DigiCert Privacy Policy

 

Effective Date of Privacy Policy

 

October 11, 2018
Privacy Policy Archive

 

Introduction

 

DigiCert, Inc. and its subsidiaries (“DigiCert”, “DigiCert Group,” “we” or “us”) are committed to protecting the privacy of its Website visitors (“you”) and Customers (“you” or “Customer”) and employees or agents of Customers (“you” or “Individuals”). As a result, DigiCert has developed this privacy policy to inform its Website visitors, Customers and Individuals about how DigiCert will collect, use, share or otherwise process any personal data or usage information. This privacy policy applies to all sites owned and operated by DigiCert (collectively, “Websites,” individually referred to as a “Website,” meaning each and every Website owned and operated by DigiCert). This privacy policy also applies to DigiCert’s provision of website certificate services (the “Validation Services” or “Certificates”).
DigiCert is a company established in the United States with principal offices at 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043 and for the purpose of the General Data Protection Regulation (“GDPR”) and any local data privacy laws, we are the data controller of personal information obtained through our Website. We are a data processor in relation to the Individuals’ personal information that we receive from Customers (data controllers), either directly or through resellers, and that we process at the Customer’s instructions, as well as according to applicable Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (“Baseline Requirements” or “Industry Standards”), in order to issue Certificates.
If you are an EU or Switzerland resident, we have appointed a Data Protection Liaison for Europe at DigiCert Ireland Ltd. as our Europe Representative who you can contact (in addition to or instead of our global headquarters) should you have any issues in connection with personal information processed through our Website (contact details provided below).

 

Information that DigiCert Receives

 

  • Through our Website: DigiCert collects information such as the name, organization, and email address of Website visitors and Customers who voluntarily submit that information via our Website, email, instant chat, by creating an account or otherwise, in order to download software or to submit sales or technical support questions.
  • From Customers: Customers request DigiCert Certificates through their account in DigiCert’s Website (the “Account”). When submitting a request, Customers provide to DigiCert the following information about Individuals: name, email address, telephone number, address and government-issued identification (which may include additional information, depending on the identification used).

    Where Customers share personal information of Individuals with DigiCert, Customers represent that they have collected and processed such information in accordance with data protection laws, and that they have duly informed the Individuals that their personal information was provided to DigiCert. DigiCert will process such information following Customer instructions, as strictly necessary to provide the services contracted by Customer.

 

Use of Information

 

We will use your information to:

  • Provide products and services / live chat / sales/support: As it is in our legitimate interest to market, sell and provide our products and services, send order confirmations, respond to Customer service requests, provide chat services with sales questions and technical support needs, and fulfill your order, including using the information to verify the identity of the Customer or to contact the customer in order to discuss support, renewal, and the purchase of products and services.
  • Marketing: We will use your information as it is in our legitimate interests to send out promotional emails (subject to seeking your consent where required by applicable law). These emails include beacons that communicate information about the email back to DigiCert, as further set out in our Cookies PolicySuch tracking allows DigiCert to gauge the effectiveness of its advertising and marketing campaigns. Recipients can opt-out of receiving promotional communications from DigiCert by following the unsubscribe instructions provided in each email or by emailing privacy@digicert.com. DigiCert may use third parties, with which it has a confidentiality agreement, to send promotional emails on our behalf. However, DigiCert does not permit any third party to use Customer information provided by DigiCert or obtained on DigiCert’s behalf for any other purpose. Anyone receiving an unsolicited email related to DigiCert’s products and services should forward the entire message and headers to privacy@digicert.com.
  • Validation Services: DigiCert uses information provided by Customers to perform Validation Services, in accordance with Industry Standards. DigiCert uses this information as follows: (1) to perform our contracts with Customers that are natural persons; (2) based on the legitimate interest of DigiCert to provide services to Customers that are legal entities; and (3) based on the legitimate interest of Customers to have DigiCert issue Certificates.

    Please refer to DigiCert’s Certificate Services Agreement and Certificate Terms of Use for details on how Customer can request Certificates.

  • Advisory e-mails: While a customer account is active, DigiCert will send advisory e-mails to customers to provide support and security updates in relation to our products and services, as this is necessary for the performance of our contracts with customers. Advisory emails are used to respond to inquiries, provide support and validation services, provide upgrade information and security updates, and inform the customer about ordered products and services. Because advisory emails contain essential information related to the use and security of DigiCert’s products and services, customers are not able to unsubscribe from advisory service emails while their customer account is active. DigiCert may also use third-party service providers to assist in sending these communications, subject to the same restrictions as mentioned in the “Marketing” sub-heading, above.
  • Technical usage information: As it is in our legitimate interests to ensure the proper functioning of our Website by personalizing its use, monitoring usage activity and trends, and keeping the website safe and secure, when you visit the Website, we collect the information sent to us by your computer, mobile phone, or other access device. This information includes: your IP address; device information including, but not limited to, identifier, name, and type of operating system; mobile network information; and standard web information, such as your browser type and the pages you access on our Website.

