Redirecting you to
Legal and Compliance

Privacy policy

Privacy policy in other languages

Français

Sectigo Privacy Policy

Effective Date: September 26, 2024

Who we are

This Privacy Policy applies to Sectigo Limited and its subsidiaries, including Sectigo, Inc. SSL247 SAS, SSL247 Limited, and SSL247, Inc. (collectively, “Sectigo” or “we” or “us”) and describes Sectigo’s (“our”) policies and practices that we undertake in collecting, using, and safeguarding your personal information. By “personal information”, we mean information that can be used to identify you or that we can link to you, and which we have in our possession or control.

Sectigo Limited is the data controller of your personal information processed for purposes set forth herein (including the issuance of Qualified Certificates and other publicly-trusted Certificates) and, unless expressly specified otherwise, is responsible for the collection, use, disclosure, retention, and protection of your personal information in accordance with our privacy standards, this privacy policy, and applicable laws.

Sectigo’s subsidiary SSL247 SAS will act as data controller if you use the Website https://www.ssl247.com/fr/, purchase goods or services via this Website, and/or are otherwise in contact with SSL247 SAS. The contact details for SSL247 SAS are listed at the end of this Privacy Policy.

We have appointed a data protection officer to be responsible for our privacy program. Our Data Protection Officer can be contacted at:

Attn: Data Protection Officer
Sectigo Limited
Unit 7 & 9
Listerhills, Science Park, Campus Road,
Bradford, BD7 1HR
United Kingdom
[email protected]

Overview

Sectigo values your privacy.

In providing you with access to Sectigo’s products, services, and Websites (defined below), Sectigo collects and uses certain information about you. This Privacy Policy is meant to help you understand what information is collected from you, how we use it, and how you can protect your privacy rights.

At a glance, this Privacy Policy contains the following information:

  • What information we collect.
  • How we collect your information.
  • How we use your information.
  • What information we share.
  • What security measures we have in place to protect your information.
  • What rights and choices you have in relation to your information.

This is important to us, so we hope you take the time to read and review it carefully.

Definitions

We’ve defined the following terms, which are used throughout this Privacy Policy, to provide better clarity on what we mean:

  • Account refers to an SCM account, an E-PKI account, an S3 account, or any other account at a Sectigo Website for which you sign up and log in.
  • Baseline Requirements refers the most recent version of the CA/B Forum’s BASELINE REQUIREMENTS FOR THE ISSUANCE AND MANAGEMENT OF PUBLICLY-TRUSTED CERTIFICATES, accessible here: https://cabforum.org/baseline-requirements-documents/.
  • CA/B Forum means the Certificate Authority and Browser Forum, a consensus-driven forum of Certificate authorities (like us) and browsers that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates, and whose website is https://cabforum.org/.
  • Certificatemeans a digitally signed electronic data file issued by Sectigo to a person or entity seeking to conduct business over a communications network, which may contain the identity of the person authorized to use the digital signature, a copy of their public key, a serial number, a time period during which the data file may be used, and a digital signature issued by Sectigo.
  • Cookies Policy” refers to the most recent version of our COOKIES POLICY, accessible here: https://www.sectigo.com/.
  • CPS” refers the most recent version of our CERTIFICATION PRACTICES STATEMENT, accessible here: https://sectigo.com/legal.
  • eIDAS Regulation means Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, as amended.
  • ETSI means the European Telecommunications and Standards Institute, an independent, not-for-profit, standardization organization for the information and communications technology industry.
  • ETSI Standards mean those Industry Standards developed by ETSI.
  • EV Code-Signing Guidelines means the most recent version of the CA/B Forum’s GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CODE SIGNING CERTIFICATES, accessible here: https://cabforum.org/ev-code-signing-certificate-guidelines/.
  • EV Guidelinesrefers to the most recent version of the CA/B Forum’s GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES, accessible here: https://cabforum.org/extended-validation/.
  • Industry Standards mean, individually or collectively, the Baseline Requirements, EV Guidelines, EV Code-Signing Guidelines, the ETSI Standards, and any other standards, rules, guidelines, and requirements applicable to a Certificate.
  • Qualified Certificate means a publicly-trusted, end-entity Certificate issued according to the requirements of the eIDAS Regulation.
  • Website means a website owned and operated by Sectigo, including, but not limited to sectigo.com, instantssl.com, positivessl.com, enterprisessl.com, hackerguardian.com, optimumssl.com, comodoca.com, ssl.comodo.com, codeguard.com, iconlabs.com, crt.sh, and the websites where ssl247 is the primary domain at one of the following TLDs: .ae, .be, .cl, .com, .com.br, .com.co, .com.mx, .co.uk, .de, .dk, .es, .fr, .ie, .it, .nl, .pe, .pt, and .se (for example, ssl247.fr).

