Resources

Data Protection and Privacy Policy

Details of the document

Version

1.0

Version Date

31 May 2026

Approved by

"imID" close joint stock company, CEO.

Document Title

imID Sign Data Protection and Privacy Policy

Document Classification

Public

Revision History

VersionVersion DateAmendments

1.0

31 May 2026

Initial publication

imID Sign DATA PROTECTION AND PRIVACY POLICY

imID Sign data protection and privacy policy is a legally binding document.

By selecting "I agree", the User confirms that they have read and understood this document and accept its terms. The User agrees that the Company may receive, process, and store the personal and other data provided through imID Sign by any lawful means not prohibited by applicable law. The relationship between the User and the Company in connection with the use of imID Sign shall be governed by the terms of this Policy with respect to the protection and confidentiality of personal and other data.

1. DEFINITIONS

Company
– means "imID" close joint stock company, incorporated and operating under the laws of Republic of Armenia (state registration number: 264.120.1370112), being the owner and the administrator of imID Sign and www.imidsign.am website,
imID Sign
– means a platform which enables individuals and organizations to manage signing workflows, exchange documents, send signature requests for imID Signature purposes,
Policy
– means this data protection and privacy policy, which is an integral and essential part of the Terms of Use and should be construed in conjunction with the Terms of Use,
Terms of Use
– means imID Sign General and Special Terms of Use, taken together.

1.1. In the event of any inconsistency between the Policy and the Terms of Use, the provisions of the Policy shall prevail.

1.2. Other terms and definitions used in the Policy shall be construed in accordance with the Terms of Use, unless otherwise provided in the Policy and/or otherwise arising from the context of the Policy or the legislation of the Republic of Armenia.

1.3. Unless the context otherwise requires, words in the singular shall include the plural and words in the plural shall include the singular, and references to any gender shall include all genders.

2. GENERAL CONDITIONS

2.1. The Policy applies to www.imidsign.am website, imID Sign, its software, application and/or service (hereinafter referred to as the "Services") unless otherwise defined and/or published by the Company.

2.2. The Company highly values the protection of personal and other data (hereinafter referred to as "Data") provided by the User, undertakes all the most advanced necessary and adequate measures available to the Company to keep them confidential and secure, ensures that the security mechanisms comply with the current legislation of the Republic of Armenia, the best international practice, and technical progress.

2.3. The Company may amend the Policy at its sole discretion by publishing the updated version on www.imidsign.am website.

2.4. The User is responsible for periodically reviewing www.imidsign.am to stay informed of any changes to the Policy.

2.5. Within the framework of the Policy, the Data is processed on the basis of the legislation of the Republic of Armenia, including the Law of the Republic of Armenia "On Personal Data Protection" and/or the User's consent obtained as a result of adopting the rules of the Policy.

3. METHODS AND PURPOSE OF DATA PROCESSING

3.1. The Company processes:

3.1.1. the Data that the User personally provides to the Company,

3.1.2. the Data that becomes available to the Company as a result of the User's use of imID Sign.

3.2. The Data provided by the User personally to the Company or made available to the Company as a result of the use of imID Sign may also refer to other individuals who are not Users of imID Sign. In this case, the User guarantees that he/she has the consent of these individuals to transfer information about them to the Company, as well as to process and store this data by the Company. The User bears full responsibility for any claims, damages or disputes arising out of the absence of such consent or violation of the rights of third parties.

3.3. The Company processes and stores Data in accordance with the legislation of the Republic of Armenia and the Policy, to the extent necessary for the proper use of imID Sign, provision of Services, improvement of the platform, and marketing of imID services, based on the User's consent.

4. DATA COLLECTION METHODS

4.1. The Company's methods of obtaining and/or collecting the Data are:

4.1.1. registration of the User for the purpose of using imID Sign and the provision of data (including, but not limited to, e-mail address, name, surname, mobile phone number, bank details, etc.);

4.1.2. Data made available to the Company by the User through the use of imID Sign (including, but not limited to, IP address, time, date, location, signers, approvers, viewers of the Document). Such Data becomes available to the Company when the User:

4.1.2.1. creates, signs, sends, transmits, receives, or views the Document;

4.1.2.2. creates a User Account,

4.1.2.3. contacts the customer service center of the Company,

4.1.2.4. uses (including uploading/downloading Documents) imID Sign to use the Services.

4.1.3. As a result of using imID Sign, the User also makes available to the Company the Data relating to third parties when:

4.1.3.1. the User initiates the signing of the Document and specifies Data about other individuals (name, surname, e-mail address),

4.1.3.2. adds a new User,

4.1.3.3. fills in Data about third parties paying for the Services (e.g., bank details, invoice receipts, etc.).

5. TYPES OF DATA PROCESSED

5.1. The following types of Data are received and processed by the Company:

5.1.1. identifying (name, last name, e-mail, mobile phone number),

5.1.2. Data voluntarily provided by the User during the use of imID Sign and/or during Account creation,

5.1.3. commercial/business (uploaded/downloaded/signed Document/Document content, bank data, payment and payer data, information included in the accounting document),

5.1.4. automatically received.

