DocuSign complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. DocuSign has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DocuSign’s certification, please visit http://www.export.gov/safeharbor/
1. Information We Collect.
Our primary purpose in collecting personal information is to provide you with a safe, secure online application which will assist you in sending and signing contracts. In order to do so, DocuSign must collect information to identify users, and to allow our users to identify each other. We only collect information about you that we consider necessary for achieving this purpose.
In general, you can browse the Site without telling us who you are or revealing any personal information about yourself. Once you give us your personal information, you are not anonymous to us. If you choose to use our services, we may require you to provide contact and identity information, billing information, shipping information and other personal information as indicated on the forms throughout the Site. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide information by choosing not to use a particular service or feature.
Under some circumstances, users may require some additional information in order to authenticate you, including, but not limited to: your name, your address, or the last 4 digits of your social security number. We may also use financial information, including credit card information, to verify the accuracy of your name, address, and other information, as well as to bill you for your use of our services. Under no circumstances will any of this information be used to generate a credit scoring report that will show up against your credit.
You can log in to our docusign.net site using social network sign-in services. These services will authenticate your identity and provide you the option to share certain personal information with us, such as your name and email address, to pre-populate the sign up form for our services. Such social network sign-in services such as this give you the option to post information about your activities on this Web site to your profile page to share with others within your network.
We use third party tracking-utility partners to automatically track certain information to increase security such as IP addresses, email addresses, and other information through log files.
We employ, and our third party advertising partners employ, a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We tie the information gathered by clear gifs to our customers’ e-mail address(es).
If you establish a credit account with us to pay the fees we charge, we collect some additional information, such as a billing address, a credit card number and a credit card expiration date.
If you use DocuSign to send documents, we will encrypt and store these documents in an account and make the contents available only to those whom you invite to view or sign these files. DocuSign employees do not have access to this information, nor can they access your signature file or other data, but it is stored in our system.
If you send us personal correspondence, such as emails, requests for demos or letters, we may collect information, such as name, email address and phone number, into a file specific to you.
If you register for DocuSign on another web site or use a web site providing a service for DocuSign or a web site that helps facilitate your activity on DocuSign, that web site may provide personal information about you and your transactions back to DocuSign.
2. Our Use of Your Information.
We use your personal information to facilitate the services you request. We use your personal information in the file we maintain about you, and other information we obtain from your current and past activities on the Site to: resolve disputes; troubleshoot problems; help promote safe exchange of documents for signature and delivery; collect fees owed; authenticate users, inform you about online and offline offers, products, services (if you wish to no longer receive these offers you may follow the unsubscribe instructions contained in each of the email communications you receive), and updates; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our User Agreement; and as otherwise described to you at the time of collection. At times, we may look across multiple users to identify problems or resolve disputes, and in particular we may examine your personal information to identify users using multiple User IDs or aliases. We may compare and review your personal information for errors, omissions and for accuracy.
If you choose to use our service and pay with credit card or corporate invoice, we use your address and billing information to bill you and provide associated support.
We use third-party advertising companies to serve ads when you visit our Website. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other Web sites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
We post customer testimonials on our web site which may contain personally identifiable information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to request the removal of your testimonial, you may contact us at email@example.com.
3. Our Disclosure of Your Information.
Internal Service Providers for Our Operations. We may use third parties that we refer to as internal service providers to facilitate or outsource one or more aspects of the business, product and service operations that we provide to you (e.g., search technology, authentication systems, bill collection, and fraud detection, a customer support vendor to provide live chat services, and a recruiting provider to power our career center), and therefore we may provide some of your personal information directly to these internal service providers. These internal service providers are subject to confidentiality agreements with us and other legal restrictions that prohibit their use of the information we provide them for any other purpose except to facilitate the specific outsourced DocuSign related operation, unless you have explicitly agreed or given your prior permission to them for additional uses.
Legal Requests. DocuSign cooperates with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights, to help protect you and the DocuSign community from bad actors. Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, UserID history, fraud complaints, usage history without a subpoena. Without limiting the above, in an effort to respect your privacy and our ability to keep the community free from bad actors, we will not otherwise disclose your personal information to law enforcement or other government officials without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to: prevent imminent physical harm or financial loss; or report suspected illegal activity. Further, we can (and you authorize us to) disclose your name, street address, city, state, zip code, country, phone number, email, and company name to DocuSign Internal Service Providers under confidentiality agreement, as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.
If DocuSign is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
4. Privacy in the EU (Safe Harbor):
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (FAQ) to enable U.S. companies to satisfy European Union (EU) law requirements for adequate protection of personal information transferred from the European Economic Area (EEA) to the United States. DocuSign, Inc. adheres to the Safe Harbor Principles outlined below. The privacy principles in this policy are based on the Safe Harbor Principles.