 

Cookies & Tracking Technologies

 

DigiCert uses cookies, web beacons and log files to automatically gather, analyze, and store technical information about Website visitors. This information includes the visitor’s IP address, browser type, ISP, referring page, operating system, date/time, and clickstream data (meaning data about the pages you visit on our Website). This information is used to improve DigiCert’s service and enhance the experience of DigiCert’s Website visitors. For more information about the cookies used on our Website, the third-party service providers that we use to gather such information, and reports that we receive based on the use of tracking technologies, please refer to our Cookies Policy. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it will limit your use of certain features or functions on our Website or service, affecting your Website experience. To manage Flash cookies, please click here.

DigiCert uses a third party to either display advertising on our Website or to manage our advertising on other sites. Our third-party partner uses technologies such as cookies to gather information about your activities on our site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have information used for the purpose of serving you interest-based ads, you should opt-out by clicking here (or if located in the European Union/Switzerland click here). Please note this does not opt you out of being served ads – it just opts you out of receiving personalized ads, but you will continue to receive generic ads.

 

Sharing with Third Parties

 

DigiCert will publicly disclose information embedded in an issued Certificate as necessary to provide the services contracted by Customer, in accordance with Industry Standards.

When performing its services, DigiCert uses third party sources to confirm or supplement the information that it obtains from a Customer, including information about Individuals. DigiCert uses such information from third party sources exclusively for the purposes of its Validation Services, based on the legitimate interests of DigiCert and of the Customer to provide services and have a Certificate issued.

DigiCert never sells or provides personal information to third parties for uses apart from assisting DigiCert in servicing our Customers and website visitors. We will share your personal information with third parties including these categories of recipients:

  • IT Services providers that provide us with SaaS services including Salesforce who we use to store our customer relationship management information;
  • Marketing providers, advertisers and advertising networks that require the data to send you advertisements about our products and select and serve relevant adverts to you and others;
  • Analytics and search engine providers that assist us in the improvement and optimisation of the Website;
  • Chat-based support software services that allow users to input information, including an email address, to request support and clarify their problem; and
  • Credit card and payment providers that help process payments for us (note that we do not store any provided credit card information).

DigiCert will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, including to meet national security or law enforcement requirements, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request;
  • enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

DigiCert will also disclose your information to third parties:

  • in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
  • if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

 

Referrals

 

If you choose to use our referral service to tell a friend about our Website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting them to visit the site. DigiCert collects this information for the sole purpose of sending this one-time email and tracking success of the referral program.

If you believe that one of your contacts has provided DigiCert with your personal information, you may contact us at privacy@digicert.com to request that we remove this information from our database.

 

Blogs

 

Our Website offers publicly accessible blogs or community forums. Any information you provide in these areas can be read, collected, and used by others who access them.
To request removal or your personal information from our blog or community forums, please contact us at privacy@digicert.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why, as well as additional contact information when applicable.

 

Social Media Widgets

 

The Website includes social media features, such as a Facebook “Like” button and widgets, as well as share buttons or interactive mini-programs. These features collect the user’s IP address, the pages visited on the Website, and set cookies to enable the features to function properly. Social media features are either hosted by a third party or hosted directly on the Website. Interactions with these features are governed by the privacy policy of the corresponding social media company.

 

Security

 

The security of your personal information is of the utmost importance to DigiCert. DigiCert only transmits personal information, including sensitive information (such as credit cards), using transport layer security (TLS). To learn more about TLS, follow this link: https://www.digicert.com/ssl/.

Unfortunately, no method of transmission over the Internet or electronic storage is 100% secure. While DigiCert strives to use commercially acceptable standards to protect personal information, DigiCert cannot guarantee absolute security. If you have any questions about the security of your personal information, please contact us at privacy@digicert.com.

We take all necessary security and legal precautions to ensure the safety and integrity of the Individuals’ personal data that we receive from Customer, including, as appropriate, (i) the pseudonymization of personal data; (ii) ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (iv) regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

 

Where We Store Your Data

 

The DigiCert Group has its parent company based in the United States and our Website is hosted in the United States. Therefore, if you are located outside the United States, the information that you submit to us through our Website will be transferred to the United States. Likewise, Customer data and your personal data will be accessible from and transferred to the United States.

Where you have a dispute or complaint regarding DigiCert’s collection, storage, or use of your personal information, you may make a complaint to DigiCert by sending it to privacy@digicert.com. If you are an EU or Switzerland resident, where the dispute or complaint is not satisfactorily resolved or you don’t receive a timely response, you may escalate the matter to your European data protection authority free of charge, and DigiCert commits to cooperate with the relevant European data protection authority and will comply with the advice given by this authority with regard to your information which was transferred from the European Union or Switzerland in the context of this Website. You may also contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. For EU or Switzerland residents, such complaint is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work.