What information we collect

Information you give to us

Sectigo collects personal information in accordance with applicable laws and Industry Standards when you purchase or use Sectigo products or services or otherwise interact with Sectigo. In most instances, you provide the information directly to Sectigo, such as when you create an Account, sign up for a newsletter, subscribe to Sectigo’s services, use a Sectigo Website, download a Sectigo product, or request further information from Sectigo.

You have choices about your information, but if you choose not to provide necessary information when purchasing a product or service (for example, information necessary to validate a Certificate), then you may not be able to get that product or service.

When you purchase a service or product (generally)

When you (or your organization) purchase Sectigo services or download a product, you will provide certain personal information. This information may include personal contact information (e.g., name, your company/employer, address, phone number, and email address); billing information (e.g., billing name and address, credit card number); or other similar information that may be necessary for us to provide you with products and services. The information that you provide shall be used for such things as setting up or administering your Account, responding to your inquiries, providing you with product updates or improvements, and managing other daily business needs (e.g., payment processing, account and contract management, Website administration, troubleshooting, security and fraud prevention, corporate governance, reporting/legal compliance, and business continuity). If Sectigo would like to process that information for any other purposes, we will first provide you with sufficient additional information describing such use.

When you purchase a certificate

When you (or your organization) purchase a Certificate, you will be required to provide certain information depending on the Certificate type (e.g., DV, OV, EV, SMIME, etc.). The exact informational requirements are listed in the CPS. Certain details you submit will be displayed within the Certificate, and, as a result, will be publicly available.

When you purchase a CodeGuard® service

When you (or your organization) purchase a CodeGuard® service, you decide the type and extent of personal information given to us. As part of the CodeGuard® services, you designate your website’s database that you want us to back up and we back up any information (including personal information) contained on the database.

When you book a demo, register for a webinar or request additional product information through our website

When you book a demo with one of our sales representatives, register for a webinar, or request additional product information through our website, you submit to us contact information (e.g., first and last name, email address, phone number), products you are interested in, and the region you are located in (e.g., North America, Europe, etc.).

When you apply for a job

When you apply for a job at Sectigo, you provide us with information, such as contact information (name, address, telephone number, email address), information relating to your education, career, and references (educational institutions you’ve attended, prior work experience, work-related licenses, permits, or certifications), information relating to your character (knowledge, skills, and abilities), and information about your preferences (desired salary, desired work location).

Information we collect from your use

To enable a better experience on our Websites and provide you with better functionality and features in our products and services, we collect information about your interactions with Sectigo, like the products and services that you use and how you use them. We may use technologies like cookies, browser analysis tools, or server logs to receive error reports or usage data from software running on your device or our Website and applications. We may also obtain data from third parties to enhance our files and better understand our customers.

Cookies

A cookie is a piece of data that websites send to your computer or other web-based devices to uniquely identify your browser or to store information or settings on your browser based on your use. Cookies allow us to identify you when you return to the Sectigo Website, providing you with a streamlined and customized experience. Sectigo may employ the use of cookies to analyze trends, administer our Websites, products or services, gather demographic information or to measure the success of advertising and affiliate network memberships. Sectigo’s resellers and webhosts may also use cookies, although Sectigo does not exercise any access or control of such partners’ cookies.

You can always control the use of cookies, but if you choose to disable all cookies, it may limit your use of certain functions or features on our Websites, products or services.

For more information on cookies and how we use them, see our Cookies Policy.

