Posted: August 7, 2019
Effective as of: September 24, 2019
HelloSign provides on-demand electronic signature services, which includes the ability to upload, display, deliver, receive, and acknowledge documents for electronic signature. HelloSign also provides the HelloWorks service, which provides a simple way to complete complex workflows through document automation and integrated electronic signature services. We also have application programming interfaces (APIs) that allows you to build seamless embedded electronic signature or workflow/document automation services into your website, application and other properties. Finally, HelloSign also provides an electronic facsimile service, which includes the ability to upload, display, deliver, and receive faxes without a traditional fax machine through our HelloFax service.
1. Information we Collect
Information you provide to us. When registering for or using the HelloSign Service we collect personal information provided by you. For example, when you create a HelloSign account, you may provide us with your email address and a password, your phone number, your address, your name, your address, and an electronic image of your signature.
You may provide us with personal information about other individuals when you use our Service, such as when you send or receive a signature request/workflow transaction, share information about such transactions, or ask others to electronically sign documents. You may also provide us with access to your contacts to make it easy to you to do things like share and collaborate with others, send messages, and invite others to use the Services. If you share your contracts with us, we will store those contacts on our severs for you to use.
Information that we collect automatically. We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, creating, and signing documents). We use this information to provide, improve, promote our Services, and protect HelloSign users. We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services. For example, we use device information to detect abuse and identify and troubleshoot bugs.
Information that we collect from third parties. We may share and/or collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. For example:
- Advertising: We use certain Google advertising features including Google Analytics Demographics and Interest Reporting and Remarketing. Third-party vendors, including Google, may show this Sites' ads on sites across the Internet. You may opt out at any time here. We and third-party vendors, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on someone's past visits to our website.
- Mobile: We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within the application.
Information we collect and process on behalf of you. The use of information collected through our service shall be limited to the purpose for which you have engaged HelloSign. When you use our Services, we process and store certain information on your behalf as a data processor. For example, when a customer upload a documents for review or signature, we act as a data processor and process information on the customer’s behalf and in accordance with the customer’s instructions. In this situation, the customer is the data controller and is responsible for most aspects of the processing of the information. HelloSign acknowledges that you have the right to access your personal information. HelloSign has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete data should direct their questions to HelloSign’s customers (the data controller). If requested to remove data we will respond within a reasonable timeframe. If you have any questions or concerns about how information is processed in these cases, including how to exercise your rights as a data subject, we recommend contacting the relevant customer.
Cookies and other technologies. We use technologies like cookies and pixel tags to provide, improve, protect, and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. We may also use third-party service providers that set cookies and similar technologies to promote HelloSign services.
We do not recognize or respond to browser-initiated Do Not Track signals.
2. How we use your information
We may use the information we collect through our products for a number of reasons, including to:
- provide, improve, protect, and promote our products and services;
- set your account(s);
- send you records of your use of the service, including for purchases or other events;
- understand how you use our products and customize your experience;
- send you marketing communications (in accordance with your subscription preferences);
- record details about your electronic signature requests, workflows and other transactions (such as when they were opened, signed, and when/where this took place);
- provide customer support;
- respond to with your enquiries and requests;
- fix issues or problems with our products and services;
- prevent abuse of the products and services we offer; and
- carry out other lawful purposes about which we will notify our users and customers.
We may also combine the information we collect (or that is otherwise provided to us) through aggregation and other means to limit the identification of any particular individual to help with our business goals (such as research and marketing).
We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our Services, we will, from time to time, send you information about upgrades when permissible. Users who receive these marketing materials can opt out at any time. If you don’t want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or by contacting us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to respond to your request).
We sometimes contact people who don’t have a HelloSign account. For recipients in the EU, we or a third party will obtain consent before reaching out. If you receive an email and no longer wish to be contacted by HelloSign, you can unsubscribe and remove yourself from our contact list via the message itself.
Legal Basis for processing your information. We collect and use the personal data described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the 'How to contact us’ heading below.
3. How we may share your information
We may use your personally identifiable information as described below:
- Vendors and other third-party service providers. We may share your information with third parties that we use to provide and support our Services. These parties provide services such as authentication, billing and collections, customer support, or data storage. We enter into legally binding agreements with these third-party service providers that protects your personal information and are not permitted to use your information for their own purposes.
