Home » ZorroSign General Data Protection Regulation Privacy Notice

ZorroSign General Data Protection Regulation Privacy Notice

Last updated: May 31, 2023

ZorroSign is a U.S. based digital business platform (DBP) that serves U.S. clients as well as clients located in the European Union (EU) and other countries. This policy is a supplement to our general privacy policy  (“Privacy Policy”) for those individuals covered by the General Data Protection Regulation (“GDPR”), which  permits users who are in the European Economic Area (“EEA”) or European Union (“EU”) and the United Kingdom (“UK”) to request certain information regarding the control, disclosure, and use of their Personal Information.  This personal data may be from individuals who do business with our clients or individuals employed by our clients, or our business associates, or our service providers.

We may update this Privacy Notice from time to time.

For information on our privacy practices concerning non-EU personal data, please see our Website Privacy Policy at https://www.zorrosign.com/privacy-policy/

Our Contact Details

If you wish to contact us about this Privacy Notice, our Privacy Officer is Shamsh Hadi.

Email[email protected]

Telephone: (855) 967-7676. Please request to speak to our Privacy Officer.

Website address: zorrosign.com

Postal address:

Privacy Officer
ZorroSign, Inc.
125 North 2nd Street, Unit 110-571

Phoenix, AZ 85004 USA

 Who We Are

ZorroSign is a U.S. based digital business platform (DBP) designed to help businesses streamline and automate form-filling processes and digital transactions (“Services”). We collect your personal data when you use our Website or when individuals or businesses engage with us or use our Services. We also collect personal data about individuals as a result of providing the Services to third parties.

What Information Do We Collect?

We collect data you give us when your request our Services, such as:

  • Name
  • Home address
  • Telephone numbers
  • Email address
  • Other contact details; and
  • Any information you provide to us.

We collect data about your preferences when you complete survey responses or otherwise communicate with us about your attendance at our functions or information such as service updates that we provide to you. We collect technical data about you, including the type of device (and its unique device identifier) that you use to access our website, your IP address, browser type, time zone setting, and operating systems.

Other Sources of Your Data

We sometimes obtain your personal data from third parties, including family members, referral sources, or parties to a transaction in which you or your employer or family member is a party or is otherwise involved. Technical data is provided to us by service providers of technology, payment and delivery Services, website analytics providers, and consumer reporting companies.

Why We Collect Your Information

We collect your data because:

  • You are a client or a prospective client of our company or you are a supplier or referral source
  • You otherwise use our Services
  • You are an employee or otherwise work for a client or a supplier of ours, or for someone who otherwise uses our Services
  • You are an employee or otherwise work for a party to a transaction in which our company is involved.
  • You are related to a client, or
  • You are someone (or work for someone) to whom we would like to advertise or market our Services or events.

What is the Legal Basis and Purpose for Holding Your Personal Data?

Purpose of Processing

As part of new client onboarding procedures, we process your personal data to verify your identity.  To prevent misconduct, abuse and misuse particularly as regards to illegal activities and suspected fraud

To carry out your requests for our Services, to comply with our legal obligations, to enforce our agreements with you, to perform the Services, and to identify business opportunities

To investigate or settle inquiries or disputes, to obtain payment in accordance with our agreement with you

To enable us to perform the Services

To send you service updates and news, or to otherwise contact you about those of our Services we think may interest you, by email

To better understand how you and others use our Services, so that we can improve our Site and Services, and for other research and analytical purposes.

Legal Basis for Processing

To perform a contract for our Services to which you are a party (an engagement).  For compliance with legal obligations to which we are subject, such as US and EU governmental regulations, and to enforce or defend our legal rights

Legitimate interests: to develop and grow our business and Services and promote ZorroSign, to respond to a specific request in anticipation of a contract for our Services (an engagement)

To perform a contract to which you are a party.   For compliance with legal obligations to which we are subject, such as US and EU governmental regulations, and to enforce or defend our legal rights

To perform a contract to which you are a party.

Legitimate interest – to develop and grow our business and Services and promote ZorroSignLegitimate interest – to ensure that we provide the best Services and to develop and grow our business and Services and promote ZorroSign

When we rely upon our legitimate interests for processing your data, we will balance those interests against your privacy rights and will not use your personal data where the impact on you would override your rights, unless we are otherwise permitted by law to process your personal data, e.g., where you consent.

How long do we keep your personal data?

We will keep your personal data on an ongoing basis in accordance with the table below, or as otherwise required by applicable laws and regulations.

Additionally, we will retain your personal data according to the following schedule:

  • Contact Information: So long as we have a legitimate interest to inform you of our Services
  • Client Files: Depending on the state where we provided the Services we keep your files for a minimum of 5 years following termination of our contractual relationship or closure of the matter. We need to keep records for this period for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties.
  • Employment Applications and Resumes, Human Resources files: 6 years after employment relationship has terminated, or 30 days from the date of conclusion of the application for non-successful candidates.
  • Website Data: 26 months
  • On-client Health Records, Race, National Origin, and other sensitive data: Until our contractual relationship has terminated.

We are required to retain certain client confidential and personal data in accordance with the law, such as data needed for income tax and audit purposes. How long certain kinds of personal data should be kept is also governed by specific business-sector requirements and agreed practices. We generally retain files and data regarding client engagements and matters for which we have been retained for at least five (5) years from the date of our last interaction with the relevant client or the date the matter was closed in our systems, in compliance with our obligations under applicable laws or for longer where required to protect our legal rights and interests or those of others.

Your Data Privacy Rights

You have important rights that you may exercise to protect your personal data. You may access those rights at any time by contacting us at [email protected].

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

  • Right of access – you have the right to request a copy of the data that we hold about you.
  • Right of correction – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to judicial review – if ZorroSign refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.

Please note: we will not be able to delete data that is required to maintain our business purpose or that is required to facilitate your contract with us. All the above requests will be forwarded on to other parties holding and processing your data where appropriate.

We may require that you verify your identity by a process we will communicate to you at that time.

Under what circumstances will ZorroSign contact me?

Our goal is not to be intrusive, and we will try not to ask irrelevant or unnecessary questions. Moreover, the data you provide will be subject to rigorously protective measures and procedures to minimize the risk of unauthorized access or disclosure.


For certain types of sensitive data, we have asked for your consent to use the data for certain described purposes at the time you provided it. You may withdraw your consent at any time.

When you give us your consent, you are giving us permission to process your personal data specifically for the purpose identified in the consent request. Where we ask you for additional personal data, we will obtain your consent to our proposed use of that data where required, and always tell you why and how the data will be used.

You may withdraw consent at any time by sending an email or letter to our Privacy Offices.

Sharing with Third Parties

We may pass your personal data on to trusted third-party service providers contracted by ZorroSign to perform certain Services for us, or to collaborate directly with you.

Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the purposes and to complete the tasks identified by ZorroSign. When they no longer need your data to fulfill this service, they are required to dispose of the details in line with ZorroSign’s procedures.

International transfer of personal data

ZorroSign may transfer your personal data within ZorroSign and/or to other third parties, such as our third-party service providers. Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected. This may include the United States. When we do so, we transfer the data in compliance with applicable data protection laws. In particular, we have implemented safeguards in the form of an Information Sharing Agreement that uses the standard contractual clauses adopted by the European Commission.  You can obtain a copy of the standard contractual clauses by contacting our Privacy Officer.

Safeguarding personal data

We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the data under our control.  In addition, we limit access to your personal data where appropriate to those persons within ZorroSign and third parties who have a business need to access your data. They will only process your data in accordance with our instructions and are subject to a duty of confidentiality. In certain cases, we have given you access to your personal data by means of a login and password. You are responsible for keeping this password safe and secure.

Unfortunately, we cannot and do not guarantee or warrant the security of any data you disclose or transmit to us online and we are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable data.

Questions and Problems

If you wish to raise a complaint on how we handle your personal data, you can contact our Privacy Officer as follows:

By Email: [email protected]

By Postal Mail:

Privacy Officer
ZorroSign, Inc.
125 North 2nd Street, Unit 110-571

Phoenix, AZ 85004 USA

If you are not satisfied with our response you can complain to the data supervisory authority for the country in which you reside.