The company Web security s.r.o., ID No.: 06927351, address Nové sady 988/2, 602 00 Brno, registered in Czech republic, the Commercial Register at the Regional Court in Brno, file number C 105154, contact e-mail: firstname.lastname@example.org (hereinafter also referred to as "the company"), issues this document of the Personal Data Protection Policy and declares that it provides its services in accordance with the applicable legislation and handles the personal data of customers in accordance with the applicable legislation.
This document provides customers with information about the processing of their personal data, related rights and other obligations that apply to the SSLmentor.com project. This document may be revised and updated as necessary.
We consider all personal data of users and visitors to be confidential and is treated in accordance with Act No. 101/2000Sb and, with effect from 25 May 2018, Regulation (EU) 2016/679 known as GDPR.
The Company is both the controller and the processor of personal data. We process personal data manually and automatically. We have created a record of the activities in which personal data is processed.
What personal data do we collect?
We only process data that is strictly necessary to provide our services.
The collection and processing of personal data for the provision of TLS/SSL certificates are necessary for the performance of the contract. The data processed may vary depending on the type of certificate and is required based on the CAB Forum (cabforum.org) specification. DV and OV certificates are governed by the Baseline Requirements documents, EV certificates by the Extended Validation Guidelines. The documents standardize the issuance of SSL certificates, describing requirements for CAs and applicants.
When creating a customer account, we only require: an email address and billing information. We must process this personal data in order to identify the customer, authorize and operate the customer account, without which it is impossible to use our services. We continue to process the personal data necessary for the operation of the customer account after the termination of the provision of services, in order to be able to order further services without having to create a new customer account, as this is in the interest of our company. We also record the IP address of access.
It is possible to modify and update the data on the customer account at any time.
We also process personal data for the purpose of fulfilling our legal obligations; the Accounting Act and other legal regulations, in particular in the field of taxation, require us to keep documents (in electronic or paper form) containing personal data for the legally stipulated period of time.
We also use customers' personal data for marketing and to promote our services. We never provide personal data to third parties for marketing purposes. We process personal data, which is an email address, for the purpose of sending commercial communications relating to our company's products electronically, without consent in accordance with the law, as this is in the legitimate interest of our company. The customer may refuse the sending of these commercial communications at any time by selecting the option on the administrative account.
Is personal data provided to third parties?
If we provide the services ordered or part of them through other entities (e.g. certification authority, contractor), we will only disclose personal data to these third parties to the extent strictly necessary for the provision of the service ordered. We are entitled to this treatment of personal data without consent, as we would otherwise be unable to fulfil the contract and provide the requested service.
For the purpose of providing the service of providing SSL certificates, personal data is transferred to certification authorities and contractors in the European Union and to the United States of America, namely the name, surname, address, e-mail address and telephone number of the natural person. US companies are in compliance with the EU-US Privacy Shield.
Cookies help us to develop our services. For example, we use them to store customer preferences, to track the number of visitors to the site and their behaviour. In addition, for example, to identify the user's device, to optimize our website, to provide or offer personalized services, for third-party services such as Google, Facebook, Seznam and others that we use.
A visitor to the site can make Cokies settings at any time.
Who has access to personal data?
Access to personal data in our company is only granted to those persons for whom it is strictly necessary to achieve the purpose for which the personal data is processed.
Employees who have access to personal data are properly trained on data protection and are obliged to maintain confidentiality.
Where do we store personal data?
Users' personal data is stored on servers located in the Czech Republic. To provide our services, we select providers who are able to guarantee the security of their services and comply with the principles for the protection of personal data. We select suppliers with servers located in data centres that meet the minimum conditions of the TIER 3+ standard.
How is personal data secured?
We protect users' personal data using modern standards. Communication between our web projects and the user is secured using SSL/TLS encryption.
We do not store or know customer passwords for access to the administration. When accessing, we match fingerprints that are generated by secure algorithms.
How can I have my personal data edited or deleted?
After logging into the customer account, the user can edit or delete any data. If the user wants to completely delete all personal data and data that we record, it is necessary to contact customer support.
Deleting a customer account is an irreversible process and is only done upon the active request of the user.
Customer rights related to data protection
In relation to the protection of personal data, the customer has the right to
- to obtain confirmation as to whether or not personal data concerning him/her is being processed
- to obtain information about the purposes of the processing
- to erasure of personal data concerning him or her if we are unable to demonstrate legitimate grounds for further processing of that personal data
- the right to object to the processing of personal data on the grounds of legitimate interest of our company or the dissemination of commercial communications
- to refuse the processing of personal data for sending commercial communications
- to withdraw consent to the processing of personal data at any time, if our company processes it on the basis of consent; however, this withdrawal of consent will not affect the lawfulness of processing based on consent given prior to its withdrawal.
Last modified on March 15, 2022.
›› If you have any questions about this policy, please feel free to contact us for clarification. You may also contact us at any time to exercise your right to erasure.