Last update on: 16 March 2021
FORCS’s core Products, Solutions, and Services help users create, complete, and show the validity of digital or electronic transactions, such as electronically signing a contract for mobile phone services, placing a digital signature on a loan application, or filling up an electronic/digital form digitally. As part of our Services, users want us to collect and record information that helps the parties prove the validity of the transactions. This information includes the persons who are involved in the transactions and the devices those persons use.
1. Data Controller
The data controller for personal data collected by FORCS within the EU is FORCS, Ltd., having its registered offices at 160 City Road, London, EC1V 2NX, United Kingdom. All questions or requests regarding the processing of data may be addressed to: firstname.lastname@example.org.
As a provider of services, FORCS may receive or have access to personal data on behalf of our customers. Such information (“Customer Personal Data”) is owned and controlled by our customers, the data controllers for such information, under EU data protection law. Customer information may include information provided by the customer in support of certain services, such as identification data for verification purposes. As a data processor of the Customer Personal Data, FORCS processes the Customer Personal Data pursuant to the instructions from our customers. If FORCS receives a data subject request, it may direct you to our Customer, as the controller of the Customer Personal Data.
2. How do We Collect Personal Information?
A. Personal Information We Collect from You. You provide us with personal information about yourself when you:
- Sign up for FORCS marketing newsletter
- Start, sign, or review an electronic document
- Create or edit your user profile
- Create or edit your electronic or digital forms
- Contact customer support
- Comment on our FORCS blog articles and social media platforms (i.e. LinkedIn, Facebook, YouTube, Twitter and Instagram)
- You also provide us with personal information about others when you use parts of our Services, such as when you:Start or participate in an electronic transaction, such as an envelope within FORCS Signature
- Share information in a Zoom
- Add others as a member to an existing account
- Leave comments
- Refer friends
Examples of the categories of personal information you provide are:
- Identifiers – name, email address, mailing address, phone number, or electronic signature.
- Commercial information – billing information, products or services purchased.
- Geolocation – physical location
- The categories of personal information we automatically collect includes – Device, Usage Information, and Transactional Data. We collect personal information about how you use our Services and the computers or other devices, such as mobile phones or tablets, you use to access our Services. Some examples include:
- IP address – precise geolocation information that you allow our apps to access (usually from your mobile device)
- Unique device identifiers and device attributes, like operating system and browser type
- Usage data, such as – web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information.
- Transactional data, such as – names and email addresses of parties to a transaction, subject line, history of actions that individuals take on a transaction(e.g. review, sign, enable features) and personal information about those individuals or their devices, such as name, email address, IP address, and authentication methods.
- Information We Collect from Other Sources – we may collect personal information about you from others, such as:
- Third-Party Sources – examples of third-party sources include marketers, partners, researchers, affiliates (like companies under common ownership or control of FORCS), service providers, and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.
- Other Customers – other customers may give us your personal information. For example, if a customer wants you to sign an electronic document in our Services, he or she will give us your email address and name.
- Personal Information We Collect & Process on Behalf of Customers – when our business customers use certain Services, we generally process and store certain personal information on their behalf as a data processor. For example, in FORCS Signature when a customer uploads contracts or other documents for review or signature, we act as a data processor and process the documents on the customer’s behalf and in accordance with their instructions. In those instances, the customer is the data controller and is responsible for most aspects of the processing of the personal information. If you have any questions or concerns about how personal information is processed in these cases, including how to exercise your rights as a data subject, you should contact the customer (either your employer or the individual requesting your signature). If we receive any rights requests concerning instances where we act as data processor, we will forward your query on to the relevant customer.
We collect your personal information to provide and improve our Services and to support advertising and marketing. See Section 2 Use of Personal Information for additional information.
We may share your personal information with third parties as provided in Section C Personal Information Sharing:
- Use of Personal Information
- Personal Information Sharing
- Retention of Personal Information
- Your Choices
- Children’s Privacy
- Your Privacy Rights
- How We Protect Your Personal Information
- Changes to This Policy
- How to Contact Us
B. Use of Personal Information
In general, we collect, use, store, and process your personal information to provide our Services, to fix and improve them, to develop new Services, and to market our companies and their products and Services.
Here are some examples of how we use the personal information we process:
- Provide you with the Services and products you request and collect payments
- Create your account and manage your relationship with us
- Send you records of our relationship, including for purchases or other events
- Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you
- Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur
- Run sweepstakes, contests, and refer-a-friend programs
- Choose and deliver content and tailored advertising, and support the marketing and advertising of our Services
- Create and review data about our users and how they use our Services
- Test changes in our Services and develop new features and products
- Fix problems you may have with our Services, including answering support questions and resolving disputes
- Manage the Services platform including support systems and security
- Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior
- Comply with legal obligations
- Meet legal retention periods
- Other Uses. We may combine the personal information we collect (“aggregate”) or remove pieces of personal information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and marketing. Once such information has been aggregated and anonymised so that it is no longer considered personal information under data protection law, this Privacy Notice does not apply.
