Revision date: June 11, 2018
This website and its contents do not give any party additional rights or remedies and should not be construed as a binding agreement. The information herein is provided to illustrate DocuSign’s engagement process for third-party subprocessors, and to provide a subprocessor list.
DocuSign uses certain third-party subprocessors to support the delivery of the DocuSign Signature service.
What is a subprocessor?
A subprocessor is a third-party data processor, engaged by DocuSign, that processes eDocuments (which may contain personal data) as necessary to support the delivery of the DocuSign Signature service.
Due diligence and safeguards:
DocuSign uses commercially reasonable efforts to evaluate the data protection practices of subprocessors that process eDocuments. DocuSign requires subprocessors to provide, at a minimum, the level of data protection required of DocuSign under applicable data protection laws and regulations, including, but not limited to, the requirements to:
- Use commercially reasonable security measures in providing services to DocuSign to preserve the security, integrity, and confidentiality of personal data, and to protect against unauthorized access and anticipated threats or hazards to personal data;
- Use personal data only to provide the DocuSign Signature service (including necessary subprocessor services), and not process personal data for any other purpose;
- Handle and maintain personal data in compliance with all applicable data privacy and protection laws, rules, and regulations;
- Immediately notify DocuSign about any actual or potential security breach affecting personal data processed on behalf of DocuSign;
- Assist and support DocuSign in dealing with requests from governmental authorities, data controllers, data subjects or data protection authorities, as applicable;
- Not transfer personal data to a third country unless expressly authorized to do so by DocuSign;
- Not engage another data processor without prior specific authorization of DocuSign; and
- Comply with obligations as required by the General Data Protection Regulation, as applicable.
DocuSign will make updates to the subprocessor list via this website. Customer may object to a subprocessor per the BCR-P Privacy Code.
DocuSign owns and controls the infrastructure that it uses to host eDocuments submitted to the instances of the DocuSign Signature application in the United States and in EMEA. In addition, customer accounts can be established in additional regions based on where the customer is located or as determined at the time the customer’s account is provisioned by using infrastructure subprocessors. The following is a list of the name(s), location(s), and activities of the infrastructure subprocessors:
||Purpose; applicable services
|To provide instances of the DocuSign Signature application in Australia and in Canada.
DocuSign uses certain service-specific subprocessors to provide specific functionality within the DocuSign Signature service. The following is a list of the name(s), location(s), and activities of the service-specific subprocessors:
||Purpose; applicable services
||Customer may use an optional feature of the DocuSign Signature service to transmit documents via facsimile.
Customer may use an optional feature of the DocuSign Signature service to print documents directly to a FedEx Office location.