Electronic Signatures Using Skyfish

Privacy Statement for those using Skyfish to electronically sign a document.

About Skyfish

Skyfish provides a secure platform that helps organizations manage media and collect electronic signatures in a GDPR-aligned manner. We implement strong privacy and security safeguards and process personal data only on instructions from the organization that issued the document.

Is it safe to sign with Skyfish?

Yes. Skyfish uses a trusted electronic-signature service provider whose technology meets EU requirements for security, privacy, and transparency. This allows organizations to collect Simple Electronic Signatures (SeS) in a reliable and protected way.

Are electronic signatures legally binding?

When you “Swipe to Sign” or “Long Press to Sign,” you create a Simple Electronic Signature (SeS). Electronic signatures can be legally binding under EU law, including Simple Electronic Signatures (SeS). Whether a signature is legally binding depends on the type of document and the laws that apply. You can read more about the legal validity of electronic signatures.

What happens when you sign?

When you sign a document through Skyfish, you agree to use an electronic signature for that document. The data controller (the organization requesting your signature) determines the legal basis for processing your personal data, which may include verifying the signature and maintaining an audit trail. Additionally, any information you enter into the document will be available to the issuing organization and any other signers, in line with the data controller’s configuration of the document.

Who is responsible for your data?

Skyfish acts as a data processor on behalf of the organization that issued the document (the data controller). The data controller decides what data is collected, the purposes for processing, and how long your data is stored. Skyfish processes personal data only according to the controller’s documented instructions, as defined in the data processing agreement.

What data does Skyfish process?

Skyfish may process and store the following information on behalf of the data controller.

Name
Email address
IP address
Photo (if required by the controller)
Phone number (if required)
Any additional personal data entered into the document by you or the controller
Any content uploaded by the controller and linked to your consent by the controller

Purpose of data processing

Skyfish processes personal data solely to provide the electronic-signature functionality and maintain the signature audit trail, in accordance with the controller’s instructions and our data processing agreement.

Consent withdrawal

If you have given consent to the use of your image or other personal data in the document, you have the right to withdraw that consent at any time. To do this, please contact the organization that issued the document (the data controller). Skyfish cannot process withdrawal requests directly, as we act only on the controller’s instructions.

The data controller also decides how long your data is stored and whether other legal grounds (for example, legal obligations or contractual requirements) mean some information must be kept even after consent is withdrawn.

Document handling

Documents are shown to signers and then packaged into a final signed version that includes verification data and metadata. Skyfish does not extract or analyze document content. All additional personal data contained in documents is determined by the data controller.