signNow’s GDPR Compliance

SignNow’s Commitment to Data Protection

On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect within the European Union. This data privacy law regulates how businesses collect, process, and use personal data as well as gives individuals greater control over their personal data. SignNow considers the privacy of its user’s data a top priority. Learn what our team has done to comply with GDPR laws.
SignNow’s GDPR Compliance
Our commitment to you and the protection of your data.
Legal Measures
EU-U.S. Data Privacy Framework Program
SignNow participates in EU-U.S Data Privacy Framework program to ensure a secure and compliant international transfers of personal data.
Transparency
SignNow maintains a customer-facing Privacy Notice that provides information about processing customer’s personal data. It is available at https://www.signnow.com/privacy_notice and provides all details related to the purposes and details of personal data processing.
Data transfers
As part of our Privacy Notice, we’ve incorporated a data processing addendum for customers where we serve as a processor of personal data. It is based on the recommendations from the European Commission and applies to international data transfers covered by GDPR.
Data Subject Rights
Every SignNow customer can exercise its rights under GDPR by using the Privacy Request Portal provided in the Privacy Notice. Our Data Privacy team processes and fulfills all requests according to GDPR requirements.
Accountability
The company has a designated Data Privacy team that handles all privacy-related matters. SignNow systems and processes are subject to regular monitoring and audits. SignNow also maintains internal policies and procedures that document the company’s efforts in achieving GDPR compliance.
Technical Measures
Data encryption
Customer documents and information therein are encrypted in transit and at rest and accessible only by the customer. We also encrypt critical system databases. All of SignNow’s systems limit any personal information therein and ensure sensitive data is encrypted.
Vendor compliance
SignNow maintains a vendor assessment process to ensure the safety and credibility of the engaged service providers. Our vendor agreement obliges vendors to apply the measures necessary to maintain compliance with GDPR requirements.
Deletion of personal data
SignNow allows users to request deletion of personal data and means to notify customers of requests from their users.
Security and privacy compliance
SignNow complies with major security standards and regulations such as PCI DSS, HIPAA, SOC 2 and the U.S. ESIGN Act. These standards help us manage customer data, preserving security and confidentiality as required under GDPR.
Data breaches
SignNow maintains a security incident plan to address potential security or data breaches. For each potential breach incident, the company assigns a qualified response team and conducts a comprehensive risk assessment to determine the severity and potential impact of the breach.
Organizational Measures
Employee training
SignNow staff are obligated to maintain the confidentiality and security of customer data. We’ve updated our training policies to reinforce our security and privacy policies.
Device safety
SignNow applies best practices, including NIST SP 800-88 and OCR Guidance recommendations, to ensure the safety and security of its devices and hardware. We maintain Safe Password procedures to ensure password safety across the organization.
Monitoring
SignNow monitors the operation of applied safeguards on an ongoing basis. We are committed to completing an annual risk assessment to ensure we diligently address any potential risks and update ourselves to the applicable best practices.
Get legally binding signatures now!
START FREE TRIAL REQUEST A CALL
Sign up with Google