Effective Date: June 11, 2018
DocuSign’s core product and services help users create, complete, and show the validity of digital or electronic transactions, such as electronically signing a contract for mobile phone services or placing a digital signature on a loan application. As part of our Services, users want us to collect and record information that helps the parties prove the validity of the transactions. This information includes the persons who are involved in the transactions and the devices those persons use.
- How We Collect Information
- Use of Information
- Information Sharing
- Retention of Information
- Your Choices
- Children's Privacy
- California Residents' Privacy
- Users From Outside the United States
- How We Protect Your Information
- Changes to This Policy
- How to Contact Us
1. How We Collect Information
To provide and improve our Services and to support advertising and marketing, we collect information about visitors to our sites, users of our Services, the devices they use, and sometimes their locations.
We collect certain information directly from you, such as when you fill out forms with a name or email address. We collect other information, usually about devices, browsers, or locations, automatically (without you typing it into a form). We may also collect information about you from other sources, such as if we purchase a list of contact information of people who may be interested in our Services.
Information We Collect from You. You provide us with information about yourself when you:
- Register or log in to your account
- Start, sign, or review an electronic document
- Create or edit your user profile
- Contact customer support
- Comment on our blogs or in community forums
Examples of the information you provide are: name, email address, mailing address, phone number, billing information, or electronic signature.
You also provide us with information about others when you use parts of our Services, such as when you:
- Start or participate in an electronic transaction, such as an envelope within DocuSign Signature
- Share information in a Transaction Room
- Add others as a member to an existing account
- Leave comments
- Refer friends
The information we automatically collect includes:
For choices you have on cookies and related technologies, please see Section 5 of this Policy. For additional information about cookies and related technologies, please go to our Cookies Policy (https://www.docusign.com/company/cookie-policy).
Information We Collect from Other Sources. We may collect information about you from others, such as:
- Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to DocuSign), and others where they are legally allowed to share your information with us. For example, if you register for our Services on another website, the website may provide your information to us.
- Other Customers. Other customers may give us your information. For example, if a customer wants you to sign an electronic document in our Services, he or she will give us your email address and name.
Information We Collect & Process on Behalf of Customers. When our customers use our Services, we process and store certain information on their behalf as a data processor. For example, in DocuSign Signature when a customer (or the customer’s Authorized Users) upload contracts or other documents for review or signature, we act primarily as a data processor and process information on the customer's behalf and in accordance with their instructions. In those instances, the customer as the data controller is responsible for most aspects of the processing of the information. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
In general, we collect, use and store or process your information to provide our Services, to fix and improve them, to develop new services, and to market our companies and their products and services. Here are some examples of how we use the information we process:
- Provide you with the services and products you request and collect payments
- Send you records of our relationship, including for purchases or other events
- Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you
- Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur
- Run sweepstakes and contests
- Choose and deliver content and tailored advertising
- Create and review data about our users and how they use our Services
- Test changes in our Services and develop new features and products
- Fix problems you may have with our Services, including answering support questions and resolving disputes
- Manage the DocuSign Signature platform including support systems and security
- Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior
- Meet legal retention periods
We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use information to create and manage an account, we need it in order to provide relevant services.
- Gather and record data associated with use of a digital certificate or digital signature, it is to comply with regulations.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can revoke at any time).
- Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.
We share information as follows:
- Service Providers. We share your information with other companies we use to support our Services. These companies provide services like search technology, advertising, authentication systems, bill collection, fraud detection, and customer support. Our service providers promise to safeguard your personal information and are not permitted to use it for their own purposes.
- Business Transactions. We may share your information during a corporate transaction like a merger, or sale of our assets. If a corporate transaction occurs, we will provide notification of any changes to control of your information, as well as choices you may have.
- Consent. We may share your information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your information may also be shared as described below:
- Other users. When you allow others to access, use, or edit content in your account, we share that content with them. For example, if you send an envelope to others for review or signature, we make the contents of the envelope available to them. We also make the content of transaction rooms available to the individuals you invite to those rooms.
- Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor selected by you or the other user.
- Public Information.
- User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
- Profile Information. When you create a DocuSign profile, other DocuSign users can view your profile information. If you would like to make this information private, please visit your account settings.
- Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization, such as firstname.lastname@example.org or email@example.com, that organization (if it is a DocuSign customer with certain features) can find your account and take certain actions that may affect your account.
We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal data and limit active use of it.
See Section 5 for choices about storage of your information.
This section describes many of the actions you can take to change or limit the collection or use of your information.
- Profile. You are not required to fill out a profile. If you do, you can access and review this information. If any information is inaccurate or incomplete, you can make changes in your account settings.
- Marketing Messages. You can opt out of email marketing messages we send. You can opt out of these messages by clicking on the “unsubscribe” link in the email message. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages. To opt out of other direct marketing from us, please contact us using http://esign.docusign.com/global-unsubscribe.
- Cookies and Other Related Technology. You can choose to decline cookies through your browser settings. However, if you decline cookies, you may not be able to use some parts of our Services.
- To change how Google Analytics collects and uses your information, you may install the Google Analytics Opt-Out Browser by clicking here (https://tools.google.com/dlpage/gaoptout). For Mixpanel’s opt-out, click here (https://mixpanel.com/optout/).
- To exercise choices for tailored advertising, please visit the following sites (please note that you may still receive advertising content, but it will not be tailored to you):
- Network Advertising Initiative’s Consumer Opt-Out Link (http://optout.networkadvertising.org/?c=1#!/)
- Digital Advertising Alliance’s Consumer Opt-Out Link (http://optout.aboutads.info/?c=2#!/)
- TRUSTe’s Advertising Choices (http://preferences-mgr.truste.com/)
- Google Ad Settings (https://adssettings.google.com/authenticated)
- For your mobile devices, please read your operating system’s instructions.
- We do not recognize or respond to browser-initiated Do Not Track signals.
- Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Closing Your Account. If you wish to close your account, please go to your account settings.
Our Services are not designed for and are not marketed to people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your information. We delete information that we learn is collected from a minor without verified parental consent. Please contact us using https://support.docusign.com/SAR if you believe we might have information from or about a minor.
If you are a California resident, you may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your information with third parties for their own marketing purposes.
By using our Services, you:
If you are in Switzerland or the European Economic Area (EEA), you may have additional rights under data protection law.
- Transfers to the U.S. and Third Countries. If you are in Switzerland or the European Economic Area ("EEA"), you understand and acknowledge that DocuSign may transfer your personal data outside of Switzerland and the EEA for processing. DocuSign has adopted Binding Corporate Rules to facilitate the transfer of personal data from the EEA to DocuSign outside of the EEA. You may view our Binding Corporate Rules at https://trust.docusign.com/en-us/trust-certifications/gdpr/bcr-p-processor-privacy-code and https://trust.docusign.com/en-us/trust-certifications/gdpr/bcr-c-csb-privacy-code.
- Other Rights
- You can access and review information associated with your account at any time. You also can request the following information: how we collect and use your information and why; the categories of personal data involved; the categories of recipients of your personal data; how we received your personal data; and how long we use or store your personal data or the manner in which we determine relevant retention periods.
- You also have a right to correct your personal data. In certain situations, you can ask that we erase or stop using your information (and object to use of your personal data) or export your data.
- You have a right to provide us with guidance on the use, storage, and deletion of your personal data after your death.
- You have a right to raise questions or complaints with your local data protection authority at any time.
If you wish to exercise these rights, please contact us at https://support.docusign.com/SAR.