Privacy Policy

Last updated on August 18, 2021

  1. INTRODUCTION
    1. Signitory Services Sdn Bhd. (Registration No. 202101006299 (1406598-X)) and its group of companies (collectively, “we”, “us” or “our”) care about your privacy. We are committed to maintaining your trust by protecting your personal data.

    2. We are in the business of providing digital signing solution services through our platform, namely, “Signitory” which is available at www.signitory.com (the “Platform”). Our core product and services help users create, complete and show the validity of digital or electronic transactions. As part of our services, we will collect and record information that enables parties to prove the validity of the relevant transactions. Such information may include the persons involved in the transactions and the devices those persons use.

    3. This privacy policy (“Privacy Policy”) sets out how we collect, process, manage, use, disclose and protect personal data belonging to our users and other persons (collectively, “you”) who access or use the Platform and/or Services, any of our websites, our mobile applications, our web client or professional client, and/or any of our other sites, products or services that link to this Privacy Policy. By using the Platform and/or Services, you agree and consent for us to collect, process, manage, use, disclose and protect your personal data in the manner as described in this Privacy Policy.

    4. For the purposes of this Privacy Policy, “Services” shall mean access and utility through our digital and/or electronic signing solution services platform via our developed software, application program interface (API), technologies, products and/or functionalities on the Platform.

    5. This Privacy Policy explains:

      1. what personal data we collect about you and how do we collect from you;

      2. what are the purposes of collecting your personal data;

      3. to which third parties and under what circumstances we will disclose your personal data;

      4. what are your rights in respect of your personal data; and

      5. what can you do if there are any changes, questions or complaints in relation to your personal data.

    6. Please read this Privacy Policy carefully to understand how we are committed to protecting the privacy, confidentiality and security of your personal data.



  2. KEY TERMS
    1. Unless otherwise stated, the words and expressions used in this Privacy Policy shall bear the same meaning as defined in the Malaysian Personal Data Protection Act 2010 (Act 709), including but not limited to the following:

      data processor” in relation to personal data, means any person, other than an employee of the data user, who processes the personal data solely on behalf of the data user, and does not process the personal data for any of his own purposes;

      data subject” means an individual who is the subject of the personal data;

      data user” means a person who either alone or jointly or in common with other persons processes any personal data or has control over or authorises the processing of any personal data, but does not include a data processor;

      personal data” means any information in respect of commercial transactions, which –

      1. is being processed wholly or partly by means of equipment operating automatically in response to instructions given for that purpose;

      2. is recorded with the intention that it should wholly or partly be processed by means of such equipment; or

      3. is recording as part of a relevant filing system or with the intention that it should form part of a relevant filing system, that relates directly or indirectly to a data subject,

      who is identified or identifiable from that information or from that and other information in the possession of the data user, including any sensitive personal data and expression of opinion about the data subject; but does not include any information that is processed for the purpose of a credit reporting business on by a credit reporting agency under the Credit Reporting Agencies Act 2010; and

      sensitive personal data” means any personal data consisting of information as to the physical or mental health condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister may determine by order published in the Gazette.



  3. INFORMATION THAT WE COLLECT
    1. Information you provide to us
      1. When you register for an account to use the Platform and/or Services, we collect personal data provided by you, which may include but not limited to the following:

        1. your identification details including but not limited to your full name, gender, age, identity card number or passport number;

        2. your user ID and password;

        3. your residential address and/or correspondence address (which may include office address);

        4. billing address;

        5. your contact information (e.g. email address and mobile number);

        6. your occupation and details of occupation;

        7. your financial information such as credit card, bank account or other payment details; and

        8. records of our communications with you, including any messages and/or emails you send to us.


          including any other information as may be required from us from time to time for the purposes specified in Clause 5 of this Privacy Policy.

      2. In addition to Clause 3.1.1 above, we will collect personal data about other individuals provided by you when you use the Platform and/or Services, such as when you send or receive a signature request/workflow transaction, share information about such transactions, or ask others to sign documents digitally or electronically.

