English - United States | Français – France | Français – Canada | Deutsch – Deutschland | Español – España | Español – México |
Italiano – Italia | 日本語 – 日本 | 한국어 – 한국 | Português – Brasil | Русский — Россия | 简体中文 – 中国 | 中文 – 台湾
February 13, 2020
Privacy Notice Archive
DigiCert, Inc. and its subsidiaries (“DigiCert”, “DigiCert Group,” “we” or “us”) are committed to protecting the privacy of its Website visitors (“you”) and Customers (“you” or “Customer”) and employees or agents of Customers (“you” or “Individuals”). As a result, DigiCert has promulgated this privacy notice to inform its Website visitors, Customers and Individuals about how DigiCert will collect, use, share or otherwise process any personal data or usage information. This privacy notice applies to all sites owned and operated by DigiCert (collectively, “Websites,” individually referred to as a “Website,” meaning each and every Website owned and operated by DigiCert). This privacy notice also applies to DigiCert’s provision of website and other certificate services and all dealings with natural-person representatives of our Customers (the “Validation Services” or “Certificates”).
DigiCert is a company established in the United States with principal offices at 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043 and for the purpose of the EU General Data Protection Regulation (“GDPR”) and any other applicable data privacy laws, we are the data controller of personal information obtained through our Website. We are also a data controller in relation to the Individuals’ personal information that we receive from Customers, either directly or through resellers.
If you have any concerns or questions regarding the personal data we process through our Website or through providing services to our Customers, you may contact DigiCert’s Data Privacy Officer at firstname.lastname@example.org. If you are an EU or Switzerland resident, we have appointed a Data Protection Liaison for Europe at DigiCert Ireland Ltd. as our Europe Representative who you can contact (in addition to or instead of our Data Privacy Officer, located at our US headquarters) should you have any issues in connection with personal information processed through our Website. Contact details for the Data Privacy Officer and Europe Data Protection Liaison are provided below.
Information that DigiCert Receives
We will use your information to:
DigiCert will publicly disclose information embedded in an issued Certificate as necessary to provide the services contracted by Customer, in accordance with Industry Standards.(See our Certification Practices Statement for information specific to the various services and products offered by DigiCert.)
When performing its services, DigiCert uses third party sources to confirm or supplement the information that it obtains from a Customer, including information about Individuals. DigiCert uses such information from third-party sources exclusively for the purposes of its Validation Services, based on the legitimate interests of DigiCert and of the Customer to provide services and have a Certificate issued.
DigiCert never sells or provides personal information to third parties for uses apart from assisting DigiCert in servicing our Customers and Website visitors. We will share your personal information with third parties including these categories of recipients:
DigiCert will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, including to meet national security or law enforcement requirements, or if we have a good faith belief that such use is reasonably necessary to:
DigiCert will also disclose your information to third parties:
If you choose to use our referral service to tell a friend about our Website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting them to visit the site. DigiCert collects this information for the sole purpose of sending this one-time email and tracking success of the referral program.
If you believe that one of your contacts has provided DigiCert with your personal information, you may contact us at email@example.com to request that we remove this information from our database.
Our Website offers publicly accessible blogs or community forums. Any information you provide in these areas can be read, collected, and used by others who access them.
To request removal or your personal information from our blog or community forums, please contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why, as well as additional contact information when applicable.
The Website includes social media features, such as a Facebook “Like” button and widgets, as well as share buttons or interactive mini-programs. These features collect the user’s IP address, the pages visited on the Website, and set cookies to enable the features to function properly. Social media features are either hosted by a third party or hosted directly on the Website. Interactions with these features are governed by the privacy notice of the corresponding social media company.
The security of your personal information is of the utmost importance to DigiCert. DigiCert only transmits personal information, including sensitive information (such as credit cards), using transport layer security (TLS, formerly referred to as secure sockets layer or SSL). To learn more about TLS, follow this link: https://www.digicert.com/what-is-an-ssl-certificate.
Unfortunately, no method of transmission over the Internet or electronic storage is 100% secure. While DigiCert strives to use commercially acceptable standards to protect personal information, DigiCert cannot guarantee absolute security. If you have any questions about the security of your personal information, please contact us at email@example.com.