5.2. The Data automatically received by the Company is:

5.2.1. Data relating to the use of the device, including information about the device model, IP address of the device, browser identifier, duration, date and time of use of imID Sign, frequency of use;

5.2.2. transactional Data (e-mails of the participants in the transaction, the subject of the transaction, the history of actions performed by the various entities involved in the transaction (e.g., viewing, signing, confirmation), and the personal data of these entities and their devices, such as identity, e-mail, IP address, etc.).

6. TRANSFER OF DATA TO THIRD PARTIES

6.1. Data may be transferred to third parties only in the cases and under the procedure prescribed by the legislation of the Republic of Armenia and/or the Policy.

6.2. The User acknowledges and agrees that the Company has the right to transfer and/or make available Data to the following third parties to the extent necessary/required for the purposes set out in the Policy:

6.2.1. suppliers involved in the development of imID Sign and/or the provision of Services,

6.2.2. state and local self-governing bodies or legal entities in cases prescribed by the legislation of the Republic of Armenia,

6.2.3. if the User sends a Document to other Users or persons who are not yet a User through the User Account,

6.2.4. other third parties with the User's consent.

7. THE RIGHTS OF THE USER

7.1. The User has the right to:

7.1.1. get acquainted with the Data, to request the correction, blocking or destruction of the Data if it is incomplete or inaccurate or outdated or obtained illegally or is not necessary to achieve the purposes of the processing,

7.1.2. withdraw his/her consent at any time, in which case he/she will no longer be able to use imID Sign and the Services. The Company shall terminate the provision of the Services and, within a reasonable period of time, delete the Data stored in its systems,

7.1.3. submit a complaint to the Company if the User believes that Data has been processed in breach of this Policy, by sending an email to support@imidsign.am,

7.1.4. submit a complaint to the competent personal data protection authority in the Republic of Armenia, namely the Personal Data Protection Agency of the Ministry of Justice of the Republic of Armenia.

8. DATA RETENTION PERIOD

8.1. The Company stores the Data in the manner and within the time limits prescribed by the legislation of the Republic of Armenia and the Policy.

8.2. The Company shall store the Document, and it shall remain accessible in the User Account for 21 (twenty-one) calendar days following its submission for signing and/or approval. Upon expiry of the said period, if the Document has not been signed and/or approved, it shall remain accessible in the User Account to both the User and the Company for an additional 7 (seven) calendar days, after which it shall be automatically deleted and become inaccessible in the User Account to both the User and the Company.

8.3. When the Document is signed/approved by all participants, it remains available in the Account for 7 (seven) calendar days. After this period, the Document becomes inaccessible to the User, the Company, and through the User Account.

8.4. The User is responsible for storing the Document in their own storage systems to avoid loss.

8.5. For validation of the imID Signature through the imID Sign Validator tool, uploaded Documents are transmitted to the Company's infrastructure. By uploading a Document, the User or visitor to imID Sign consents to such transfer and processing.

8.6. Documents uploaded through imID Sign Validator tool and transmitted to the Company's infrastructure are not stored and are automatically removed from the system immediately after the validation is completed and the browser is closed.

9. SECURITY

9.1. To protect the processed Data from unauthorized access, alteration, disclosure, or destruction, the Company shall implement the necessary legal, organizational, and technical security measures in accordance with the requirements of the legislation of the Republic of Armenia, the Company's information security policy, and the Company's technical capabilities. The data storage system, continuously monitored by the Company's employees, is protected through network security devices and routers that ensure compliance with modern security standards.

9.2. The Data shall be accessible to the Company's employees only to the extent and for the duration necessary to achieve the purposes defined by the Policy. The Company's employees and other entities who have been granted access to the Data have signed confidentiality undertakings and have been informed of the potential disciplinary, administrative, civil, and criminal liability in the event of any violation of the applicable legislation of the Republic of Armenia in the field of data processing. In order to ensure the protection of the Data, all agreements concluded with the Company's partners receiving Data-containing information shall mandatorily include provisions prohibiting the disclosure of confidential information (including personal data).

10. DURATION OF THE CONSENT

10.1. The User's consent to the rules set forth in the Policy is valid for an indefinite period of time until the User revokes it.

10.2. Requests for withdrawal of consent to data processing, as well as requests for correction, deletion, cessation of data processing, or any other action related to data processing, shall be submitted by the User to the Company in writing or electronically, clearly specifying the relevant request. The Company shall cease data processing within a reasonable period following the date of receipt of the respective application/request. The User agrees that, in the event of withdrawal of consent, the Company shall terminate the provision of the Services and, in accordance with the legislation of the Republic of Armenia, may retain the Data to the extent required by law.

11. CONTACT DETAILS

11.1. In the event of any questions related to the Policy, the User may contact the Company using the contact details provided below: