Privacy policy for the use of inSign software

Trans­parency is the bases of our self-image. Therefore in the following we would like to inform you about how we process your personal data regarding the use of inSign software with which you place your digital signature and your resulting legal rights. We do this in corre­spon­dence of relevant legal require­ments and especially the EU General Data Protection Regulation (GDPR).

1. Who is respon­sible for processing the data and who can I contact?

PrismaLife AG is respon­sible for processing data.

Our contact details are:

PrismaLife AG
Indus­tri­ering 40
9491 Ruggell
Liecht­en­stein
Phone: 00423 220 01 01
Fax: 00423 237 00 09
Email adress: info@​prismalife.​com

On data protection matters, please contact our data protection officer by email: data-​protection@​prismalife.​com

2. How, for which purpose and on which legal basis are your personal data processed?

2.1 Description and purposes for processing

As an active person of PrismaLife AG you receive your personal access code for inSign software via email.

To provide you with these infor­mation we process your PrismaLife email address as well as your first and last name.

Your personal access data (user name and password) should be kept secret and should not be acces­sible to others.

In order to gain access to documents that need to be signed digitally, we furthermore need your email address, the number of your mobile phone as well as your first and last name.

2.1.1 Oblig­ation to provide data/consequences of non-provision

In case you do not provide the data described under 2.1, we can not offer any access to inSign software and therefore you can not sign any document digitally.

2.1.2 Legal basis for data processing

Legal basis for processing your personal data to provide you with access data as an active person of PrismaLife AG or as third party is article 6, paragraph 1, letter b) of the GDPR (pre-policy measure respec­tively contractual oblig­ation).

2.1.3 Duration of data storage

The access for persons working for PrismaLife AG is deleted directly after they officially resign from work. Proce­dures respec­tively documents will automat­i­cally be deleted from the software after 30 days.

The access for third party is valid until the procedure is still in progress respec­tively will automat­i­cally be deleted after 30 days. Documents will be deleted when proce­dures end respec­tively they will be deleted automat­i­cally after 30 days.

2.2 Description and purposes for processing personal data when providing an electronic signature

PrismaLife AG uses inSign software to encode digital signa­tures. Thereby the software detects biometric data from the provided digital signature (writing speed, writing direction, writing pauses and possibly pressure strength) as an advanced signature following the signature law and encodes this signature with an assymetric crypto­graphic procedure (so called RSA cryptosystem). We store and use these data during our contractual relationship with active individuals of PrismaLife AG as well as third party for the estab­lishment, imple­men­tation or termi­nation of this contractual relationship. To avoid any manip­u­lation a notary created the public and private key for this assymetric encoding system and keeps the private key under custody. In case any proof is needed if it came to a dispute about the authen­ticity of the signature we may order the notary to decode particular documents and datasets for the purpose of assertion, processing or defending legal claims.

On devices with tough sensitive screens such as tablets or convert­ibles the signature may be given directly on the device. On devices such as notebooks or PC`s you may choose to generate your signature using the added inSign appli­cation or via a signature webclient for mobile phones (supporting also windows based mobile phones). Alter­na­tively you may also sign on the mobile phone using your browser (no appli­cation needed).

2.2.1 Oblig­ation to provide data/consequences of non-provision

In case you do not consent the processing of your biometric data you can not sign any documents digitally.

2.2.2 Legal basis for data processing

Prior to signing any document digitally you need to approve to processing your biometric data in the inSign software (article 6, paragraph 1, letter a) GDPR and article 9, paragraph 2, letter a) GDPR in conjunction with article 7 GDPR). The moment in terms of date and time of the given signature will be printed into the document as well as an inSign process ID will be generated.

Any consent you have given for processing your biometric data in the context of providing an electronic signature can be revoked at any time using the contact address of PrismaLife AG (article 7, paragraph 3, GDPR).Please note the conse­quences of non-provision described under 2.2.1 .

Please note that revoking your consent is only valid for future processing. Processes prior to revoking the consent are not affected by this.

If necessary we will also process your data beyond our own use to optain legit­imate interest of us or third parties according to article 6, paragraph 1, letter f) GDPR. We will do so as long as your funda­mental rights or your funda­mental freedom, that needs to be protected by personal data, outweigh this procedure.

Among others, these are:

  • Assertion of legal claims and protection in legal dusputes, ensuring the fulfillment of your claims;
  • Ensuring IT security and IT processes of the insurance company, imple­menting stress tests, devel­oping new and adapting existing products and systems, migration of data to secure capacity and integrity of the systems and in the broader sense securing the processed data;
  • Taking measures for business management and process devel­opment, services and products.