Analytics Tools

Our Websites use Google Analytics, which is a web analytics service provided by Google, Inc. ("Google"), to evaluate your use of the Website. Google Analytics places a third-party cookie on your computer that is then used to compile reports of visitor traffic and internet usage.

For information on how Google Analytics uses data please visit “How Google uses data when you use our partners sites or apps”, located at www.google.com/policies/privacy/partners/.

Log Files

Sectigo uses log files comprising of non-personally identifiable information to analyze trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use.

This information may include your IP address or other proxy servers you use to connect to the Internet, device and application identification numbers, your browser type, your Internet service provider (or mobile carrier), the pages and files you viewed, your operating system and system settings, and the location and time zone associated with your usage. Based on certain Internet standards, we may also collect information about the website you were visiting before and the website you visit after you leave the Sectigo Website.

Information we obtain from third parties

Information we obtain from our resellers and webhosts

Sectigo has hundreds of resellers and webhosts that offer you our products and services for purchase directly from them. Sectigo enters into agreements with its resellers and webhosts containing adequate privacy safeguards and protections. When you provide information directly to these resellers or webhosts, you are providing your information subject to the privacy policies and practices of those resellers. You should make sure to review and understand those policies and practices prior to sharing your information.

For Sectigo to provide you with products and services through a reseller or webhost, that specific reseller or webhost must share your information with us. When that information is shared with us, it will be collected and used in accordance with this Privacy Policy.

Information we obtain from your organization

This section is applicable only if:

  • Your organization is a Sectigo enterprise customer, and
  • Your organization issued you a Sectigo SMIME or client Certificate.

To issue a Sectigo SMIME or client Certificate for your use, Sectigo obtains your (i) first and last name, and (ii) company email address. This information is either submitted directly by you or obtained from your organization that requested the Certificate.

Information we obtain from your references and third parties listed in your job application

When you apply for a job at Sectigo, you provide us with educational and/or career references. We may obtain from these sources information about your employment dates, responsibilities, positions held, work ethic, and proficiencies. By providing us with these references, you authorize us to contact these references, as well as current and previous employers, to obtain such information.

Information we obtain from other third-party sources

  • For the Issuance of a Certificate

For Sectigo to validate some types of Certificates (such as EV Certificates) in accordance with Industry Standards, it is necessary for Sectigo to supplement information that Sectigo receives from you or a reseller with information obtained from third-party sources.

As such, Sectigo may verify the information you submit us with information from independent third-party sources. The types of Certificates, permissible third-party sources, and other relevant information are detailed with specificity in the CPS, the Baseline Requirements, the EV Guidelines, and the EV Code-Signing Guidelines. Information collected from these third-party sources will be used by Sectigo to validate the ordered Certificate. This is an integral aspect of the services provided by Sectigo and is required of Sectigo to validate a Certificate.

Sectigo does not have any control over these third-party sources, but once Sectigo collects supplemental information from these sources, Sectigo will protect it in accordance with this Privacy Policy.
Sectigo also obtains Certificate information from publicly available Certificate transparency (CT) logs. Generally, CT logs do not contain personal information, but it can contain your email address. CT logs were created for purposes of preventing the mistaken issuance, malicious use, and public oversight of Certificates by providing an open auditing and monitoring system.


  • For Other Purposes

We also collect information about you from other sources, including third parties from whom we have purchased personal information, such as such as the qualified government information sources that Sectigo uses to validate information during the certificate issuance process, or marketing leads providers, and combine this information with the personal information provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you. In particular, we collect personal information from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, IP addresses, social media profiles, LinkedIn URLs, for purposes of targeted advertising, delivering relevant email content, and event promotion.

Children’s online privacy protection act statement

Sectigo’s Websites, products and services are not directed to children under the age of 16 and Sectigo does not knowingly collect personal data from children under the age of 16. If Sectigo becomes aware that a child under the age of 16 has provided personal data, Sectigo will take steps to delete such information from Sectigo’s files as soon as possible.

How we use your information

Understanding how important your privacy is to you, we limit the use of your information and want you to be clear on how your information will be used. Below is an overview, identifying the information collected, the purpose for which it is collected, the initial legal basis for processing such information, and the period for which we will retain that information.

