We value your privacy and are committed to protecting your rights and complying with relevant data protection laws such as the General Data Protection Regulation (GDPR).
TRUSTZONE A/S is the data controller generally, meaning we decide the purposes and means of how your personal data is processed. In some cases, we will share your personal data with other data controllers, depending on what products you order. You will find more details about this below.
How we process your personal data
We collect and process your personal data as a means to provide you with the products you order, to communicate with you, to develop our business and to fulfill our legal obligations. Below is a more detailed description of how we use your personal data for different purposes, and the legal basis for the processing activities
|Purpose of processing||Legal basis||Categories of personal data|
|Fulfill agreement, including delivering services and carrying out necessary verification in line with certification standards||Fulfillment of agreement||Contact data, website data, order history, communication data, Additional personal data used for verification purposes (e.g. ID and business role)|
|Business improvement||Legitimate interest||Contact data, website data, order history, Cookie data (e.g. browser details, IP address and usage data. Obtained if relevant cookies are accepted)|
|Communication regarding product updates, renewal notices and commercial messages||Legitimate interestContact data, website data, order history|
|Fulfill legal obligations||Legal obligations||Data required under mandatory law, e.g. bookkeeping laws.|
Contact data may be data such as name, address, e-mail address and phone number (related to you and/or your company).
Website data refers to data related to the website that your order concerns, which may include personal data.
Order history refers to information about the products you have ordered from and through us.
Communication data refers to messages you may have sent or received as part of a support, vetting or sales conversation with us.
Where personal data is obtained from
Additional personal data used for verification purposes may be collected from you and/or from official sources, however only if you order such products that require us to carry out verification in line with Certificate Authorities’ requirements.
The importance of you providing accurate and up to date information
Please note that our delivery of ordered products depends on you providing accurate, complete and up to date information to us. If you do not provide such information, or update it if it changes, we may not be able to deliver ordered products.
How long we retain your personal data
We retain your personal data for as long as necessary to deliver ordered products to you, to manage our relationship with you and to fulfill our legal obligations.
How we share personal data with third parties
In some cases, we may share your personal data with third parties that deliver products and services to us, so called data processors. These parties act on our instructions and will not use your personal data for their own purposes.
In some cases, third parties that we share your personal data with may be located outside the European Union, and in such cases, we will make sure that such third country transfers are lawful and secure.
When you order certain products from us, we will share your personal data with our trusted partners that are responsible for issuing certificates, all in line with applicable certification standards. These partners will in such cases act as data controllers and are responsible for how they process your personal data. We have relevant data sharing agreements in place with these partners to ensure that transfers are lawful and that they only use your personal data in line with your expectations and rights, and we encourage you to review such partners’ data protection practices.
Below is listed the types of certificates, where we share your personal data with our joint data controllers.
|Type||Joint Data Controller||Website
|Basic UC SSL||SSL||Sectigo||Yes||No||No|
|Basic SSL/Alpha SSL||SSL||GlobalSign||Yes||No||No|
|Personal Sign Express||S/MIME||GlobalSign||No||No*||No|
|Personal Sign 2||S/MIME||GlobalSign||No||Yes||Yes||Photo-ID**|
|Personal Sign 2 Pro||S/MIME||GlobalSign||No||Yes||Yes|
|Personal Sign 2 Department||S/MIME||GlobalSign||No||Yes||Yes|
|PSD2||QWAC/QsealC||GlobalSign or InfoCert||Yes||Yes||Yes|
|Qualified certificate||QWAC/QES||GlobalSign or InfoCert||Yes||Yes||Yes||Secondary documentation***|
|AATL: Document Signing||GlobalSign||Yes||Yes||Yes|
*With Personal Sign Express we solely share your email-address.
**A photograph of you holding a government issued photo-ID.
***For GlobalSign certificates: secondary documentation will include proof of identity through a financial institution (such as valid credit card), and proof of address (such as a utility bill).
How we protect your personal data
We apply a variety of technical and organizational measures to protect your personal data, including to ensure that it is not lost, corrupted, or unintentionally shared with unauthorized third parties.
You have the right to receive a copy of the personal data we hold about you; you can receive this by reaching out to us using the contact details below.
You have the right to correct inaccurate personal data that we hold about you, also this right you can exercise by reaching out to us or by making relevant changes in your TRUSTZONE account.
Furthermore, you have a right to request that we erase your personal data in some cases, to restrict how we use it, and to data portability. Please reach out to us for more information about this and to exercise such rights.
Finally, if you have concerns about how we process your personal data you may always lodge a complaint to the Danish Data Protection Agency, learn more at https://www.datatilsynet.dk/english.
Phone: +45 88 33 10 00
Islands Brygge 41
2300 Copenhagen S