User Guide Cancel

GDPR overview

  1. Welcome to Adobe Acrobat Sign for Government
    1. First steps for new accounts
    2. Claiming an email domains
    3. Connecting Okta to a federated identity solution
    4. Manually create/edit users in Okta
      1. Creating individual users manually
      2. Creating multiple users via CSV import
      3. Add or Remove a group from a user profile
      4. Elevating a user to Account/Privacy administrator status
      5. Changing your Okta password
  2. Configure Acrobat Sign
    1. Configuration Overview
    2. System requirements
    3. Branding
      1. Company and Hostname
      2. Logos
      3. Email header/footer images
    4. User access to features
    5. User experience within the application
      1. Allowed Signature types
      2. Signature order options
      3. Self Signing workflows
    6. Recipient experience when interacting with agreements
    7. Transaction security
    8. Compliance information
      1. GDPR
      2. HIPAA
      3. eVaulting Chattle paper
      4. IVES
  3. Administrator processes
    1. Admin guide overview
    2. Users
      1. Manage users in the Gov CloudCreating users
      2. Add users to a group
      3. Remove a user from group membership
      4. Update users in bulk
      5. Users in Multiple Groups (UMG)
        1. Overview
        2. Differences in UMG enabled accounts
    3. Groups
      1. Create a group
      2. Delete a group
      3. Modify a group name
      4. Modify group-level settings
    4. Templates
      1. Edit shared templates
      2. Transfer template ownership
    5. Custom workflow designer
      1. Create a custom workflow
    6. GDPR deletion processes
      1. Delete a user
      2. Delete agreements
    7. Sandbox
  4. User environment and processes
    1. Support resources
    2. Transaction limits
    3. Page layouts
      1. Home page
      2. Send page
      3. Manage page
      4. Reports page
    4. Configure your profile
      1. "My Profile" overview
      2. Change your email address
      3. Define your signature
      4. Configure your event and alert notifications
      5. Define your language preferences
      6. Define your personal email footer
      7. Review account sharing
      8. Configure auto delegation
    5. Send agreements
      1. Compose an agreement to send for signature
      2. Recipient signing order
        1. Sequential or parallel signing
        2. Hybrid signing (Both sequential and parallel)
        3. Recipient groups
      3. Written signatures
      4. Send an agreement to yourself only
      5. Send in Bulk
      6. Sending from a template on the Manage page
      7. Sign agreements
      8. Fill and Sign a document
      9. Self Signing
      10. Signing a document from an email link
      11. Sign a document from the Manage page
    6. Custom workflow designer
      1. Overview
      2. Create a new sending workflow
      3. Edit a sending workflow
      4. Activate/Deactivate a workflow
      5. Send agreements using a workflow
    7. Manage agreements
      1. Search for agreements
      2. View Agreements
      3. Activity history and Audit Report
      4. Add a note to an agreement
      5. Set a reminder
      6. Cancel a reminder
      7. Add an expiration date
      8. Modify/Delete an expiration date
      9. Modify the files of a sent agreement
      10. Replace the current recipient
      11. Upload a signed agreement
      12. Share an individual agreement
      13. Download an agreement
      14. Download the individual files of an agreement
      15. Download the audit report
      16. Download the signer identity report
      17. Download the field data from an agreement
      18. Cancel an agreement
      19. Hide an agreement from view
    8. Reporting
      1. Create a report with classic reporting
      2. Report charts and data exports
        1. Overview
        2. User permissions for report charts and exports
      3. Data Exports
        1. Create a data export
        2. Open and edit a data export
        3. Refresh the data in an existing export
        4. Download the CSV from a data export
      4. Report Charts
        1. Create a report chart
        2. Open and edit a report chart
        3. Rename a data export/report chart
        4. Duplicate a data export/report chart
        5. Delete a data export/report chart
    9. API
      1. API Swagger documentation
      2. Webhooks
Caution:

DISCLAIMER: This guide is intended to be a guideline and does NOT constitute legal advice. Seek the advice of your brand’s legal counsel to meet the requirements in the regions where you operate.