We are providing the below information about our retention periods to show you that your information is being processed with transparency. Our retention periods, however, are not fixed for all types of information and will vary for reasons such as whether the information is still necessary for the original purpose of the processing, to fulfill (or assert) our or your legal obligations (or rights), and/or to comply with applicable laws or Industry Standards. As such, we reserve the right to revise such retention periods where we determine that the information is still, or is no longer, necessary for the purposes for which the information was processed.

Information Processed

Purpose of Processing

Legal Basis

Necessary Retention Period

Information you give us to setup and administer your (or your organization’s) Account (see INFORMATION YOU GIVE TO US).

To provide you (or your organization) with the products and services requested and to administer your (or your organization’s) Account, including for renewals, billing, and contract management
purposes.

Processing is based on the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and
fraud prevention purposes.

Duration of the subscriber agreement governing the Account and a period thereafter as may be necessary to assert our legal rights.

Information that you provide us to issue a Certificate (see INFORMATION YOU GIVE TO US).

To validate and issue the Certificate you ordered, and to comply with Industry Standards.

Processing is based on the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and fraud prevention purposes.

Duration of the subscriber agreement governing the Certificate plus (i) seven (7) years after the expiration or revocation of the last Certificate issued thereunder, provided all Certificates are non-Qualified Certificates, or
(ii) fifteen (15) years after expiration or revocation of the last Certificate issued thereunder, if any Certificate is a Qualified Certificate.

Information that you (or you organization) provide us to provision the CodeGuard® services (see INFORMATION YOU GIVE TO US).

To provide you with the CodeGuard® services.

Processing is based on the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and
fraud prevention purposes.

Until the earlier of (i) your request for the deletion of your Account, and (ii) expiration or termination of your agreement with us. We may maintain backups for up to 14 days in disaster recovery instances.

Information we obtain from our resellers (see Information We Obtain from Our Resellers and Webhosts).

If you order a Certificate, to validate and issue the Certificate, and to comply with Industry Standards.

If you order any other product or service, to provide you with the products and services that you requested and to administer your Account, including for renewals, billing, and contract management purposes.

Processing is based on the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and fraud prevention purposes.

If you order a Certificate, duration of the subscriber agreement governing the Certificate plus (i) seven (7) years after the expiration or revocation of the last Certificate issued thereunder, provided all Certificates are non-Qualified Certificates, or (ii) fifteen (15) years after expiration or revocation of the last Certificate issued thereunder, if any Certificate is a Qualified Certificate.

If your order any other product or service, duration of the subscriber agreement governing the product or service, plus seven (7) years.

Information we obtain from third-party sources to validate a Certificate (see Information We Obtain from Other Third Parties).

To validate and issue the Certificate you ordered, and to comply with Industry Standards.

Processing is based on the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and fraud prevention purposes.

Duration of the subscriber agreement governing the Certificate plus (i) seven (7) years after the expiration or revocation of the last Certificate issued thereunder, provided all Certificates are non-Qualified Certificates, or (ii) fifteen (15) years after expiration or revocation of the last Certificate issued thereunder, if any Certificate is a Qualified Certificate.

Information we obtain from other third-party sources (see Information We Obtain from Other Third-Party Sources).

To update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you.

Processing is based on the terms and conditions of the agreement with the third-party source, which warrant that adequate consents have been obtained from you for the sharing of the information with
Sectigo.

Until the later of (i) expiration or termination of the agreement governing your Account and a period thereafter as may be necessary to assert our legal rights, and (ii) your request of deletion of this information.

Information contained in an issued Certificate.

To ensure (i) Certificates are not used for fraud, phishing, or other malicious uses, (ii) the authenticity of issued Certificates, and (iii) the integrity of issued Certificates for network and informational security purposes.

Processing is for the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and fraud prevention purposes.

Duration of the subscriber agreement governing the Certificate plus (i) seven (7) years after the expiration or revocation of the last Certificate issued thereunder, provided all Certificates are non-Qualified Certificates, or
(ii) fifteen (15) years after expiration or revocation of the last Certificate issued thereunder, if any Certificate is a Qualified Certificate.