      3. You may also provide us with access to your contacts to make it easy for you to, amongst others, collaborate with them, send messages to them and invite them to use

        the Platform and/or Services. Your contacts’ information may include personal data such as a real name, alias or email address. If you share your contacts with us, we will store those contacts on our servers for you to use.

    2. Information that we collect automatically
      1. We automatically collect personal data from you and your devices when you use the Platform and/or Services, even when you visit our sites or apps without logging in.

      2. We collect personal data about how you use the Platform and/or Services and the computers or other electronic devices (such as mobile phones or tablets). Some examples include:

        1. IP address;

        2. precise geolocation information;

        3. unique device identifiers and device attributes, such as operating system and browser type;

        4. usage data, such as web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Platform and/or Services, the frequency of your use of the Platform and/or Services, error logs, and other similar information; and

        5. transactional data, such as names and email addresses of parties to a transaction, subject line, history of actions that individuals take on a transaction (e.g. review, sign and enable features) and personal data about those individuals or their devices, such as name, email address, IP address and authentication methods.

    3. Information we collect from other sources

      We may collect personal data about you from others, such as:

      1. Third-Party Sources – Examples of third-party sources include marketers, partners, researchers, affiliates, service providers and other parties where they are legally allowed to share your personal data with us. For example, if you register for the Services on another website, the website may provide your personal data to us.

      2. Other Customers – Other customers may give us your personal data. For example, if a customer wants you to sign an electronic document using the Services, he or she will provide us your email address and name.

      3. Combining Personal Data from Different Sources – We may combine the personal data we receive from other sources with personal data we collect from you (or your device) and use it as described in this Privacy Policy.

    4. Personal data we collect and process on behalf of customers

      When our customers use the Platform and/or Services, we process and store certain personal data on their behalf as a data processor. For example, when a customer uploads contracts or other documents for review or signature, we act as a data processor and process the documents on the customer’s behalf and in accordance with his instructions. In such instances, the customer is the data controller and is responsible for most aspects of the processing of the personal data.



  4. FROM WHAT SOURCES WE COLLECT YOUR PERSONAL DATA?
    1. Please be informed that we may obtain your personal data from you and from other sources, including but not limited to:

      1. your relationship with us, including without limitation (a) information provided by you in registration forms or enquiry forms or customer surveys (if applicable); (b) when you sign up for an account with us on the Platform; (c) when you access the Platform and use the Services; or (d) when you communicate with us through phone calls, emails and/or other correspondence methods;

      2. any interactions between you and us through (a) the Platform; (b) our social media platforms; and (c) our online chat applications and forums (if applicable);

      3. our media launches which you may have been invited to or participated in our campaigns, competitions, activities and/or promotions where you are required to provide personal data about yourself and/or other parties (e.g. your family members and work colleagues);

      4. third parties connected to you, such as your employees, joint account holders, guarantors and such other persons (subject to your prior consent for them to disclose information relating to you);

      5. an analysis of the manner (a) you manage your account on the Platform; (b) your use of the Platform and/or Services, which include any transaction you make and/or the payment made to/from your account on the Platform; and

      6. by using Cookies (as defined below), details of which are as set out in Clause 14 of this Privacy Policy.



  5. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?
    1. During the course of your dealings with us, we will collect and process your personal data for a number of purposes, including but not limited to:

      1. register and set your account(s);

      2. verify your identity for signing purposes and signing audit trail;

      3. provide, improve, protect and promote the Platform and/or Services;

      4. manage the Services on the Platform including support systems and security;

      5. process your subscriptions and payments made in respect of the Services;

      6. record details about what happens with your electronic documents, such as who viewed or signed, the devices used and when these events occur;

      7. record details in relation to your digital or electronic signature requests, workflows and other transactions (such as when they were opened, signed and when/where they took place);

      8. to issue or enable the certification authority licensed under the Digital Signature Act 1997 to issue a valid certificate in respect of a digital signature which contains the subscriber’s public key;

      9. choose and deliver content and tailored advertising, and support the marketing and advertising of the Services;

      10. maintain, update, consolidate and improve the accuracy of our database records;