 

Individual Rights over Personal Information

 

Generally, a Customer or Individual can review, delete inaccuracies, and update personal information through its DigiCert account interface by clicking edit under the Account Profile tab.

In certain circumstances, individuals also have the following rights:

  • Access and portability: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
  • Correction, erasure and restriction of processing: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed or ask us to delete data (i) where you believe it is no longer necessary for us to hold the personal data; (ii) where we are processing your data on the basis of our legitimate interest and you object to such processing; or (iii) if you believe the personal data we hold about you is being unlawfully processed by us. You can ask us to restrict processing data we hold about you other than for storage purposes if you believe the personal data is not accurate (whilst we verify accuracy); where we want to erase the personal data as the processing we are doing is unlawful but you want us to continue to store; where we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims or where you have objected to us processing personal data and we are considering your objection.

    Customers and Individuals cannot edit a DigiCert Certificate directly. In order to update information in a Certificate, including personal information, Customers or Individuals must submit a change request through the Customer’s Account, and DigiCert will implement the edits where applicable.

  • Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
  • Testimonials: With prior permission from the customer, DigiCert displays personal testimonials of satisfied customers on our Website in addition to other endorsements. Customers wishing to update or delete a testimonial should contact DigiCert at privacy@digicert.com.
  • Marketing: You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at privacy@digicert.com.
  • Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at privacy@digicert.com and we will endeavor to deal with your request. If you are an EU or Switzerland resident, this is without prejudice to your right to launch a claim with the data protection supervisory authority in the European country in which you live or work where you think we have infringed data protection laws.

You can exercise these rights by sending an email to privacy@digicert.com or by mailing DigiCert at the address listed in this policy. Before we respond to your request, we will ask you to verify your identity. Note that these rights in their entirety only apply to EU or Switzerland residents and subject to the applicable law of the jurisdiction where you reside. Where exercise of a particular data subject right is not required by law, your request will be handled on a case-by-case basis.

 

How Long We Store Your Data

 

We will retain your information as follows:

  • Account data (including to send Advisory e-mails): As long as the account is active, while a certificate remains unexpired, and in accordance with industry standards, which requires us to maintain the data for 7.5 to 10.5 years after account cancellation. In addition, after account cancellation, we will keep this for as long as necessary to defend against legal claims, resolve disputes or enforce customer agreements.
  • Data provided and collected for marketing and web experience customization purposes: until you notify us that you no longer want us to use your information for marketing and/or web experience customization purposes, by unsubscribing from any marketing email you receive, changing your cookie preferences through consulting our Cookie Policy, or by contactingprivacy@digicert.com.

After we no longer have a legitimate basis for retaining your personal data, we may store your information in an aggregated and anonymized format.

 

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

 

DigiCert participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List, here: https://www.privacyshield.gov.

DigiCert is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. DigiCert complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, DigiCert is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedbackform.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website here, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

 

Applicability

 

This privacy policy does not apply to any downloadable software provided through DigiCert’s Websites.

Our website includes links to third party websites whose privacy practices may differ from those of DigiCert. If you submit personal information to any of those websites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policies of those third-party websites before you submit any information to those websites.

 

Changes to This Privacy Policy

 

If we make material changes to our information practices, we will update this privacy policy and notify interested parties (e.g., by posting a notice on our home page or by emailing affected individuals). Visitors should check the Website regularly to be aware of changes. We encourage you to periodically review this page for the latest information on our privacy practices. Revisions to the privacy policy are effective 30 calendar days after being posted, or as required by applicable law.

 

Contact

 

Please contact DigiCert or DigiCert’s Europe Data Protection Liaison with any questions or concerns about this privacy policy or our data collection practices:

Europe Data Protection Liaison

By mail:

Digicert Ireland Ltd.
Attention: Europe Data Protection Liaison, Richard Hall
C/O Symantec Ltd.
Orion 2 Building, Ballycoolin Business Park
Blanchardstown, Dublin 15 Ireland

By phone or fax:

Phone: +353 1803 5400
Fax: +353 1861 7990

By email:
richard.hall@digicert.com

DigiCert, Inc. Global Headquarters

By mail:

DigiCert, Inc.
Attention: Global Data Protection Coordinator
2801 North Thanksgiving Way
Suite 500
Lehi, Utah 84043

By phone or fax:

Toll Free: 1-800-896-7973 (US & Canada)
Direct: 1-801-701-9600
Fax Toll Free: 1-866-842-0223 (US & Canada)
Fax Direct: 801-705-0481

By email:

privacy@digicert.com

For assistance with technical difficulties, including problems with accessing or using your customer account, please email support@digicert.com.

As noted above, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. For EU or Switzerland residents, this is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work.

 

DigiCert Legal Repository

The DigiCert Legal Repository is available at: DigiCert Legal Repository