly from the data subjects.

Personal data included in invoices and other accounting documents:

  1. The processing is carried out in order to comply with a legal obligation to which the controller is subject (keeping the accounting and tax documentation) and on grounds of the legitimate interests of a controller (possible exercise or defence of legal claims), in accordance with art. 6 par. 1 letter c and f GDPR.
  2. The following data are processed: name and address of the seller and buyer, tax ID numbers, possible data of the signatory and other data placed on invoices and other accounting documents.
  3. The controller may entrust the processing of your data to external accounting firms and law firms. Access to them is also allowed for external IT companies, in the field of servicing and delivering software and IT equipment, as well as postal and courier companies, in the case of sending correspondence. Your payment details will be transferred to banks or other payment service providers. In the remaining range, the data will not be disclosed (made available) to other entities, except for the cases provided for in the applicable regulations.
  4. Data will not be transferred to third countries or international organizations.
  5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.
  6. Data is obtained from you and from public registers.

Personal data included in recruitment processes (CVs, cover letters):

  1. Processing is carried out in order to comply with a legal obligation to which the controller is subject (in accordance with art. 22[1] § 1 of Polish Labour Code) and on the basis of consent, in accordance with art. 6 par. 1 letter a and c of GDPR.
  2. Providing data is voluntary, it is not required by any regulations, but refusal to provide data will prevent participation in the recruitment process.
  3. We process the data provided by you in the application.
  4. Data may be accessed by external IT companies in the scope of servicing and delivering software and IT equipment. In addition, the data will not be disclosed (disclosed) to other entities, except as provided for in the applicable regulations.
  5. Data will not be transferred to third countries or international organizations.
  6. The data will be stored during recruitment and up to six months later, unless the candidate withdraws the consent granted for the processing of data.
  7. The data is collected directly from the data subjects.

Personal data processed on the administrator’s social network profiles:

  1. Processing takes place in order to implement legitimate interests of the administrator – that is, maintaining link with clients and potential clients on the social network, in accordance with art. 6 par. 1 lit. f GDPR.
  2. The following data are processed: name, surname, image, other data provided by users on their profiles.
  3. Data will be available to provider of given social media provider and its users. Data may be also accessed by external IT companies in the scope of servicing and delivering software and IT equipment. In addition, the data will not be disclosed (disclosed) to other entities, except as provided for in the applicable regulations.
  4. The data will not be transferred to third countries or international organizations, subject to point 3 above. When using social networks, you must be aware that the regulations on the protection of personal data of countries outside the European Union may be less restrictive.
  5. The actions of the user of the social networking site are tracked by that site provider using e.g. cookies (cookies). Also SIGNIUS S.A. has access to numerous statistical data about visitors and followers of the profile. The statistics provide information about the characteristics and habits of visitors to the profile, thus allowing the controller to better adjust the content presented.
  6. The data will be stored for a period when a given user will follow the administrator’s profile on given social network.
  7. The data is collected directly from the data subjects and obtained from the provider of the social network.

Cookies:

  1. In order to ensure the greatest possible comfort of using our website, when browsing it, small files are saved on your device, so-called cookie. These files allow us to adjust the content of the website to your needs and interests. By saving them on your device it is possible, among others displaying the page in a way that is most appropriate for a particular user. Cookies enable us to collect statistical data, thanks to which we develop a website in accordance with the preferences of our users.
  2. The User may at any time block or limit the option of saving cookies on his device, however, there is a risk that this operation will inhibit the use of the site.

Other online tools:

In order to ensure the optimal operation of the website, as well as the appropriate selection of displayed content, we use third-party software which collects anonymous data on the behaviour of users and to facilitate marketing activities. These data are not combined with other data sets and are collected anonymously and do not allow to identify a specific user.

Summary:

  1. All personal data processed by us are secured in accordance with the requirements of the GDPR. We make every effort to protect your data and to guard them from the actions of third parties.
  2. We reserve the right to update and change this privacy policy by publishing a new version on this site.
  3. In case of any doubts or additional questions regarding the protection of privacy, please contact us.