Yousign & the GDPR
Ferdinand avatar
Written by Ferdinand
Updated over a week ago

📖 Table of contents

Yousign & the GDPR

Yousign has introduced a series of measures to guarantee its compliance with the GDPR.

This page informs you of the measures taken by Yousign regarding the collection, storage, protection and use of data.

Where are my personal data hosted?

All data is stored on storage spaces located in France with three service providers: OVH, Amazon AWS and Microsoft Azure. The physical security of these data centers is managed by these partners.

Among the security measures put in place are:

  • A 24/7 surveillance staff;

  • An access control system;

  • Video surveillance;

  • Motion detection system.

We are working to spread our services over several physical locations to ensure maximum resiliency of our services.

In addition, documents are stored encrypted in our partners' data centers using the AES256 encryption algorithm, with the encryption keys operated and maintained by Yousign.

What personal data does Yousign collect?

Yousign may collect different types of personal data, depending on the services you use.

  • I am a visitor to the Yousign website

Like most websites, Yousign uses cookies to facilitate the use of our site. Depending on the preferences you have set up, cookies may be deposited and/or read when you visit our website. You can access these settings at any time from the Privacy policy.

  • I am a client of Yousign

The personal data that may be collected depends on the services you have subscribed to. The data may include your first and last name, email address, phone number, IP address or your ID.

  • I am an external signatory

Your data is entered by the client of Yousign when he creates a signature request. Among the data entered are your last name, first name, email address and phone number. Depending on the service used, Yousign may collect your IP address, or your ID.

For more information, see our Privacy policy.

What measures does Yousign put in place to protect my data?

Yousign is committed to respecting your data. We have implemented a variety of technical and organizational measures to ensure the security of the personal data you provide to us, including:

  • encryption of documents;

  • data segregation;

  • internal and external security audits;

  • data availability and resilience.

For more information, please visit our GDPR page dedicated to the subject.

Is Yousign contractually committed to its customers regarding the GDPR?

Yes. The RGPD requires that the subcontracting of a data processing is framed by a contract. Yousign has integrated directly into its Terms and Conditions data protection clauses providing for the duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, as well as the obligations and rights of the controller.

What is the role of Yousign in the framework of the GDPR?

Yousign is both a processor and a controller under the GDPR.

  • Yousign acts as a subprocessor when its customers use its services as described in the Terms and Conditions. Customers can use the features available in the Yousign application to manage personal data.

  • Yousign acts as a data controller when Yousign determines the purposes and means of processing the personal data collected (for example, when Yousign stores account information for administration purposes, managing access to services or providing customer support).

For more information, see our Terms and Conditions and Privacy Policy.

How to exercise my rights?

Yousign is committed to protecting your data, which is why we respect your rights of access, rectification, deletion, limitation of processing, opposition to processing, portability, or not to be subject to an automated individual decision.

  • I am a Yousign customer or a visitor to the Yousign website

👉 You can exercise your rights by completing the form available at the following link :

  • I am an external signatory / not a Yousign customer

In this case, Yousign acts as a subprocessor of these data, we are not entitled to manage your requests for rights. You must therefore contact the organization that uses Yousign's services directly for your electronic signature request. Naturally, Yousign is committed to collaborating with its customers for whom it acts as a subprocessor to respond to requests.

Whatever your status, you can lodge a complaint with your national Data Protection Authority.

Did this answer your question?