Privacy Policy

Updated
January 18, 2024

Agrello OÜ (referred to as “Agrello”, “we”, “us” or “our” in this Privacy Policy) is committed to protecting the privacy and security of your Personal Data. This Privacy Policy applies to your Personal Data we collect through our website at www.agrello.io (the „Site“) and other services provided by us, as defined in our Terms and Conditions (our „Services“).

Each person’s right to the protection of their Personal Data is important to us. This Privacy Policy explains in a simple and transparent way what Personal Data we collect, record, store, use, for what purpose and how.

This Privacy Policy applies to you if you visit our Site or use our Services. You have choices about whether you visit our Site, install our apps, or provide Personal Data to us. However, if you do not provide us with certain Personal Data, you may not be able to use some parts of our Services.

This Privacy Policy does not apply to any third party websites and apps that you may use, including any linked into our Services. You should review the terms and policies of third party websites separately before sharing your Personal Data.

We provide our Services to private and corporate customers. Within the purview of our Services for corporate customers, it is understood that legal entities cannot possess Personal Data. Nevertheless, Personal Data processing may occur incidentally when corporate customers upload documents containing Personal Data, and such processing will be limited to the scope required to address any potential privacy implications in those documents.

This Privacy Policy is incorporated into and is subject to, the Terms and Conditions. Capitalised terms used but not defined in this Privacy Policy have the meaning given to them in the Terms and Conditions and in the Regulation (EU) 2016/679 (General Data Protection Regulation).

Scope of processing your Personal Data

Personal Data is any information that relates to an identified or identifiable individual. Different pieces of information, which in collection can lead to identification of a particular individual, also constitute as personal data.

Processing of Personal Data means every activity that can be carried out in connection with Personal Data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring, or deleting it in accordance with applicable laws.

Information about you will be collected, if provided by you through certain facilities on our Site or automatically when using our Services. The purpose of these facilities is apparent at the point where you provide your personal information, and we only use your information for those specific purposes.

Your Personal Data may be provided to us by our third party partners (for example the service providers connected to our Services) who are legally allowed to share your Personal Data with us and by social media platforms (e.g. Facebook, Instagram, Twitter, Youtube) that may share information about how you interact with our social media content (e.g. likes, comments).

Your Personal Data may also be collected when other clients give us your Personal Data when using our Services. For example, if a client wants you to sign an electronic document via our Services.

Personal Data we collect, its purposes, and legal basis

Agrello Account

By creating an account on our Site, you agree to provide us with your Personal Data. Creating an account is necessary to access certain Services on our Site (e.g. contract management services). However, you are not required to create an account with us when you are requested to sign a document.

You can create an account with us by entering your email address and creating authentication credentials. The Personal Data that we may collect may include your full name, email address, phone number and other information necessary to verify user identities.

You have the option to create an account via third party service provider (e.g. Microsoft, Google). Please note that Google may collect and process data as described in their own policies and practices. We encourage you to review Google’s privacy policy for further information on their data collection, usage, and protection practices.

We process your Personal Data on the basis of fulfilling a contract with you for providing our Services, such as facilitating sign-up and sign-in to your account, and verifying your identity.

Should you have any questions about which data is collected or need further information concerning the legal basis on which we collect and use your Personal Data, you are welcome to contact us using the contact details provided below.

Contract management services

Our contract management system is a platform that enables users to create, manage and store legal agreements in a secure and efficient manner. With our user-friendly interface and advanced technology, you can draft contracts, send contracts for signature, sign contracts, and store them. To provide you with this service, we may collect your Personal Data that may include your identification data and/or contact data and/or any personal data that may be related to the contracts. Personal Data collected depends on the purpose and type of documents that are processed through Agrello platform.

  • Please note that our primary purpose is to offer you a contract management service and not to actively process your Personal Data. However, we acknowledge that, in the context of providing the Service, we may need to process your Personal Data. As a user of our Services, you bear sole responsibility for the Personal Data you upload and manage through the platform. It is your responsibility to ensure that the Personal Data you input into our systems is processed accurately, lawfully, and in compliance with the relevant data protection laws.

We offer subscription-based Services that you can access via your account. To access these subscription-based Services, we may collect your billing address. Your Personal Data may also be collected by a third-party payment service provider. You can manage your subscriptions and update your Personal Data preferences at any time through your account settings.