2.2.3 Duration of data storage

We store your personal data as long as they are needed for the purposes stated above. Doing so it could occur that personal data is stored for as long as claims against our cumpany are valid (legal limitation period of 3 or up to 30 years).

Personal data regarding your contracts and to the used services will not be stored in your browser. Excluded from this are especially pictures and documents you possibly cached on your computer or mobile phone prior to submission, as well as notifi­ca­tions you downloaded on your devices. The deletion or storage period of this data is your own respon­si­bility.

2.3 Connection data and security of the system

As using inSign software your browser transmits data to our server (see above). With each trans­mission also following infor­mation (connection data) is sent to our server:

  • Your IP-address

This connection data is also stored as a log file by our server as standard for the purpose of system security and error analysis.

2.3.1 Legal basis to process connection data

The trans­mission of connection data only takes place insofar as a technical connection is required for trans­mission within the scope of the respective function­al­ities of the inSign software used. As a rule the legal basis for processing your data is article 6, paragraph 1, letter b) GDPR (pre-contract measures or contractual oblig­a­tions).
The storage of connection data by using technical connec­tions is based on our legit­imate interest according to article 6, paragraph 1, letter f) GDPR. Our legit­imate interest is to ensure the stability and security of the system and to eliminate malfunc­tions.

2.3.2 Duration of storage or criteria to determine the duration of storage

Connection data that are processed by the inSign software are deleted after the expiry of the statutory retention period.

3. Recording of website page views

When you access the website for the inSign software, infor­mation is automat­i­cally sent to the server of this website by the browser used on your end device. This infor­mation is temporarily stored in a so-called log file.

Following infor­mation is collected without your inter­vention and stored until automatic deletion:

  • IP address of the requesting device
  • date and time of access
  • name and URL of the retrieved files
  • Website from which the access is made (referrers URL)
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The afore­men­tioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website
  • Ensuring a comfortable use of our website
  • Evalu­ation of system security and stability
  • Other admin­is­trative purposes

The legal basis for the data processing is article 6, paragraph 1, sentence 1, letter f) GDPR. Our legit­imate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclu­sions about your person.

The call history is stored until the end of the process or for a maximum of 30 days.

4. Use of cookies on the website to provide an electronic signature

Cookies are small text files that are stored locally in the visitor's internet browser and are used for recog­nition by means of the user's IP address. PrismaLife AG currently uses such cookies. You can find further infor­mation at: www​.prismalife​.com/​e​n​/​i​n​s​igncookies

5. Data security

For security reasons and to protect the trans­mission of confi­dential content that you as a user send to us as the site operator, this site uses SSL encryption. An encrypted connection can be recog­nised by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

6. Your data protection rights

According to the General Data Protection Regulation, you as the data subject have the right to infor­mation according to article 15 of the regulation, the right to recti­fi­cation according to article 16 of the regulation, the right to erasure according to article 17 of the regulation, the right to restriction of processing according to article 18 of the regulation and the right to data porta­bility according to article 20 of the regulation. Furthermore, there is a right of revocation according to article 7, paragraph 3 of the GDPR as well as a right of objection according to article 21 of the GDPR. If you make use of your above-mentioned rights, we will check whether the legal require­ments for this are met. Furthermore, you have the right to lodge a complaint with a data protection super­visory authority (article 77 of the GDPR).

The data protection super­visory authority respon­sible for us is:

Daten­schutzstelle Liecht­en­stein
Städtle 38
Postfach 684
9490 Vaduz

You can exercise all your rights by sending an email to data-​protection@​prismalife.​com or by post.

In order for our response to be addressed to you as the data subject, you must identify yourself or help to identify yourself.

Infor­mation about your right to object in accor­dance with article 21 of the General Data Protection Regulation (GDPR)

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of article 6, paragraph 1, letter e) GDPR (data processing in the public interest) and article 6, paragraph 1, letter f) GDPR (data processing on the basis of a balance of interests).

If you object, we will no longer process your personal data unless we can demon­strate compelling legit­imate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made form-free and should be addressed to:
PrismaLife AG

Indus­tri­ering 40

9491 Ruggell

Liecht­en­stein

Fax: 00423 237 00 09

Email address: info@​prismalife.​com

If you have any questions about this privacy policy, please feel free to contact PrismaLife AG using the contact details above.


Notice:

This "Privacy policy for the use of inSign software" may be updated at a later date due to changes, e.g. legal require­ments.