Privacy Notice
Version Date: January 10, 2024
Purpose
At Docusign, protecting privacy is a key priority. The purpose of this document is to set out how Docusign, Inc. and its affiliates (“us,” “our,” or “we”) collect, use, store, or otherwise process personal information about customers and other individuals (collectively "you") who access or use our websites, including docusign.com and docusign.net, our mobile applications, our web client or professional client, and/or any of our other websites, products, or services that link to this Privacy Notice (the “Services”). By using our Services, you understand that we will collect and use your personal information as described in this Privacy Notice.
In some cases, we may process your personal information pursuant to an agreement with a third-party organization. In those cases, the terms of that agreement may govern how we process your personal information. If you believe a third-party organization has asked us to process your personal information on their behalf, please consult with them in the first instance, as they will be responsible for how we process your information. This Privacy Notice (“Notice”) does not apply to any third-party websites and apps that you may use, including those to which we link in our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.
Docusign’s core product and Services help users create, complete, and show the validity of digital or electronic transactions, such as electronically signing a contract for mobile phone services or placing a digital signature on a loan application. As part of our Services, users want us to collect and record information that helps the parties prove the validity of the transactions, such as the names of the persons who are involved in the transactions and the devices those persons use.
We recommend that you read this Notice in full to ensure you are fully informed about the way we collect, use, store, or otherwise process your personal information as well as your privacy rights. However, if you want to skip to a particular section of this Notice, please refer to the table of contents below.
1. Collection of Personal Information
You have choices about whether you visit our websites, install our apps, or provide personal information to us. However, if you do not provide us with certain personal information, you may not be able to use some functionalities of our Services. For example, if you do not adopt an electronic signature, then you will not be able to sign certain electronic documents on our Service. For choices and rights you may have, please see Sections 5 and 8 of this Notice.
Personal Information We Collect from You. You provide us with personal information about yourself when you:
Register or log in to your account.
Start, sign, or review an electronic document.
Create or edit your user profile.
Contact customer support.
Comment on our blogs or in community forums.
Participate in surveys, sponsored events, sweepstakes, or when you sign up for newsletters.
You also provide us with personal information about others when you use parts of our Services, such as when you:
Start or participate in an electronic transaction, such as an envelope within Docusign Signature.
Share information in Docusign Rooms Service.
Add others as a member to an existing account.
Leave comments.
Refer friends.
Your main choice for this type of personal information is simply not providing it, such as by not creating a profile or not leaving a comment in a blog. For other choices you may have, please see Section 5 of this Privacy Notice.
Examples of the categories of personal information you may provide are:
Identifiers and Contact Information. This includes your name, email address, mailing address, phone number, or electronic signature.
Commercial Information. This includes billing and payment information (e.g., credit card number, expiration date, visual cryptogram), and products or services purchased.
Your Account Data. This includes your login information (email and password) and user profile information (contact details, including your name, email address, and photo (if uploaded)).
Other Contacts Data. When you grant us permission, information about your authorized contacts (e.g., name, email address) and an image of the contact (if uploaded) on your device that can be used to save as their profile image on your account.
Customer Service and Communications Information. This includes questions and other messages or feedback you address to us directly through online forms, by email or via our feedback surveys or customer support channels. If you use any of our chat features we may use to communicate with you, we may collect personal information you voluntarily provide during your interactions, such as your name, email address, contact details, or any other information you choose to share and retain a transcript of your chats for the purposes set forth in this Notice.
Personal Information We Collect Automatically. We may automatically collect personal information from you and your devices when you use our Services, including when you visit our websites or apps without logging in. For choices you may have on what information we automatically collect, please see Section 5 of this Privacy Notice.
We collect personal information about how you use our Services and the devices (e.g., computers, mobile phones, tablets) you use to access our Services. This may include, but is not limited to, the following:
Device Data. This includes IP address, unique device identifiers, and device attributes, such as operating system and browser type.
