Everything you need to know about the data we collect Data Privacy is more important than ever nowadays-and that's good. You deserve to know what data about you is being collected, how it's being used and what control over it you have-regardless of whether you're living within the jurisdiction of the EU's GDPR or not.
Here's everything you need to know about how we handle your data at Certbase™.
We collect information that you provide to use when you:
Register on our site Place an order with us Subscribe to our blog Subscribe to our newsletter Fill out a form This typically consists of: names, email addresses, mailing addresses, phone numbers and credit card information.
In addition to this, we also capture information like IP address, browser information and cookies for our site.
##Do you collect any privileged categories of personal data?
No. Certbase™ neither controls, nor processes any privileged categories of personal data.
We use the personal data we collect for a number of things:
Personalizing your Experience - your information helps us to better respond to your individual needs Improving our Website - we continually improve our website based on your information and feedback Providing better Customer Service - your information helps us better respond to your requests and needs Processing Transactions – your information helps us to process your orders and expedite issuance Administering Contests and Promotions – occasionally we give away free stuff or (even more) exceptional discounts Sending Emails – we may email you at the address you provided
##What is your legal basis for collecting personal data?
While we prefer to collect personal data on the basis of explicit content, we are also acting to fulfill a contract between our partners, the Certificates Authorities that issue digital certificates, and the end user or reseller purchasing them. Additionally, we conduct related marketing activities under the banner of our legitimate interests. For more information, feel free to email our Data Protection Officer..
We do not share this information with outside parties except to the extent necessary to inform service providers about services for which you have expressed an interest and requested additional information regarding that service. Any partners that we do share data with have signed binding data processing addendums that restrict their use of the data to only its intended (and documented) purposes. If you need a Data Processing Addendum with us, you can find it here.
We do not sell or transfer your personally identifiable information to third parties without your permission. We use return email addresses to answer the email we receive for tech support, customer service, refer-a-friend, email updates, and to send registered users their passwords.
These addresses are not used for any other purpose and are not shared with outside parties. Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.
We may release your information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also choose to release your information to other parties if we deem it necessary to protect our safety, rights, or property, or that of others.
Base Technology Limited accepts liability for all onward transfers of data to third parties.
In compliance with the GDPR, as well as state and local laws, Certbase™ and all of its undertakings store data in the Hong Kong, China using Ucloud. We use a secure server and all supplied sensitive/financial data is transmitted via Transport Layer Security (SSL/TLS) technology and then encrypted into our Payment gateway providers' database only to be accessible by those authorized with special access rights to such systems. By law they are required to keep the information confidential.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser. Cookies enable the site's or service provider's systems to recognize your browser and capture and remember certain information.
At certain points, if you are not logged in, you may be asked to supply personal information for the purpose of customer service. Here, as with all other data touchpoints, we take special care to protect your information, including the use of encrypted channels and servers. All live chat sessions and phone calls are recorded for training purposes. Chat occurs over a secure connection, via JivoChat. Logs are saved both by Certbase™ and FreshDesk, though they are never shared with any third party. Certbase™ has a GDPR-compliant joint controller agreement with FreshDesk that ensures confidentiality.
We extend the data rights provided by the GDPR to all our customers and clients. That means that you have the right to modify or delete the personal data we have collected about you. Typically, you can modify or delete the personal data we have stored on you by logging into your account on our website. Failing that, simply email our Data Protection Officer either requesting a copy of the information we have collected about you - which can then be revised and returned - or the deletion of it. We will handle the request within 72 hours.
As a division of Base Technology Limited we are committed to adhering to all Privacy Shield principles and standards for the transfer and protection of personal data from the European Economic Area and Switzerland. Certbase is subject to the enforcement powers of the FTC.
In compliance with the Privacy Shield Principles, Base Technology Limited commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Base Technology Limited.
Base Technology Limited has further committed to refer unresolved Privacy Shield complaints to ICDR-AAA, an alternative dispute resolution provider located in the Hong Kong, China. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. File a Notice of Arbitration