Rules of personal data processing by ANASOFT APR, spol. s r.o. (product owner of Signatus)
Personal data protection is very important to us. We require from ourselves to be transparent as to why and how we use and process personal data. We respect your personal and private space. We also inform you of the rights as affected persons (data subjects) whose personal data we process.
Why we process personal data?
We acquire and process personal data for different reasons including for multiple purposes but always in accordance with legislation based on sound legal basis.
Depending on your agreement we process:
In accordance with current applicable laws we process:
Based on legitimate interest of ANASOFT we process:
What type of personal data we process?
Information processed on affected persons belong primarily to the category of typical personal information. Special category of personal data is collected only for employees of the company with explicit consent, but who are able to rescind such a consent at any time.
On our company Website we process cookie files based on the rules of processing cookie files.
Whose data we process?
Affected persons whose data we process in the role of a controller of data are mainly:
Affected persons whose personal data we process in the role of a controller are mainly:
To whom and on what basis we provide and make available your personal information?
Your personal information we provide to other parties only when it is directly required by law or you expressly agreed to such disclosure. Personal information we can also provide to our suppliers based on a mutual agreement and business considerations. Those provisions commit our suppliers to follow security mechanisms for protection of personal information and follow them at least at the equal level of security standards dealing with confidentiality, integrity and availability of data to the degree that the level of protection does not decrease below our commitment to security guaranties.
Transfer of personal data to third countries is not being done, with the exception of transferring cookie files as defined in specific rules related to processing of cookie files.
How do we protect your personal data?
Security of personal data as well as other confidential information needed to provide our solutions, products and services is to us a high priority. We conform to international security and all business standards, production, marketing, management, organizational and supporting processes are periodically verified by independent audits in conjunction with holding of ISO 27001:2013 management of information security certification. We implemented regulations, processes and education relating to personal data security, maintaining its confidentiality, integrity and availability. We regularly evaluate appropriateness of our organizational as well as technical security policy by investing in their utility or by introducing new tools and policies.
How long we keep your personal information?
Your personal information is kept only for a necessary period that is defined in the internal policies of our company. Filing plan, filing rules and document archiving follow rules required by the Archives of the City of Bratislava. After those periods expire the data is safely liquidated or anonymized.
Are we automatically profiling persons?
We do not profile personal data of persons automatically.
What personal data are processed by using the SIGNATUS product?
Technically it is possible to collect an indefinite amount of personal data needed for creating any type of electronic document in SIGNATUS with the same legal assurances as a paper document. By default, the personal data that is collected contains: name, surname, post address, e-mail, phone number, birth date, personal identification number and biometric features of handwritten digital signature such as pressure, speed, acceleration, position of a pen on the X and Y axis and time. Before the Biometric data are given it needs to be made clear that the Biometric data are collected and processed on the basis of consent, which is given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her.
It is possible to add GPS data to the document signing process, which will be the integral part of the signature, but not the part of the biometry. The document may contain attachments of various kinds of other documents e.g. copies of ID, photographs, etc.
SIGNATUS does not process an IP address and Cookies.
The extent of collected and processed personal data is determined by the Controller - our Customer. The Controller makes a decision about processing activities, the time of data processing, the length of their storage, and similar information based on the defined purpose of data processing.
ANASOFT does not have access to the data processed by Signature Analyzer, an independent forensic tool intended for authenticity of a signature evaluation and for originality evaluation of documents signed by SIGNATUS.
Your rights related to your personal information
In accordance to current legislation you have a right to access your own personal information, you can correct, expunge or limit processing as well as object to our processing.
When we process your personal data based on your consent, you have a right to revoke such consent anytime. In general we do not process personal data based on consent only because we can rely on a different legal basis mentioned above. To revoke such consent to process your personal data send us an email to gdpr@anasoft.com. To end reception of emails, such as newsletters from the marketing list you can also click on the link designated to unsubscribe in the email that you received from us.
All your rights can be realized by submitting a request to a data protection officer by email to gdpr@anasoft.com. To create a reply to your request we are entitled to request from you additional identification in order to establish your identity. Resolution of your request from the view of rights of affected persons will take into account our legitimate reasons for processing personal data or identification, implementation or protection of legal requirements.
In case your personal data is processed by us as an intermediary such as a supplier we recommend to address your concerns and requests primarily to your implementer of personal data as we may not be allowed to process this kind of requests of affected persons without the knowledge of our client – the implementer of personal data.
We hope that you will never have to complain for our use of personal data. In case you decide take this step after all, please send your complaint to gdpr@anasoft.com. We will deal with any complaint and request we receive and will reply to them. You can also have the right to turn to the Office for Personal Data Protection of the Slovak Republic.
Our contact information as an implementer of personal data
If you have any questions to this regulation or desire to know more about how and why we process your personal data you can contact our appropriate employees in charge of personal information in one of the following ways:
Email: gdpr@anasoft.com
Telephone: +421 2 3223 4111
In writing at the company address of: ANASOFT APR, spol. s r.o., Mlynská dolina 41, Bratislava 811 02 Slovakia
Changes to regulation of protection to personal information
This announcement is based on the current legislative of the EU and Slovakia. The specific law is the Regulation (EU) 2016/679 of the European Parliament and of the Council.
The applicability of this regulation about protection of personal data we will regularly update in order to maintain the transparency of communication with affected persons.
This announcement about the protection of personal information was updated as of 25. May of 2018.