Privacy Policy
The following Privacy Policy is valid from and last updated on January 1, 2022.
This Privacy Policy constitutes an agreement between the Service Provider and the Customer and is incorporated into and governed by the Terms of Service. Privacy Policy describes what information we collect and use about you and what information is shared with the third parties. Protecting the privacy and integrity of your personal data is our top priority.
1. Information we may collect about you
1.1. We collect different types of information in order to provide you with the Services in a reliable and secure manner.
- Personal Data — information relating to an identified or identifiable natural person.
- Your account information — When you use the Services, we collect and associate with your User Account the information you provide us like your first and last names, email address, mobile phone number, personal code, address, credit card and/or other billing information. We are acting as a Data Controller for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA). We process this data to provide you with Services on the basis of agreement.
- Your uploaded data (Customer Data) — Any data uploaded or provided by the Customer. In order to provide the Services, we store, process and transmit your uploaded documents and information related to them. This data is processed solely in accordance with the directions provided by you (Customer or User). We are acting as a data processor for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).
- Your usage information — We collect information related to how you use the Services. We may collect information like IP addresses, the type of browser, device, the operating system you use, the actions you take when using our Services. We use this information in our legitimate interest to improve our Services, develop new products, features, and functionality, and ensure the security of your account and your data. Should this purpose require us to process Customer Data, the data will only be used in anonymised or aggregated form. We may also use third-party tools to collect information regarding visitor behaviour and visitor demographics on our Services. For further details, see Analytics section. We are acting as a Data Controller for this information.
- Other information — We may receive information about you, incl. your Personal Data, from third parties we are working closely with (like Qualified Trust Service Providers, other Service Providers integrated into our Services, business partners, subcontractors, payment service providers, credit rating agencies) on the basis of agreement or from cookies on the basis of consent. We will treat this information as Personal Data in accordance with this Privacy Policy. We are acting as a Data Controller for this information.
- Contact information – Based on your consent and to answer your questions,we process personal data that you provide us when using contact forms on our website, such as name and surname, email address, phone number, organisation, message and other data that you provide. We are acting as a Data Controller for this information.
2. Disclosure of your information
2.1. We do not share any personal information with third parties unless one of the following circumstances applies:
- With Account Administrators — In case your User Account is managed for you by an Account Administrator, this Account Administrator will have full access to your User Account. Account Administrator is able to access all your uploaded data (Customer Data), suspend or terminate your User Account access and obtain your usage information.
- For external processing — We may provide the Personal Data to our trusted business partners (which may include IT service providers, accountants, advisors and other authorised partners) to process it for us, based on our instructions and in compliance with this Privacy Policy.
- Lawful requests — We may disclose the Personal Data when we have a good belief that access, use, preservation or disclosure of such information is necessary to:
- satisfy any applicable law, regulation, legal process or enforceable governmental request;
- satisfy applicable laws especially subject to financial entities that have additional obligations for audits;
- enforce our Terms of Service, including investigations of potential violations;
- protect against imminent harm to our rights, property or safety, or that of our users or public as required or permitted by law.
- Business transfers — We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganisation, sale of assets, bankruptcy.
3. Information Security
3.1. All our Services have been designed from the ground up to be secure.
3.2. We have implemented an Information Security Management System (ISMS) according to ISO/IEC 27001 which covers a variety of privacy and security policies, processes and procedures, including administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of your Personal and Customer Data.
3.3. Our ISMS is being audited every year and is certified by accredited auditors with certification scope of “cloud-based services for e-signing, e-sealing, e-identification, validation of e-signature and e-seal, and related software development, delivery and support”.
3.4. Services are provided through 256-bit encryption TLS connection. All data is stored in data centres that comply with ISO 27001, ISO 27017, ISO 27018 and PCI DSS Level 1 standards. All Customer Data is encrypted using AES-256 encryption algorithm.
4. Retention Policy
4.1. Once you delete your User Account from the Services, the content (Customer Data) is deleted within 7 days of the date of closure. Your account information and billing information is retained for a period of 10 years in accordance with the Lithuanian accounting and taxation laws.
4.2. We retain information about your activity and system logs (the actions you take when using our Services) to ensure our Services are provided in a reliable and secure manner. This information related to your activity may contain Customer Data and/or Personal Data. This information is stored for 90 days.
5. Data Controller
5.1. You’re acting as a Data Controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at the discretion of our Customers, including but not limited to Address Book entries, Invitations or Documents.
5.2. We are neither responsible for the manner in which our Customers collect, handle, disclose, distribute nor otherwise processes such data.
