Electronic Signatures

Reasons for electronic signatures

One of the main reasons Heffron began using electronic signatures was to remove the long delays that inevitably occur when a large package of documents is posted and needs to be returned. We have the uncertain timelines of Australia Post and the documents never arrive in the pristine state in which they left our office. Further, we are subject to the “kitchen bench effect” which we are all guilty of, opening a pack of documents that require action and parking them on the kitchen bench until we find them months later!

Heffron began using electronic signatures two years ago and our customers tell us they find it much quicker to get their financial accounts signed and their tax lodged, particularly when there are multiple people who need to sign, when trustees don’t all live together or when the documents arrive when someone is away.

Signing documents electronically

When your documents are ready for review and signing you will receive an email from Heffron via our electronic signing platform DocuSign. Click the button “review documents” to start signing. 

Our comprehensive support materials can be found here:

Access codes

Heffron has recently implemented recipient authentication as an extra layer of security when accessing your documents via DocuSign. Upon receiving your DocuSign email, you will be asked to provide a valid access code to continue to view the documents. When the email is created, Heffron sets the access code and includes in the email a hint as to what your access code is.

If the access code is incorrectly entered three times, for security purposes, access to your documents will be locked. You will then be required to contact Heffron’s Client Relations Team to retrieve a new link for your documents and your correct access code.

Signing while overseas

This is one of the great benefits of DocuSign, you can review and sign your documents anywhere in the world.

Using your own signature

You can setup a signature or accept to use the signature provided to you by DocuSign. If you wish to set your own signature, sign by using your mouse, finger or stylus. Our clients find it is easier to set a signature when using a tablet or mobile device.

Authentication via Geolocation

DocuSign uses the geolocation options built into most modern web browsers to track the approximate location of where a signing ceremony took place. This is an additional authentication method to help secure the validity of your signed documents. Sharing your location information is not mandatory, you can still sign your documents electronically if you choose to block geolocation.

Shared email addresses

If you share an email address with another member or trustee of the fund, each member will receive a signing email to your shared email address asking you to review and complete the documents. Check the name at the top of the email is correct so you know it’s your signing pack.

Completed documents

Once all parties have completed the documents you will receive an email to download the completed documents and either print or save for your records.

Data security

Our customers are at the heart of everything we do and we take the privacy of your personal information very seriously. We have worked closely with DocuSign to verify that they are compliant with international information security standards. DocuSign has received approval for Binding Corporate Rules (BCR) and from the EU Data Protection Authorities (DPA). What this means is that you can be sure that your data is always protected in an encrypted format and that when your data is in transit or at rest the highest level of information security measures are being applied.

Data sharing

Heffron only provide DocuSign with the minimal client information which is the data in the DocuSign email. This may include, name, address, date of birth, full name and SMSF information for all SMSF members. This information is held temporarily by DocuSign and will expire and be permanently deleted after 42 days for completed documents and 70 days for incomplete documents.

Transactional data

For the purpose of sending your documents, DocuSign temporarily knows the:

  • Name and email address of recipient
  • Signature selected for E signature.
  • IP address of the PC on which the signature was completed.
  • The type of device which was used to provide the signature ex/ PC, Mobile, Tablet.
  • The data and time of sending email, viewing email and signing document.
  • Who was copied into the email to receive as well.

No document or financial data will be held by DocuSign on an extended basis.

DocuSign and cookies

Yes, DocuSign uses cookies. Cookies are required for technical reasons in order for their website to operate. They refer to these as "essential" or "strictly necessary" cookies. They use these essential Cookies to: 

  • log you into the Website 
  • protect your security
  • help them detect and fight spam, abuse and other activities that violate DocuSign’s user agreements and terms; and 
  • authenticate your access to the Website. 

Read more about DocuSign’s cookie policy here.

Turning off cookies

You can turn off non-essential cookies and set your cookie preference specific to DocuSign by following the prompts that appear when you sign a document or by following the steps found here.

Data retention

Heffron controls the data retention rules for DocuSign. Currently we will purge all DocuSign emails and their content 42 days after they are completed. In the instance that a document is not completed, DocuSign will retain it for 70 days after which point in time it will be purged.

Heffron control the storage and deletion for documents located in our account. Completed documents are automatically stored in DocuSign, but customers may choose to

  • Delete their documents
  • Download their documents and print or save for their records

Read more about DocuSign’s data protection policy here.

Visibility of data by authorised users

DocuSign staff have no ability to see the contents of your emails. DocuSign allows Heffron to control who can access client documents, which is limited to Heffron authorised users and the designated document recipients. Document content is encrypted upon upload and inaccessible by DocuSign employees.