Privacy Policy
Thank you for entrusting Doconchain with your documents, projects and your personal information. Doconchain Limited and its subsidiaries or affiliates (collectively, "DOC", "we" and "us") shall respect your privacy. Protecting your privacy is a responsibility we take seriously and we want you to know how we are handling it. Please review the privacy policy below for our commitment to safeguard your privacy online. This policy describes how we use Personal Data (as defined below), with whom we share it, your rights and choices and how you can contact us about our privacy practices.
Our Approach
This Privacy Policy applies to the following websites: doconchain.com, doconchain.io, (“Sites”) and our applications, DOC verify, DOC Vault and DOC mobile; (collectively our "Services").
This Policy explains our practices regarding the collection, protection, use, sharing, and disclosure of information we collect when you visit our websites or use our applications.
For Google user data collected through Google Drive API, see specific restrictions on our use of that data are set forth in the section [17] titled Google User Data.
Services. Our Services include the Sites and the following:
The Services:
DOC is a SaaS platform based on a suite of solutions to facilitate the management and exchange of digital documents while improving the processes security.
We collect information when you use Services and Sites.
| 1.1. | Personal Data Subjects. We collect information from visitors to our Platform, our potential and our existing customers, usually companies (the “Customers”) represented by the authorized individuals who are registered or permitted by a Customer to access a Workspace and/or use the Services (the “Authorized Users”). For example, administrator, manager and team member, or external guest signing a document. |
| 1.2. | Types of Information. Information about you can be divided in two groups: |
| i. | Information you provide to us: “personally identifiable information” or personal data that we can use to identify or contact you (the “Personal Data” or “PII”). See Subsection C below. |
| ii. | Information that is automatically collected: “Aggregated Information” - information or data we collect where individual user identities have been removed. See Subsection D below. |
| Generally, no one is under a statutory or contractual obligation to provide any Personal Data or Aggregated Information. Certain Customer Data about you has been collected automatically and, if some Customer Data such as the names and emails of the Authorized Users is not provided, we may be unable to provide the Services. | |
| 1.3 | Personal Data. Personal Data is any piece of information that can potentially be used to identify, contact, or locate a user uniquely. We need this information so we can interact with each other, to provide our Services at the highest standards and to answer to your specific needs. You provide your Personal Data, for example, by signing up on our Platform or paying for the Services. Personal Data collected by us is protected as personal data under applicable data protection laws, for example, under the GDPR. |
| You are responsible for ensuring the accuracy of all Personal Data that you submit to us. Inaccurate Personal Data may affect your experience when using the Services and/or our ability to contact you as described in this Policy. | |
| 1.4. | Aggregated Information. Aggregated Information is non-personally identifiable/anonymous Information about users of the Platform. Aggregated Information is information that you give to us by using our Platform or the Services. Aggregated Information is used in a collective manner and no single person can be identified by the information compiled. |
| For example, when you visit our Website, our systems automatically maintain web logs to record data about all visitors who use our Website and store this information in our database. These weblogs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited our Website, your activity and/or referring websites and the pages most frequently accessed. | |
| We may de-identify or anonymize your Personal Data so that you are not individually identified and provide that information to our partners and/or affiliates. We also may combine your de-identified information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand how often and in what ways people use our Services so that they can provide you with an optimal online experience. For example, we may use the information gathered to create a composite profile of all the users of the Platform to understand users’ needs in order to design appropriate features and tools. However, we never disclose Aggregated Information in a manner that would identify you personally and as an individual. |
The Information that you provide directly to us will be apparent from the context in which you provide the data. In particular, we collect the following Customer Data:
| 2.1. | Contact Information. We collect information from visitors to our Platform, our potential and our existing customers, usually companies (the “Customers”) represented by the authorized individuals who are registered or permitted by a Customer to access a Workspace and/or use the Services (the “Authorized Users”). For example, administrator, manager and team member, or external guest signing a document. |
| 2.2. | Billing Details. When you subscribe to a paid plan version of the Services, our payment processor or bank collects your billing details. Different payment methods may require the collection of different types of information, such as your payment card number, CVC, expiration date and/or bank account number and/or a billing address. |
| Please note that payment information submitted by you will be processed by our payment processor or bank. We do not intentionally receive or process your billing information. | |
| 2.3. | Information we collect automatically. Even if you do not provide information to us, we automatically collect Aggregated Information about your use of and interaction with our Platform and/or Services as described in Section 1 above. We use your Aggregated Information to troubleshoot problems, gather demographic information, customize your experience when accessing our Platform, Services and for other business purposes. |
| 2.4. | Data from Third-Party Services. Typically, Third-Party Services refer to software that integrates into our Platform (e.g., ProximaX, AWS). The provider of a Third-Party Service may share certain information with DOC and vice versa. For example, if a storage application is enabled to permit the import of files to your Workspace, we may receive a user's name and email address, along with additional information that the application has elected to make available to DOC to facilitate the integration. |
| Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to DOC. We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Platform. | |
| 2.5. | Third-Party Data. We may receive Information about you from outside sources, such as commercially available demographic or marketing information, and add or combine it with your information to provide better service to you and inform you of Services or other information that may be of interest to you. This data may be combined with the Customer Data we collect and might include aggregate level data, such as which IP addresses correspond to which zip codes or countries, or it might be more specific: for example, how well an online marketing or email campaign performed. |
| The DOC platform, for security reason, is not allowing users to log in with social networks’ credentials and we will not exchange information about you with these social platforms. | |
| 2.6. | Additional Information. We receive your Personal Data when you submit it to our Platform, if you participate in an offer, program or promotion, focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts, give us your business card or contact details at conferences or other events, provide feedback or otherwise communicate with our team. |
Under specific laws (including the GDPR), we are required to notify you about the legal basis on which we process your Personal Data. We will only collect and process personal data about you where we have a lawful basis. Lawful basis includes:
• Consent (where you have given explicit consent);
• Contract (where processing is necessary to take steps to enter into or perform a contract with you);
• Compliance with a legal obligation, e.g., where we need your data for compliance with specific laws;
• Vital or public interest, where processing is necessary for the performance of a task carried out in the public interest of a data subject or another person;
• “Legitimate interests”, except where such interests are overridden by the interests, rights or freedoms of a data subject.
• Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
• If you have any questions about the lawful basis upon which we collect and use your personal data, please feel free to contact our Data Protection Officer at: privacy (at) doconchain.io.
How we use your Personal Data will depend on which Services you use, how you use the Platform and the choices you make in your settings. Personal Data will be used and processed by us in compliance with the Customer’s instructions, including any applicable contract terms, and as required by applicable law.
We use the Customer Data in furtherance of our legitimate interests in operating our Platform, delivering Services, and doing business. In determining business purposes that we have identified as legitimate; we balance our interests against the legitimate interests and rights of the individuals whose Personal Data we process.
More specifically, we use Customer Data:
To facilitate contractual and pre-contractual business relationships. We use Personal Data to enter into business relationships with prospective customers and to perform the contractual obligations under the contracts that we have with existing Customers. For example, we may collect your Personal Data to schedule calls and meetings for the Platform’s demo, preparing offers to you or setting up and managing a Workspace on the Platform and performing certain accounting, auditing and billing activities.
To comply with our regulatory and other legal obligations, including Data Processing requirements of the GDPR and U.S.-EU Privacy Shield as well as any “Anti-Money Laundering” (AML) and “Know-Your-Customer” (KYC) obligations,
To personalize the Platform for you by understanding your needs. We use the Customer Data to customize our Services for you, including providing recommendations to integrate your templates and personalized content and the Workspace management.
To create new features, tools and products. For example, we may improve functionality by using the Customer Data to help determine and rank the relevance of content to you and make Services suggestions based on historical use and predictive models. For example, based on your platform usage history, thus we may identify organizational trends and insights based on the usages of the Platform.
For research and analysis. We conduct aggregate analysis, market research and planning, develop business intelligence, generate statistical studies that enable us to operate, protect, make informed decisions and report on the performance of our business;
For customer support. Your emails, calls and other correspondence to and from us may be recorded for various purposes including monitoring customer service quality or compliance, checking the accuracy of the information you provide us or providing training for our personnel or customer service representatives. Any information obtained from you through Customer support will be treated according to the provisions of this Policy.
To protect DOC, our Customers and the public. We use your Personal Data to ensure network and information security throughout the Platform, to prevent, investigate or address service errors, security or technical issues and abuses that could harm DOC, our Customers or the public.
For Services-related communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our offerings and important Services-related notices, such as security notices, changes in the privacy policy and terms of the Services. These communications are considered part of the Services and you may not unsubscribe from them.
For marketing and events-related communications. We sometimes send emails about new product features, promotional communications or other news about DOC, our products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so per the applicable consent requirements. These are marketing messages (described in more detail below), so you can control whether you receive them.
No Sensitive Data. We do collect ID as credential proof for signature Level 2 on our platform but we will never transmit these data without your knowledge. We do not intentionally collect, store, process or transmit any other sensitive personal information, such as social security numbers, genetic data, health information or religious information. If you store any sensitive information on our storage system, you are responsible for complying with any regulatory controls regarding that data. We might erase the sensitive information that is uploaded to the Platform or otherwise provided to us without our request or consent, if such erasure is necessary for the public interest or compliance with our legal obligations.
You further acknowledge that DOC is not a Business Associate or subcontractor (as those terms are defined in the United States Health Insurance Portability and Accountability Act of 1996 (the “HIPAA”) or a payment card processor and that our Services are neither HIPAA nor PCI DSS compliant. DOC will have no liability for any Sensitive Personal Information, notwithstanding anything to the contrary herein.
No Minorities Data. If you're a child under the age of 18, you may not have an account on DOC. We do not knowingly direct any of our content specifically to or collect information from children under 18. If we learn or have reason to suspect that you are a user who is under the age of 18, we will, unfortunately, have to close your account. Some countries may have different minimum age limits and if you are below the minimum age for providing consent for data collection in your country, you may not use DOC.
No End-User Data. We do not intentionally collect the Personal Data of Customers’ end-users that might be stored in your account. Information and content in a Customer's accounts belong to the Customer, and the Customer is fully responsible for it, as well as for making sure that your content complies with our Terms of Service. Any Personal Data within a Workspace is the responsibility of the Customer, namely the account's owner. The Customer shall be considered as the controller for the purposes of the GDPR. Please see Section 12 below for details.
Please note that our Customers determine their policies and practices for the sharing and disclosure of the Personal Data under their control and DOC does not control how they or any other third parties choose to share or disclose such Personal Data.
We share your Personal Data with trusted entities with your explicit consent, based on your instructions and in compliance with appropriate confidentiality and security measures, as outlined below:
| To Third-Party Vendors and Partners. We do share your Personal Data with a limited number of third-party vendors and business partners who process it on our behalf to provide or improve our Services, and who have agreed to privacy restrictions similar to our Privacy Policy. Our vendors perform functions such as payment processing, customer support ticketing, data storage and other related services. When we transfer your data to our vendors under the Privacy Shield we remain responsible for it. | |
| To Third-Party Services. Our Platform enables integrations with third-party software that our Customers may use. The Customer has sole discretion over whether to use these integrations. Once enabled, DOC may share certain information with a Third-Party Service provider and vice versa. For example, we will share configuration parameters, including emails linked to the Workspace to allow software management tools to integrate into said Workspace. | |
| To Corporate Affiliates. We share Customer Data with our corporate affiliates (parents and/or subsidiaries) for internal administrative, operational, and group business purposes. | |
| To Customer's Representatives. Authorized Customer representatives and personnel designated as 'owners' of a Workspace may be able to access, modify, or restrict access to Personal Data of the Customer’s Authorized Users. It may include, for example, your employer using Service features to export activity logs from a Workspace or accessing or modifying your profile details. | |
| During a Change to DOC's Business. Some or all Customer Data may be shared or transferred, subject to standard confidentiality arrangements, if DOC engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of DOC's assets or stock, financing, public offer of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., legal due diligence). | |
| To Share Aggregated Data. We may disclose or use aggregated or de-identified Information with others about how our customers, collectively, use the DOC platform, or how our customers respond to our other offers, such as conferences and events. For instance, we may compile statistics on the proportion of customers by industry and size. However, we do not sell this information to advertisers or marketers. | |
| To Collaborate with Others. When an Authorized User submits Personal Data, it may be displayed to other Authorized Users. For example, your profile information, including email address, may be shared with other Authorized Users working in the same Workspace. | |
| To Comply with Laws. If we receive a request for information, we may disclose Customer Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process. Please find more information in Section 15 hereof to understand how DOC responds to requests to disclose data from government agencies and other sources. | |
| To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property or safety of DOC or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues. | |
| We do not share, sell, rent or trade your Personal Data with third parties for their commercial purposes, except where you have specifically told us to (such as by activating an integration with third-party service providers). | |
| We do not host advertising on DOC. | |
| We do not disclose your Personal Information outside DOC, except in the situations listed in this section. |
| 7.1. | Your data protection rights. We provide choices about the collection, use and sharing of your Personal Data. Depending on your location and subject to applicable law, you may have the following rights concerning the Personal Data we hold on you: |
| i. | Delete Data: You can ask us to erase or delete all or some of your Personal Data (e.g., if it is no longer necessary to provide Services to you). |
| ii. | Update or Correct Data: You can review, correct, or update your Personal Data through your account on the Platform or by contacting us at: privacy (at) doconchain.io. You can also ask us to change, update or fix your Personal Data in some instances, mainly if it is inaccurate. |
| iii. | Object to, Limit or Restrict the Use of Data: You have the right to withdraw your consent to the processing of your Personal Data at any time. You can ask us to stop using all or some of your Personal Data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Personal Data is inaccurate or unlawfully held). |
| iv. | Right to Access and/or Retrieve Your Data: You can ask us for a copy of your Personal Data and ask for a copy of the personal data you provided in machine-readable forms. |
| v. | Right to file a complaint to the authority if you consider your rights to have been violated. |
