Docuprove is a service provided by Digiprove Ltd.
This statement describes Digiprove’s policy in relation to personal information. Please note that this policy was revised substantially on 20th May 2018 to reflect the impact of the EU’s GDPR directive and to be as clear as possible. If you do not understand or do not accept any aspect of it, you should not register as a user.
1. What information does Digiprove collect?
Digiprove may collect some or all of the following information:
- Personal Information – identifying information such as name and email address
- User Credentials – security information such as user id and password
- Payment Information – credit card details (by our PCI-compliant Payments Provider REALEX)
- Uploaded content – content you choose to upload to Digiprove
- Log of usage – information about your usage of the system including navigation from page to page
- Feedback Information – information you provide to us by completing a contact form online or by contacting us via email, post, telephone, or fax
2. How does Digiprove use Personal Information and for what purpose?
- Your email address will be used to send you:
- Confirmation of any transaction you undertake on the Digiprove website
- Digiprove certificates of content
- Acknowledgement of any payments you make
- Copies of any emails sent to third parties by your instruction
- Responses to messages from you
- Important notices for users about service issues and faults
- Notices of Digiprove marketing initiatives or offers (if you have agreed to such communication)
- Your name will be used to address you within any emails we send you
- Your name and email address together will be used to identify you as the originator of messages and content that you instruct Digiprove to send on your behalf (“certified email”). It is not possible to send anonymous email using this service.
- Your name and your chosen user id will be used to refer to you as the possessor of the identified content in any Digiprove certificate of content requested by you. Such certificates will not be forwarded to any third party.
- Your telephone number may be used to contact you in relation to service issues, membership surveys, or marketing initiatives (if you have agreed to such communication).
- You may choose to supply additional optional personal information such as your address, which may be used to further identify you as the possessor of content
3. Communications Policy
We use email as part of our service, e.g. to confirm transactions. These operaional messages are an intrinsic part of our service.
All communication will cease if you close your account which can be done at any time by selecting “Preferences”, “Close Account” from the members’ area.
We occasionally send notices of Digiprove marketing initiatives, offers, or news, only to those users who have explicitly opted-in to receive such communications. You may “opt-out” of receiving these communications by:
- sending an email to firstname.lastname@example.org from the email address in question with the words “Opt Out” in the subject line.
- clicking on the Unsubscribe button in the footer of such emails
- changing your communications consent setting when logged in to the user area of the website (https://www.digiprove.com/secure/login.aspx, Preferences, Personal Information).
4. How does Digiprove use User Credentials?
- Your chosen user id and password will be used to authenticate your access to our secure website (note that your password is held in an encrypted form)
- Your chosen security question and the answer you supply may be used to restore your access to Digiprove if you have forgotten your password
- Your chosen security question and the answer you supply may be used to authenticate you when speaking to a Digiprove support representative on the phone
5. How does Digiprove use Payment Information?
- Our payments processor (REALEX) will use your credit card details to make payments for the Digiprove services
- Your permission for every such payment will be sought online, and will be given by clicking on a “Proceed with Payment” or similar button, unless you have previously authorised automatic renewals of your account.
- Any previously given authorisation for repeat payments may be revoked by you at any time
- Your credit card details are not retained by Digiprove. They are passed to our payments processor only for the purpose of facilitating authorised automatic renewals.
6. How does Digiprove use Uploaded Content?
The only uses for uploaded content are:
- To be stored in on Digiprove’s servers for your own use and to be available to you to download within a secure session.
- To forward such content to third parties via content-registered email according to your specific instructions. Such content is archived for up to one year to facilitate re-sending. The Digital Fingerprint of such content and the covering text of each forwarded message are retained indefinitely for records purposes.
7. How does Digiprove use the Log of usage data?
- To provide you with historical information on your usage of the system, e.g. what documents you have Digiproved
- Digiprove uses aggregated and anonymised log data to enable us to better understand our users’ requirements and interests and thereby to improve the focus of the service and the relevance of the website content.
8. How does Digiprove use Feedback Information?
This information is used for the purposes of reviewing this feedback and improving the Digiprove services and website. You are at no time under any obligation to provide any such data.
