Compliance Information

This Compliance Information was last updated on June 1, 2018

Uploaded on June 1, 2018

GDPR COMPLIANCE

GDPR has been approved by the European Union with the aim of increasing the protection of an EU customer’s personal data as well as their right to all of their data. Each organization that handles the data of an EU resident shall comply with strict requirements concerning data collection and its management or pay revenue-based fines if not complied.

PCI DSS COMPLIANCE

PCI Data Security Standards provides the guideline for ensuring the safety of the cardholders’ data. SignOnTheGo® deploys PCI certification guideline and we maintain payment security to ensure that our customers’ credit card information is well-protected against cyber threats and attacks.

HIPAA COMPLIANCE

Currently, SignOnTheGo® does not provide support and does not maintain medical records data. SignOnTheGo® will provide update with regard to supporting the Health Insurance Portability and Accountability Act.

EIDAS COMPLIANCE

SignOntheGo® has not yet been confirmed nor has it been audited by the SSAE 16 Professionals. SignOnTheGo® will ensure compliancy with the eIDAS’ Section 4-Electronic Signatures, Article 25. SignOnTheGo® will also ensure compliancy with the eIDAS’ Section 4-Electronic Signatures, Article 26 prior to conducting business in the European Union. However, SignOnTheGo® GDPR Compliance has already been in place, effective May 25, 2018.

TITLE 21 CFR PART 11 COMPLIANCE

SignOnTheGo® is in compliance with Title 21 CFR Part 11 Subpart A – General Provisions, Subpart B – Electronic Records, and Subpart C – Electronic Signatures. These subparts make up the entire Title 21 CFR Part 11.

15 U.S. CODE CH. 96 – ELECTRONIC RECORDS AND SIGNATURES IN COMMERCE (ESIGN)

SignOnTheGo® is in full compliance with the Electronic Signatures in Global and National Commerce Act. 15 U.S. Code ch. 96 (Public Law 229). This a United States federal law that was passed by the U.S. Congress to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.

General Rule of Validation

ESIGN AND UETA (THE UNIFORM ELECTRONIC TRANSACTIONS ACT)

ESIGN and UETA are statutes that established the general rule recognizing electronic signatures are valid and enforceable, provided certain requirements are established. In accordance to the ESIGN and EUTA, “an e-record or e-signature may not be denied legal effect or enforceability solely because it is in electronic form.”

Consent

All parties to an agreement or transaction must agree to conduct the transaction using electronic means. Consent to conduct transactions using electronic means will be determined by the parties’ conduct and may be either express or implied. The action of electronically signing a document will generally satisfy this requirement.

Intent

In order to be valid, it must be clear that the signer intended the designated e-signature act or process to constitute an electronic signature. Intent to sign may be established when a person affirmatively attaches a digital signature to the document using a touch screen or click of a mouse and clicking a “submit” or “done” link.

Association

An e-signature must be connected to the document that is being signed. When using a digital signature, the signature is electronically attached to the electronic document at the time it is signed and saved as a PDF document.

Attribution

Record Retention

An electronically signed document must be in a form that is capable of being retained and accurately reproduced for later reference by all parties or persons who are entitled to a copy of the document or record.