This is an agreement between the Service Provider and the Customer and is governed by and is an integral part of the Terms and Conditions.
Under the GDPR regulation you have the following rights:
- the right to be informed
- the right to access data we hold about the individual
- the right to have data rectified, if inaccurate
- the right to withdraw consent, and to be forgotten
- the right to have data blocked from further processing
- the right to object to direct marketing
You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer via email at email@example.com and attaching application with qualified electronic signature or visiting the company office in person.
We collect and associate with your User Account the information you provide us, for example: names, addresses, email addresses, phone numbers and billing information. We are acting as Data Controllers for this information. This information is stored and processed within the EU/EEA.
We keep, process and transmit your uploaded documents and information related to them. This data is processed solely in accordance with the directions provided by you. We are acting as a Data Processor for this information. This information is stored and processed within the EU/EEA.
We collect information related to how you use the Services. We may collect information like IP addresses, device information and the way you use our Services. This is for improving our Services for our Customers. Should this purpose require us to process Customer Data, the data will only be used in an anonymous form. We might use third-party tools to collect information regarding visitor behaviour and visitor demographics on our Services (see the Cookies and Analytics section below). We are acting as a Data Controller for this information.
We only share your personal information with third parties if one of the following applies:
- If we have your consent
- In case your Account is managed for you by an Account Administrator, this Account Administrator will have full access to your Account. The Account Administrator is able to access all your uploaded data (Customer Data), suspend or terminate your Account access and obtain your usage information.
- We may disclose the Personal Data when we have a good belief that this action is necessary to comply with the governing law and/or to comply with our Terms and Conditions.
- We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganization, sale of assets, bankruptcy.
Services are provided through 256-bit encryption TLS connections. All data is stored in data centers in compliance with ISO 27001 standard. All encrypted values are encrypted using OpenSSL and the AES-256-CBC cipher.
If users are using service only for identifying themselves or signing documents then their personal data (for example name and identity code) can be stored in a database in encrypted form. Personal data might also be written to application log files in encrypted form. User data might be stored in application log files for audit trail and debugging purposes.
If a user has connected their Facebook or Google account for convenience purposes then their data will be stored until these methods connection event is expired or these methods are detached from the user info. This is needed for providing the service and identify themselves in an easier way without strong identification methods.
Depending on the Customer’s preference, they may opt to store signed containers on our servers. Containers are only stored in encrypted form.
Data Retention Period
Once you delete your User Account from the Services, your Customer Data is deleted within 30 days. Your account information and billing information is retained for a period of 7 years in accordance with the Estonian accounting and taxation laws.
Application log files are deleted after 90 days.
You’re acting as a Data Controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at your discretion- we are not responsible for how you collect, handle, disclose, distribute or otherwise process such data.
The terms for such data processing are defined in the Data Processing Agreement.
Cookies and Analytics
Essential cookies for provision of Services. These cookies ensure that information and services are delivered securely and optimally.
Functionality cookies for helping personalize your experience. For example these cookies remember choices, language, preferred options etc.
Performance cookies to monitor your behaviour and help us improve our information and services.
|id.eideasy.com||laravel_session||Ensures the visitor sees (only) info that is related to their person, and not anyone else’s.||After current browsing session is closed.||Essential cookies|
|id.eideasy.com||XSRF-TOKEN||Prevents user from being vulnerable to CSRF attacks.||2 hours||Essential cookies|
|eideasy.com, id.eideasy.com||_ga||Allows us to collect information about visits to the websites. Used by Google Analytics.||2 years||Performance cookies|
|eideasy.com, id.eideasy.com||_gid, _gat||Same as previous.||1 day||Performance cookies|
|eideasy.com, id.eideasy.com||collect, r/collect||Same as previous.||After current browsing session is closed.||Performance cookies|
|eideasy.com, id.eideasy.com||TawkWindowName, ss, TawkConnectionTime||Necessary for the functionality of the website’s chat-box function.||After current browsing session is closed.||Functionality cookies|
|eideasy.com, id.eideasy.com||tawkUUID, __tawkuuid||Same as previous.||179 days||Functionality cookies|
|eideasy.com, id.eideasy.com||twk_*||Same as previous.||1 year||Functionality cookies|