Privacy policy for the use of inSign software

Transparency is the bases of our self-image. Therefore in the following we would like to inform you about how we process your personal data regarding the use of inSign software with which you place your digital signature and your resulting legal rights. We do this in correspondence of relevant legal requirements and especially the EU General Data Protection Regulation (GDPR).

1. Who is responsible for processing the data and who can I contact?

PrismaLife AG is responsible for processing data.

Our contact details are:

PrismaLife AG
Industriering 40
9491 Ruggell
Liechtenstein
Phone: 00423 220 01 01
Fax: 00423 237 00 09
Email adress: info@prismalife.com

On data protection matters, please contact our data protection officer by email: data-protection@prismalife.com

2. How, for which purpose and on which legal basis are your personal data processed?

2.1 Description and purposes for processing

As an active person of PrismaLife AG you receive your personal access code for inSign software via email.

To provide you with these information we process your PrismaLife email address as well as your first and last name.

Your personal access data (user name and password) should be kept secret and should not be accessible to others.

In order to gain access to documents that need to be signed digitally, we furthermore need your email address, the number of your mobile phone as well as your first and last name.

2.1.1 Obligation to provide data/consequences of non-provision

In case you do not provide the data described under 2.1, we can not offer any access to inSign software and therefore you can not sign any document digitally.

2.1.2 Legal basis for data processing

Legal basis for processing your personal data to provide you with access data as an active person of PrismaLife AG or as third party is article 6, paragraph 1, letter b) of the GDPR (pre-policy measure respectively contractual obligation).

2.1.3 Duration of data storage

The access for persons working for PrismaLife AG is deleted directly after they officially resign from work. Procedures respectively documents will automatically be deleted from the software after 30 days.

The access for third party is valid until the procedure is still in progress respectively will automatically be deleted after 30 days. Documents will be deleted when procedures end respectively they will be deleted automatically after 30 days.

2.2 Description and purposes for processing personal data when providing an electronic signature

PrismaLife AG uses inSign software to encode digital signatures. Thereby the software detects biometric data from the provided digital signature (writing speed, writing direction, writing pauses and possibly pressure strength) as an advanced signature following the signature law and encodes this signature with an assymetric cryptographic procedure (so called RSA cryptosystem). We store and use these data during our contractual relationship with active individuals of PrismaLife AG as well as third party for the establishment, implementation or termination of this contractual relationship. To avoid any manipulation a notary created the public and private key for this assymetric encoding system and keeps the private key under custody. In case any proof is needed if it came to a dispute about the authenticity of the signature we may order the notary to decode particular documents and datasets for the purpose of assertion, processing or defending legal claims.

On devices with tough sensitive screens such as tablets or convertibles the signature may be given directly on the device. On devices such as notebooks or PC`s you may choose to generate your signature using the added inSign application or via a signature webclient for mobile phones (supporting also windows based mobile phones). Alternatively you may also sign on the mobile phone using your browser (no application needed).

2.2.1 Obligation to provide data/consequences of non-provision

In case you do not consent the processing of your biometric data you can not sign any documents digitally.

2.2.2 Legal basis for data processing

Prior to signing any document digitally you need to approve to processing your biometric data in the inSign software (article 6, paragraph 1, letter a) GDPR and article 9, paragraph 2, letter a) GDPR in conjunction with article 7 GDPR). The moment in terms of date and time of the given signature will be printed into the document as well as an inSign process ID will be generated.

Any consent you have given for processing your biometric data in the context of providing an electronic signature can be revoked at any time using the contact address of PrismaLife AG (article 7, paragraph 3, GDPR).Please note the consequences of non-provision described under 2.2.1 .

Please note that revoking your consent is only valid for future processing. Processes prior to revoking the consent are not affected by this.

If necessary we will also process your data beyond our own use to optain legitimate interest of us or third parties according to article 6, paragraph 1, letter f) GDPR. We will do so as long as your fundamental rights or your fundamental freedom, that needs to be protected by personal data, outweigh this procedure.