Usage Data. This includes web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date(s) and time(s) you used our Services, the frequency of your use of our Services, error logs, and other related information.
Transactional Data. This includes IP addresses and authentication methods of parties to a transaction, subject line, history of actions that individuals take in connection with a transaction (e.g., review, sign, enable features), and information about those parties’ devices.
Marketing and Advertising Data. This includes your interests based on your use of our Services and other websites and online services, preferences in relation to receiving marketing materials from us, communication preferences, and your preferences for particular products and services.
Some of the information we collect automatically is captured using cookies, which are text files containing small amounts of information that are downloaded on your device or related technologies, such as web beacons, local shared objects, and tracking pixels, to collect and/or store information. For additional information about cookies and related technologies, including details of how to opt-out, please read our Cookies Notice (https://www.docusign.com/company/cookie-policy) and “Your Privacy Rights and Choices” below.
Personal Information We Collect from Other Sources. Subject to applicable law, we may collect personal information about you from others, such as:
Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, affiliates (companies under common ownership or control of Docusign), service providers, and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.
Other Customers. Other customers may give us your personal information. For example, if a customer wants you to sign an electronic document in our Services, he or she will give us your email address and name.
Combining Personal Information from Different Sources. We may combine the personal information we receive from other sources with personal information we collect from you (or your device) and use it as described in this Notice.
Personal Information We Collect & Process on Behalf of Customers. When our business customers use certain Services, we generally process and store limited personal information on their behalf as a data processor. For example, in the context of Docusign eSignature, when a customer uploads contracts or other documents for review or signature, we act as a data processor and process the documents on the customer's behalf and in accordance with their instructions. In those instances, the customer is the data controller and is responsible for most aspects of the processing of the personal information. For certain products such as Docusign’s Contract Lifecycle Management (CLM) and Identity products, we may act as a processor and as a controller in certain circumstances (e.g., retention of transactional data to comply with Docusign’s legal obligations). If you have any questions or concerns about how personal information is processed in these cases, including how to exercise your rights as a data subject, you should contact the customer (either your employer or the individual or entity requesting your signature). If we receive any rights requests concerning instances where we act as a data processor, we will forward your query on to the relevant customer.
2. Use of Personal Information and Lawful Bases for Processing
In general, and subject to applicable law, we will use your personal information to provide, maintain, and improve our Services, develop new Services, and market our Docusign products and Services. Please see the section below entitled "Further Information on the Personal Information We Process and Our Purposes," which provides more specific information on these purposes, examples of the types of information processed for these purposes, and the lawful bases (i.e., legal grounds) on which we rely to process it.
Lawful Basis for Processing Your Personal Information. If applicable data protection law requires a lawful basis for processing, and where Docusign acts as a data controller, our lawful basis for collecting and using the personal information described in this Notice will depend on the type of personal information concerned and the specific context in which we collect or use it.
We normally collect or use personal information only where we need the personal information to perform a contract with you or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. In certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal data.
If we process sensitive personal information about you, as well as ensuring that one of the lawful bases referenced above applies, we will make sure that one or more of the grounds for processing sensitive personal information applies.
Note that in situations where Docusign acts as a processor, it is our customer who determines the appropriate legal basis associated with processing activities, and queries about the applicable lawful basis should be directed to them.
Further Information on the Personal Information We Process and Our Purposes
The table below provides more specific information on our purposes, the types of information that may be processed, and the legal bases on which we process it. The examples provided in the table cannot, of course, be exhaustive.
Depending on the jurisdiction in which you live, there may be other applicable lawful bases for processing your personal information that are not listed here. If you have questions about our lawful bases or need further information, please contact us using the contact details provided in Section 11 of this Notice.
