DISCLAIMER: This guide is intended to be a guideline and does NOT constitute legal advice. Seek the advice of your brand’s legal counsel to meet the requirements in the regions where you operate.
Based on the GDPR requirement to obtain user consent prior to storing data on the users device, some users may experience one or more requests to enable cookies:
- Users accessing Adobe Acrobat Sign from the locales enforcing GDPR are required to enable the core service cookies
- Performance and personal advertising cookies can be enabled or disabled by clicking the Customize button
- Cookies can be managed at any time by clicking the Cookie Performance link at the bottom right of all Acrobat Sign web pages:
- Accounts migrating to the adobesign.com domain (from echosign.com) have to configure their cookies twice, as each domain must place unique cookies
Увага!
|
What is GDPR?
The General Data Protection Regulation (GDPR) is the European Union's new privacy law that harmonizes and modernizes data protection requirements. While many new or enhanced requirements exist, the core underlying principles remain the same. The new rules have a broad definition of personal data and a wide reach, affecting any company that collects personal information of individuals in the EU. Part of the regulation requires that individuals have the right to understand what personal data has been collected and to have that data deleted upon request when appropriate.
For the purpose of this article, the term User refers to a member of a company that sends agreements for Signature. The term "Signer" refers to an individual who receives and either signs or rejects the agreement. A privacy administrator is an Acrobat Sign account administrator with unique controls for removing personal information from the service upon request of a sender or signer.
User uniqueness is predicated on the email address used to identify the individual. A person with multiple email addresses could have multiple discrete user IDs in the system. All GDPR controls in Acrobat Sign use email addresses to find and manage personal information. There is no connection between the unique email addresses, and an Administrator will only find data on the email address provided.
Features that support GDPR
Acrobat Sign offers features to help customers comply with GDPR. For more information on how Adobe protects your privacy, visit www.adobe.com/privacy.
Under GDPR, individuals have enhanced rights to request access, correction, and deletion of their personal information.
- Access – Most personal information about a User or a Signer can be accessed directly by that individual through Acrobat Sign UI. A small amount of activity information isn't currently available directly. An individual account holder must contact the Adobe Privacy office at Adobe.com/privacy to request access to this information. An example of the report is included later in this article.
- Correction – All personal information collected on users or signers is available through the user interface. If changes are required, the User or Signer can make them directly without contacting Adobe or their administrator.
- Deletion – Different actions are available depending on the role played in the signing ceremony. A User sending agreements must make the request to the company they are employed by. Adobe cannot participate in this interaction and does not control the data the employer has collected while doing business. The signing process collects minimal information about a signer during the ceremony. This includes Name, email address, IP address, and optionally, a phone number and OTP code. This information is stored with the agreement with their signature and is controlled by the company that sent the agreement. If a Signer needs information concerning the personal information collected with that agreement, they need to contact the Sender of the agreement. As a data processor, Adobe cannot provide any information to the Signer about the agreement or the company that sent them the agreement. Since the only information saved about the Signer is in the Agreement, deleting the Agreement deletes the Signer's personal information. If the Sender agrees to delete the Signer's information, they use the privacy menu to find and delete the agreements where the Signer was a participant.
In terms of the Acrobat Sign toolset, there are three features in place:
- User level logs - A log of the various events (that include personal information) triggered in the Acrobat Sign environment
- Agreement Deletion - Privacy Administrators have the authority to view and delete any agreement created by any user within their account.
- User Deletion - Privacy Administrators can delete any user within their account.
Privacy Admins can manage user's information and agreements by logging into the Admin Console and editing the user's profile.
User level logs
Any user can request the Adobe Privacy Center to provide the log of their activities in the Acrobat Sign system which includes their private information.
That information is returned in the form of a CSV containing the following:
- The date of the event
- The event type
- The IP address from which the event was triggered
Agreement Deletion
Applicable only to agreements sent by users under the authority of the Privacy Admin.
When a signer requests to have their information removed from the Acrobat Sign system, the account's Privacy Admin can search against the user's email address and return all the agreements that the email address participated in and was created within the admin's organization.
If the Privacy Admin determines that the agreement is no longer needed, he can delete it, wholly and irrevocably, from the service.
Recipients that contact Acrobat Sign will be directed to review their Manage tab and to contact the company that initially created the transaction to delete the agreement.
Acrobat Sign, as a data processor of the Customer, will never delete an agreement at the request of a recipient.
User Deletion
Applicable only to users under the authority of the Privacy Admin
When an employee requests their information to be deleted from your systems, this tool deletes all the user's information from the Acrobat Sign servers.
Users must make this request to the account Privacy Admin directly. Only the Privacy Admin has the authority to delete users.
Acrobat Sign support cannot delete users from an account, and if requested to do so, Support will refer the user to their account administrator.
Individual and free accounts
Users that exist as the only person in an account, or who only have a free account, will not be able to delete themselves. In this case, the user will need to contact the Adobe Privacy Center.
The user needs to provide their email address and explicit instruction to delete the user associated with the email address from the Acrobat Sign systems. The Adobe Privacy Center will then take the appropriate steps to ensure the user is deleted.
How users can request that their data be removed from Acrobat Sign
Having personal information deleted from the Acrobat Sign system requires that the user's assets be properly resolved. This process varies depending on the type of user or account involved, which can be grouped into three categories:
Adobe Privacy Center
Any request for action not supported by the tools within the user interface or questions regarding GDPR compliance must be submitted to the Adobe Privacy Center.
Support and Success agents cannot access the tools that delete content from the servers.