FAQ
Compliance
Connective eSignatures offers signing methods recognized under eIDAS. International law firm DLA Piper has written an extensive compliance report on Connective eSignatures which you can download here.
Yes. Connective eSignatures offers Simple, Advanced and Qualified Electronic Signatures as defined under eIDAS. Depending on the signing method you use, it will be considered one or another. We have a wide range of different signing methods, such as SMS-OTP, mail-OTP, itsme, beID, iDIN, Swisscom etc. For more information please download our Whitepaper on eSignatures here or visit our eSignatures product page.
Yes, Connective received the TSP certificate from LSTI, which is registered on the European Commission official list of Conformity Asssessment Bodies (CABs) accredited to carry out eIDAS audits.
Yes. Connective eSignatures offers signing methods as recognized under ZertES. International law firm DLA Piper has written an extensive compliance report on Connective eSignatures which you can download here.
Connective eSignatures complies with ETSI standards for XAdES, PAdES and CAdES. Moreover, Connective eSignatures is certified for the ETSI EN 319 102-1 standard: “Procedures for Creation and Validation of AdES Digital Signatures”.
Â
The proposed formats are :
ETSI TS 103 171 (v.2.1.1) (XAdES Baseline Profile) ;
ETSI TS 103 172 (v.2.2.2) (PAdES Baseline Profile) ;
ETSI TS 103 173 (v.2.2.1) (CAdES Baseline Profile).
Connective eSignatures supports long-term validation in the creation of digital signatures, as defined in the PAdES standard by ETSI (PAdES Part 4). PAdES takes into account that digitally signed documents may be archived for many decades. In order to validate the signature in the future and ascertain that it was valid at the time of signing, LTV is required. Connective eSignatures can store the data required to verify the validity of the signature inside the signed document. This means that digital signatures which were signed using Connective eSignatures can continue to be validated in the distant future even when the public-key infrastructure that the original signature relied on is no longer there. All the information required to validate the signature 10, 20 or over 30 years from now is available in the signature.
Connective eSignatures can provide together with the signed PDF a sealed audit trial in a PDF document or in an XML-file which can be jointly or separately archived.
GDPR
When offering our services Connective is generally considered as a data processor. This is why you will be requested to sign a Data Processing Agreement.
Connective’s services are by default hosted by Microsoft Azure in co-location facilities in Europe. The data centers we rely on are located in The Netherlands (Amsterdam), Ireland (Dublin), France (Paris, Marseille) & Switzerland (Geneva, Zurich).
Connective engages different sub-processors when offering its services. Such sub-processors are involved to make available specific functionalities or services included within our solutions. More details and identification of the sub-processors involved (including the procedure which applies when a new sub-processor would be engaged by Connective) is available via our Trust Center.
Depending on the service you use, different retention periods of personal data might apply. For a more detailled overview, we refer to our Trust Center.Â
The retention period of the uploaded documents depends on the configuration you have chosen for your Connective eSignatures environment and on how the individual users are using the solution. We advice our clients to make sure the documents uploaded for signing are deleted as soon as the document is signed (or after a specific period of time if they were not signed). This can be achieved by configuring an automatic auto-deletion or via manual functionalities within Connective eSignatures. Such configuration is aligned with the principle of data minimization and reduces the risk of processing.
Connective continiously improves the technical and organizational measures it has implemented to ensure a level of security appropriate to the risk when processing personal data. A detailled description of these measures is set out in our TOM Statement, available here and the certifications we have obtained are listed in the compliance section of our Trust Center.
In our experience data subjects will mostly contact the data controller directly when willing to exercise their rights (and Connective acts in general as data processor when offering its services). However, if we do receive a request from a data subject, we will identify such data subject as soon as possible and inform the relevant data controller without undue delay. Our solutions include different functionalities which enable data controllers to follow-up the request from the data subject. Additionally, our DPO Office is at your disposal in case of any additional questions.
As our client, you will be informed without undue delay in case of a data breach. Connective has implemented a data breach procedure, which ensures a prompt follow-up when these circumstances would occur.
Security
Yes, Connective encrypts the ‘data at rest’ and ‘data in transit’ using industry standards
Yes, Connective performs penetration tests on its services and products on a regular basis (at least once a year)
Basic authentication with user name and password OR via MTLS by using a client certificate
Yes. Connective does perform PEN test on a regular basis. Upon specific request we can share more relevant information which you might find sufficient to cover your needs. However, if you would like to perform further security testings this is allowed after signing a Security Assessment Agreement. Please reach out to your relationship manager for more information.
Functionalities
No. Connective cannot be considered as a archiving solution. We encourage you to make sure to archive your documents in your prefered CRM or DMS system or have a look to our archiving partner which integrate easily with Connective eSignatures (e.g. Doccle, Zefort).
YES, Connective encrypts the ‘data at rest’ and ‘data in transit’ using industry standards
Audit trails are stored for 365 days or longer if this is legally required
- As a signer: NO, you don’t need an account to sign documents.
- As an initiator: depending on how your organization is using Connective eSignatures you might need an account.
- As an approver: YES
- As an administrator: YES
Each electronic signature includes a timestamp issued by an external timestamping authority. It contains the exact date and time of the signature. For continuity purposes, we have engaged different timestamping issuers.
DISCLAIMER: The information in these FAQs is for general informational purposes only and is not intended to constitute legal advice. Connective does not guarantee the information contained herein is up-to-date or accurate. If you have questions about the content or statements made, or about whether Connective’s solutions fit the needs of your organzation, please reach out to legal professional in your region.
Your complete guide about United States´ & European law applicable to electronic signatures​
Including an assessment by international law firm DLA Piper focusing on Connective eSignatures in relation to eIDAS, UETA, eSign Act, ZertES, Hong Kong law and Singapore Law.
