Privacy Policy for Signomate

1. Introduction

Welcome to Signomate! This Privacy Policy explains how PVBC AB (Org. No. 559317-7107), referred to as "Signomate," "we," "us," or "our," collects, uses, shares, and protects your personal data when you use our digital-signature platform and related services (the "Service"). Our registered address is Egnahemsvägen 22, 413 21 Gothenburg, Sweden.

We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

PVBC AB is the data controller responsible for the processing of your personal data in connection with the Service.

If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

3. What Personal Data We Collect

We collect personal data in the following ways:

3.1 Information You Provide to Us

• Account Information: When you register for an account, we collect information such as your name, email address, password, company name (if applicable), and contact details.
• User Content / Documents: We collect the documents and any associated information you upload, send for signature, or sign using the Service. These documents may contain personal data of yours or third parties (e.g., signers, recipients).
• Transaction Information: If you subscribe to paid features, we collect information related to your transactions, which may include payment details (typically processed by a third-party payment processor).
• Communications: When you contact us for support or other inquiries, we collect the information you provide in your communications.

3.2 Information Collected Automatically

• Log Data and Usage Information: We collect information about your interactions with our Service, including IP address, browser type, operating system, pages visited, features used, dates and times of access, and other diagnostic data.
• Device Information: We collect information about the device you use to access our Service, such as device model, unique device identifiers, and mobile network information.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For more details, please see our Cookie Policy.

3.3 Information from Third Parties

We may receive information about you from third parties, for example, if you integrate third-party services with Signomate or if another user provides your information as part of a document signing process.

4. Legal Basis for Processing Your Personal Data (GDPR)

We process your personal data based on the following legal grounds under GDPR:

• Performance of a Contract (Article 6(1)(b) GDPR): To provide and maintain our Service as described in our Terms of Service, including creating and managing your account, processing electronic signatures, and facilitating document workflows.
• Legal Obligation (Article 6(1)(c) GDPR): To comply with our legal and regulatory obligations, such as financial record-keeping, tax reporting, or responding to lawful requests from authorities.
• Legitimate Interests (Article 6(1)(f) GDPR): For purposes such as improving our Service, ensuring security, preventing fraud, analyzing usage patterns (in an aggregated or de-identified manner where possible), and for certain direct marketing communications (where you have an existing relationship and have not opted out). We always balance our legitimate interests against your rights and freedoms.
• Consent (Article 6(1)(a) GDPR): For specific situations where we ask for your consent, such as for the use of non-essential cookies or for certain marketing activities. You can withdraw your consent at any time.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide, operate, and maintain our Service.
• To manage your account and provide you with customer support.
• To process transactions and send you related information, including confirmations and invoices.
• To facilitate the electronic signature process, including sending documents to designated signers and providing audit trails.
• To communicate with you about service updates, security alerts, and administrative messages.
• To respond to your comments, questions, and requests.
• To improve our Service, develop new features, and conduct research and analysis.
• To ensure the security of our Service, prevent fraud, and enforce our Terms of Service.
• To comply with applicable laws and regulations.
• For marketing purposes, in accordance with your preferences and applicable law.

6. How We Share Your Personal Data

We do not sell your personal data. We may share your personal data with the following categories of third parties:

• Service Providers: We share data with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., hosting, payment processing, data analytics, email delivery, customer support). These providers are contractually obligated to protect your data and use it only for the purposes for which we disclose it to them.
• Other Users (as directed by you): When you use the Service to send documents for signature or share documents, your information (such as name and email) and the documents will be shared with the individuals you designate.
• Legal Requirements: We may disclose your data if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) prevent or investigate possible wrongdoing in connection with the Service, or (d) protect the personal safety of users or the public.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your personal data for other purposes with your explicit consent.

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

As PVBC AB is based in Sweden (an EU member state), we primarily process data within the European Economic Area (EEA). If we transfer personal data outside the EEA to countries not deemed to provide an adequate level of data protection by the European Commission, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on other valid transfer mechanisms.

8. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. The criteria used to determine our retention periods include:

• The length of time you have an active account with us.
• Our legal obligations (e.g., for tax and accounting purposes, or to maintain audit trails for signed documents).
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Once your data is no longer needed, we will securely delete or anonymize it.

9. Your Data Protection Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions. You also have an unconditional right to object to your data being processed for direct marketing purposes.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is Integritetsskyddsmyndigheten (IMY), which you can contact at imy@imy.se or visit their website at www.imy.se.

To exercise any of these rights, please contact us using the contact details provided in Section 2. We will respond to your request within one month, in accordance with GDPR.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service, analyze usage, and for marketing purposes. For detailed information about the cookies we use and how you can manage your preferences, please see our Cookie Policy.

11. Security of Your Data

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.

12. Children's Privacy

Our Service is not intended for use by children under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us, and we will take steps to remove such information and terminate the child's account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also provide notice to you through the Service or by email if the changes are material. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at: