This website uses cookies in order to display personalised cookies and for statistical monitoring purposes. Please set your cookie preferences. Cookie settings Accept all

GDPR Notice

Starting May 25, 2018 Regulation 679/27-April-2016 regarding the protection of natural persons in what concerns the processing of personal data and regarding the free movement of such data and repeal of Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") it is applied in all the states of the European Union. This Information regarding the processing of personal data is intended to inform you about how we understand to regulate and integrate at our company level the GDPR policy and is an integral part of the Contract for the provision of qualified reliable services concluded with Digisign.

The operator (the one who processes your data) DIGISIGN S.A.
Office: 2-6 Virgil Madgearu St., 1st District, 014135, Bucharest, Romania
Trade Registry No: J40/8069/2005
VAT No: RO17544945
The data protection officer declared at ANSPDCP is DPO DATA PROTECTION SRL, d p o @
In its relations with its customers, DigiSign is the Controller of personal data. DigiSign has implemented an information security management system, ISO 27001 certified. DigiSign has also obtained the status of a qualified trusted service provider in accordance with EU Regulation no. 910/2014 eIDAS.
Obtaining and maintaining ISO 27001 certification and Qualified Trusted Service Provider status requires annual external audits, which assess the security of information systems and information.
DigiSign SA employees who have access to personal data are regularly trained on respecting the confidentiality, integrity and security of the data and have become aware of the applicable internal procedures.
Purposes of processing The processing of your personal data as a data subject is carried out for the following purposes:
    •    to provide DigiSign services purchased or ordered from DigiSign;
    •    to be contacted and answered in connection with the services you use or expect to use from DigiSign;
• to keep in touch with you and to provide you with the necessary information through our website: but also on our social pages.
• for marketing communications. We will only make these communications if we have the consent of the data subject.
Who are the data subjects and the legal basis of the processing

• Customers or potential customers whose data we will use to make offers, conclude and execute the contract and to provide the services requested by them. We will process the following data: name, first name, position / position, employer, telephone number, home address, CNP, series and no CI, date of CI release , date of birth, photos, email address, signature. Financial data: data resulting from the documents certifying the payment of the services ordered by you, for the execution of the contract (IBAN code, transaction code, payer's bank), but also the mandatory accounting records and supporting documents underlying the records in financial accounting. In addition to this data, in the case of electronic video authentication or identification, biometric data will be processed, in order to uniquely identify you. The trusted service provider, DIGISIGN, can perform remote identification using video means, in order to issue qualified certificates, In accordance with Art. 24 para. (1) lit. d) Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC). Regarding the biometric data, we mention that it is not stored, being deleted as soon as the result of the operation of unique identification of the person was generated. Only the result of the identification process is kept within the aforementioned 10-year period. Applications for obtaining / renewing unfinished certificates are kept in the database for 30 days, after which they are irreversibly deleted.
The processing of the biometric data mentioned above involves obtaining and comparing biometric templates from the photo of the identity card and from the photo of your face and is done through the videolD application ( This can only be done with your express consent. The legal basis of the processing is art. 6 para. (1) lit. b) of the GDPR, respectively in order to take steps at the request of the data subject before concluding a contract, art. 9 para. (2) letter a), respectively your consent for the processing of biometric data for your unique identification, by processing the facial image transposed into biometric data) During the videoconferencing, the following data can also be processed: data from logs, IP address, data regarding your actions in the DigiSign platform;
• Employees of our contractual partners (companies that are our business partners), we process the following data: name, first name, position / position, employer, telephone number,, home address, CNP, series and no CI, date of CI release , date of birth, photos, email address, correspondence email address of the employees of our partners in order to maintain the contractual relationship with the companies they represent and to be able to collaborate.
 In this case, we will base the processing on our legitimate interests to be able to execute the contracts we have concluded with other companies, on the necessity of concluding and / or executing a contract but also on the compliance with the obligations of the applicable legislation in force;
• Individuals with whom we are in business relationships.In order to be able to carry on business relations with different authorized natural persons, it is necessary to process certain information, namely: name, first name, e-mail address, telephone number, serial and identity document number, correspondence address, numeric code personnel, quality, professional qualifications. In this case, the legal basis of the processing is the conclusion / execution of a contract and compliance with a legal obligation;
• Personnel of a public authority, whose data we use to fulfill our legal obligations, such as responding to requests from authorities, keeping records provided by law and the like. For example, we will have to keep the name, surname, authority of who are also your signature in the control records that the law requires us to keep;
• Apply for a position that DigiSign SA has freely available. In order to carry out the recruitment process, we collect the following data: the data included in the CV you send us. Usually these are: name, first name, contact details (phone number and e-mail address), professional experience, proof of studies and other documents that we could request from you. Also, during the interview we will process personal data that refers to the candidate, such as: his professional preferences, details about his experience and studies which are not included in his CV, the expectations a candidate has regarding remuneration. As part of the hiring process, we may request additional documents (such as sheets, diplomas, endorsements, professional qualifications, etc.), which will also contain personal data. In these cases, we will base the processing of your data on the conclusion / execution of the employment contract;
• Visitors to the headquarters where we have video surveillance cameras installed, to ensure the safety of our employees, other people in those rooms and our belongings. Therefore, we will process images (videos) with all visitors. In all cases, we have indicated the places where these rooms are located by means of icons, according to the law. Data processing for this purpose is based on our legitimate interest in ensuring the security of persons and objects in our premises;
• Visitors to our site: or people who have interacted with any of our accounts on social media.
Then, it is possible to use the data of these target categories for the following purposes:
• Improving the user experience on our website. In order to be able to take into account the preferences that users have expressed in previous browsing sessions, to adapt our website to the device that the user uses. We process data such as: IP address; cookie identifiers; other online identifiers; unique device identifier (unique universal ID - UUID); the date and time of accessing the website; visit history; the date and time of accessing the website; the device from which you access the website; Internet browser type and browser language; information about where our website. The basis of the processing will be our legitimate interest in giving our users a pleasant browsing experience of our website;
• Knowing the opinions of people who communicate with us through social networks. When someone posts a comment under one of our social media posts, and presses the Like button or redistributes our post, or sends us a message on one of our accounts, we will process the following data for that person: username, profile photo , the action he took - like / other reaction or the content of the comment.
In these cases, we will base the processing on the data subject's consent.

