Posted: December 10, 2019
Effective as of: January 1, 2020
HelloSign provides on-demand electronic signature services, which includes the ability to upload, display, deliver, receive, and acknowledge documents for electronic signature. HelloSign also provides the HelloWorks service, which provides a simple way to complete complex workflows through document automation and integrated electronic signature services. We also have application programming interfaces (APIs) that allows you to build seamless embedded electronic signature or workflow/document automation services into your website, application and other properties. Finally, HelloSign also provides an electronic facsimile service, which includes the ability to upload, display, deliver, and receive faxes without a traditional fax machine through our HelloFax service.
1. Information we Collect
Information you provide to us. When registering for or using the HelloSign Services we collect personal information provided by you. For example, when you create a HelloSign account, you may provide us with your name, account name, alias, employment-related information (to the extent you are using an employer’s business account), email address and a password, your phone number, your address and an electronic image of your signature (“Account information”).
You may provide us with personal information about other individuals when you use our Service, such as when you send or receive a signature request/workflow transaction, share information about such transactions, or ask others to electronically sign documents (“Your content”). You may also provide us with access to your contacts (“Contacts”) to make it easy for you to do things like share and collaborate with others, send messages, and invite others to use the Services. Contacts’ information may include personal information such as a real name, alias or email address. If you share your contracts with us, we will store those contacts on our servers for you to use.
Information that we collect automatically. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, creating, and signing documents) (“Usage information”). We use this information to provide, improve, and promote our Services, and to protect HelloSign users. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, unique personal identifiers or online identifiers, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices (“Device information”). Your devices (depending on their settings) may also transmit location information to the Services. For example, we use device information to detect abuse and identify and troubleshoot bugs.
Information that we collect from third parties. We may share and/or collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. We collect information like your purchasing or consuming history or tendencies, including products or services purchased, obtained or considered (“Commercial information”). For example:
- Advertising: We use certain Google advertising features including Google Analytics Demographics and Interest Reporting and Remarketing. Third-party vendors, including Google, may show HelloSign's ads on sites across the Internet. You may opt out at any time here (https://adssettings.google.com/). We and third-party vendors, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on someone's past visits to our website.
- Mobile: We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within the application.
Information we collect and process on behalf of you. The use of information collected through our service shall be limited to the purpose for which you have engaged HelloSign. When you use our Services, we process and store certain information on your behalf as a data processor. For example, when a customer uploads documents for review or signature, we act as a data processor and process information on the customer’s behalf and in accordance with the customer’s instructions. In this situation, the customer is the data controller and is responsible for most aspects of the processing of the information. HelloSign acknowledges that you have the right to access your personal information. HelloSign has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete data should direct their questions to HelloSign’s customers (the data controller). If requested to remove data we will respond within a reasonable timeframe. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
Cookies and other technologies. We use technologies like cookies and pixel tags (more information available here: https://www.dropbox.com/terms/cookies) to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. We may also use third-party service providers that set cookies and similar technologies to promote HelloSign services.
We do not recognize or respond to browser-initiated Do Not Track signals.
2. How we use your information
We may use the information we collect through our products for a number of reasons, including to:
- provide, improve, protect, and promote our products and services;
- set your account(s);
- send you records of your use of the service, including for purchases or other events;
- understand how you use our products and customize your experience;
- send you marketing communications (in accordance with your subscription preferences);
- record details about your electronic signature requests, workflows and other transactions (such as when they were opened, signed, and when/where this took place);
- provide customer support;
- respond to your inquiries and requests;
- fix issues or problems with our products and services;
- prevent abuse of the products and services we offer; and
- carry out other lawful purposes about which we will notify our users and customers.
We may also combine the information we collect (or that is otherwise provided to us) through aggregation and other means to limit the identification of any particular individual to help with our business goals (such as research and marketing).
We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our Services, we may, from time to time, send you information about upgrades. Users who receive these marketing materials can opt out at any time. If you don’t want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or contact us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to respond to your request). Please note that such marketing opt-out does not impact any transactional or operational notices that we may need to send you.
We sometimes contact people who don’t have a HelloSign account. For recipients in the EU, we or a third party will obtain consent before reaching out. If you receive an email and no longer wish to be contacted by HelloSign, you can unsubscribe and remove yourself from our contact list via the message itself.
Bases for processing your information. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
If you have questions about, or need further information concerning, the lawful bases for processing your data, please contact us using the contact details provided under the 'How to contact us’ heading below.