Among others, these are:

• Assertion of legal claims and protection in legal dusputes, ensuring the fulfillment of your claims;
• Ensuring IT security and IT processes of the insurance company, implementing stress tests, developing new and adapting existing products and systems, migration of data to secure capacity and integrity of the systems and in the broader sense securing the processed data;
• Taking measures for business management and process development, services and products.

2.2.3 Duration of data storage

We store your personal data as long as they are needed for the purposes stated above. Doing so it could occur that personal data is stored for as long as claims against our cumpany are valid (legal limitation period of 3 or up to 30 years).

Personal data regarding your contracts and to the used services will not be stored in your browser. Excluded from this are especially pictures and documents you possibly cached on your computer or mobile phone prior to submission, as well as notifications you downloaded on your devices. The deletion or storage period of this data is your own responsibility.

2.3 Connection data and security of the system

As using inSign software your browser transmits data to our server (see above). With each transmission also following information (connection data) is sent to our server:

• Your IP-address

This connection data is also stored as a log file by our server as standard for the purpose of system security and error analysis.

2.3.1 Legal basis to process connection data

The transmission of connection data only takes place insofar as a technical connection is required for transmission within the scope of the respective functionalities of the inSign software used. As a rule the legal basis for processing your data is article 6, paragraph 1, letter b) GDPR (pre-contract measures or contractual obligations).
The storage of connection data by using technical connections is based on our legitimate interest according to article 6, paragraph 1, letter f) GDPR. Our legitimate interest is to ensure the stability and security of the system and to eliminate malfunctions.

2.3.2 Duration of storage or criteria to determine the duration of storage

Connection data that are processed by the inSign software are deleted after the expiry of the statutory retention period.

3. Recording of website page views

When you access the website for the inSign software, information is automatically sent to the server of this website by the browser used on your end device. This information is temporarily stored in a so-called log file.

Following information is collected without your intervention and stored until automatic deletion:

• IP address of the requesting device
• date and time of access
• name and URL of the retrieved files
• Website from which the access is made (referrers URL)
• Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

• Ensuring a smooth connection of the website
• Ensuring a comfortable use of our website
• Evaluation of system security and stability
• Other administrative purposes

The legal basis for the data processing is article 6, paragraph 1, sentence 1, letter f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The call history is stored until the end of the process or for a maximum of 30 days.

4. Use of cookies on the website to provide an electronic signature

Cookies are small text files that are stored locally in the visitor’s internet browser and are used for recognition by means of the user’s IP address. PrismaLife AG currently uses such cookies. You can find further information at: www.prismalife.com/en/insigncookies

5. Data security

For security reasons and to protect the transmission of confidential content that you as a user send to us as the site operator, this site uses SSL encryption. An encrypted connection can be recognised by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

6. Your data protection rights

According to the General Data Protection Regulation, you as the data subject have the right to information according to article 15 of the regulation, the right to rectification according to article 16 of the regulation, the right to erasure according to article 17 of the regulation, the right to restriction of processing according to article 18 of the regulation and the right to data portability according to article 20 of the regulation. Furthermore, there is a right of revocation according to article 7, paragraph 3 of the GDPR as well as a right of objection according to article 21 of the GDPR. If you make use of your above-mentioned rights, we will check whether the legal requirements for this are met. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (article 77 of the GDPR).

The data protection supervisory authority responsible for us is:

Datenschutzstelle Liechtenstein
Städtle 38
Postfach 684
9490 Vaduz

You can exercise all your rights by sending an email to data-protection@prismalife.com or by post.

In order for our response to be addressed to you as the data subject, you must identify yourself or help to identify yourself.

If you have any questions about this privacy policy, please feel free to contact PrismaLife AG using the contact details above.

Notice:

This “Privacy policy for the use of inSign software” may be updated at a later date due to changes, e.g. legal requirements.