Privacy Policy

1. Overview

This Privacy Policy explains how SignedX Pty Ltd ACN 697 814 047 (SignedX, we, us or our) collects, holds, uses and discloses Personal Information. We are committed to complying with the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs).

By accessing or using our Website or Services, you consent to the collection, use, storage and disclosure of your Personal Information as described in this Privacy Policy. If you do not agree, please do not use our Website or Services.

We may update this Privacy Policy from time to time. The current version is always available at signedx.com.au.

2. Definitions

Act means the Privacy Act 1988 (Cth).

SignedX, we, us or our means SignedX Pty Ltd ACN 697 814 047, an Australian proprietary limited company, and its related bodies corporate.

OAIC means the Office of the Australian Information Commissioner.

Personal Information means has the meaning given in the Act and includes information about you which identifies, or could reasonably be used to identify, you.

Sensitive Information means has the meaning given in the Act.

Services means the eSignature, identity verification and related services provided by SignedX, including via our Website, our dashboard, our APIs and any third-party integrations.

Website means signedx.com.au, signedx.com, dashboard.signedx.com.au, and any other site through which the Services are promoted or delivered.

you means you and any person acting on your behalf or with your implied authority.

3. Information we collect

We collect and hold the following types of Personal Information:

• personal details, including your name and, where relevant, your electronic signature, identity verification information and supporting documents;

• contact details, including email address, telephone number and postal address;

• information necessary or incidental to delivering the Services, including details of the party requesting our Services on your behalf and any documents shared with us in connection with those Services;

• technical information arising from your use of the Services, including IP address, device identifiers and transactional metadata; and

• any other Personal Information reasonably required to facilitate your dealings with us.

4. How we collect Personal Information

We may collect Personal Information when you, or a person dealing with us on your behalf:

• access, use or interact with our Website or Services;

• communicate with our staff or representatives;

• provide your information to us via a third party who has engaged us to deliver the Services to you; or

• otherwise deal with us in the course of our business.

Where we solicit Personal Information, we collect:

• non-Sensitive Information where it is reasonably necessary for the Services we provide; and

• Sensitive Information only where it is reasonably necessary for or directly related to the Services and you have consented, or its collection is otherwise permitted or authorised by law.

Where we receive your Personal Information from a third party (such as a business engaging us to obtain your signature or verify your identity), we will, where required, take reasonable steps to make you aware of that collection.

5. Why we collect, hold, use and disclose Personal Information

We collect, hold, use and disclose Personal Information for the following purposes:

• to provide the Services to you, or to a third party who has engaged us to provide Services involving you;

• to administer, operate and improve the Services and our Website;

• to share your Personal Information with our employees, contractors, sub-contractors and other service providers (including platform, hosting and infrastructure partners) so they can assist us in delivering the Services;

• to share your Personal Information with the third party who engaged us, where they require it to complete the relevant transaction;

• to respond to your enquiries and update your records;

• to undertake analytics on an anonymised and de-identified basis;

• to comply with reporting obligations to regulators and other legal or compliance requirements; and

• for any other purpose disclosed to you at the time of collection or to which you have consented.

We may use or disclose Personal Information for secondary purposes related (or, in the case of Sensitive Information, directly related) to the primary purpose, where you would reasonably expect us to do so.

Unless you opt out, we may use your contact details to send you direct marketing communications about our products and services. You can opt out at any time by contacting us using the details below or via the unsubscribe option in our communications. We will not disclose your Personal Information for third-party direct marketing without your consent.

6. Platform and infrastructure partners

To deliver the Services, SignedX relies on a third-party platform partner together with hosting, payments and infrastructure providers (Platform Partners). Your Personal Information may be processed by these Platform Partners on our behalf for the sole purpose of delivering the Services.

Our primary Platform Partner holds ISO/IEC 27001 certification covering its Information Security Management System, providing internationally recognised assurance over the confidentiality, integrity and availability of data processed through the platform. All data processed under that certification is hosted in Australian data centres.

Our Platform Partners are subject to confidentiality and data security obligations consistent with this Privacy Policy and the Act. SignedX remains responsible for the handling of your Personal Information.

7. How we store and protect Personal Information

We take the security of Personal Information seriously.

We hold Personal Information in physical and electronic form. Physical records are kept in access-controlled premises. Electronic records are stored on secured information systems accessible only via authenticated networks.

We take reasonable steps to:

• ensure Personal Information we collect, use or disclose is accurate, up to date, complete and relevant;

• protect Personal Information from misuse, interference, loss and from unauthorised access, modification or disclosure; and

• destroy or de-identify Personal Information that we no longer need, except where we are required to retain it by law or for legitimate business reasons.

No transmission over the internet can be guaranteed secure. Transmission is at your own risk.

8. Overseas disclosure

We are unlikely to disclose your Personal Information to overseas recipients. Where we do (typically through Platform Partners providing hosting, data storage, communications or analytics), any such disclosure will be made in accordance with the Act. We take reasonable steps to ensure that overseas recipients handle your Personal Information consistently with the APPs.

9. Cookies and our Website

We use cookies and similar technologies to operate, secure and personalise the Website, conduct analytics, and improve our Services. You can refuse cookies via your browser settings, but some Website features may not function correctly if you do.

10. Third parties engaging our Services

Where a third party engages SignedX to deliver Services involving you (for example, a business sending you a document for signature), we will receive your information from that third party. SignedX is not responsible for that third party's privacy practices, and we encourage you to review their privacy policy.

Where the Services link to or are integrated with third-party services, this does not constitute our endorsement of those services.

11. Accessing and correcting your Personal Information

You may request access to, or correction of, the Personal Information we hold about you. We will respond within a reasonable period in accordance with the Act.

There is no charge for making a request, although we may charge a reasonable administration fee where the volume of information is significant.

To verify your identity before disclosing Personal Information, we may ask you to provide identification.

12. Complaints

Complaints about this Privacy Policy or our handling of your Personal Information should first be directed to us using the contact details below. We will investigate and respond in accordance with the Act. If you are not satisfied with our response, you may contact the OAIC at oaic.gov.au.

13. Data subjects in the European Economic Area

Where you are located in the European Economic Area (EEA) and the EU General Data Protection Regulation (GDPR) applies, SignedX processes Personal Information about you only where we have a lawful basis to do so. The lawful bases on which we rely include:

• performance of a contract with you or with a third party who has engaged us to deliver Services involving you;

• our legitimate interests in operating, securing and improving the Services;

• compliance with our legal obligations; and

• your consent, where applicable.

Where we rely on your consent, you may withdraw it at any time, although this will not affect any processing already undertaken. You may have rights under the GDPR to access, correct, erase, restrict or object to our processing, and to data portability. To exercise these rights, please contact us using the details below.

14. Contact us

For any privacy-related questions, requests or complaints, please contact SignedX at:

Entity: SignedX Pty Ltd ACN 697 814 047

Email: hello@signedx.com.au