Purpose | Examples of personal information that may be processed | Lawful basis for processing |
---|---|---|
Provide you with and collect payment for the products and Services you request | Identifiers and Contact Information Commercial Information Account Data Contact and Image Data Customer Service and Communications Information Transactional Data Device Data Location Data | Contract Consent (in the case of processing of Location Data) |
Create your account and manage your relationship with us (e.g., communicating with you, providing you with requested information) | Identifiers and Contact Information Account Data Contact and Image Data Customer Service and Communications Information Location Data | Contract Legitimate interests (to operate, provide and improve the Services; or to communicate with you, where our communications are not necessary to perform or enter into a contract with you). Consent (in the case of processing Location Data) |
Record details about transactions involving electronic documents (e.g., who initiated, viewed, or signed the documents; signers’ IP addresses; timestamps) | Identifiers and Contact Information Account Data Contact and Image Data Device Data Transactional Data | Contract Legitimate interests (to operate, provide and improve the Services) |
Gather and record data associated with the use of a digital certificate or digital signature | Identifiers and Contact Information (specifically, your electronic signature) Transactional Data | Contract Legal obligation |
Maintain and improve the security of the Services | Account Data Device Data Usage Data Transactional Data Location Data | Legitimate interests (to operate, provide and improve the Services; to detect or prevent illegal activities; and to manage the security of our IT infrastructure and the Services, and the safety and security of our employees, customers and vendors). |
Troubleshoot the Services, including answering support questions, customer education and training, and resolving disputes | Identifiers and Contact Information Account Data Customer Service and Communications Information Device Data Usage Data Transactional Data | Legitimate interests (to operate, provide and improve the Services; and to communicate with you). |
Prevent, investigate, and respond to fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior | Identifiers and Contact Information Account Data Device Data Usage Data Transactional Data Location Data | Contract Legitimate interests (to operate, provide and improve the Services; to detect or prevent illegal activities; and/or to manage the security of our IT infrastructure and the Services, and the security of our employees, customers, and vendors). |
Analyze, improve, and enhance the Services and research and develop new features and products | Customer Service and Communications Information (more specifically, any product feedback you provide via surveys) Device Data Usage Data Transactional Data Location Data | Consent (where required by applicable law) Legitimate interests (to operate, provide and improve the Services; and use insights to research and develop new products and services).
|
Building, training and maintaining our artificial intelligence models through machine learning that power certain of our Services using de-identified Customer Data (with customer consent) | Customer Data (as defined in Docusign Master Services Agreement or Docusign Sites & Services Terms and Conditions (as applicable)) Usage Data Transactional Data | Consent (where required under applicable law) Consent (in the case of processing Location Data) |
Choose and deliver content and tailored advertising, support the marketing and advertising of our Services and measure the effectiveness of our campaigns | Account Data Usage Data Marketing and Advertising Data | Consent (where required under applicable law) Legitimate interests (to improve our business; to promote our products and services; and to use the insights to improve or develop our marketing activities). |
Send you information about new features, products, or special events by email or phone or send you marketing communications about third-party products and services we think may be of interest to you | Identifiers and Contact Information Marketing and Advertising Data | Consent (where required under applicable law) Legitimate interests (to improve our business; to promote our products and services; and to develop marketing activities) |
Run surveys sweepstakes, contests, and refer-a-friend programs | Identifiers and Contact Information Your Account Data Other Contact Data Customer Service and Communications Information | Legitimate interests (to drive customer engagement; to promote our products and services; and to collect user feedback) |
Comply with legal and regulatory obligations to which we are subject | Identifiers and Contact Information Account Data Commercial Information Transactional Data Location Data Customer Service and Communications Information | Legal obligation |
Protect our legal rights, for example to establish, exercise, or defend our rights in legal claims | Any information relevant or potentially relevant to a dispute or legal proceeding affecting us. | Legitimate interests (to protect our business interests) |
Other Uses. We may aggregate the personal information we collect, or insights generated or derived from the use of our Services, or remove pieces of personal information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like marketing, research and product development (including training our artificial intelligence models that power certain of our Services). Where such information has been aggregated and anonymized so that it is no longer considered personal information under applicable data protection law, this Notice does not apply.
