Last updated: JULY 2020
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement, and Liability
What Information We Collect & Why
Service & Contact Data. We collect various forms of Personal Data from visitors of our website and users of our Services, including without limitation, your name, address, email address, phone number, signature, ID number, IP address, age, gender, country, preferred language, financial data, health and medical data, and location data. We may use, process and transmit your Personal Data to render our Services, to contact you and allow others on your team to contact you through the Services, to tell you about new products and features, to respond to customer care and other inquiries, and to process and fulfill your transactions and other requests. We also collect information you provide to us and the content of messages you send to us, such as service request, feedback and product reviews you write, or questions and information you provide for customer support.
Account Information. We also collect credentials (e.g. passwords, password hints, and similar security information used for authentication and account access) as some of our Services let you access your accounts and related information with other service providers.
Collection from Minors. Lightico does not knowingly collect personal information from minors who are under the age of 16 through the Services. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without his/her consent, then he or she should contact Lightico as described below. If we become aware that a child under the age of 16 has provided us with personally identifiable information, we will delete such information from our files.
Services Information. Our data analytics tools and capabilities enable our enterprise customers to collect, store, analyze and share the contents of signed documents, audio, video, image and text-based communications such as phone calls, emails, and chats, along with associated data and documentation. Such data and analysis thereof may also contain personal information, such as names, titles, and contact information. We may reproduce, analyze, summarize and disclose these files and any results of our Services with such customers and their relevant personnel and other team members, and customers may share this information with their personnel and others, pursuant to our contractual obligations. You may choose to give us access to additional user contacts to make it easy for you to do things like sending electronic files, collaborating with others, and authorizing others to use the Services for purposes of accessing information within your account. If you do, we may store those contacts within our systems for you to use.
Usage Information. We collect information related to how you use the Services, including actions you take in your account, such as accessing and sharing files and documents. This helps us provide you with additional features, and to personalize, monitor and improve the Services. We also collect information from and about the devices you use to access the Services, such as IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Choice. You can always opt not to disclose information to us, but keep in mind that some information may be needed to create an account or take advantage of some of our features. You may also be precluded from using certain features, tools and aspects of our Services if you elect not to provide us with certain information that we may request.
With Whom We Share Your Information
Your Employer/Company. If you are using the Services on behalf of your employer or as an independent contractor of a third-party enterprise, your company administrator may have the ability to access and control your account, and your Personal Data may be shared with your colleagues and others. Please refer to your organization’s internal policies if you have questions about this. If you are not a member of an organization but interact with someone who is (e.g., by joining a shared folder or accessing documents shared by that user), members of that organization may be able to view the name, email address, IP address, and other information that was associated with your account at the time of that interaction.
Processing of Your Personal Data
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products) and our “legitimate interests” or the legitimate interest of others (e.g. our users).
We process Personal Data when you use our Services for purposes such as:
- Account configuration
- Account maintenance
- Enabling phone calls, countersignatures and comment-related communications between users and third-party participants, and otherwise providing access to any functionality of the Services and to monitor your use of such functionality
- Hosting and storing personal data from documents for signature, phone calls, emails, and other audio, image or text-based communications (designed to facilitate the provisioning of the Services)
- Personalizing, improving or operating our Service and business
- Fulfilling specific requests you make related to the Services
- Protecting, identifying, investigating, deterring against and addressing fraudulent, harmful, unauthorized or illegal activity or wrongdoing, including without limitation protecting the security of our Services, to detect and prevent fraud, fishing, identity theft, and data leakage
- Providing support and assistance for our Services
- Providing the ability to create personal profile areas and view protected content
- Providing the ability to contact you
- Providing customer feedback and support
- Improving the functionality of the Services to better understand our users, and to generally manage the Services and our business
- Including it in statistical reports containing aggregated information
- Contacting you for our marketing and advertising purposes, including without limitation to keep you up to date on the latest Services announcements, software updates, software upgrades, system enhancements, special offers, and other information we believe might be of interest to you, and to develop promotional or marketing materials and provide those materials to you. If by mistake you receive direct marketing without your specific consent and/or wish to opt-out, please contact us at [email protected]
Since Non-Personal Data cannot be used to identify you in person, we may use such data in any way permitted by law.
Data Subject Rights
You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, Lightico may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may include providing us with more Personal Data if we need to verify your identity or the nature of your request, as required by applicable laws. In such situations, however, we will still respond to let you know of our decision. As a general matter, our Services enable our customers to view, edit, or delete your Personal Data online, in your sole discretion. Please note that Lightico will not have any liability with respect to your use of these functions and you are obligated to use them in accordance with applicable laws. If you cannot access certain Personal Data or prefer to make any of the following requests, first contact your service provider, and then contact us at [email protected]. Your rights consist of the following:
- Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
- Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
- Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
- Erasure: You can request that we erase some or all of your Personal Data from our systems.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
- Right to File Complaint: You have the right to lodge a complaint about Lightico’s practices with respect to your Personal Data with the supervisory authority of your country or European Union (“EU”) Member State. However, prior doing so, we invite you to contact us by email at [email protected] and we will do our best to solve the issue promptly. Please note that Lightico’s local supervisory authority is the Israeli Data Protection Authority and our EU Representative’s Contact details are:
AI-Tech and Reg EOOD
Sofia City 1463, Triaditza district
66 Vitosha Blvd., 4th Floor, Bulgaria
Email: [email protected]
As noted above, under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. Please note that even when complying with your deletion requests, we may retain a backup copy of your Personal Data for an additional period of time for technical, regulatory, tax or legal purposes, in each case, solely as permitted or required under applicable laws.