We process your Personal Data on the necessity to perform a contract with you for the provision of our Services, such as uploading, reviewing, storing, hosting, and backing up your documents or processing payments (in accordance with our Terms & Conditions). Additionally, we process your data under our legitimate interest to record details about electronic documents, such as user views, devices used, and timestamps, in order to prevent, investigate and respond to fraud, unauthorised access or use of our Services, violations of terms and policies, or other wrongful behaviour.

Digital identity and electronic signature service

We offer different levels of digital signing solutions that allow you to sign contracts electronically or digitally.

For the provision of the Services regarding simple level signatures, we collect your Personal Data associated with creating a digital signature that includes your name and email address.

For the provision of the Services regarding Qualified Electronic Signature we have enabled the access of third party services (e.g., ID-card, Smart-ID, Mobile-ID). . Please note that the terms and conditions and privacy policy of the relevant service provider apply. We encourage you to review the relevant service provider’s privacy policy for further information on their data collection, usage, and protection practices.

Certain Personal Data may be processed by the third party service provider and that processing may depend on the specific requirements of the signature process. It may include your:

  • identification data (full name; date of birth; personal identification number; identification document number, the expiration and issue date);
  • signature data;
  • authentication data.

The purpose of collecting your Personal Data for digital signing is to verify your identity and to ensure the authenticity of the signed document. When you sign a document digitally, your digital signature is linked with your Personal Data that may include your name and e-mail address. We also collect your Personal Data to help prevent fraud and ensure the security and integrity of the signed document protecting the interests of all parties involved in the signing process. We also may process identification data and e-mail address of the persons who are expected to sign the electronic document.

Personal Data processing will be based on the performance of a contract (to verify your identity and authenticate your digital signature) and/or on your consent (when you sign a document) and/or on our legitimate interest to prevent fraud or ensure the security and integrity of the signed document and to record details such as who signed the electronic document. The processing of Personal Data is necessary for the legitimate interest of us or a third party, provided that such interests are not overridden by your protection interests or fundamental rights and freedoms.

Agrello Codriver

As part of our Services, we provide file-reading tool based on artificial intelligence and machine learning service provided by a third-party service provider OpenAI, L.L.C. (“Agrello Codriver”). When you accept to use Agrello Codriver on your uploaded  documents, text, or other materials of any kind, you can receive output generated and returned by Agrello Codriver based on your input.

To provide you with this service, we may collect Personal Data that you provide as an input, including your uploaded documents, your prompts, queries, or other text inputs that are necessary for generating appropriate responses through Agrello Codriver and your user data.

We process your Personal Data, including data such as contract texts and user prompts, on the basis to perform a contract with you for the provision of Agrello Codriver service, allowing you to carry out semantic searches and summaries, as well as explanations from the texts of uploaded documents. Your user prompt serves as the basis for conducting corresponding searches and operations.

Please note that Agrello Codriver is offered as white label solution and is subject to the terms and conditions of OpenAI, L.L.C. Open AI, as the data processor ,may collect and process Personal Data as described in their API policies and practices. We encourage you to review OpenAI’s terms and conditions and privacy policy for further information on their data collection, usage, and protection practices.

Document editing

As part of our Services, we provide document text editing features based on a third-party service providers document editing software to allow users to modify the content of documents and templates.

To provide you this service, we may collect your Personal Data, including your identification data and/or contact data and/or any personal data that may be related to the contracts.

To enable this service your documents are processed by third party service providers listed below:

  • Zoho Corporation

We process your Personal Data on the basis to perform a contract with you for the provision of this document editing service.

Please note that third party service providers as the data processor may collect and process data as described in their own policies and practises. We encourage you to review respective service provider’s privacy policy for further information on their data collection, usage, and protection practices.


Customer Support

We may collect your Personal Data in the course of providing customer support when you contact us via email, customer support or any other way, as the case may be.

This may include collecting your identification data and/or contact data and/or details of your inquiry or issue. We collect your Personal Data to provide effective customer support and respond to your inquiries in a timely and helpful manner either. The legal basis for processing Personal Data is based on the performance of a contract (e.g. questions arising from provision of Services) and/or your consent when you contact us before using any Services.

Marketing Activities

We may periodically send you information that we think you may find interesting. In particular, we may process your Personal Data to send you via your email address marketing and educational materials, invites to the special events etc.

