fbpx

Cookies & Privacy Policy

Introduction 

This privacy policy will inform you about how we process your personal data as a TRUSTZONE customer (or business customer representative). We encourage you to read this privacy policy carefully, and don’t hesitate to contact us in case of questions or concerns. Our contact information is found further down this page.

We value your privacy and are committed to protecting your rights and complying with relevant data protection laws such as the General Data Protection Regulation (GDPR).

TRUSTZONE A/S is the data controller generally, meaning we decide the purposes and means of how your personal data is processed. In some cases, we will share your personal data with other data controllers, depending on what products you order. You will find more details about this below.

How we process your personal data

We collect and process your personal data as a means to provide you with the products you order, to communicate with you, to develop our business and to fulfill our legal obligations. Below is a more detailed description of how we use your personal data for different purposes, and the legal basis for the processing activities.

Purpose of processing Legal basis Categories of personal data
Fulfill agreement, including delivering services and carrying out necessary verification in line with certification standards Fulfillment of agreement Contact data, website data, order history, communication data, Additional personal data used for verification purposes (e.g. ID and business role)
Business improvement Legitimate interest Contact data, website data, order history, Cookie data (e.g. browser details, IP address and usage data. Obtained if relevant cookies are accepted)
Communication regarding product updates, renewal notices and commercial messages Legitimate interest Contact data, website data, order history
Fulfill legal obligations Legal obligations Data required under mandatory law, e.g. bookkeeping laws.

 

Contact data may be data such as name, address, e-mail address and phone number (related to you and/or your company).

Website data refers to data related to the website that your order concerns, which may include personal data.

Order history refers to information about the products you have ordered from and through us.

Communication data refers to messages you may have sent or received as part of a support, vetting or sales conversation with us.

Where personal data is obtained from

Contact data, website data, order history and communication data are obtained from you. Cookie data is obtained through cookies and similar tracking technologies, but only if you accept such technologies (please see more in our Cookie Policy).

Additional personal data used for verification purposes may be collected from you and/or from official sources, however only if you order such products that require us to carry out verification in line with Certificate Authorities’ requirements.

The importance of you providing accurate and up to date information

Please note that our delivery of ordered products depends on you providing accurate, complete and up to date information to us. If you do not provide such information, or update it if it changes, we may not be able to deliver ordered products.

How long we retain your personal data

We retain your personal data for as long as necessary to deliver ordered products to you, to manage our relationship with you and to fulfill our legal obligations.

How we share personal data with third parties

In some cases, we may share your personal data with third parties that deliver products and services to us, so called data processors. These parties act on our instructions and will not use your personal data for their own purposes.

In some cases, third parties that we share your personal data with may be located outside the European Union, and in such cases, we will make sure that such third country transfers are lawful and secure.

When you order certain products from us, we will share your personal data with our trusted partners that are responsible for issuing certificates, all in line with applicable certification standards. These partners will in such cases act as data controllers and are responsible for how they process your personal data. We have relevant data sharing agreements in place with these partners to ensure that transfers are lawful and that they only use your personal data in line with your expectations and rights, and we encourage you to review such partners’ data protection practices.

Below is listed the types of certificates, where we share your personal data with our joint data controllers.

Product

Type Joint Data Controller Website
data
Contact
data
Communication
data
Additional
Data
Basic UC SSL SSL Sectigo Yes No No  
Basic SSL/Alpha SSL SSL GlobalSign Yes No No  
Express SSL SSL GlobalSign Yes No No  
Business SSL SSL GlobalSign Yes No Yes  
EV SSL SSL GlobalSign Yes Yes Yes  
Personal Sign Express S/MIME GlobalSign No No* No  
Personal Sign 2 S/MIME GlobalSign No Yes Yes Photo-ID**
Personal Sign 2 Pro S/MIME GlobalSign No Yes Yes  
Personal Sign 2 Department S/MIME GlobalSign No Yes Yes  
Code Signing Standard GlobalSign Yes Yes Yes  
Code Signing EV GlobalSign Yes Yes Yes  
PSD2 QWAC/QsealC     GlobalSign or InfoCert Yes Yes Yes  
Qualified certificate QWAC/QES     GlobalSign or InfoCert Yes Yes Yes Secondary documentation***
AATL: Document Signing   GlobalSign Yes Yes Yes  

*With Personal Sign Express we solely share your email-address.
**A photograph of you holding a government issued photo-ID.
***For GlobalSign certificates: secondary documentation will include proof of identity through a financial institution (such as valid credit card), and proof of address (such as a utility bill).

How we protect your personal data

We apply a variety of technical and organizational measures to protect your personal data, including to ensure that it is not lost, corrupted, or unintentionally shared with unauthorized third parties.

Your rights

You have the right to receive a copy of the personal data we hold about you; you can receive this by reaching out to us using the contact details below.

You have the right to correct inaccurate personal data that we hold about you, also this right you can exercise by reaching out to us or by making relevant changes in your TRUSTZONE account.

You have a right to withdraw your consent that allows us to use cookies and similar technologies (see more in our Cookie Policy), to opt out of receiving further marketing communication and to object to processing where we rely on legitimate interest as a legal basis. Please reach out to learn more about our legitimate interest assessment and to voice any of your concerns.

Furthermore, you have a right to request that we erase your personal data in some cases, to restrict how we use it, and to data portability. Please reach out to us for more information about this and to exercise such rights.

Finally, if you have concerns about how we process your personal data you may always lodge a complaint to the Danish Data Protection Agency, learn more at https://www.datatilsynet.dk/english.

Changes to this privacy policy

If we make material changes to our privacy policy, we will inform you by emailing notice of the availability of a new version with a link to the new version.

Contact

If case of questions or concerns about this privacy policy, how we process your personal data or to exercise your rights, please reach out to us:

Email: gdpr@trustzone.com

Phone: +45 88 33 10 00

TRUSTZONE A/S

Islands Brygge 41

2300 Copenhagen S

Denmark