Privacy Policy

Privacy Policy

Effective date: October 15, 2020

EnVers Group SIA, registration number: 41503048391, legal address: Lieasmas Street 4-24, Riga, LV-1058 (“us”, “we”, “our” or the “Company”) as the Data Controller operates the www.thesslcert.com website (the “Service”). This “Privacy Policy” informs you of our policies regarding the processing (collection, storage, use, disclosure, erasure etc.) of

Personal Data when you visit our website and/or use, has used or expressed a with to use any of our Services or if you are in any way connected with these Services, and the choices you have associated with that data. We use your Personal Data to provide and improve the Service, perform a contract and to fulfil legal obligations to which we are the subject.

By using the Service, your Personal Data is processsed in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not have to provide Personal Data to the Company. In cases when the User does not provide the Company with Personal Data necessary for the performance of the contract or Services, as well as for the performance of legal obligations of the Company specified in regulatory enactments, the Company has a legal basis to refuse to provide the User Services in whole or in part.

If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.

Definitions

Personal Data

Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meanins as in Article 4(1) of GDPR.

Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of GDPR.

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the duration of a page visitthe type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).

Cookies

Cookies are small pieces of data stored on a User’s device.

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data. Definition shall have the same meaning as in Article 4(7) of GDPR.

Data Processor (or Service Providers or Sub-contractors)

Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Article 4(8) of GDPR.

Data Subject

Data Subject is any living individual (natural person) who is the subject of Personal Data.

User

The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you, perform a contract and to fulfil legal obligations to which we are the subject.

Types of Data Collected – Personal Data

While using our Service, we may ask you to provide us with certain types of Personal Data that personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Identification data – first name, last name, identity code, date of birth;
  • Contact data – phone number, e-mail address, residential address (Address, State, Province, ZIP/Postal code, City, Country), correspondence language;
  • Incoming and outgoing email correspondence – correspondence with Users;
  • Transaction ID (not Credit Card number)
  • Cookies
  • Usage Data

Purposes and legal basis of your Personal Data processing

There are different purposes for processing Personal Data and each processing activity must rely on one of the legal basis. The Company processes your Personal Data relying on the following legal basis:

  • Processing of Personal Data which is required for performance of Services and contract
  • We process Personal Data relying on this legal basis if it is necessary for performance of the Services or contract concluded with you or for taking measures required prior to signing the contract at your request.
  • Processing of Personal Data which is required for performance of legal obligations of the Company
  • In some cases, we need to process your Personal Data because we are obliged to do so under regulatory enactments. If the Personal Data processing is required by regulatory enactments, neither we nor you can influence the processing of such Personal Data.
  • Processing of data which is based on the legitimate interest of the Company
  • A legitimate interest means that we do not directly need to process your Personal Data to fulfil contractual obligations nor our legal obligations, but the processing is still necessary. The processing may be needed to develop our Services and products making them better for you; to protect our webpage from attacks; to make business decisions by compiling statistics. As under the legitimate interest we are not obligated to process your Personal Data by law or for performance of our contractual obligations but we also do not request your permission for the processing – we give you the right to ask for explanations as well as to present objections, if you consider that processing of your Personal Data for the purposes given in below table breaches your rights.
  • Processing of Personal Data based on your consent
  • If we have received your consent, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You always have the right to withdraw you consent (each separately as well as all jointly) given to us: you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us: privacy@thesslcert.com.
  • If you withdraw your consent, we will stop processing your data for the purposes for which the consent was granted. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

In below table you will find some examples for which purposes and on what legal basis your Personal Data is being processed by us.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use Cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Retention of Data

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Personal data is processed in the European Union / European Economic Area (EU / EEA). However, if Personal Data is transferred outside the EU / EEA, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the EU / EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The Company shall only transfer Personal Data if there is a legitimate basis for it and appropriate safeguards have been put in place: (i) the contract with the recipient includes standard EU data protection clauses or other agreed rules, codes of conduct, certifications approved under the GDPR or (ii) the recipient is located in a country that provides an adequate level of protection of Personal Data in accordance with a decision of the EU Commission. Upon request, the User can receive more detailed information on the transfer of Personal Data to countries outside the EU / EEA.

The Company will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.

Disclosure of Data

When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.

When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.

The Company is also obliged to transfer Personal Data to state or local government institutions in cases specified in regulatory enactments (for example, Financial and Capital Market Commission, Consumer Rights Protection Centre, State Revenue Service, Financial Intelligence Unit of Latvia, State Security Service, State Police and other law enforcement agencies and financial investigation institutions), courts, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc.).

Disclosure for Law Enforcement

Under certain circumstances, The Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of The Company
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of Users of the Service or the public
  • To protect against legal liability

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

However, the Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data. Some examples of the measures we use:

  • Physical measures – paper-based documents containing Personal Data are stored in locked rooms and cabinets to which only certain employees have access for fulfilling their job duties; data processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current instability and power outages.
  • Technical measures – all employee work computers are protected with password protected screensavers when the employee leaves; it is ensured that the IT- system does not accept new login attempts and locks the username if certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
  • Organizational means – all IT system Users are assigned roles and profiles; it is ensured that access rights are deleted when an employee leaves the Company; it is ensured that there is no access from publicly used rooms to rooms where Personal Data is being processed.
  • In case we use external companies for providing services, which include data processing, we conclude data protection agreements with such Service Providers obligating them to: a) take appropriate measures to ensure confidentiality and security of the personal and ii) process Personal Data in accordance with the applicable legal requirements.