      11. send you records of your use of the Platform and/or Services, including any purchases/subscriptions made by you;

      12. understand how you use the Platform and/or Services and customise your experience;

      13. send you marketing communications (in accordance with your subscription preferences);

      14. provide customer support;

      15. respond to your inquiries, requests, feedback and complaints;

      16. fix issues or problems with the Platform and/or Services;

      17. prevent abuse of the Platform and/or Services;

      18. produce data, reports and statistics which have been anonymised or aggregated in a manner that does not identify you as an individual;

      19. conduct research for analytical purposes;

      20. meet the disclosure requirements of any law binding on us;

      21. comply with audit, compliance and risk management purposes;

      22. transfer or assign our rights, interests and obligations under any of your agreement(s) with us;

      23. prevent, investigate and respond to fraud, unauthorized access to the Platform and/or Services, breaches of terms and polices or other wrongful behaviour;

      24. any other purposes incidental or related to any of the above purposes; and

      25. carry out other lawful purposes about which we will notify our users and customers.

    2. We may also combine the personal data we collect (or that is otherwise provided to us) through aggregation and other means to limit the identification of any particular individual to help with our business goals (such as research and marketing).

    3. We give users the option to use some of the Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you subscribe to any of the Services, we may, from time to time, send you information in relation to upgrades of such Services. Users who receive these marketing materials can opt out at any time. If you do not want to receive a particular type of marketing material from us, click the ‘unsubscribe’ link in the corresponding emails, or contact us using the contact details provided in Clause 18.1 below. Please note that such marketing opt-out does not impact any transactional or operational notices that we may need to send you.

    4. We collect and use the personal data as described above in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we will ask for your consent in advance or require that our partners obtain such consent.



  6. HOW WE MAY SHARE YOUR PERSONAL DATA?
    1. We do not sell any of your personal data to any party whatsoever. However, we may share your personal data in such manner as described below:

      1. Vendors and other third-party service providers
        1. We may share your personal data with third parties that we engage with for the business purposes of helping us to provide and support the Platform and/or Services. These third parties provide services such as intelligent search technology, intelligent analytics, advertising, authentication systems, bill collection, fraud detection and customer support.

        2. We will enter into legally binding agreements with our third-party service providers under which they will undertake to protect and keep your personal data confidential and that they are prohibited from using your personal data for their own purposes.

        3. Our third-party service providers will access your personal data to perform tasks on our behalf. Notwithstanding the foregoing, we will remain responsible for their handling of your personal data in accordance with our instructions.

        4. We will collect and disclose the following categories of personal data, as described above, to our vendors and third-party service providers:


          1. Account Information – This includes your identifying information, which could be your real name, alias, unique personal identifier or online identifier and it could include other personal data such as your address, email address, account name or similar identifiers.

          2. Commercial Information – This includes purchasing or consuming history or tendencies, including products or services purchased, obtained or considered.

          3. Your Content – This refers to what you and your contacts decide to input into the fields in the forms on the Platform that you create and/or fill out.

          4. Contacts – This include identifying information in relation to contacts that you have chosen to give us access to such as a real name, alias or email address.

          5. Usage Information – This includes information relating to your use of the Platform and/or Services. As we provide online services, this may include Internet or other electronic network activity information, such as information regarding your interaction with websites, applications or advertisements.

          6. Device Information – This refers to the information in relation to the particular devices you use to access the Platform and/or Services, which may include usage information or device-specific information, such as an online identifier, IP address and geolocation data.


      2. Affiliates

        We may share your personal data to (a) our subsidiaries, related and associated companies; (b) our parent company including its subsidiaries, associated and related companies; and (c) our affiliates including our business partners (some of whom may be outside Malaysia and undertake administrative, management and operational functions for or on behalf of us in respect of or arising from any commercial transaction or to support sales, marketing, promotion and/or advertising efforts).

      3. Marketing partners

        We may share your personal data with sponsors of events, webinars or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.

      4. Business transactions

        We may share your personal data during a corporate transaction such as a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal data, as well as choices you may have.