- Other Dropbox Companies. HelloSign shares infrastructure, systems, and technology with other companies owned or operated by Dropbox, Inc. (“Dropbox Companies”) to provide, improve, protect, and promote services provided by Dropbox Companies. We process your information across the Dropbox Companies for these purposes, as permitted by applicable law and in accordance with their terms and policies.
- Compliance with Law, Safety, Security, Business Transactions: We may also disclose your information to third parties: (a) where required by law or regulatory requirement, court order or other judicial authorization, (b) in response to lawful requests by public authorities, including for the purposes of meeting national security and law enforcement requirements; (c) in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganization of a business; (d) to protect or defend our rights, interests or property, or that of third parties; (e) to investigate any wrongdoing in connection with our products and services; and (f) to protect the vital interests of an individual.
- To other persons with your consent (e.g. fulfilling your fax or signature requests).
- Other users. Our Services display information like your name, profile picture, device, email address, and usage information to other users you collaborate or choose to share with. When you register your HelloSign account with an email address on a domain owned by your employer or organization, we may help collaborators and administrators find you and your team by making some of your basic information - like your name, team name, profile picture, and email address- visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and documents with you.
- If you choose to opt-in to HelloSign updates or marketing, we will email you with updates, offers, or inform you about other services and features.
4. Retention of information
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. How we protect your information
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
6. Your choices about your information
General. Upon your written request (for which email is sufficient), HelloSign will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account, or by contacting us using the contact details below. We will respond to your request within a reasonable timeframe.
European Economic Area (EEA) or Switzerland: If you are based in the EEA or Switzerland have other rights as provided below:
- Access: If you wish to access your personal information that HelloSign collects, you can do so at any time through the Service or by contacting us using the contact details provided below.
- Correction, update or deletion: You can correct, update or request deletion of your personal information through the Service interface, or by contacting us using the contact details provided below.
- Object to processing: When we reply on your consent to process your personal information, you may withdraw consent at any time by contacting us using the contact details provided below. This will not affect the lawfulness of processing prior to the withdrawal of your consent.
- Data Protection Authority: You have a right to raise questions or complaints with your local data protection authority at any time.
- Marketing: You have the right to opt-out of marketing communications we sent you at any time. You can do this by clicking the “unsubscribe” link in the marketing e-mails we sent you or by contacting us using the contact details provided below (if using the contact details please provide your complete name, e-mail address, and any other relevant information that may be required to address your request). Please note that such marketing opt-out does not impact any transaction or operation notices that we may need to send you.
7. Children’s Privacy
This site and our Services are not intended for or directed to minors. We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services. Any person who provides their information to HelloSign through the Account Login page for new customers, Signup Page, or any other part of the HelloSign Site represents to HelloSign that they are of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms. We will delete any information we discover is collected from a minor without permission from their parent(s) or legal guardian(s). Please contact us using the contact details below if you believe you may have provided HelloSign with a minor’s information without permission from their parent(s) or legal guardian(s).
8. WHERE WE MAY STORE, PROCESS, OR TRANSMIT YOUR INFORMATION
Around the world. To provide you with the Services, we may store, process, and transmit data in the United States and locations around the world—including those outside your country. Data may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, the United Kingdom, and Switzerland, HelloSign relies upon a variety of legal mechanisms, including contracts with our customers and affiliates. HelloSign complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States. HelloSign has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. You can find HelloSign’s Privacy Shield certification here. You can also learn more about Privacy Shield at https://www.privacyshield.gov.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD
HelloSign participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (each, a "Privacy Shield Framework," or "Framework"). HelloSign is committed to subjecting all personal information received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the Framework's applicable Principles (as such term is defined in each of the Frameworks). To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List (here).
HelloSign is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. HelloSign complies with the Privacy Shield Frameworks for all onward transfers of personal information from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, HelloSign is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, HelloSign may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
9. Changes to this policy
10. How to contact us
For questions or concerns regarding the collection, use, or disclosure of your information, you can contact us by sending an email to firstname.lastname@example.org.