Skip to content
menu-toggle
menu-close

Ensuring GDPR compliance

We want to assure our users that we are committed to data protection and that our Software as a Service (SaaS) solution fully complies with the requirements of the European General Data Protection Regulation (GDPR).

What is GDPR?

One fundamental aspect of the General Data Protection Regulation (GDPR) is the emphasis on empowering individuals with greater control over their personal data. The regulation grants data subjects specific rights, including the ability to access, rectify, and erase their personal information held by organizations. This shift towards more transparent and individual-centric data management is a core principle of the GDPR, aiming to enhance privacy and data protection for individuals within the European Union.

Addo Sign in compliance with GDPR

We recognize the importance of protecting personal information and have implemented strong security measures to ensure that all data handled through our SaaS platform is processed securely and in compliance with GDPR regulations.

Our approach includes clear guidelines for the collection, storage and processing of data, as well as measures to uphold the rights and privacy of data subjects. We continuously update and review our systems to ensure they meet the latest data protection standards and requirements.

By choosing our SaaS solution, our users can rest assured that their data is handled securely and lawfully and that they retain full control over their personal information. We are dedicated to maintaining high standards of data security and fully comply with current GDPR regulations to provide a safe and reliable user experience.

 

Addo Sign uses several methods to remove unnecessary personal data and enforce the data protection rules of GDPR. When the data anonymization feature is enabled, it also removes all personally identifiable data. 

New accounts created after January 16, 2020 will come with our data anonymization feature enabled by default. Existing accounts are encouraged to enable this feature. Once enabled, all transactions that have exceeded their deadline will be anonymized. This action cannot be undone, but it can be disabled again and will not affect new transactions. 

You can turn the data anonymization feature on and off in your account settings/account overview. 

 

What is personally identifiable data in Addo?

When you send a document via Addo, each transaction will contain personally identifiable information. This is found in the documents that are sent, signed and returned, as well as in the transaction details.

Addo is designed to send and receive digital signatures, data and documents in a secure way. Storing this information is only relevant as long as the communication is between sender and receiver. If you need a digital archive of the documents you have sent and received, we can provide you with Addo Vault which is an e-archiving solution within Addo Sign. However, Addo also offers multiple integration options so that signed documents can be automatically delivered to email, SFTP, Google Drive, Mit.dk and more.

How Addo Sign handles personally identifiable data of your recipients

Social Security Numbers 
These numbers are used when using Addo's identification feature and when creating digital signatures using special certificates like MitID or BankID. While the transaction is active, the sender can only see these numbers in the transaction details in Addo. This information is stored securely until the transaction is completed. This is the default setting in Addo and cannot be disabled.

Documents
All transferred documents in the transaction are deleted 10 days after the transaction deadline. This is the default setting in Addo and cannot be disabled.

Everything else
With the additional anonymization enabled, all personally identifiable information, including names, phone numbers and email addresses, will be encrypted 10 days after the transaction deadline. In the case of using the reference number field to identify signers by name or social security number, there is an additional option to anonymize this data as well. For those who do not insert personally identifiable data in the reference number field, the field does not need to be anonymized.