Letsignit and the RGPD, why?
The General Data Protection Regulation (RGPD) is a European regulation applicable since 2018 and reinforces security, rights and obligations for the processing of personal data.
You are concerned, because you necessarily process personal data for the operation of your business (customers, employees, suppliers...)
In particular, by using LETSIGNIT, you will be transferring your employees' surnames, first names and e-mail addresses to the platform, as well as other attributes of your company directory concerning them. You will also be obtaining metadata on e-mails sent by employees, statistics, etc.
This data includes personal information and entails obligations for both Letsignit and your company.
What are Letsignit's responsibilities and commitments regarding the data transmitted on the platform?
Letsignit has the status of “processor” in the RGPD sense of the term for the processing of your data (of your employees, possibly the recipients of emails sent) in the context of the use of the solution, i.e. Letsignit processes this data solely to provide you with its services and the functionalities offered (transfer, storage...).
Letsignit's commitments, in accordance with the RGPD, are set out in the general conditions of use, in particular in the 'Data Processing Agreement' (more commonly known as the DPA).
What are your obligations towards your employees?
You have the status of “data controller” within the meaning of the RGPD for the processing of your data (from customers, employees, etc.).
Generally speaking, you must therefore comply with the obligations of the RGPD in this capacity. In particular, with the use of Letsignit, you must in particular:
Process data lawfully and transparently: in particular, you must notably inform employees of the use of the solution and the processing of their data that is done with the solution. If necessary, you must also obtain their consent (for example, in the case of use of the employee's photograph in the signature block). LETSIGNIT can help you with this, and can provide you with an information register sheet that you can distribute internally. Don't hesitate to ask us!
Process data for specific, explicit and legitimate purposes: for example, data processed with Letsignit enables you to manage your employees' e-mail signatures, to improve your communication...
Process data in a manner proportionate to the objective pursued: don't process more data than necessary! LETSIGNIT has ensured that as little data as possible is collected in relation to the functions offered. A wide choice of filters is available to you, depending on the features used on LETSIGNIT.
Process accurate data: don't forget to update your database, especially when you change employees! This update can be carried out either directly on your database when it is synchronized with the solution, or on the solution when data is imported manually. The Letsignit application allows the user to modify the data.
Processing data for a limited time: at LETSIGNIT, data is kept for the duration of the contract, in order to provide the expected service. But as soon as an employee leaves, his or her data is deleted at the next synchronization. Similarly, for statistical purposes, the data of a user who has left your company is anonymized.
Data security: Letsignit's commitments are set out in the GTC, SLA and DPA. It's up to you to secure your data internally too (authorizations, access controls, anti-virus, etc.).
We advise you to train your “manager” users in particular to respect the personal data they handle when using Letsignit.
How to complete your register of processing operations?
As a data controller, you must (in certain cases) keep a RGPD-compliant processing register. This register describes the processing carried out in the company (type of data collected, purposes, retention period, ...).
With regard to the data processing you carry out when using Letsignit, here is some information about what you can include in your register concerning processing:
We leave it to you to check the accuracy of this information against your own processing operations).
On the monitoring of employee e-mails
The purposes of processing must be specified and legitimate. Letsignit is an application that enables you to manage your electronic signatures and improve your communication: it is not designed to monitor your employees' activities.
Letsignit wishes to protect employee privacy and has limited the information available on the application (e-mails are technically accessible (transit) but are not stored unless delivery fails) and has limited the number of managerial users who can access them.
If you plan to use tools to monitor your employees' e-mails and computers, you must at least inform them and their representatives, and respect their privacy and the secrecy of their correspondence.
This document is for information purposes only, and does not constitute an exhaustive list of the data controller's obligations, or a validation of the data processing carried out. We recommend that you validate your company's compliance with the GDPR and other applicable regulations.
#GDPR #data #protection #privacy #policy #terms #use