      5. Compliance with law, safety, security and business transactions

        We may disclose your personal data to third parties if we determine that such disclosure is reasonably necessary to:

        1. comply with any applicable law, regulation, legal process or request from a governmental authority;

        2. fulfil our obligations as specified in this Privacy Policy;

        3. prevent fraud or abuse of the Platform and/or Services or our users;

        4. protect our rights, property, safety or interest; or

        5. perform a task carried out in the public interest.

      6. To other persons with your consent

        We may also disclose your personal data to such persons for the purpose of fulfilling your signature requests or for such other purposes with your consent.

      7. Other users

        Our website will display information such as your name, profile picture and email address to other users of which you collaborate or choose to share with. When you sign up for an account with an email address on a domain owned by your employer or organisation, we may help collaborators and administrators find you and your team by making some of your basic information (such as your name, team name, profile picture and email address) visible to other uses on the same domain. This help you sync up with teams you can join, and helps other users share files and documents with you.



  7. HOW DO WE USE YOUR PERSONAL DATA FOR MARKETING PURPOSES?
    1. By accessing the Platform and/or using the Services, you are deemed to have consented for us to contact you via phone calls, text messages, emails and/or other electronic methods in future by using the data provided by you during registration on the Platform.

    2. The consent, as specified in Clause 7.1 above, shall include consent to receive pictures, videos, online messages and/or emails about our or our business partners’, strategic partners’, sponsors’ or advertisers’ products, services, promotions, special offers, events and/or activities which may be of interest to you.

    3. For the avoidance of doubt, you acknowledge and consent to us sharing anonymised information such as but not limited to in the following circumstances:

      1. Aggregated Information – We may conduct joint data analytics projects with selected third party providers using anonymised information to predict user interests and provide

        users with more targeted and/or relevant information based on aggregated information about that user’s activities outside the Platform.

      2. Behavioural-based Advertising – We may collaborate with selected third parties using anonymised information to derive certain models that would facilitate more accurate advertising to selected users.

    4. You may elect to opt out from receiving any newsletters, updates, promotional materials, festive greetings or other communication, in whole or in part, for general purposes or for marketing purposes set out in this Clause 7, by following the “unsubscribe” links or instructions within the email we send you at any time. In any event, your latest written instructions to us will prevail.

    5. Take note that for as long as you remain as a registered user with us, you will not have the option to opt out from receiving user-related notifications and/or materials from us.



  8. HOW DO WE PROTECT YOUR PERSONAL DATA?
    1. We will implement appropriate administrative and security safeguards, procedures and policies and take reasonable steps to the extent practicable and in accordance with applicable laws to secure your personal data from misuse, unauthorised access, modification or disclosure.

    2. We may hold your information in either electronic or hard copy form or retain third parties to hold that information on our behalf.

    3. We will make reasonable updates to our security measures from time to time and ensure that the authorised third parties only use your personal data for the purposes as set out in this Privacy Policy.

    4. The Internet is not a secure medium. However, we will put in place various reasonable security procedures with regards to the Platform and/or Services and your electronic communications with us. All our employees and data processors, who have access to, and are associated with the processing of your personal data, are obliged to respect the confidentiality of your personal data.

    5. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. While we take commercially practical steps to protect your personal data, we cannot and do not accept responsibility for any unauthorised access, unlawful interceptions or loss of personal data transmitted to or from the Platform, and are not responsible for the actions of any third parties that may receive any such personal data.



  9. WHAT ARE OUR OBLIGATIONS AND YOUR OBLIGATIONS?
    1. Our Obligations: It is obligatory for us to process your personal data on the legitimate interest to run and manage the Platform and/or Services. We follow generally accepted industry standards to protect the personal data submitted to us. We will take all steps reasonably necessary, including all reasonable technical and organisational precautions, to ensure that your personal data are treated securely and in accordance with this Privacy Policy including all applicable laws. Further, we will take all reasonable steps to ensure that your personal data is accurate, complete, not misleading and kept up-to-data by having regard to the purpose, including any directly related purpose, for which the personal data was collected and further processed.

    2. Your Obligations: It is obligatory for you to provide us with complete and accurate personal data and keep us updated of your personal data, failing which you may not be able to access the Platform and/or Services. As a consequence, (a) your application as a registered user will be rejected by us and you will not be able to access certain parts of the Platform and/or Services which are only accessible to a registered user; or (b) if you are already a registered user with

      us, your relationship with us shall cease to be in effect and your account and subscription/membership relating to the Platform and/or Services will be terminated.

    3. Where you provide any personal data for or on behalf of such other persons, or you represent such organisations or companies, you covenant that:

      1. you have obtained consent from such other persons and necessary authorisation from such organisations or companies that the personal data is given voluntarily, accurately and complete;

      2. you are authorised to receive any privacy notice and other related information on his/its behalf; and

      3. you have been given consent and/or authorisation to transfer his/its personal data abroad,

        failing which you shall indemnify and keep us indemnified against any claims from such other persons or organisations or companies.

          1. If there are any changes to your personal data, you hereby acknowledge that you have the obligation to inform us of the same immediately, in any event not more than seven (7) calendar days after such changes arise. You shall send us a written notice (by mail or email) in respect of such changes, in which we will update your personal data within twenty-one (21) days upon receipt of your written notice.


          2. Incomplete Personal Data: Where we request for personal data from you, you or such other persons, organisations or companies represented by you have the option not to provide additional personal data requested by us other than the information which we have indicated as necessary to facilitate any commercial transaction. If the personal data provided by you is incomplete, we will not be able to process your personal data for the purposes outlined in this Privacy Policy and we may not be able to offer you the Services or to fulfil your request (if applicable) or to accept any payments from you.



  10. DO WE STORE AND TRANSFER YOUR PERSONAL DATA OUTSIDE MALAYSIA?
    1. Our information technology storage facilities and servers may be situated in other countries outside of Malaysia. This may include, but not limited to, instances where your personal data may be stored on servers located outside of your country. In addition, your personal data may be disclosed or transferred to entities located outside of Malaysia. Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that offered in Malaysia under the applicable laws in Malaysia. You hereby expressly consent to us transferring your personal data outside of your Malaysia for such purpose.



  11. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
    1. We will only retain your personal data for so long thereafter as is necessary for us to fulfil the purposes as set out in this Privacy Policy.

    2. When we have no ongoing legitimate business need to process your personal data, we will take reasonable steps to destroy or permanently delete it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

    3. Notwithstanding the above, we may need to retain your personal data for a longer period if it is necessary for us to:

      1. comply with legal, tax or regulatory requirements;

      2. respond to any disputes, claims or complaints made related to you; or

      3. enforce and execute our legal agreements and policies.



  12. WHAT RIGHTS DO YOU HAVE?
    1. You have various rights under law in respect of your personal data retained by us. Your rights are set out as follows:

      1. accessing your personal data (subject to payment of the relevant processing fee, if applicable);

      2. requesting rectification or erasure of your personal data or to keep your personal data accurate, complete, not misleading and up-to-date;

      3. requesting restrictions on the processing of your personal data;

      4. withdrawing your consent previously given to us for the processing of your personal data; and

      5. objecting to us processing your personal data.

    2. Pursuant to your right to access your personal data in Clause 12.1.1 above:

      1. you also have the right to receive a copy of your personal data in an electronic format. However, this right is limited to personal data that you have provided to us and is processed based on your consent. It does not cover personal data that we may have received on other grounds or from other sources; and

      2. we may withhold your request to access your personal data in certain circumstances, including but not limited to (a) when we are unable to confirm your identity; (b) where such personal data requested is of a confidential nature; or (c) when we receive requests for the same data. In any event, we will promptly notify you of the reason(s) for not being able to accede to your request.

    3. Subject to your requests pursuant to Clause 12.1.212.1.312.1.5 and/or 12.1.5 above, we reserve all our rights to deny your access to the Platform and/or Services and/or to reject any or all your requests or require further documentary evidence for reasons permitted by the applicable laws.

    4. If there are any complaints or enquiries with regard to the disclosure of your personal data to any third party under this Privacy Policy, particularly the disclosure set out in Clauses 6 and above, you may contact us at the addresses specified in Clause 18.1 of this Privacy Policy.