| vi | Right to unsubscribe. We will only send you our marketing and our events-related communications if you expressly consent to this. We provide you with the opportunity to “unsubscribe” from having and using your Personal Data for specific direct communication (e.g., Newsletter) related purposes at any time. Please note that it may take several working days to process a request for an un-subscription or opting-out. In particular, DOC offers you the following un-subscription rights: |
| a) Opt-out from Newsletters. If you no longer want to receive marketing-related emails or newsletters from us, you may opt-out via the unsubscribe link included in such emails. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services. | |
| b) Opt-out from Use of Cookies. You can also opt-out from our use of cookies and similar technologies that track your behavior on our sites. | |
| 7.2. | Exercising other data protection rights. To use your data protection rights, you can contact us at: privacy (at) doconchain.io. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country. |
| 7.3. | Verification Procedure. For your protection, we may need to verify your identity before responding to your request, such as by verifying that the email address from which you sent the request matches the email address that we have on file for you. If we no longer need to process Personal Data about you to provide our Services, we will not maintain, acquire or additionally process information to identify you in order to respond to your request. |
As further described in our Cookie Policy, we use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. You can control cookies through your browser settings and other tools.
Data Retention Period. We will process and store the Customer Data no longer than necessary. In general, your Personal Data will be stored during the term of our contractual relationships and after that for a maximum of ten (10) years with regard to rules of limitation. In some cases, Personal Data may be saved for longer due to laws applicable to DOC.
This may include keeping your Personal Data after you have deactivated your account for the necessary period for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
We take the security of data very seriously. We work hard to protect Customer Data from loss, misuse and unauthorized access or disclosure but note that no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and safety. In the event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
Our Platform provides the ability to connect to the websites of other Third-Party Services providers. Please see Section 6 above for details. These Third-Party Services are not owned or controlled by DOC, and third parties that have been granted access to your Personal Data may have their own policies and practices for data collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the relevant provider with any questions you may have.
You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our message to users based on a range of factors, including demographic data, users' inferred interests and browsing context (e.g., the time and date of your visit to our Platform, the pages that you viewed and the links that you clicked on). This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements.
Please see Sub-section 7.1. above to learn more about for various un-subscription options from Third-Party Services you have.
Data protection law in certain jurisdictions (e.g., the GDPR) differentiates between the “controller” and “processor” of information. In general, the Customer is the controller of the Personal Data. DOC is the processor of the Personal Data. However, DOC is deemed a controller of the Personal Data that is processed for its legitimate interests as described in Sections 4-6 above.
If you are an Authorized User or a signer for our Customer, you have the right to address your requests on the Personal Data protection directly to the Customer as your data controller.
We are a global business. Personal Data may be stored and processed in a country where we have operations or where we engage service providers. These countries may have data protection rules that are different from those of your country.
However, we will take measures to ensure that such storage comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data. If there is any conflict between the terms in this privacy policy or the DOC Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
We reserve the right to modify this Privacy Policy at any time to reflect changes in our Services, any applicable laws, or for other reasonable grounds. When changes are posted to this Policy, the “Last Updated” date at the top will be revised.
If there are material changes to this statement or in how DOC will use your Personal Data, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you an email notification. We encourage you to periodically review this Privacy Policy to remain informed of how DOC is protecting your information.
We may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant or similar government order, or when we believe, in good faith, that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, DOC strives for transparency. When permitted, we will make a reasonable effort to notify Customers and Authorized Users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
Our services are not intended for use by persons under the age of 18. If we become aware that a person under the age of 18 has opened an account or provided us with personal information, we will immediately delete the account and any such personal information
Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, user Google Drive content obtained via the Goggle Drive API, is subject to these additional restrictions:
The Services may read, write, modify, delete or control Google drive user contents (files), to provide a service client that allows users to modify, sign, read, delete and process documents and will not transfer this google Drive API data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
The Services will not use this Goggle Drive API data for serving advertisements.
These restrictions do not apply if you have created an App password for the Services with your Google account with the 2-step verification process.
If you have concerns about the way DOC is handling your Personal Data, please let us know immediately. We are at your disposal.
You may contact us by sending an email to: support (at) doconchain.io with the subject line "Privacy Concerns". We will respond promptly — within 30 days at the latest.