Information published in CT logs (generally this does not contain personal information, but it can contain your email address if included by you, or your organization, in an issued Certificate).

To ensure (i) Certificates are not used for fraud, phishing, or other malicious uses, (ii) the authenticity of issued Certificates, and (iii) the integrity of issued Certificates
for network and informational security purposes.

Processing is for the legitimate interests of Sectigo and third parties, including compliance with Industry Standards, network and informational security purposes, audit purposes, and fraud prevention purposes.

There is no retention period and the information is available on the Internet indefinitely.

Information we collect from your use of our Websites, products and services.

For security and fraud prevention, corporate governance, and for audit and regulatory reporting purposes.

Sectigo has a legitimate interest in processing this information to protect Sectigo’s systems, your information and the information of other Sectigo customers.

Exact durations are listed in the Cookies Policy.

Information you submit to us when sending us an inquiry form or other communication (see When You Book a Demo, Register for a Webinar, or Request Additional Product Information Through Our Website).

Respond to you when you contact Sectigo about our products or services.

Processing is based on your consent that we will obtain prior to sending you any communications.

Until you withdraw your consent.

Your name, email address and contact information that you provide to us in relation to events and other Sectigo news.

Plan, host and provide you with information about Sectigo surveys, events, or other public forums

Processing is based on your consent to receive this information, which we will obtain prior to sending you any communications.

Until you withdraw your consent.

Contact information that you provide to us in relation to marketing and promotional activities.

Provide marketing and promotional communications about offers, news or announcements relating to the Sectigo products and services

Processing is based on your consent to receive this information, which we will obtain prior to sending you any communications.

Until you withdraw your consent.

Information on your use of our Website, collected by our use of cookies and analytics tools.

Improve the user experience of our Websites, products or services that we deliver to you based on our evaluation of the information we gathered on your use of our Websites.

Our use of cookies and analytics tools is set forth in our Cookies Policy. Prior to using our Website, you can review and consent to the use of cookies. You can also object to or limit our use of cookies by modifying your cookie preferences.

Exact durations are listed in the Cookies Policy.

Information on your use of our Website, collected by our use of cookies and analytics tools.

Analyze your use to provide you with personally relevant content and tailored advertising that we think may be of interest to you.

Our use of cookies and analytics tools is set forth in our Cookies Policy. Prior to using our Website, you can review and consent to the use of cookies. You can also object to or limit our use of cookies by
modifying your cookie preferences.

Exact durations are listed in the Cookies Policy

When you apply for a job at Sectigo (see When You Apply for a Job).

To process your application, to identify your capabilities and qualifications to determine your suitability for a position with Sectigo, to conduct reference checks, and to respond to your inquiries and communicate with you about your application.

If we offer you a position, and you accept, then also to conduct background checks, as allowed by local law.

If you become an employee, then for employment-related purposes.

Processing is based on the legitimate interests of Sectigo, including administrative purposes, internal training, audit purposes, and fraud prevention purposes.

Four (4) years following the conclusion of the hiring process for the position for which you apply.

If we offer you a position, and you accept, same duration as above.

If you become an employee, then the period will be listed in our employee privacy notice.

Sharing of information collected

We understand and value the sensitive nature of your information, and as such, the information provided to Sectigo will be protected by Sectigo and not sold or rented to any unrelated third parties without your consent. Even though Sectigo does not sell or rent your personal information, you can still choose to opt-out of any future sale or renting of your personal information by sending a request to [email protected]. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer, taking into account the complexity and number of requests we receive.

There are instances, however, when Sectigo may disclose your information for such limited purposes as:

  • To its subsidiaries and business partners who have similar privacy standards and only for the purposes addressed in this Privacy Policy.
  • To our resellers or webhosts when you place your order through that reseller or webhost.
  • To our service providers or processors who are obligated under law and contract to protect your information and only use your information in accordance with our instructions.
  • As may be necessary for audit, compliance, or corporate governance functions.
  • To judicial or public authorities when legally obligated to do so by law or in response to a subpoena or court order in the United Kingdom or other countries where we operate.
  • To business partners or potential purchasers if disclosure is necessary to effectuate the sale or transfer of business assets.
  • To judicial or public authorities if disclosure is required to protect the rights of Sectigo, Sectigo's customers, or the users of Sectigo's products or services.