3. How we may share your information
We do not sell your information. We may share your personally identifiable information as described below:
- Vendors and other third-party service providers: We may share your information with third parties that we use for the business purposes of helping us to provide and support our Services. These parties provide services such as authentication, billing and collections, customer support, or data storage. We enter into legally binding agreements with these third-party service providers that protect your personal information and forbids such providers from using your information for their own purposes. These third parties (https://www.hellosign.com/subprocessors) will access your information to perform tasks on our behalf, and we’ll remain responsible for their handling of your information per our instructions.
- HelloSign has collected and disclosed the following categories of personal information, as described above, to vendors and third-party service providers in the preceding 12 months:
- Account Information: includes your identifying information, which could be your real name, alias, unique personal identifier or online identifier, and it could include other personal information like your postal address, Internet Protocol address, email address, account name or similar identifiers.
- Commercial information: such as your purchasing or consuming history or tendencies, including products or services purchased, obtained or considered.
- Your content: what you and your users decide to input into the fields in the HelloSign and HelloWorks forms that you create and/or fill out.
- Contacts: includes identifying information about contacts that you’ve chosen to give us access to, like a real name, alias or email address.
- Usage information: includes information relating to your use of the Services. Because HelloSign provides online services, this may include internet or other electronic network activity information, such as information regarding your interaction with websites, applications, or advertisements.
- Device information: information about the particular devices you use to access the Services, which may include Usage information or device-specific information, such as an online identifier or Internet Protocol address, or geolocation data.
- Cookies and other technologies: technologies like cookies and pixel tags. These technologies can lead to the collection of online identifiers, Internet Protocol address, or other similar identifiers, as well as Usage information.
- Other Dropbox Companies: HelloSign shares infrastructure, systems, and technology with other companies owned or operated by Dropbox, Inc. (“Dropbox Companies”) to provide, improve, protect, and promote services provided by Dropbox Companies. We process your information across the Dropbox Companies for these purposes, as permitted by applicable law and in accordance with their terms and policies.
- Compliance with Law, Safety, Security, and Business Transactions: We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of HelloSign or our users; (d) protect HelloSign’s rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
- To other persons with your consent (e.g. fulfilling your fax or signature requests).
- Other users: Our Services display information like your name, profile picture, device, email address, and usage information to other users you collaborate or choose to share with. When you register your HelloSign account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your team by making some of your basic information - like your name, team name, profile picture, and email address - visible to other users on the same domain. This helps you sync up with teams you can join, and helps other users share files and documents with you.
- If you choose to opt-in to HelloSign updates or marketing, we will email you with updates and offers, or inform you about other services and features.
4. Retention of information
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. How we protect your information
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
6. Your choices about your information
Upon your written request (for which email is sufficient), HelloSign will provide you with information about whether we hold any of your personal information, the business or commercial purpose for collecting it, the types of sources we got it from and types of third parties we’ve shared it with. You may submit a data access request, request that your personal data be deleted, or object to the processing of your personal information by logging into your account, or by contacting us using the contact details below. We will respond to your request within a reasonable timeframe.
7. Children’s Privacy
This site and our Services are not intended for use by or directed to minors. We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services. Any person who provides their information to HelloSign through the Account Login page for new customers, Signup Page, or any other part of the HelloSign Site represents to HelloSign that they are of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms. We will delete any information we discover is collected from a minor without permission from their parent(s) or legal guardian(s). Please contact us using the contact details below if you believe you may have provided HelloSign with a minor’s information without permission from their parent(s) or legal guardian(s).
8. WHERE WE MAY STORE, PROCESS, OR TRANSMIT YOUR INFORMATION
Around the world. To provide you with the Services, we may store, process, and transmit data in the United States and locations around the world—including those outside your country. Data may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, the United Kingdom, and Switzerland, HelloSign relies upon a variety of legal mechanisms, including contracts with our customers and affiliates. HelloSign complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States. HelloSign has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. You can find HelloSign’s Privacy Shield certification here (https://www.privacyshield.gov/list). You can also learn more about Privacy Shield at https://www.privacyshield.gov.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider, JAMS, free of charge, at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, HelloSign is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, HelloSign may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Our EEA Representative. Dropbox International has been appointed as HelloSign’s representative in the EEA for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. Dropbox International can be contacted in matters related to the processing of Personal Data. To make such an inquiry, please contact Dropbox International by emailing email@example.com. If they can’t answer your question, you have a right to raise questions or complaints with your local Data Protection Authority at any time.
9. Changes to this policy
10. How to contact us
For questions or concerns regarding the collection, use, or disclosure of your information, you can contact us by sending an email to firstname.lastname@example.org.