Privacy Statement for Penneo Sign
Electronic signature via. Penneo Sign
For Penneo electronic signature service “Penneo Sign”, Penneo acts as a data processor on behalf of our customers (company).
End users are managed by our customers, which act as a data controller. An end user is anyone who uses Penneo Sign, to sign documents as instructed to by the Controller/Customer.
Storage of user data: On behalf of the user, Penneo processes and stores the name, email address, IP address, title and role of the signing user.
The signed document is saved in the user’s personal Penneo archive, if the user accepts these conditions upon signature. The choice of storage should be considered by the user in accordance with their employers own data retention policy. The User can always deny the storage of a document or can optionally choose to store the signed document in the Penneo Sign Archive. If the user decides to not store the document, they will receive a limited access to the document of 14 days, via. a Penneo personal archive.
Following the 14 days the document and archive will be deleted, unless other documents have been stored in the archive.
The Penneo Sign Archive provides encrypted storage of documents, where the documents are only accessible via the credentials which the user/signer used to sign the documents. These will typically be the user’s national electronic ID.
Necessary logs/audit information for a signature session will be kept according to retention policies, in order to be able to show evidence for a signing order and also to resolve issues that can arise after the casefile is completed.
Purpose of processing:
The controllers are the responsible entities for the purpose of processing. As the data processor, Penneo signs a data processing agreement with the Customer as data controller. The data processor agreement establishes the framework for Penneo’s personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.
The purpose of a signing request in the context of Penneo Sign is to generate a secured document (PaDES) that binds the document content to the signer’s ID, and to include necessary evidence in the sealed document.
A signed document (casefile) will by default be kept for 5 years, and then deleted by Penneo, unless the customer deletes the casefile before then.
During the signature process, some data subjects related to the signer’s ID will be processed to be able to bind the user’s ID to the document(s).
The following data subjects will be processed for end users of the controller:
- Name
- National identity numbers (if specified by the Controller)
- Email address
- Mobile phone number
- Unique digital certificate number
- Nationality
- Penneo generated userID
- User meta data (IP address, Language settings, Device type, Browser)
3rd party eID providers which Penneo has integrations with (e.g. MitID and Bank ID SE) offer different sets of end user data, and the subject list above will differ somewhat between eID vendors’ provided data. From the list of subjects mentioned, email address and user meta data is used for the ability to send notifications to the signer, related to a signing request.
The document(s) to be signed are needed by Penneo as a processor, to be able to show the documents to the signers (read consent) and to be able to package the documents, along with signer ID verification elements, into a final signed document. Penneo will not do any processing or extraction of document content during the signature processing.
The documents sent to Penneo from the data controller may contain privacy data, such as in the case of insurance documents that may contain health data, photos, etc. Penneos has no way of knowing the specific information within the documents as this is decided solely by the controller.
Last updated: 14th of February 2023
