Updated 18.10.2022
twoday Oy has committed to protecting the privacy of the users.
The purpose of this document is to inform the users about the collection of personal data according to General Data Protection Regulation (“GPDR”) (EU 2016/679) 12 article.
This document is also a record of processing of personal data in accordance with article 30 of EU GDPR.
Data controller is Keskinäinen Eläkevakuutusyhtiö Ilmarinen that has purchased the service.
twoday Oy operates as a data processor.
Contact information:
twoday Oy
Keskuskatu 3
00100 Helsinki
Email address for inquiries:support.signom@twoday.com
twoday Oy user register
The purposes of processing personal data in the user file are:
By registering to the service the user consents to collecting the personal data of the user for the purposes listed in this privacy policy.
Service description
Based on the use case of identification service, information about corporate roles and/or credit information of the user can be attached to the identification information.
User can review and accept the identification information that is transferred.
Personal data collected in the authorization management service
Use and transfer of personal data
The information in authorization management service are used in the identification service and in the signature service.
Period for which personal data is stored
The information is stored until further notice.
Accessing personal data
Users can log in to the authorization management service to access their personal information.
Correcting personal data
If a granted authorization is not valid, users should contact the main user who granted the authorization.
Service description
Signom signature service is a service for electronically signing PDF-files. A web-form solution can be attached to the signature service. A web-form solution means that a user first fills a web form, and the information is then transferred to a PDF document, which is then signed.
Collected personal data
Personal data collected in the signature service
Use and transfer of personal data
The personal data is used to create electronic signatures and to verify them later.
In signature service all parties to a document can see the details of the document, but users cannot see the national identification number or identification details of other users.
In a corporate implementation of signature service the authorized main users can add other users to the service and define permissions to access the corporate documents.
Period for which personal data is stored
The documents are stored in the service until all signatories have signed the document. After this the documents are available for a service-specific period (1-90 days), after which they are deleted. During this period the signatories should save the signed PDF-file. After the period, the files are deleted from the service.
Document metadata (listed above in chapter “Collected personal data”) is stored until further notice.
Accessing personal data
User of signature service can log in to the service and access his/her personal data and information about signed contracts.
Correcting personal data
To change the documents before signing them, users should contact the creator of the document.
Signed documents cannot be changed. If a signed document contains an error, users must create a new document.
Service description
In the identification service the user is identified as a represantive of a company, and information about the represented company is sent to an e-Service. For the avoidance of doubt, the service is not an identification relay service defined in electronic identification law (617/2009).
Collected personal data
Use and transfer of personal data
The information is used for corporate identification and to verify the identification transactions later.
Period for which personal data is stored
Information about identification transactions is stored for 5 years.
Accessing personal data
User can contact Signom customer service at support.signom@twoday.com to access his/her own data.
Correcting personal data
If the user's corporate role information is incorrect, the user can contact support.signom@twoday.com to correct the role information.
Personal data can be transferred to third parties for providing the service or providing a joint service. The third parties do not process personal data for any other purpose than providing the services. The third parties are bound to non-disclosure agreements.
Signom can share statistical information about the use of services with for example potential partners or advertisers. Individual users cannot be identified from the statistical information
If the user has subscribed to a paid service, Signom can transfer personal data to a payment processor to collect the agreed service charges.
Signom can transfer personal data to authorities when required by an applicable law, for example to prevent and investigate system abuse and criminal activity.
If the business related to a certain service is transferred to a third party, Signom will transfer personal data to the new owner of the service. In this scenario, Signom will ensure the equivalent protection of personal data with contracts.
twoday Oy will not transfer personal data outside the European Union or the European Economic Area.
Personal data is stored to servers that are protected with firewalls and other best practices of the industry. The communication with the service happens through encrypted TLS-connection.
Right to process personal data is limited to only those employees of twoday Oy that have a need to access the information. Information about accesses to personal data is saved to a log file.
Malicious third parties might try to deceive users by creating phony sites that imitate the service site. Because of this risk it is important the users of the service always ensure that the site that they visit is in the domain https://www.signom.com.
This chapter explains the user rights. For exercising the rights, users are adviced to contact Signom customer service at support.signom@twoday.com.
Right of access
Chapter 5 contains per-service description, how the user can access his/her personal data.
Right to correction
Chapter 5 contains per-service description, how the user can correct his/her personal data.
Right to object
User can object to process of personal data for direct marketing and surveys. Each marketing and survey message that twoday Oy sends has instructions and a link to cancel such messages.
Right to data portability
User has right to receive his/her personal data, in a structured, commonly used and machine-readable format.
Right to erasure
User can request closing of the account by contacting Signom customer support.
If twoday Oy becomes aware of a personal data breach that is likely to seriously risk the privacy of the users, twoday Oy will notify the affected users by email without undue delay.
The notification includes what personal data records are concerned, what are the likely consequences of the data breach, and what measures twoday Oy has taken to address the data breach.
A cookie is a small text file that a browser stores in the user’s device. User can prevent the storing of cookies in the settings of the internet browser.
Services use cookies to identify the user during a session. It is not possible to use the services, if the cookies are not allowed.
Services use cookies to verify the strong identification of the user. With the saved identification cookie it is possible to verify the user has performed strong identification on the same device, so that the user can log in using only Signom-credentials. The identification cookie does not contain identifiable information about the user.
Services use cookies to collect statistics about the use of service using Google Analytics. The information collected for statistics include the device type, operating system, browser software, language settings and the site that transferred user to the service. The statistics information is collected anonymously so that individual users cannot be identified.
twoday Oy reserves a right to change this privacy policy. A notification about the changes is published on the twoday Oy’s website
The processing of personal data is governed by Finnish Data Protection Act (1050/2018) and EU General Data Protection Regulation (GDPR).
The supervisory authority is Finnish Data Protection Ombudsman.