AI Model Training. AI models must be trained in order to perform accurately. Through training, an AI model learns to recognize patterns and make predictions. Docusign has implemented role-based access controls and technical and organizational security measures to help minimize the privacy impact to individuals when we train our AI models. We intentionally design our systems with functionality to avoid training models using personal information that customers may enter into our Services (except when we have consent from a customer to do so). Docusign is committed to developing our Services that involve AI technology in accordance with our AI Innovation Principles.
3. Disclosures of Personal Information
Subject to applicable law, including to the extent applicable law requires us to obtain consent, we may disclose personal information as follows:
Service Providers. We disclose your personal information to service providers we use to support our Services. These companies provide services like intelligent search technology, intelligent analytics, advertising, authentication systems, bill collection, fraud detection, and customer support. We have contracts with our service providers with applicable privacy and data protection language and controls that require the safeguarding and lawful and proper use of your personal information.
Affiliates. We may disclose your personal information to other companies under common ownership or control with Docusign. These companies use your personal information as described in this Notice.
Joint Marketing Partners. We may provide your personal information to sponsors of events, webinars, or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.
Advertising and Marketing Partners. We may allow third-party advertising and marketing technologies and parties that support our advertising and marketing efforts (e.g., ad networks, ad measurement services, advertising analytics providers, remarketing providers, etc.) on our marketing websites that use cookies and similar technologies to deliver relevant and targeted content and advertising to you on the marketing websites and other websites you visit and applications you use. Note that we do not deploy third-party advertising cookies in our products used by customers, such as eSignature, Contact Lifecycle, and Identify or disclose customer data to advertising and marketing partners.
Public or Government Authorities. We may disclose your personal information to comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative, or judicial process, such as a subpoena, government audit, or search warrant where we are legally compelled to do so. We also may disclose your information when there are threats to the physical safety of any person, violations of Docusign policies or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
Corporate Transactions. Your personal information may be disclosed or transferred to relevant third parties in the event of, or as part of the due diligence for, any proposed or actual reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding). If a corporate transaction occurs, we will provide notification of any changes to the control of your information, as well as choices you may have.
Consent. We may disclose your personal information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your personal information may also be disclosed as described below:
Other Docusign users. When you allow others to access, use, or edit content in your account, we provide that content to them. For example, if you send an envelope to others for review or signature, we make the contents of the envelope available to them.
Payment Processors. When you make a payment to another user within our Services, we disclose your payment method details to the third-party payment processor selected by you.
Public Information.
User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
Profile Information. When you create a Docusign profile, other Docusign users can view your profile information. If you would like to make this information private, please visit your account settings.
Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor, or member of an organization (e.g., [email protected] or [email protected]), that organization (if it is a Docusign customer with certain features) can find your account and take certain actions that may affect your account.
4. Retention of Personal Information
We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws as set out in our data retention policy and information handling standards. Generally, this means we retain your personal information to comply with any retention compliance obligations or statutory requirements or for purposes of performing a contract with you. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it through implementing appropriate organizational technical and security measures.
5. Your Choices
This section describes many of the actions you can take to change or limit the collection, use, storage, or other processing of your personal information.
Profile. You are not required to fill out a profile. If you do, you can access and review this personal information. If any personal information is inaccurate or incomplete, you can make changes in your account settings.
Marketing Messages. You can opt out of email marketing messages we send you by clicking on the “unsubscribe” link in the email message or unsubscribe here (https://pref.docusign.com/preference-center). Please note that we may send you one message to confirm that you want to opt-out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages. If you would like your phone number added to our internal Do-Not-Call list to opt out of telemarketing messages, please contact us via the Docusign Privacy Request Portal. Please include your first name, last name, company, and phone number. You can also let us know at any time, including during a telemarketing call, that you do not want to be called again for telemarketing purposes.