We process your Personal Data based on your consent if you have agreed to receive marketing communication from us. You have the right to withdraw your consent at any time by unsubscribing or opting out from our marketing publications.

Social networks

For the purpose of managing and administering our social network (i.e “Facebook”, “LinkedIn”, “Instagram” and “Youtube”) we collect the following Personal Data you have provided voluntarily: your social network profile name, profile picture, public comments made on our account, subject matter and text of your queries, if any.

We process named Personal Data on the basis of your consent (on your request to provide you with an answer or your choice of comment) and/or our legitimate interests to communicate with our followers. Such Personal Data will be stored until we use our account actively unless you by yourself at any time delete your Personal Data earlier on.

We may delete your activity from our accounts at our own discretion if the content you have provided infringes the social media platform’s terms and conditions or our rights or interests. Respective to Personal Data processed within the social networks, the individuals should also review the privacy notice of the respective social network platform.

Cookies

We may make use of browser “cookies.” Cookies are small pieces of information that are stored by your browser on your computer’s hard drive when you use our Services. They allow us to see if you have logged in, checked your status as a subscriber or user, and facilitate access to your preferences.  

In any case, the processing or your Personal Data with the help of cookies is based on your consent provided on Site’s cookie banner which you can change at any time or based on our legitimate interest respective to the use of necessary cookies which allow our Site to function correctly.

Cookies can be deleted from your device if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Certain parts of our Services will not function properly if the usage of cookies is blocked. We are not liable for any loss of functionality or quality of the Services if usage of cookies is blocked.

We may also use tracking software to monitor customer traffic patterns and the usage of our Services for research and development purposes, customer engagement and to keep you informed of our activities.

For more details, please visit our Cookies Policy.

Fulfilling our legal obligations

In some cases, we may have a legal obligation to collect or retain Personal Data or may need Personal Data to protect ours or your vital interests or those of another person to comply with or as required by any applicable law, court order, an order of a regulatory body, governmental or regulatory requirements, any jurisdiction applicable to us and to meet the legal retention. Such data processing may be in connection with the collection of taxes or duties, bookkeeping and responding to supervisory authorities.

Service improvement and analysis

We may process your Personal Data respective to test and improve our Services, analyse Personal Data about our clients how they use our Services and carry out various analysis to evaluate our Service performance. To the extent possible we use anonymised data to fulfil named purpose, however there are instances where Personal Data processing may be required. If Personal Data processing is required, we have implemented appropriate organisational and technical measures to mitigate the risks that may affect your rights and freedoms e.g., Personal Data is pseudonymised and we have implemented access management procedure to limit the number of employees who will have the access to Personal Data.

We may process your Personal Data to conduct customer satisfaction queries via e-mail or via direct communication, if you have provided your phone number.

For the purpose of Service improvements and analysis we process your Personal Data based on our legitimate interest. If you do not want to receive Service improvements related queries, you have the option to opt out from such communication from us.

Other purposes

Where necessary, we may process your Personal Data for additional purposes relating to:

  • Agrello’s legitimate interests in relation to: (i) completing transactions relating to the company (e.g. corporate restructuring, sale or disposal of assets, merger); (ii) protecting and enforcing the our rights, assets and interests, including fraud prevention.
  • We may also process your Personal Data when you send us an enquiry or request using the contact details shown on the Website, including in relation to our Services.

                                                                                                     

How long we retain your Personal Data

We only retain the Personal Data collected from you for as long as your account with us is active or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law.

You have the possibility to delete the data you have provided to us at any time, especially the data you have provided via using the contract management services. You can manage that under your account.

We will retain and use information necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:

  • accounting information is retained for a period of 7 years according to the Estonian accounting and taxation laws;
  • backups are kept for 6 months;
  • information on legal transactions is retained for a period of 10 years in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.
  • accounts that have not been logged in for 3 years will be deleted automatically; Agrello will notify the user 30 days in advance.

When technically possible your Personal Data will be automatically anonymised after certain period of time.

How we protect your Personal Data

We take appropriate technical and organisational measures to ensure the confidentiality and integrity of your Personal Data and the way it’s processed and to protect your Personal Data against unauthorized access, use, and disclosure, accidental or unlawful destruction or accidental loss. These technical and organisational measures include encryption to protect your data both on our servers. Only identified and authorised users can access and modify the data.