(a) Notice and Choice:
DocuSign, Inc. does not collect personal information directly from individuals in the EU. Personal information may exist in eContracts that are uploaded to DocuSign-controlled server from an EEA organization for processing. To the extent permitted in the Safe Harbor Agreement, we reserve the right to process personal information in the course of providing hosted electronic contract execution services to our clients without the knowledge of individuals involved.
(b) Onward Transfers and Disclosures to Agents:
DocuSign, Inc. will not knowingly disclose an individual’s personal information to third parties, except when one or more of the following conditions is true:
• We have the individual’s permission to make the disclosure.
• The disclosure is required by law or professional standards.
• The information in question is publicly available.
• The disclosure is reasonably necessary for the establishment or defense of legal claims.
(c) Data Integrity:
DocuSign, Inc. will use personal information only in ways that are compatible with the purposes for which it was collected, which is in the confines of electronic execution of contracts and application of electronic signatures.
Upon request, DocuSign, Inc. will grant individuals reasonable access to personal information that it holds about them. In addition, DocuSign, Inc. will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. We will respond to your request for access within 30 days.
DocuSign, Inc. utilizes the self-assessment approach to assure its compliance with our privacy statement. DocuSign, Inc. periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Safe Harbor Principles.
5. Privacy in Australia.
To the extent they apply, DocuSign, Inc. adheres to the Australian Privacy Principles and the Australian Privacy Act 1988 (Cth).
6. Your Use of Other Users' Information.
In order to facilitate interaction among all DocuSign members, our Product may allow you limited access to other users' contact and authentication status information.
By entering into our User Agreement, you agree that, with respect to other users' information that you obtain through the Site or through a DocuSign- related communication or DocuSign-facilitated transaction, DocuSign hereby grants to you a license to use such information only for: (a) DocuSign- related communications that are not unsolicited commercial messages, (b) using services offered through DocuSign (e.g. document sending, signing, notarizing, etc.), and (c) any other purpose that a user expressly agrees to after you tell them the purpose you would like to use it for. In all cases, you must give users an opportunity to withdraw consent to sign electronically. In addition, under no circumstances, except as defined in this Section, can you disclose personal information about another user to any third party without our consent and the consent of that user. You agree that other users may use your personal information to communicate with you in accordance with this Section.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. DocuSign stores this information only for the purposes of sending this one-time email and of tracking the success of our referral program.
Your friend may contact us at the email address below to request that we remove this information from our database.
DocuSign and our users do not tolerate spam. Therefore, without limiting the foregoing, you are not licensed to send any message to another DocuSign user, (email or physical mail) without their express consent. To report DocuSign related spam to DocuSign, please contact us at email@example.com.
7. Control of Your Password.
You are responsible for all actions taken with your User ID and password, including fees charged to your account, and all actions taken with your account. Therefore we do not recommend that you disclose your DocuSign password to any third parties. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately change your password.
8. Accessing, Reviewing and Changing Your Personal Information.
We offer you the ability to automatically review and change the information you submit to us by logging into the Site and entering in the new information yourself. Generally, we will not modify your personal information based on your request because it is difficult to authenticate your account manually. You can change your password, contact information, financial information, and user preferences by going to the profile area. You must promptly update your personal information if it changes or is inaccurate. Changing your personal information will not impact any completed transactions.
Upon your request, we will deactivate your account, contact information, billing information, shipping information, and financial information from our active databases. To make this request, email firstname.lastname@example.org. Such information will be deactivated as soon as reasonably possible based on your account activity and in accordance with our deactivation policy and applicable law.
We will retain in our files some personal information, and past document transactions to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our User Agreement and comply with legal requirements as is permitted by law. Therefore, you should not expect that all of your personal information will be completely removed from our databases in response to your requests. However, such personal information will be deactivated from member viewing and will only be available to select DocuSign personnel.
9. Other Information Collectors.
From time-to-time, we may provide you the opportunity to participate in contests, sweepstakes or surveys on our site. If you participate, we will request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code).
We use this information to notify contest winners and award prizes, to personalize the site (in the case of anonymous information collected in surveys), and to occasionally send participants an email newsletter.
We may use a third party service provider to conduct these surveys or contests; that company is prohibited from using our users’ personally identifiable information for any other purpose. We will not share the personally identifiable information you provide through a contest or survey with other third parties unless we give you prior notice and choice.
Your information is stored on DocuSign, Inc.'s servers located in the United States. We use procedural and technical safeguards to protect your personal information against loss or theft as well as unauthorized access and disclosure to protect your privacy, including encryption, "firewalls" and Secure Socket Layers. We treat data as an asset that must be protected against loss and unauthorized access. We employ many different security techniques to protect such data from unauthorized access by users inside and outside the company. However, "perfect security" does not exist on the Internet. If you have any questions about security on our Web site, you can contact us at email@example.com.
11. Children's Privacy.
DocuSign recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children's online activities and interests. This Site is not intended for children under the age of 13. DocuSign does not target its services or this Site to children under 13. DocuSign does not knowingly collect personally identifiable information from children under the age of 13.
13. Contact us.