Cookies and Other Related Technology. You can decline cookies through your browser settings or via the Docusign Cookie Preference Center and other methods detailed in our Cookie Notice (https://www.docusign.com/company/cookie-policy). However, if you decline cookies, you may not be able to use some parts of our Services. Please note we do not recognize or respond to browser-initiated Do Not Track signals.
Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
Closing Your Account. If you wish to close your account, please log in to your account and edit your plan. For more information, click here: https://support.docusign.com/en/articles/How-do-I-cancel-or-downgrade-my-account.
Complaints. We are committed to resolving valid complaints about your privacy and our collection, use, storage, or other processing of your personal information. For questions or complaints regarding our data use practices or this Notice, please contact us via the Docusign Privacy Request Portal.
6. Your Privacy Rights and Choices
Rights Regarding Your Personal Information. You may have certain rights related to your personal information, subject to local data protection laws, as described in more detail below. To exercise any of these rights, please contact us via the Docusign Privacy Request Portal. If you are a California resident, you can find more information about your rights with respect to your personal information in Section 8 (“Notice to California Residents”) below.
You also can request the following information: how we collect and use your personal information and why; the categories of personal information involved; the categories of recipients of your personal information; how we received your personal information and its source; our business purpose for using your personal information; and how long we use or store your personal information or the manner in which we determine relevant retention periods.
You have a right to correct inaccurate personal information about you, and you should notify us immediately if you believe the personal information we hold about you is inaccurate, incomplete, or out-of-date.
In certain situations, you can ask that we erase or stop using your personal information, object to or restrict the use of your personal information, or export your personal information to another controller.
Where we rely on your consent to process your personal information, you have the right to decline consent and/or, if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes. See Section 5 (“Your Choices”) of this Notice for more information on your choices.
If you are unsatisfied with our response to your complaint, you have a right to raise questions or complaints with your local data protection authority at any time.
Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.
If you make a request to exercise the rights referenced above, we will require you to provide certain information for identity verification purposes. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may require you to provide additional information from which we can confirm your identity. You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
Certain personal information may be exempt from such requests under applicable law. We need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
If you wish to exercise these rights, please contact us via the Docusign Privacy Request Portal.
Right to Opt-Out of Sales of Personal Information and Processing of Personal Information for Targeted Advertising Purposes. Depending on your jurisdiction, you may also have the right to opt out of “sales” of your information and “processing of your information for targeted advertising purposes.”
As explained in Section 3 (“Disclosure of Your Personal Information”) above, we sometimes disclose information to third-party partners that help us market our products and services to you across platforms. This disclosure of information may be considered a “sale” or “processing of your personal information for targeted advertising purposes” under applicable laws.
If you would like to opt out of such “sales” or “processing” for targeted advertising purposes through cookies and similar online technologies, please click on the “Your Privacy Choices” link in our website footer. To opt out of these activities that are not based on cookies, please email us [email protected]. Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit such requests on your behalf. Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally required affirmative authorization.
Please note that if you have a legally recognized browser-based opt-out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.
Transfers to the U.S. and Third Countries. Subject to applicable law, we may transfer your personal information outside of your jurisdiction, including for further processing. Docusign has adopted Binding Corporate Rules to facilitate the transfer of personal information from the European Economic Area and/or United Kingdom ("EEA") to Docusign outside of the EEA. Transfers outside the Docusign group are only made to organizations that agree to adhere to the standards in our Binding Corporate Rules or use another valid alternative (such as EU Standard Contractual Clauses) under data protection law. You may view our Binding Corporate Rules at https://www.docusign.com/trust/privacy/bcrp-privacy-code and https://www.docusign.com/trust/privacy/bcrc-csb-code and our Law Enforcement Guidelines at https://www.docusign.com/legal/law-enforcement.