5.3. The terms for such data processing are defined in the Data Processing Agreement.
6. Analytics
6.1. We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile.
6.2. We use Google Analytics and Amplitude Analytics to analyse the use of our website, Document Signing Portal and our mobile apps.
6.3. For further details, please see the ‘About Hotjar’ section on Hotjar’s support site.
6.4. For more information about Amplitude’s privacy practices, see Amplitude’s Privacy Notice.
6.5. For more information about Google Analytics, see Google’s Privacy Policy.
7. Use of Cookies
7.1. Cookies are a small piece of information saved in your browser storage. They are used to improve the customer experience in pages and help third-party services to work properly. We use cookies in all our Services. We only store anonymous identifiers and other preferences, so your personal data is not stored. We inform you about the use of cookies when you visit our website. We ask you to consent to the use of all, except strictly necessary, cookies on our website.
7.2. We use three types of cookies:
- Essential cookies — essential in provision of Services. These cookies ensure that information and services are delivered securely and optimally.
- Performance cookies — to monitor visitor behaviour and help us improve our information and services.
- Functionality cookies — to help improve your experience by providing a more personalised service. Those cookies remember choices, for example, language, preferred login option etc.
8. Description of cookies
| URL | Name | Purpose | Expiration | Type |
| .dokobit.com | _utma, _utmb, _utmz | For the collection of information on visits to the website. | 2 years | Performance cookies |
| .dokobit.com | _ga, _gat, _gat_UA-2907053-48, _gid | For the collection of information on visits to the website. Used by Google Analytics. | 2 years _gid, _gat – 1 day | Performance cookies |
| .dokobit.com | gtm_auth, gtm_debug, gtm_preview, _dc_gtm_ | A technical solution for managing the tracking codes detailed on this page. Used by Google Tag Manager. | When browser session ends | Functionality cookies |
| .dokobit.com | accept_cookies | For the recording of the client’s consent with this Privacy and Cookie Policy. | 12 months | Functionality cookies |
| .dokobit.com | accept_cookies_and_terms | For the recording of the client’s consent with our Terms of Service and this Privacy and Cookie Policy. | 12 months | Functionality cookies |
| .dokobit.com | selected_language | For the collection of selected language. | 12 months | Functionality cookies |
| app.dokobit.com | sessionid | Required to allow a user to stay logged in the Services. | The cookie is deleted when you close your web browser | Essential cookies |
| app.dokobit.com | user_preferences | User preferred options like language, country and last used eID. | 12 months | Functionality cookies |
| .dokobit.com | _hjClosedSurveyInvites | Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown. | 12 months | Performance cookies |
| .dokobit.com | _hjDonePolls | Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in. | 12 months | Performance cookies |
| .dokobit.com | _hjMinimizedPolls | Hotjar cookie. This cookie is set once a visitor minimises a Feedback Poll widget. It is used to ensure that the widget stays minimises when the visitor navigates through your site. | 12 months | Performance cookies |
| .dokobit.com | _hjDoneTestersWidgets | Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. | 12 months | Performance cookies |
| app.dokobit.com | _hjIncludedInSample | Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. | 12 months | Performance cookies |
| .dokobit.com | _hjShownFeedbackMessage | This cookie is set when a visitor minimises or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimised immediately if they navigate to another page where it is set to show. | 12 months | Performance cookies |
| .dokobit.com | _hjid | Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 12 months | Performance cookies |
| .dokobit.com | _hjRecordingLastActivity | This should be found in sessionStorage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). | Session | Performance cookies |
| .dokobit.com | hjTLDTest | When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. | Session | Performance cookies |
| .dokobit.com | _hjUserAttributesHash | User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. | Session | Performance cookies |
| .dokobit.com | _hjCachedUserAttributes | This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. | Session | Performance cookies |
| .dokobit.com | _hjLocalStorageTest | This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms. | N/A | Performance cookies |
| .dokobit.com | amplitude_id_* | This allows Amplitude to collect information about your usage of our Services. | Unlimited | Performance cookies |
9. Your rights
9.1. Under the GDPR, data subjects have the following rights:
- the right to access personal data held about them;
- the right to object to processing (for example, direct marketing);
- the right to data portability;
- the right to complain to a supervisory authority about processing carried out by the data controller;
- the right to object to automated decision making;
- the right for the personal data being updated;
- the right to be forgotten.
9.2. You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer by email at support@dokobit.com.
10. Changes and Updates
10.1. We may revise this Privacy Policy from time to time and will post the most current version on our website. If a revision results in meaningful changes, we will notify you.
11. Contact us
11.1. If you have any questions, concerns or complaints about this Privacy Policy, you may contact our Data Protection Officer by email at support@dokobit.com.