  13. USE OF INTERNET AND MOBILE APPLICATION
    1. You agree that the provision of your personal data to us over the Internet is entirely at your own risk and that if you post your review and/or rating on the Platform, your review and/or rating will become a public information and will be kept by us even after your account with us has been terminated.

    2. We are not responsible if any part of the Platform links you to other websites which do not operate under this Privacy Policy. Before you provide your personal data to the relevant websites, please read and understand the relevant websites’ privacy policy.



  14. HOW DO WE USE COOKIES ON THE PLATFORM?
    1. We and our business partners may use cookies, advertising identifiers, web beacons, tags, scripts, local shared subjects such as HTML5 and Flash or Flash cookies including other similar technology (“Cookies”) for the purposes of holding your usage data in respect of the Platform and/or Services and to recognise your device on your next login which we may promptly deliver tailored information to you that matches your account, interests and preferences.

    2. The Cookies have unique identifiers which may be stored on the Platform, on the device you use to access the Platform and/or Services in emails we send to you. The Cookies may transmit information about you and your use of the Platform and/or Services, including but not limited to the period of usage, your search preference, browse type, IP address and/or data relating to advertisements displayed and clicked in by you.

    3. Without contrary to any other provisions under this Privacy Policy, third parties may use the Cookies on the Platform to collect the same type of information for the same purposes as specified in Clause 14.1 above. The third parties may associate the information about you obtained from the Platform or from any other resources for their other purposes, in which we do not have any responsibility, access nor control in regard to the usage of such information.

    4. We may share non-personally identifiable information from or about you with such third parties, including but not limited to location data, advertising identifiers, or a cryptographic hash of a common account identifier (such as email address) to facilitate the display or targeted advertising.

    5. In any event, you may disable, block or deactivate Cookies at any time by adjusting your internet browser setting to disable such Cookies. You may also limit our sharing of your information through mobile settings.

    6. For additional information in relation to cookies and related technologies, please go to our Cookie Policy at www.signitory.com/cookie.



  15. ARE WE RESPONSIBLE FOR PRIVACY POLICY AT THIRD-PARTY PLATFORMS?
    1. The Platform and/or Services may contain links to third-party websites. These third-party websites are not related to, associated with us or under our control. Therefore, we are not responsible or liable for their privacy policy in regard to any collection, usage, maintenance and/or sharing of personal data of such third-party websites. We reserve the right to disable any links to any third-party websites in our sole discretion.



  16. MINOR’S PRIVACY
    1. The Platform and/or Services are not intended for use by or directed to anyone below the age of eighteen (18) (“Minor”).

    2. We do not and will not knowingly collect personal data from any Minor. If you are a parent or guardian and you are aware that your Minor has provided us with any personal data, please contact us immediately. If we become aware that we have collect personal data from any Minor without verification of parental consent, we will take the necessary steps to remove all information relating to such Minor from our digital storage facilities, servers and service providers.



  17. CHANGES TO THIS PRIVACY POLICY
    1. We may, from time to time, modify, update or amend the terms of this Privacy Policy to reflect changes in law, our group of companies, the Platform and/or Services, our data collection use

      and practices, or advances in technology. We will post the updated Privacy Policy on our website which shall be effective immediately upon being posted on the Platform.

    2. Our use of the personal data we collect is subject to the Privacy Policy in effect at the time such personal data is used. Please take note to periodically review this Privacy Policy and carefully review any changes made to this Privacy Policy.



  18. HOW TO CONTACT US?
    1. If there are any changes to your personal data, and/or if you have any question in respect of the disclosure or the use of your personal data, and/or you would like to exercise any of your rights as set out in this Privacy Policy, you may contact us at:

      Address : Level 6.06, Menara KPMG, 8 First Avenue, Bandar Utama, 47800 Petaling Jaya, Selangor, Malaysia.
      Telephone number : +603 7622 0539
      Email address : [email protected]
      For the attention of : Operations Department


Contact Us
docx file PDF