9. To whom does Digiprove transfer your personal information?
Except as provided below, Digiprove shall not sell, rent, trade or otherwise transfer any Personal and/or Uploaded content to any third party without your explicit permission, unless it is obliged to do so under applicable laws or by order of the competent authorities.
10. What are cookies and how does Digiprove use them?
11. How far does Digiprove’s responsibility extend?
12. How does Digiprove protect your personal information?
Digiprove takes appropriate operational and technical measures to protect the information it collects. The databases containing such information can only be accessed by authorised employees of Digiprove or approved service providers who need to have access to these databases in order to be able to fulfill their given duties. All such access is subject to authentication and is logged. Access to your data through the website is protected by SSL encryption.
Yes. This policy may change from time to time to comply with legal requirements, to improve services to our users, or to heighten privacy and confidentiality. The latest version of this policy is published online at https://www.digiprove.com/secure/privacypolicy.aspx.
14. How can I see all the personal information you have about me, and/or correct errors?
All of the personal information we have about you as a user is available through the members website, which you can log into at https://www.digiprove.com/secure/login.aspx. There are also facilities to amend such data (except the transactional information, the subject of which has been certified by Digiprove process as authentic).
15. How can I close my account and cease all payment and communication?
You may close your account through the members website, which you can log into at https://www.digiprove.com/secure/login.aspx. You may receive one final email confirming the closure.
16. Right to Erasure: How can I have my personal data deleted?
If you would like all of your personal data deleted from our databases, first you should contact us by email using the primary email address we have on record from you, to email@example.com. It is not sufficient to send this instruction via our website contact form (which is open to visitors). Your request needs to include your Digiprove user id, the email address associated with your account, and your full name and address as recorded in our records. We reserve the right to disregard any such an instruction that does not adhere to the above instructions or that we reasonably believe to be fraudulent.
Once that is done we will take steps to:
- Verify that the request is complete and matches the identifying details from our records
- Verify (following our then-current procedures) the genuineness of the request and that it originates from you. This may include requesting you to close your account via the password-protected member’s website, seeking the answers to security questions, and/or other steps.
- inform you (using the contact data we have on record for you) that we have received this request and seeking your specifically worded confirmation.
- We may contact you by telephone or take other actions to further verify the request is genuine
We reserve the right to disregard such an instruction if we believe it to be a malicious instruction, in which case we will notify you of that decision usng the contact details we have in our records.
We reserve the right to charge a reasonable fee to reflect our administrative costs.
- that the deletion of your personal data cannot be reversed.
- that the deletion of your personal data will involve the complete closure of your Digiprove account as we cannot provide any useful services without a user.
- that previously Digiproved content will continue to be provable only if you have retained in your own records the relevant Digiprove certificate(s) (or the certification has been embedded in the content)
- the provisos in section 18 below
17. How long is your information kept by Digiprove?
Digiprove will retain your information only for as long as is necessary to:
(1) perform the Digiprove services;
(2) invoice to you your use of the Digiprove services;
(3) satisfy relevant laws in relation to proving the validity of invoices
(4) comply with applicable legislation, regulatory requests and relevant orders from competent courts;
18. Procedures and Exceptions in relation to Right to Erasure and Correction requests:
Primary instances of personal data in production systems will be erased or corrected without undue delay provided the steps detailed in section 16 have been followed. However copies of personal data may also reside in backup archives that must be retained for a longer period of time – either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons.
Such data will not be restored back to production systems (except in certain rare instances, e.g., the need to recover from a natural disaster or serious security breach). In such cases, the user’s personal data may be restored from backups, but the controller will take the necessary steps to honour the initial request and erase the primary instance of the data again. Backup archives containing personal data will be protected with strong encryption, so that even if criminals were able to steal the archive, its contents would remain useless to them.
Records of all user requests regarding their personal data will be retained, as will audit logs that record all activities on backup archives containing personal data. This means that the user can be confident that their personal data has been backed up in accordance with GDPR principles of security by design and by default, as well as data minimisation, and that their rights, including the right to erasure, have been honoured.
To the extent that personal data may continue to exist also in correspondence, log files, and audit trails and others and needs to be retained for audit and legal reasons, such data will not be deleted but where feasible, will be anonymised
This Policy was last revised on 13th June 2019