To help us continue to protect your Personal Data, you should always contact us if you suspect that your Personal Data may have been compromised.

How we share your Personal Data

You acknowledge and understand that for the provision of our Services we may share your Personal Data as follows:

Third party service providers.      

We may share your Personal Data with other companies we use to support the Services. These companies who may act as processor and/or sub-processor provide services like intelligent search technology, analytics, advertising, payment collection, identification and verification services, fraud detection and customer support. We have contracts with all such service providers that address the safeguarding and proper use of your Personal Data and we ensure that processing of Personal Data by such third parties will be based on legal ground and will be performed in accordance with lawful instructions and in compliance with the applicable laws.

Marketing partners.

We may share your Personal Data with marketing service providers, or other similar parties with whom we may engage regarding marketing activities.

Law enforcement and other governmental agencies.

We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

Our business transactions.

We may share your Personal Data during a corporate transaction like a merger, or sale of our assets or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification to our clients.

Other of Agrello’s clients and third parties.

Your Personal Data will be shared with the persons to whom you have sent an electronic document for signing, editing or viewing.

We may share your Personal Data in other ways if you have asked us to do so or have given specific consent (for example, receiving a marketing communication).

Most of the third party service providers are considered data processors. In certain cases, the third party service providers may be considered data controllers or organisations processing such Personal Data, not as data intermediaries. These service providers are for example our attorneys, auditors, insurers, banking partners and accountants who perform certain activities on behalf of us and are subject to data processing rules as independent controllers. Some of these third party service providers may be located outside the country where you accessed the Services.

We require all third party service providers to maintain appropriate technical and organisational measures to meet the requirement of applicable law and protect your rights.

Transferring your Personal Data outside EEA

Your Personal Data processed through our Services may be transferred to and stored on servers located outside the European Economic Area (EEA). This transfer of Personal Data may be necessary for the proper functioning of Agrello’s Services and to provide you with the intended features. For example, OpenAI may transfer your Personal Data outside the EEA, specifically to the United States (USA). Such transfer will occur only based on explicit consent for using Agrello Codriver. When your Personal Data is transferred outside the EEA, we take appropriate measures to ensure that the data receives an adequate level of protection as required by applicable data protection laws.

By using our Services, you acknowledge and agree that the transfer of Personal Data outside the EEA may occur as described in this Privacy Policy. We will take all reasonable steps necessary to ensure that your Personal Data remains secure and is handled in accordance with this Privacy Policy.

If you have any concerns about the transfer of your Personal Data outside the EEA, please contact us using the information provided below.

Your legal rights

You have the following rights in relation to your Personal Data. However please note that some of the following rights may be limited where our legitimate interests or legal obligations override your interests and rights (particularly, in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations). Additionally, as we provide document management services and may act as a data processor, we may not be able to completely fulfil your legal rights due to confidentiality obligations with our clients.

Request access to your Personal Data.

You have the right to request access to your Personal Data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data we process, the purpose and the legal basis that we rely on when processing your data.

This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights).

Request correction of the Personal Data that we hold about you.

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Personal Data.

This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it, e.g. the purpose of processing your Personal Data has been fulfilled, retention period has expired or processing is unlawful. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Data

This enables you to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

Request restriction of processing of your Personal Data

This enables you to ask us to suspend the processing of your Personal Data.

Request the transfer

This enables you to request the transfer of your Personal Data to you or to a third party. Bear in mind that the latter can only be done if that is technically feasible.

Withdraw consent

This enables you to withdraw consent at any time where we are relying on consent to process your Personal Data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you.

The right to file complaints

Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us.

Please send your request to support@agrello.io We ask you to send your request from an e-mail address you have used to sign up for our Services. In other cases, we reserve the right to ask for additional details about you to help us to identify you. This is a security measure to ensure that your Personal Data is not disclosed to any other person who has no right to receive it.

We try to respond to all legitimate requests within one month. You can also contact the data protection authority in your country if applicable. Please see: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Changes to this Privacy Policy

We may amend this Privacy Policy at any time to remain compliant with any changes in law and/or to reflect how we process Personal Data. The changes will be posted on our Site and are effective from the date of their publication. Where we are required to seek further consents under applicable law, we will do so.

Contact and questions

In order to contact us, please send us an e-mail at support@agrello.io.