Data transfer DigiSign does not transfer your personal data outside the European Union.
Data retention terms The expected deadlines for keeping and deleting the different categories of data will be those established by the legislation in force including the one regarding the archiving, respectively until the achievement for the purpose for which they were collected, for as long as necessary for their use as established by the legislation in force ( (including tax) or by the competent authorities.
We have a legal obligation to keep the data for 10 years from the date of expiry of the digital certificate, according to the applicable law. After the expiration of the filing deadline, the data will be irreversibly erased.
Regarding the biometric data, we mention that it is not stored, being deleted as soon as the result of the operation of unique identification of the person was generated. Only the result of the identification process is kept within the aforementioned 10-year period.
Applications for obtaining / renewing unfinished certificates are kept in the database for 30 days, after which they are irreversibly deleted.
To whom we will disclose your data As a rule, DigiSign SA does not disclose the data you hold and process, about all categories of data subjects, to other natural or legal persons.
The cases in which DigiSign SA customer data can be disclosed to other companies or individuals are those where other companies or individuals legal persons act as persons empowered in relation to. DigiSign SA In these cases, we will disclose the data for legitimate reasons related to the performance of a contract, the preparation of documentation necessary for the performance of the contract, finding, defending and exercising our rights or interests.
The categories of recipients to whom we may disclose your data are: < br> a the employees and collaborators of the Operator located in Romania;
a of third-party companies or contractual partners
a to the state authorities (ANAF, criminal investigation bodies, etc.)
In all these cases DigiSign SA will make all reasonable efforts to ensure that the data recipients we process them under conditions of security and confidentiality, in accordance with the purpose for which we have also been transmitted respecting the rights of the data subjects.       
Your rights

You have the following rights as a data subject:
Right of information and access to personal data
The data subject has the right to request a copy of the personal data held by DigiSign
Right of rectification of personal data
The data subject has the right to rectify the data if they are not correct.
The right of deletion
The data subject has the right to ask the operator to delete the personal data concerning him in the following cases without delay:
• personal data are no longer required for the purposes for which they were collected or processed;
• the data subject opposes the processing and there are no legitimate reasons to prevail in the processing;
• personal data have been processed illegally;
• personal data must be deleted in order to comply with the law;
ATTENTION: Data deletion will not be carried out if:
• data is required to fulfill a legal obligation;
• for archiving purposes in the public interest;
• for finding, exercising or defending a right in court.
The right to restrict the use of your personal data
If the data subject considers that the data that DigiSign holds about it is incorrect or should not be processed, contact DigiSign at headquarters for a discussion about its rights. In certain circumstances, processing restriction may be required.
The right of opposition to the use of personal data
In certain circumstances, the data subject has the right to oppose the processing by DigiSign of his personal data including the processing of data for direct marketing purposes
Right to data portability
The data subject has the right to request the personal data concerning him and provided to DIGISIGN SA in a structured format that can be read automatically.
The right not to be the subject of a decision based solely on automatic processing
The data subject has the right to request and obtain the withdrawal / annulment / reassessment of any decision that has legal effects in his / her regard, adopted exclusively based on personal data processing
The right of withdrawal of the consent at any time
Withdrawal of the consent can take place at any time and will produce effects for the future only, the processing carried out before the withdrawal remains valid.

What can happen if a person does not want to give us the data

In most cases, the data subjects are not obliged to communicate their personal data. that are related to principal of DigiSign SA, including the provision of certificates digital.
Where can you go for exercise rights and the response time. The exercise of the aforementioned rights will be done on the basis of a written request addressed to the DigiSign office or by email to d p o @
The deadline for any application for your rights is 30 days. except in cases where the request is complex or there is a large number of requests, when the deadline can be extended by another 60 days. If you are not satisfied with the solution received, you can contact the National Supervisory Authority for Data Processing with Personal Character - contact details can be found at

Updates                This Information may be subject to changes in content over time. Any new version will be announced and displayed on the DigiSign website
Date of entry into force:                             This Information is valid starting with 31.10.2022