Adobe electronic signature services additional privacy information
Last updated: 30 October 2020
When using Adobe Sign, the "sender" sends a document to the "signer." The signer may be required to provide personal information about him or herself in order to complete form fields and electronically sign the document. Adobe collects some of this information on behalf of the sender of the document and other information for the purposes of providing the electronic signature service.
Information collected on behalf of the sender: Where Adobe collects and uses information on behalf of the sender of the document (or the organisation to which the sender belongs), the sender is the controller of this information. This may include, without limitation, information embedded within a document, collected via form fields or other information regarding the signer’s access and use of the electronic signature service such as the date and time of a signature or transaction event, IP address and other information about the browser or device used to send, sign, delegate, approve or take other actions with respect to the document. For example, IP address is recorded as part of the “activity log” and/or "audit trail" that is linked to the electronically signed document. The activity log and audit trail are generally made available to senders, signers and other “participants” in a document workflow and is retained according to the agreement between Adobe and the sender.
Additionally, a “sender” may elect to employ additional authentication methods to apply a more stringent standard for verifying the identity of a “signer.” For example, a sender may request that a signer take a photo for identity verification purposes and upload documents (such as a government-issued ID) that help the sender (not Adobe) verify the identity of the signer. To facilitate the sender's verification request, the signer may be asked to provide a mobile number to receive instructions on their mobile device.
For the photo verification feature, Adobe's third-party provider may create biometric information from your photo (e.g., facial recognition) to perform the identity verification. Adobe and the sender receive a confirmation of the verification from the third-party provider (e.g., verified or not verified). No biometric information is shared with Adobe or the sender and the third-party provided deletes any biometric informaiton created by the provider within 30 days from collection.
For the document upload feature, the sender will receive and store copies of the documents (e.g., government-issued ID) or images provided by the signer and these may be stored in the audit trail along with the electronically signed copy of the document. If the sender requests that the signer’s identity be verified through other identity verification processes (challenge questions or SMS verification code), then additional information may be collected from the signer. As part of this process, information such as the signer’s identification details and answers to challenge questions may be passed through Adobe Sign. That information is used only to verify the signer’s identity on behalf of the sender. The documents and images uploaded during the authentication/identity verification process will be retained for as long as the sender retains the document in the Adobe electronic signature service.
By default, Adobe's electronic signature service sends a copy of the electronically signed document to both the sender and the signer. The sender also controls how long documents are stored by Adobe and available to signer to access or download. The sender is responsible for configuring any security options available within the service to protect the documents and their exchange between the sender and signer.
Information collected by Adobe to provide Adobe Sign: Adobe collects information about how senders and signers use and access features and capabilities of the electronic signature service. We collect and use this information to operate, improve and personalise the electronic signature service.