We may also share aggregate demographic data that does not contain any personally identifiable information.

Re-Targeting

Sectigo has relationships with third-party advertising companies and permits the operation of a retargeting consumer marketing program. These third-party advertisers may place cookies on your computer for the collection of pseudonymised consumer information, but they do not collect personal information and we do not give them personal information. This Privacy Policy does not apply to these third-party advertisers but if you would like additional information, please visit Network Advertising Initiative at www.networkadvertising.org/managing/opt_out.asp, which also allows you to opt-out of such retargeting programs.

Forums, Bulletin Boards, Testimonials, Chat Rooms, and Surveys

Sectigo may provide you with communication tools such as public forums, bulletin boards, testimonials, or chat rooms. Information that you post will be accessible to anyone with Internet access and may be collected, used, and read by third parties, including other users. You should always use caution when posting any of your information on a public forum as you have no privacy rights in public postings. Sectigo is not responsible for any information submitted by you through these public services.

Occasionally, Sectigo may also request information from you via surveys. Participation in these customer surveys is absolutely voluntary. If you do choose to participate, however, the survey information you provide will be used by Sectigo to improve its Website and Sectigo’s products and services.

Third-parties and external links

Sectigo’s Websites may contain links to external websites of Sectigo’s service providers, partners or other third-parties that have and maintain their own privacy policies and data collection, use and disclosure practices. This Privacy Policy does not apply to such Sectigo's service providers, partners or other third-parties. This Privacy Policy also does not apply to the information practices of third-party advertisers of our services, who may use cookies or other technologies to serve and offer relevant ads to you.

If you access the products, services or websites of Sectigo’s service providers, partners or other third-parties, you should review those respective privacy policies as well to understand what information is collected and how it is used by them.

Information security

Sectigo develops, implements, and maintains a comprehensive security program designed to protect its networks and to safeguard the information it collects and stores. Sectigo protects information both online and off-line. Below are some of the many measures that Sectigo implements:

  • Transmission of information, including any payment information, is encrypted and protected using TLS/SSL technology.
  • Stored customer information is kept in a secure environment where access is restricted to employees who need the information to perform a specific job (for example, billing administration or the development team).
  • Employees are required to use password-protected screen-savers and keep their computers up-to-date.
  • Implementing detection and prevention controls to guard against viruses and malicious software.
  • Security procedures are audited in accordance with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria, the results of which are available by clicking on the WebTrust seal on sectigo.com.

You can find more information and details on how Sectigo protects your information in the CPS.

International transfer of information

Sectigo Limited is incorporated in the United Kingdom, with global offices and subsidiaries. In order to be able to provide worldwide access to you, your data may be accessed by or transferred to servers located outside of Europe, including in the following countries: the United Kingdom, the United States, Canada, and India. We will always protect your privacy and this Privacy Policy shall apply no matter where your information is transferred to in the world.

If your data is transferred to a server outside of Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements and applicable laws. Information can be transferred outside Europe in a number of ways. Examples include: the country to which we send your information may be approved by the European Commission, or the recipient may have signed a contract based on the “standard contractual clauses” approved by the European Commission, obliging them to protect your information. In other circumstances, the law may permit us to otherwise transfer your information outside Europe. In all cases, any transfer of your information will be compliant with applicable data protection law.

You can obtain more details of the protection given to your information when it is transferred outside Europe (including a sample of the standard contractual clauses) by contacting us at the mailing address or email address below.

Your rights to your information

The law affords you certain rights when it comes to your information and we want to make sure you understand those rights.

  • You have the right to:
    • Request access to your information
    • Request corrections to your information
    • Request that your information be erased
    • Request that the processing of your information be restricted
    • Request return of your information
    • Withdraw your consent
    • In certain countries, such as France, provide directives on the processing of your personal data after your death.
  • Although you have these rights, please understand that these rights are not absolute. There may be instances where we may not be able to comply with your request or objection based on our legitimate interests, or in accordance with the legal restrictions governing these rights.