7. Children's Privacy
Our Services are not designed for and are not marketed to people under the age of 18 or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us via the Docusign Privacy Request Portal if you believe we might have personal information from or about a minor that should be removed from our system.
8. Notice to California Residents
In addition to the other information and rights described in this Privacy Notice, California residents are also entitled to certain additional information and have certain additional rights under the California Consumer Privacy Act (“CCPA”) with respect to their personal information. If you are a resident of California (a “Consumer” as defined by the CCPA), this section of the Privacy Notice applies to you. If you are not a Consumer, this section does not apply to you and you should not rely on it.
A. Information We Collect and How We Use and Disclose It
Below is a summary of the categories of personal information – including sensitive personal information – that we have collected in the past 12 months leading up to the effective date of this Notice, as well as the purposes for which we use the information and the categories of third parties to whom we disclose or “sell/share” the information.
Categories of Personal Information Collected | Purpose of Use | Categories of Third Parties to Which Information is Disclosed for Business Purposes | Categories of Third Parties to Which Information is Sold/Shared |
---|---|---|---|
Identifiers (e.g., name, email address, physical address, phone number, electronic signature, device identifiers) | Provide and collect payments for the Services. Communicate with you. Market our or third parties’ features, products, or special events that may be of interest to you. Run sweepstakes, contests, and refer-a-friend programs. Choose and deliver tailored content and advertising. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform, including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Payment processors Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | Advertising and marketing partners |
Commercial information, including financial or payment information and transaction information | Provide and collect payments for the Services. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform, including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Payment processors Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Other parties to the transaction (transaction history information only) | N/A – we do not sell/share this information |
Customer service information (e.g., questions and other messages you address to us directly through online forms, by email, over the phone, or by post) | Provide the Services. Communicate with you. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | N/A – we do not sell/share this information |
Internet or other electronic network activity information (e.g., IP address, device identifiers, and device attributes, cookie IDs, data about how you interact with the Services) | Provide the Services. Market our or third parties’ features, products, or special events that may be of interest to you. Choose and deliver tailored content and advertising. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | Advertising and marketing partners |
Geolocation data, including your approximate location based on IP address or wifi triangulation or precise GPS location with your consent and consistent with your device settings | Provide the Services. Market our or third parties’ features, products, or special events that may be of interest to you. Choose and deliver tailored content and advertising. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | Advertising and marketing partners |
Information about others, such as if you submit information about other parties to a transaction or for a refer-a-friend program | Provide the Services. Market our or third parties’ features, products, or special events that may be of interest to you. Run sweepstakes, contests, and refer-a-friend programs. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | N/A – we do not sell/share this information |
Inferences drawn from the above information | Provide the Services. Market our or third parties’ features, products, or special events that may be of interest to you. Choose and deliver tailored content and advertising. Analyze and improve the Services and develop new features and products. Troubleshoot the Services, including answering support questions and resolving disputes. Manage the Services platform including support systems and security. Prevent, investigate, and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Affiliates Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | Advertising and marketing partners |
Sensitive personal information, including username/password and credit card or financial account number | Provide the services Manage the Services platform, including support systems and security. Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior. Comply with legal obligations. Meet legal retention periods. Establish, exercise, or defend our rights in legal claims. | Service providers Payment processors (credit card and financial account number only) Entities for legal and security purposes Entities for sales or transfer of business or assets Others with your consent | N/A – we do not sell or share this information |
B. The Right to Opt-Out of Sales/Sharing of Personal Information
Consumers have the right to opt out of “sales” of their personal information or “sharing” of their personal information for cross-context behavioral advertising purposes under the CCPA. As explained in our Privacy Notice above, we may allow third-party advertising and marketing technologies and parties that support our advertising and marketing efforts (e.g., ad networks, ad measurement services, advertising analytics providers, remarketing providers, etc.) on our Services that use cookies and similar technologies to deliver relevant and targeted content and advertising to you on the Services and other websites you visit and applications you use. This type of information collection and disclosure can be considered to be a “sale” or “sharing” for cross-context behavioral advertising purposes under the CCPA.