We take all necessary security and legal precautions to ensure the safety and integrity of the Individuals’ personal data that we receive from Customer, including, as appropriate, (i) the pseudonymization of personal data; (ii) ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (iv) regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. More information about DigiCert’s security practices can be found here and here.
The DigiCert Group has its parent company based in the United States and our Website is hosted in the United States. Therefore, if you are located outside the United States, the information that you submit to us through our Website will be transferred to the United States. Furthermore, DigiCert performs Validation Services for the EMEA region in its office in South Africa and provides hosting services for certain products in Australia and Japan. Accordingly, depending on your location and the products you are using, Customer data and your personal data will be accessible from and transferred to the United States, South Africa, Australia, Ireland, India and Japan.
Where you have a question, dispute or complaint regarding DigiCert’s collection, storage, or use of your personal information, you may ask a question or make a complaint to DigiCert by sending it to firstname.lastname@example.org. If you are an EU or Switzerland resident, where the dispute or complaint is not satisfactorily resolved or you do not receive a timely response, you may escalate the matter to your European data protection authority free of charge, and DigiCert commits to cooperate with the relevant European data protection authority and will comply with the advice given by this authority with regard to your information which was transferred from the European Union or Switzerland in the context of this Website or through DigiCert’s provision of services. You may also contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. For EU or Switzerland residents, such complaint is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work.
Generally, a Customer or Individual can review, delete inaccuracies, and update personal information through their DigiCert account interface by accessing and editing their Account Profile through the DigiCert service platform they are using. Information and help in accessing and editing the Account Profile can be obtained by contacting DigiCert Support at email@example.com or through the phone numbers provided below.
In certain circumstances and where legally available or required in your jurisdiction, Individuals also have the following rights:
Customers and Individuals cannot edit a DigiCert Certificate directly. In order to update information in a Certificate, including personal information, Customers or Individuals must submit a change request through the Customer’s Account, and DigiCert will implement the edits or issue a new certificate where applicable. If you have questions about how to submit a change request to your Certificate, please contact DigiCert Support at firstname.lastname@example.org or through the phone numbers provided below.
You can exercise these rights by sending an email to email@example.com or by mailing DigiCert at the address listed in this notice. Before we respond to your request, we will ask you to verify your identity. Note that these rights may not apply in their entirety in your jurisdiction and are subject to the applicable law of the jurisdiction where you reside. Where exercise of a particular data subject right is not required by law, your request will be handled on a case-by-case basis.
We will retain your information as follows:
After we no longer have a legitimate basis for retaining your personal data, we may store your information in an aggregated and anonymized format.
DigiCert participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List, here: https://www.privacyshield.gov.
DigiCert is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. DigiCert complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, DigiCert is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website here, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Our Website includes links to third party websites whose privacy practices may differ from those of DigiCert. If you submit personal information to any of those websites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policies of those third-party websites before you submit any information to those websites.
If we make material changes to our information practices, we will update this privacy notice and notify interested parties (e.g., by posting a notice on our home page or by emailing affected individuals). Visitors should check the Website regularly to be aware of changes. We encourage you to periodically review this page for the latest information on our privacy practices. Revisions to the privacy notice are effective 30 calendar days after being posted, or as required by applicable law.
Please contact DigiCert or DigiCert’s Europe Data Protection Liaison with any questions or concerns about this privacy notice or our data collection practices:
DigiCert Data Privacy Officer
Attention: Data Privacy Officer, Aaron Olsen
2801 North Thanksgiving Way
Lehi, Utah 84043
By phone or fax:
Toll Free: 1-800-896-7973 (US & Canada)
Fax Toll Free: 1-866-842-0223 (US & Canada)
Fax Direct: 801-705-0481
Europe Data Protection Liaison
DigiCert Ireland Ltd.
Attention: Europe Data Protection Liaison, Richard Hall
Unit 21, Beckett Way
Park West Business Park
By phone or fax:
Phone:+353 1803 5400
Fax: +353 1861 7990
For assistance with technical difficulties, including problems with accessing or using your Customer account, please email firstname.lastname@example.org.
As noted above, if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. For EU or Switzerland residents, this is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work.
The DigiCert Legal Repository is available at: DigiCert Legal Repository