GDPR for E-sign
This is how ACE E-sign complies to the EU General Data Protection Regulation act.
Also see GDPR for the administrator and GDPR relating to employees.
General
For an introduction to ACE E-sign, see What is ACE E-sign?
The person holding an account with admin privileges manages both users accounts and documents in the service.
If you have several accounts within the service you need to manage every account separately in terms of rights of the individual/data subject.
About the E-archive for documents, activities and status
- Signed documents are generally automatically stored in the E-archive. Signed documents consists of one or more PDFs, information tags and a log of events relating to the signed document. By default the service collects events and gather those in an event log (audit trail) that is appended to the signed document when it is signed by all parties.
- A user with relevant privileges may search, erase and download documents via the E-archive, and via open interface (API) of the service, The data in ACE E-sign constitutes of signed and sealed documents each with an evidence log of actual events therefore rectification or deletion of information in signed documents is not possible.
- In the E-archive, you may search for information tags in signed documents. The set of information tags is defined for each process/documents by you. It is not possible to search for information within the PDFs.
Data retention policy
- In the ACE E-sign Account menu you can set your own times for automatic deletion of documents with various statuses. The deleted documents are moved to a trash bin, normally emptied after 30 days. You can choose to clear the trash bin within 24 hours. These settings only apply to your documents.
- To change the pre-defined time for automatic deletion of documents for the whole organisation you need to contact the service provider.
Security
In order to increase the security in terms of login, you can activate two-factor authentication (2FA).
You can restrict the access to the service by setting up an IP range defining the IP numbers allowed to access the service. This feature is not enabled by default, i.e. need to ordered.
You are responsible for managing which users having access to the service, for example when your employees no longer works for you or when you change sub contractors.