Please note that we do not knowingly sell the personal information of minors under 16 years of age without legally required affirmative authorization.
If you would like to opt out of such “sales” or “processing” for targeted advertising purposes through cookies and similar online technologies, please click on the “Your Privacy Choices” link in our website footer. To opt out of these activities that are not based on cookies, please email us at [email protected]. If you have a legally recognized browser-based opt-out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.
C. Information Rights
Consumers have other rights with respect to their Personal Information under the CCPA. This includes the right to request that we:
Provide you the categories of personal information we have collected or disclosed about you in the last 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
Provide access to and/or a copy of specific pieces of information we hold about you.
Delete certain information we have about you.
Correct inaccurate personal information we have about you.
You may have the right to receive information about the financial incentives that we offer to you (if any). You have the right not to be discriminated against for exercising your CCPA rights. We will not deny, charge different prices for, or provide a different level of quality of goods or services with respect to Consumers who choose to exercise their CCPA rights.
Consumers may submit requests to access, delete, or correct their personal information using any of the following methods:
You may contact us via the DocuSign Privacy Request Portal.
You may contact us by mail as outlined in Section 11.
For security purposes, we will attempt to verify your identity prior to fulfilling your request. If you have an account with us, we may verify your identity through your login to your account. If you do not have an account with us, we may need to respond to your request or otherwise contact you to request additional information from you to verify your identity (including, but not limited to your name, email address, or telephone number).
If we can verify your identity, we will respond to your request to the extent we are able to and as required by law. If we cannot verify your identity, we may request additional information from you or we may deny your request. If we are unable to fulfill your request in its entirety, we will provide further information to you about the reasons that we could not comply with your request.
Certain personal information may be exempt from such requests under applicable law. In addition, we need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
D. Authorized Agents
Consumers may designate an agent to make CCPA requests on their behalf. For Consumers who do so, we will take steps to verify both the identity of the consumer seeking to exercise their rights as described above, and to verify that the consumer’s agent has been authorized by them to make a request on their behalf by requesting a signed written authorization or a copy of a power of attorney.
E. “Shine the Light”
California residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. This list also contains the types of personal information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please contact us via the Docusign Privacy Request Portal.
9. How We Protect Your Personal Information
We have implemented appropriate technical, physical, and organizational measures to protect your personal information from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access, as well as all other forms of unlawful processing. To achieve this, we have developed and implemented an Information Security Management System and other sub-policies and guidelines relating to the protection of your personal information. For example, our staff is permitted to access customer personal information only to the extent necessary to fulfill the applicable business purpose(s) and to perform their job, subject to confidentiality obligations.
10. Changes to This Privacy Notice
We may amend this Notice to reflect changes in the law, our companies, our Services, our data processing practices, or advances in technology. Our use of the personal information we collect is subject to the Privacy Notice in effect at the time such personal information is used. Depending on the type of change, we may notify you of the change by posting on this page.
11. How to Contact Us
For questions or complaints regarding our use of your personal information or this Notice, please contact us at [email protected] or by sending a letter to Docusign Inc., Attention: Privacy Team, 221 Main Street, Suite 800, San Francisco, CA 94105.
If you are a visitor from the EEA, please contact Docusign International (EMEA) Ltd. at [email protected] or by sending a letter to Docusign International (EMEA) Ltd, Attention: Privacy Team, 5 Hanover Quay, Ground Floor, Dublin 2, Republic of Ireland.
12. Supplemental Privacy Disclosures for Customers and/or Users in Certain Countries
If you reside in one of the following countries, the below Privacy Notice also applies to the processing of your personal information. To the extent there is a conflict between the country-specific language below and the provisions above, the below provisions control to the extent of that conflict.