What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union's new privacy law that harmonizes and modernizes data protection requirements. While many new or enhanced requirements exist, the core underlying principles remain the same. The new rules have a broad definition of personal data and a wide reach, affecting any company that collects personal information of individuals in the EU. Part of the regulation requires that individuals have the right to understand what personal data has been collected and to have that data deleted upon request when appropriate.

For the purpose of this article, the term User refers to a member of a company that sends agreements for Signature. The term "Signer" refers to an individual who receives and either signs or rejects the agreement. A privacy administrator is an Acrobat Sign account administrator with unique controls for removing personal information from the service upon request of a sender or signer.

User uniqueness is predicated on the email address used to identify the individual. A person with multiple email addresses could have multiple discrete user IDs in the system. All GDPR controls in Acrobat Sign use email addresses to find and manage personal information. There is no connection between the unique email addresses, and an Administrator will only find data on the email address provided.

Features that support GDPR

Acrobat Sign offers features to help customers comply with GDPR. For more information on how Adobe protects your privacy, visit www.adobe.com/privacy.

Under GDPR, individuals have enhanced rights to request access, correction, and deletion of their personal information.

  • Access – Most personal information about a User or a Signer can be accessed directly by that individual through Acrobat Sign UI.  A small amount of activity information isn't currently available directly.  An individual account holder must contact the Adobe Privacy office at Adobe.com/privacy to request access to this information.  An example of the report is included later in this article.
  • Correction – All personal information collected on users or signers is available through the user interface.  If changes are required, the User or Signer can make them directly without contacting Adobe or their administrator.
  • Deletion – Different actions are available depending on the role played in the signing ceremony.  A User sending agreements must make the request to the company they are employed by.  Adobe cannot participate in this interaction and does not control the data the employer has collected while doing business.  The signing process collects minimal information about a signer during the ceremony.  This includes Name, email address, IP address, and optionally, a phone number and OTP code.  This information is stored with the agreement with their signature and is controlled by the company that sent the agreement.  If a Signer needs information concerning the personal information collected with that agreement, they need to contact the Sender of the agreement.  As a data processor, Adobe cannot provide any information to the Signer about the agreement or the company that sent them the agreement. Since the only information saved about the Signer is in the Agreement, deleting the Agreement deletes the Signer's personal information.  If the Sender agrees to delete the Signer's information, they use the privacy menu to find and delete the agreements where the Signer was a participant.

In terms of the Acrobat Sign toolset, there are three features in place:

  • User level logs - A log of the various events (that include personal information) triggered in the Acrobat Sign environment
  • Agreement Deletion - Privacy Administrators have the authority to view and delete any agreement created by any user within their account.
  • User Deletion - Privacy Administrators can delete any user within their account.

 

Privacy Admins can manage user's information and agreements by logging into the Admin Console and editing the user's profile.

User level logs

Any user can request the Adobe Privacy Center to provide the log of their activities in the Acrobat Sign system which includes their private information.

That information is returned in the form of a CSV containing the following:

  • The date of the event
  • The event type
  • The IP address from which the event was triggered

Agreement Deletion

Applicable only to agreements sent by users under the authority of the Privacy Admin.

When a signer requests to have their information removed from the Acrobat Sign system, the account's Privacy Admin can search against the user's email address and return all the agreements that the email address participated in and was created within the admin's organization.

If the Privacy Admin determines that the agreement is no longer needed, he can delete it, wholly and irrevocably, from the service.

Recipients that contact Acrobat Sign will be directed to review their Manage tab and to contact the company that initially created the transaction to delete the agreement.

Acrobat Sign, as a data processor of the Customer, will never delete an agreement at the request of a recipient.

The Privacy window with agreements displayed and the Download Agreement link highlighted

User Deletion

Applicable only to users under the authority of the Privacy Admin

When an employee requests their information to be deleted from your systems, this tool deletes all the user's information from the Acrobat Sign servers. 

Users must make this request to the account Privacy Admin directly. Only the Privacy Admin has the authority to delete users.

Acrobat Sign support cannot delete users from an account, and if requested to do so, Support will refer the user to their account administrator.

The Users tab with an inactive user options exposed and the Delete User Information link highlighted

Note:

Individual and free accounts

Users that exist as the only person in an account, or who only have a free account, will not be able to delete themselves. In this case, the user will need to contact the Adobe Privacy Center.