If your information (or Certificate specific information) needs to be updated, you can request that certain changes be made by logging into your Account. For any other requests, you can also contact us via email at [email protected]. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive.

  • We may also process personal information submitted by or for a customer to our CodeGuard® services. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such personal information in the role of a data processor on behalf of a customer (and/or its affiliates) who is the responsible data controller of the personal information concerned. We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Policy. If your information has been submitted to us by CodeGuard® customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the CodeGuard® customer who submitted your data. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.
  • If you feel that the processing of your information is unlawful or violates this Privacy Policy please let us know immediately. We will work diligently to address your concerns and resolve any concerns that you may have. If you further feel that we have violated on your rights as stated in the General Data Protection Regulation (GDPR), and you are located in the European Economic Area, then you also have the right lodge a complaint with a supervisory authority. We will work with the appropriate supervisory authority to promptly resolve such complaints.

Your choices and communication preferences

You always have rights to the collection, use, or disclosure of your information. Remember, however, in certain cases, if you do restrict or object to the use of your information, then certain products or services that require that information may not be provided to you.

You can also limit the communications that we send to you. Customers may occasionally receive information on products, services, and special deals from Sectigo or may receive informational newsletters. Customers are given the opportunity to 'opt-in' to receiving these promotional communications at the time their information is collected. You may “opt-out” of receiving these promotional communications using the opt-out link provided in each promotional email or by emailing [email protected].

Even if you opt-out of promotional communications, we will still need to contact you with important administrative and transactional information about your Account and your use of the Sectigo products and services. For example, we may contact you about new release or feature updates or with important security information about the products or services.

Processing and customer consent

Your information will be collected, used, and processed for the purposes set forth in this Privacy Policy. If we would like to collect, use, or process your information for any unrelated purposes that are not disclosed in this Privacy Policy, we will first ask for your consent. You are free to withdraw this consent at any time by using the opt-out link, by emailing [email protected], or by emailing [email protected].

Certificate revocation & expiry

Access to issued Certificates is provided through Sectigo’s public repository. Because of the nature of the services provided, there may be circumstances under which a Certificate is revoked. Furthermore, Certificates have a finite lifetime and will expire.

Despite the finite nature of Certificates, Sectigo still provides public access to both revoked and expired Certificates for network and informational security purposes, audit purposes, and fraud prevention purposes. Such Certificates are flagged as revoked or expired within the repository.

California privacy rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit the CCPA Privacy Notice.

EU-U.S. data privacy framework, Swiss-U.S. data privacy framework, UK extension

Sectigo, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sectigo, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sectigo, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website at https://www.dataprivacyframework.gov/.

Sectigo, Inc. is responsible for the processing of personal data it receives, under each Data Privacy Framework, and subsequent transfers to a third party acting as an agent on its behalf. Sectigo, Inc. complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Sectigo, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Sectigo, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Filing a complaint

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Sectigo, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact Sectigo, Inc. at [email protected].

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution. Under certain conditions, more fully described under the Data Privacy Framework website at https://www.dataprivacyframework.gov/, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Sectigo, Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

Amendments to this privacy policy

Sectigo reserves the right to amend this Privacy Policy at any time.

Have questions or want to contact us?

Any questions that you may have about this Privacy Policy may be submitted by email to [email protected]. We understand and value your privacy and are committed to respond as soon as reasonably possible. You may also contact us by mail at the following locations:

BRADFORD, UK OFFICE

Sectigo Limited
Unit 7 & 9
Listerhills, Science Park, Campus Road,
Bradford, BD7 1HR
United Kingdom

US OFFICE

Sectigo, Inc.
8800 E. Raintree Drive
Suite 110, Scottsdale, AZ
85260 United States

CANADIAN OFFICE

Sectigo (Canada) Ltd.
1125 Innovation Drive, 2nd Floor
Kanata, ON K2K 3G6
Canada

FRANCE OFFICE

SSL247 SAS
87 rue Nationale
59800 Lille
France