We may access, preserve and disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law, legal requests or court orders; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse or address security or technical issues relating to our Services or our users; or (d) protect and enforce our rights and the rights, property and safety of our users and others.
How We Store Your Information
Security. We have personnel and third parties dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like Single Sign-On user authentication, and encryption of data in transit and at rest. However, no means of transmission over the internet or electronic storage is 100% secure, and while we endeavor to use commercially reasonable means to protect personal information, we cannot guarantee its absolute security. Therefore, we recommend you use, disclose and share your Personal Data and information with caution and only as necessary. If you access our Services via a third-party CRM platform or Cloud calendar (GSuite, Outlook 365), you should also protect your account with secure account credentials and prevent unauthorized access to your account and personal information. If you notice a risk or any security violations, please report it to us at [email protected] and we will endeavor to resolve it as soon as possible.
Location-Based Storage. As a cloud-based Service, we use Amazon Cloud Services, which are GDPR-compliant and ISO 27001, 27017 and 27018 certified (See AWS full statement). We store Personal Data collected from customers (together with backups thereof) in (i) the European Economic Area (“EEA”), with AWS cloud services in the United Kingdom; (ii) the United States, with Amazon US, which is Privacy Shield certified; and (iii) Israel, with Avnet Cloud Services, noting that Israel falls under the adequacy exception of the GDPR.
International Transfers; Standard Contractual Clauses
We are a global company, with offices and operations in numerous countries. We may store personal information about you in the EEA and in in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Lightico has operations. Please note that these data transfer practices may vary based on customer location and the applicable Service being used.
Accountability for Onward Transfers.
Lightico is not required to identify the sources of personal data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected data subject would be violated. If there are compelling grounds to doubt the legitimacy of a data subject’s request for rectification, amendment or deletion of his or her Personal Data, we may require further justifications before performing the Data Subject’s request. We are not required to notify third parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden.
Lightico undertakes reasonable and appropriate administrative, technical and physical measures to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. We shall also take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. For instance, Lightico is ISO 27001 certified and implements legal, technical and organizational measures in accordance therewith.
Links to Third Party Websites
Through our Services, you may connect to third party websites via hyperlinks, and the connections may or may not be obvious. We are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. We encourage you to be aware of the varied privacy policies of Web sites that you visit.
Social Media Widgets
Change of Entity Form
Right to Modify
For California Visitors
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: [email protected], including the Subject Line “California Resident Request”, or via regular mail at Lightico Ltd., 275 7th Ave., New York, NY 10011, Attn: Legal Department.
If you are a California resident, please refer to our California Privacy Act Notice for additional privacy rights you have pursuant to the California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et. seq.
Access and Contact
Through your account settings, you may access, and in some cases, edit or delete certain information you provide to us. The information you may view, update or delete may change as the Services change. If your Personal Data has been provided to us by one of our customers, please contact that customer to request any access to, correction of, or removal of your information.
Inquires or Concerns; Contact Us
- What is a cookie? A cookie is a small text file that is stored in your web browser that allows Lightico or a third party to recognize you. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are sometimes called “first party cookies,” while cookies placed by other companies are sometimes called “third party cookies.”
- What cookies are used when I use the Services? When you access and/or use any of the Services, Lightico or a third party may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. Each cookie serves one of four different purposes:
- Essential Cookies:These first party cookies allow users to use a feature of the Services such as: (i) staying logged in, or (ii) making purchases.
- Analytics Cookies: These cookies track information about how the Services are being used so that we can make improvements and report on our performance. We may also use analytics cookies to test new ads, pages or features to see how users react to them. Analytics cookies may either be first party or third-party cookies.
- Preference Cookies: These first party cookies store your Services preferences.
- Ad Targeting Cookies: These third-party cookies (also known as “behavioral” or “targeted” advertising) are placed by advertising platforms or networks in order to: (i) deliver ads and tracks ad performance, and (ii) enable advertising networks to deliver ads that may be relevant based upon your activities.
Finally, we may set cookies within emails we send to you (if you have consented to receiving emails from us). These cookies are used to track how often our emails are opened and clicked on by our customers. You can manage email cookies in the same way as website cookies, as explained above.
Do you use any other user tracking technologies? We use additional technologies to help track user activities and preferences. For example, we use web beacons (also known as clear gifs, pixel tags or web bugs). Web beacons are tiny graphics (about the size of period) with a unique identifier that are embedded invisibly on web pages or emails. They are used to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only. Finally, we use local storage to facilitate certain functions, but we do not retain the data captured via local storage.