OpenSign Logo
Get Started Free

GDPR Compliance

Learn about OpenSign's GDPR compliance measures and your data protection rights under European privacy law.

GDPR Compliance

GDPR Compliance

Effective Date: July 16, 2025
Last Updated: July 16, 2025

OpenSign is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) for our users in the European Union and European Economic Area.

Data Controller

For the purposes of GDPR, OpenSign acts as the data controller for personal data we collect and process through our digital signage service.

We process your personal data under the following legal bases:

  • Contract: To provide our digital signage service and fulfill our contractual obligations
  • Legitimate Interest: To improve our service, prevent fraud, and ensure security
  • Consent: For marketing communications and optional features (where obtained)
  • Legal Obligation: To comply with applicable laws and regulations

Data We Collect

Personal Data

  • Name and contact information (email address)
  • Account credentials and authentication data
  • Payment information (processed by third-party payment processors)
  • Communication records (support tickets, emails)

Technical Data

  • IP addresses and device information
  • Browser type and version
  • Usage analytics and performance data
  • Log files and error reports

How We Use Your Data

  • Provide and maintain our digital signage service
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Improve our service through analytics and feedback
  • Ensure security and prevent fraud
  • Comply with legal obligations

Data Sharing

We may share your data with:

  • Service Providers: Third-party vendors who help us operate our service (cloud hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers, acquisitions, or asset sales

We do not sell your personal data to third parties.

Data Retention

  • Account data: Retained while your account is active and for a reasonable period after closure
  • Usage data: Typically retained for 24 months unless longer retention is required by law
  • Support communications: Retained for 3 years to maintain service quality
  • Payment data: Retained as required by financial regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You can limit how we use your personal data in certain situations.

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Where processing is based on consent, you can withdraw it at any time.

Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@opensign.us
  • Subject line: "GDPR Request - Your Request Type"
  • Include: Your account email and specific request details

We will respond to your request within 30 days. In complex cases, we may extend this period by up to 60 days with explanation.

Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at:

Data Transfers

We may transfer your data outside the EEA to:

  • Countries with adequacy decisions from the European Commission
  • Service providers with appropriate safeguards (Standard Contractual Clauses)
  • US companies participating in the EU-US Data Privacy Framework

Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and our response

Children's Data

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with GDPR requirements.

Updates to This Notice

We may update this GDPR compliance notice from time to time. We will notify you of any material changes through our service or by email.

Contact Information

For any questions about GDPR compliance or data protection, please contact us:

Remember: Your privacy and data protection rights are fundamental to how we operate. We are committed to maintaining the highest standards of data protection and GDPR compliance in everything we do.