Privacy Policy

1. Introduction

Giga Signature ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature service in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Personal Data

We may collect the following categories of personal data:

• Identity Data: first name, last name, username
• Contact Data: email address, telephone number, postal address
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: information about how you use our website and services
• Transaction Data: details about signatures, documents, and other transactions between you and us
• Marketing and Communications Data: your preferences in receiving marketing from us and your communication preferences

3.2 Special Categories of Personal Data

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

4. Legal Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Contract Performance: Where it is necessary for the performance of a contract to which you are a party
• Legal Obligations: Where it is necessary for compliance with a legal obligation
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Consent: Where you have given clear consent for us to process your personal data for a specific purpose

5. How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain our electronic signature services
• To verify your identity and authenticate signatures
• To manage your account and provide customer support
• To comply with legal and regulatory requirements (including eIDAS regulations)
• To send you important notices about your account or our services
• To improve our services and develop new features
• To protect against fraud and ensure security
• To send marketing communications (with your consent)

6. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

For electronic signature records, we retain data for a minimum of 10 years in compliance with eIDAS regulations. Other personal data is retained based on the following criteria:

• The duration of our relationship with you
• Legal obligations requiring us to retain data
• Whether retention is advisable in light of our legal position

7. Data Sharing and Transfers

7.1 Third Party Sharing

We may share your personal data with:

• Service Providers: Companies that provide services on our behalf (e.g., cloud storage, email services)
• Professional Advisers: Lawyers, bankers, auditors, and insurers
• Regulatory Authorities: Government agencies and regulatory bodies as required by law
• Other Parties: In connection with a merger, acquisition, or sale of assets

7.2 International Transfers

We ensure that any transfer of personal data outside the European Economic Area (EEA) is protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: Request access to your personal data
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request restriction of processing of your personal data
• Right to Data Portability: Request transfer of your data to another controller
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your personal data

To exercise any of these rights, please contact us at privacy@gigasignature.com. We will respond to your request within one month of receipt.

9. Data Security

We have implemented appropriate technical and organizational measures to secure your personal data against accidental loss, unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

10. Cookies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information, please refer to our Cookie Policy.

11. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. For France, the supervisory authority is: