Last updated: 07/ 25/ 2023
We, BulkSignature, the Apps Record LLC (“us”, “Owner”, “Data Controller”), respect the privacy of our customers (“Customers”) and any user of our websites and other services, including job applicants and others referred to as “Users” or “you” in this privacy policy. This privacy policy (“Privacy Policy”) applies to all Users of our services, including our websites “www.bulksignature.com” and any subdomains (collectively referred to as “Websites”), web applications (“Web Apps”), and mobile applications (“Mobile Apps”) collectively referred to as “Our App” or “our apps”. The content on our websites and apps constitutes BulkSignature services and any related services collectively referred to as the “Services” in this privacy policy.
Owner and Data Controller
Types of Information collected
Unless specified otherwise, all Data requested by us is mandatory and failure to provide this data may make it impossible for us to provide our services. In cases where we specifically state that some data is not mandatory, Users are free not to communicate this data without consequences to the availability or the functioning of the service.
Users who are uncertain about which data is mandatory are welcome to contact the Owner.
Any utilization of Cookies or other tracking tools by BulkSignature or by the owners of third-party services engaged by BulkSignature is solely intended to facilitate the provision of the Service that the User has requested.
We collect the following types of personal data
Personal data such as first name, last name, email address, phone number
Company data and employment data such as company name, domain, address, country, phone number, currency, billing contact, tax jurisdiction, VAT/GST numbers
Google Workspace OAuth architecture and APIs, for more information about Google Workspace data check the relevant section
Demographic data such as age, gender, occupation, interests
Tracking and geolocation data such as device name, ip address, country
Financial data – although we do not collect and store credit card or debit card numbers, our sub-processors and third party service providers do collect bank account information and other financial information such as the four last digits of your credit card, transactions associated with your use of the Services, including the transaction ID, transaction category and type, merchant name, amount, currency, date, and location;
Usage data such as pages visited, buttons clicked, specific services provided in the web apps
Personal Data you provide us in an email/chat/text messaging or any other free-text entry box, either as part of your account or as part of any use the Services while connecting with other Users and any Personal Data you include in an email while using the Services
How we collect data
Through Google Analytics Tracking Services
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of BulkSignature, to prepare reports on its activities and share them with other Google services.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users’ IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data processed: Cookies; Usage Data,
Place of processing: United States – Privacy Policy – Opt Out
Contact Form (WP Forms)
BulkSignature uses the contact form on Website developed by WP Forms LLC to collect the personal data. By filling in the contact form with their Data, the User authorizes BulkSignature to use these details to provide the customer service or to answer the inquiry
Personal Data processed: first name, last name, email address
Payment Form
Payment processing services enable BulkSignature to process payments by credit card, bank transfer or other means. BulkSignature uses Stripe Inc. as a data processor for the payment operations. Stripe is a payment service provided by Stripe Inc., which allows Users to make online payments.
To ensure greater security, BulkSignature shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.
Personal Data collected through Stripe’s payment form and shared to Owner:
company information such as: company name, company address, country, language, financial currency, tax jurisdiction, VAT/GST numbers
contact information: first name, last name, email address
Additional data processed: various types of Data as specified in their privacy policy of the service.
Google Workspace OAuth, Gmail API and Google Workspace service-to-service APIs
Once you install our app through Google Workspace Marketplace, authorize us to access certain data from your organization’s Google Workspace. You can learn more about how data access and permissions work in Google Workspace Marketplace apps here.
We use the Google Workspace Admin platform to provide services.
For the seamless work of our application we access, collect and store the following data from your Google Workspace Admin account:
User/admin profile details: such as full name, email, phone number, address, organization name, etc
Employee details and users of a domain: first and last name, email address, phone number, mailing address, department name, assigned group, and organizational unit of all employees active in G Suite account
Details about groups: such as a list of group names and group subscriptions. We will also access the data about which employees belong to which group
Organizational units. We collect names and descriptions of organizational units, their nested hierarchies, and the information about members of organizational units
User schemas on your domain. We can view certain details (e.g., custom field names and types) of user schemas on your domain
Basic Gmail setting. We can access the following basic settings on Gmail: primary email address, primary reply-to, display name and signature, view and manage filters
Sensitive Gmail settings that include forwarding rules and aliases
Mode and place of processing the Data
Methods of Processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using third party data storing and processing services such as Amazon AWS RDS and other third party cloud enabled tools and services.
Apart from the Owner, other bodies responsible for various aspects of BulkSignature’s operation (including administration, sales, marketing, legal, system administration) as well as external data processors (such as third-party technical service providers, mail carriers, hosting providers, IT companies, and communications agencies) may have access to the Data in certain cases.
The list of updated data sub-processors include, but not limited to the following:
| Sub-processor | Services | Nature and Purpose of Processing | Categories of personal data | Location of Processing | Data Processing Agreement |
| Amazon Inc. | AWS Virtual Private Networks, AWS RDS, AWS Lambda, data center | Data Center Services, Cloud Storage Services, database hosting, website hosting, and | All data mentioned above to provide access to services | United States | AWS Data Processing Addendum |
| Stripe Inc. | Stripe Payments platform, Stripe API | Payments, Invoices and Subscriptions Management | Personal data, Credit cards info, bank information, company data | United States | Data Processing Agreement |
| Tawk.to | Online Chat Widget | Identifying the user for the purposes of customer service | First name, last name, email, IP address, country, location device name, page visits | United States | Data Processing Addendum |
| Alphabet Inc. | Google Workspace API, Gmail API | Collecting user data, to provide basic services | Personal data such as company data, and employee data | United States | Cloud Data Processing Addendum |
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
Where Owner needs the Personal Data to perform a contract with the User
Where the processing is in Owner’s legitimate interests and provided that the interest is not overridden by the data subject’s privacy interests and the data subject has not made use of his/her right to object
Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof
Processing is necessary for compliance with a legal obligation to which the Owner is subject
The personal data is necessary to fulfill a legitimate interest of the Owner or third party (provided that the interest is not overridden by the data subject’s privacy interests and the data subject has not made use of his/her right to object)
In some cases, Owner may also have a legal obligation to collect Personal Data from User or may otherwise need the Personal Data to protect User’s vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Summary of legal basis for collecting your data:
| Purpose/Activity | Type of data | Collected by | Lawful basis for processing including basis of legitimate interest |
| To register you as a new user from Google OAuth, to provide our Services | First name, Last name, email, Company information, domain info, data we access from Google Workspace | BulkSignature, Alphabet Inc. | Performance of a contract with you |
| To process and deliver your order including:Manage payments, fees and charges Collect and recover money owed to us | First name, last name, email Financial info: card numbers, expiration, security code Transaction details: date address, location, tax jurisdiction | BulkSignature, Stripe Inc. | Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
| To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | First name, last name, email, company information, Google Workspace Account info Technical details like: ip, country, device | BulkSignature | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Necessary to comply with a legal obligation |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Geo location data, Usage data | Google Analytics | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To make suggestions and recommendations to you about products or services that may be of interest to you | First name, Last name, email, Company information, domain info, Google OAuth Tokens, Usage history | BulkSignature | Necessary for our legitimate interests (to develop our products/services and grow our business) |
Place
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: registration and authentication, handling payments, interaction with live chat platforms, analytics, and user database management and contacting the User.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Cookie policy
Our cookie policy is written separately from this privacy policy and be viewed at any time
Additional information about Data collection and processing
Legal action
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of our app or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User's Personal Data
In addition to the information contained in this privacy policy, BulkSignature may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, we and any third-party data sub-processors may collect files that record interaction with BulkSignature (System logs) or use other Personal Data (such as the IP Address) for this purpose.
Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time without notifying the User. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
If the changes impact the processing activities performed on the basis of the User’s consent, the Owner will obtain new consent from the User, if necessary.