We normally collect or use personal information from you or others only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use personal information to create and manage an account, we do so in order to provide you with relevant Services and perform our contract with you.
- Gather and record data associated with use of a digital certificate or digital signature, it is to comply with regulations.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can withdraw at any time) or where permitted under applicable law, on the basis of our legitimate interests.
- Gather usage data and analyze it to improve our Services or ensure the security of our websites for example, we do so based on our legitimate interest in safeguarding and improving our Services.
C. Personal Information Sharing
We share personal information as follows:
- Service Providers. We share your personal information with other companies we use to support our Services. These companies provide services like intelligent search technology, intelligent analytics, advertising, authentication systems, bill collection, fraud detection, and customer support. We have contracts with our service providers that address the safeguarding and proper use of your personal information.
- Marketing Partners. We may share your personal information with sponsors of events, webinars or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.
- Business Transactions. We may share your personal information during a corporate transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have.
- Consent. We may share your personal information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your personal information may also be shared as described below:
- Other FORCS users. When you allow others to access, use, or edit content in your account, we share that content with them. For example, if you send an envelope to others for review or signature, we make the contents of the envelope available to them.
- Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor selected by you or the other user.
- Public Information.
- User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
- Profile Information. When you create a FORCS profile, other FORCS users can view your profile information. If you would like to make this information private, please visit your account settings.
- Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization, such as email@example.com or firstname.lastname@example.org, that organization (if it is a FORCS customer with certain features) can find your account and take certain actions that may affect your account.
3. Retention of Personal Information
We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws as set out in our data retention policy and information handling standards. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.
See Section 4 for choices about storage of your personal information.
4. Your Choices
This section describes many of the actions you can take to change or limit the collection or use of your personal information.
- Profile. You are not required to fill out a profile. If you do, you can access and review this personal information. If any personal information is inaccurate or incomplete, you can make changes in your account settings.
- Marketing Messages. You can opt out of email marketing messages we send. You can opt out of these messages by clicking on the “unsubscribe” link in the email message. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages. If you would like your phone number added to our internal Do-Not-Call list to opt out of telemarketing messages, please contact us at email@example.com. Please include your first name, last name, company, and phone number. You can also let us know during a telemarketing call that you do not want to be called again for telemarketing purposes.
- Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Closing Your Account. If you wish to close your account, please log in to your account and edit your plan. For more information on closing your account, please email to firstname.lastname@example.org.
5. Children’s Privacy
Our Services are not designed for and are not marketed to people under the age of 16 (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us at email@example.com if you believe we might have personal information from or about a minor.
6. Your Privacy Rights
You may have certain rights related to your personal information, subject to local data protection laws.
These rights include:
- You also can request the following information: how we collect and use your personal information and why; the categories of personal information involved; the categories of recipients of your personal information; how we received your personal information and its source; our business purpose for using your personal information; and how long we use or store your personal information or the manner in which we determine relevant retention periods.
- You have a right to correct inaccurate personal information about you.
- In certain situations, you can ask that we delete/erase or stop using your personal information (and object to use of your personal information) or export your personal information to another provider.
- If you are unsatisfied with our response to your complaint, you have a right to raise questions or complaints with your local data protection authority at any time.
- We will take reasonable steps to verify your identity. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may require you to provide additional information from which we can satisfy ourselves of your identity. You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
- Certain personal information may be exempt from such requests under applicable law. We need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
If you wish to exercise these rights, please contact us at firstname.lastname@example.org.
Transfers to the U.S. and Third Countries. We may transfer your personal information outside of your jurisdiction for further processing. FORCS has adopted Binding Corporate Rules to facilitate the transfer of personal information from the European Economic Area and/or United Kingdom (“EEA”) to FORCS outside of the EEA. Transfers outside the FORCS Co. Ltd are only made to organizations that agree to adhere to the standards in our Binding Corporate Rules or use another valid alternative under data protection law.
California. California residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. This list also contains the types of personal information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please email email@example.com.
7. How We Protect Your Personal Information
To keep your personal information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the personal information we collect, use, and store, and the current state of technology. We protect your personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration.
8. Retention & Use Period of Personal Information
In principle, personal information of users is destroyed without delay when the purpose of collecting and using personal information is achieved.
However, the following information will be retained for the specified period for the following reasons.
A. Reasons for Information Retention According to the Company’s Internal Policy