Australia
Transfers and Disclosures to the U.S. and Third Countries. We may transfer or disclose your personal information to recipients in the following countries: Australia, Brazil, Canada, Germany, United States, France, United Kingdom, Mexico, Singapore, Ireland, Egypt, Israel, India, Japan, Costa Rica, Norway, Philippines, Sweden, Spain, Uruguay, and Georgia.
How We Protect Your Personal Information. Your personal information is likely to be stored on IT infrastructure located within Australia, United States, European Union, and/or Canada.
How to Contact Us. To submit a complaint regarding our compliance with Australian law, please contact us at one of the addresses listed above. We will take reasonable steps to investigate the complaint and respond to you within a reasonable timeframe.
Brazil
Purpose. For customers or users located in Brazil, the controller is Docusign Brasil Soluções Em Tecnologia Ltda, located at Tower Bridge Corporate, 02º Andar Conj. 21, Avenida Jornalista Roberto Marinho, 85, São Paulo, Brazil, Reg no. 35.218.051.742.
Your Privacy Rights. In addition to the rights listed above, customers and users located in Brazil have the right to:
Confirm the existence of processing;
Correct inaccurate or out-of-date information;
Request the anonymization, blocking, or elimination of unnecessary or excessive personal information processed in noncompliance with Brazilian data protection law;
Request the revision of decisions made solely on the basis of automated processing of your personal information whenever they affect your interests;
Obtain information about the entities to which we disclose your personal information; and
Brazilian residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. This list also contains the types of personal information disclosed. We provide this list at no cost. We will provide this information within 15 (fifteen) days from the date of your request, respecting our commercial and industrial secrecy. If you are a Brazilian resident and would like to request this information, please contact us via the Docusign Privacy Request Portal).
Canada
Transfers to the U.S. and Third Countries. We may transfer your personal information outside of your jurisdiction for further processing where it will be subject to that foreign jurisdiction’s law.
France
Purpose. For customers or users located in France, the controller is Docusign France SAS, located at Immeuble Central Park, 9-15 rue Maurice Mallet, 92130 Issy-les-Moulineaux, France.
Your Privacy Rights.
You have the right to object, on legitimate grounds, to the processing of your personal information, except where we are obliged to process such personal information in compliance with our legal obligations or where we cannot satisfy this request, based on a prohibition from a statutory provision.
Under specific conditions, you have the right to give instructions on how you would like us to store, delete, or disclose your personal information after your death. Please contact us for more information about this.
If you are unsatisfied with our response to a complaint, you have a right to raise questions or complaints with the French supervisory authority (Commission Nationale de l'Informatique et des Libertés – "CNIL") at any time. You can contact this authority by sending a letter to the CNIL at 3 Place de Fontenoy, 75007 Paris, France, or by phone at +33 1 53 73 22 22.
If you make a request to exercise the privacy rights referenced above, we will take reasonable steps to verify your identity. You may authorize an agent to make a request to us on your behalf. In order to do so, we will verify the identity of your agent or authorized legal representative and require proof of your own identity. We can only satisfy such a request if the documents that establish the agent’s authorization to act on your behalf contain the precise duration and purpose of such authorization, and confirmation of whether your agent is entitled to be the recipient of the information we will send.
Israel
Collection of Personal Information. You are not legally required by law to provide us with the personal information described in Section 1.
Transfers to the U.S. and Third Countries. We may transfer your personal information outside of your jurisdiction for further processing. If you are a resident in a jurisdiction where transfer of personal information related to you to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer.
Philippines
How to Contact Us. For questions or complaints regarding our processing of your personal information or this Notice, you may contact Cindy Rosser (Chief Privacy Officer) by sending an email to [email protected], by phone at +1 877 720 2040, or by sending a letter to Docusign, Inc., Attention: Chief Privacy Officer, Legal Department, 221 Main Street, Suite 800, San Francisco, CA 94105.