The user needs to provide their email address and explicit instruction to delete the user associated with the email address from the Acrobat Sign systems. The Adobe Privacy Center will then take the appropriate steps to ensure the user is deleted.

How users can request that their data be removed from Acrobat Sign

Having personal information deleted from the Acrobat Sign system requires that the user's assets be properly resolved.  This process varies depending on the type of user or account involved, which can be grouped into three categories:

Signers are unique in that some other user created all of their agreements.

The first step in having your content deleted from the Acrobat Sign system is to register your email address and review the content that is associated with your email address.

You can register your email address here.

 

Once your email address is registered:

  • Log in and select the Manage tab at the top of the window.
  • Cycle through each filter in the left rail (Waiting for you, Completed, Canceled, and Expired) to find your agreements.

If there is no content on this page, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.

Find the sender of the agreement

To have your agreement content deleted, you must contact the original sender of the agreement.

Only the original sending account can review the agreement and delete it.

Note: The original sending account Privacy Administrator determines when a contract can be deleted.

 

To determine who the original sender is:

  1. Select one record on the Manage tab with a single click (double-clicking will open the agreement).
    • The right rail opens to expose the agreement metadata and actions.
  2. Copy the email address at the top right of the window (next to From: - highlighted in the image above).
  3. Send an email to the original document creator using their email, indicating that you want them to remove your information from their Acrobat Sign account.
    • Be sure to send the email from the same address to which the original agreement was sent so they know you are authorized to make the request.

Repeat the above for all agreements listed on the Manage page in the Completed and In Progress categories.
The contacted companies have 30 days to act on your request to delete the content.

Any agreements in the Waiting for you section should be declined:

  1. Open the agreement to sign.
  2. Select the options in the upper-left corner.
  3. Select I will not e-sign.
  4. Provide a reason to decline, then select the Decline button.
Decline

Once all open agreements are declined and the senders for completed agreements have been contacted, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.

Free and individual service plans have a registered email address and should be able to log into their account to review the content at will.

If you have trouble logging in, select the I forgot my password link under the login fields and reset your password value.

The Acrobat Sign login page with the I Forgot My Password link highlighted

Once you can log in to the service:

  1. Navigate to the Privacy tab in the admin menu.
    • This opens the page where you can use an email address to search for the content you have created using that email value.
  2. Enter your own email address at the top and select Enter.
    • A list of all agreements you have created is returned.
  3. Select each Completed agreement and download the PDF to review.
  4. Delete all agreements that are no longer in effect by selecting the garbage can icon on the far right.
    • The user cannot be deleted until all Completed agreements have been deleted from the account.
The Privacy window with agreements displayed and the Download Agreement link highlighted

Select the Manage tab at the top of the window.

This page shows all the remaining Acrobat Sign content that has included your email address.

Manage page From

To have agreements sent by other users deleted, you must contact the original sender of the agreement.

Only the original sending account can review the agreement and delete it.

Note: Contracts still in legal effect are not required by GDPR to be deleted. The original sending account Privacy Administrator determines this.

 

To determine who the original sender is:

  • Select one record on the Manage (double-clicking will open the agreement).
    • The right rail is exposed, giving access to the agreement metadata and actions.
  • Copy the email address at the top right of the window (next to From: - highlighted in the image above).
  • Send an email to the original document creator using their email, indicating that you want them to remove your information from their Acrobat Sign account.
    • Be sure to send the email from the same address to which the original agreement was sent so they know you are authorized to make the request.
  • Companies have 30 days to act on your request to delete the content.

Repeat the above for all agreements listed on the Manage page in the Completed and In Progress categories.

  • If you created the agreement In Progress, Cancel it.
  • Decline any agreements in the Waiting for You category.

Once all Signed agreements are deleted, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.

Users under the authority of a Privacy Administrator only need to contact their Admin and request to be deleted from the system.

The Privacy Admin can review your content and user and delete all appropriate content.

Adobe Privacy Center

Any request for action not supported by the tools within the user interface or questions regarding GDPR compliance must be submitted to the Adobe Privacy Center.

Support and Success agents cannot access the tools that delete content from the servers.