Redirecting you to
Click if you are not redirected within 5 seconds

Privacy Policy

Last Updated: May 25, 2018

WHO WE ARE

This Privacy Policy applies to Sectigo and its subsidiaries (collectively, “Sectigo” or “we” or “us”) and describes Sectigo’s (“our”) policies and practices that we undertake in collecting, using, and safeguarding your personal information. By “personal information”, we mean information that can be used to identify you or that we can link to you and which we have in our possession or control.

When you purchase a certificate, you are contracting with Sectigo, a limited company formed under the laws of England and Wales with registered number 04058690 and registered offices at 26 Office Village, Exchange Quay, Trafford Road, 3rd Floor, Salford, Manchester, M5 3EQ, United Kingdom.

Sectigo is the data controller for personal information collected and processed for purposes of issuing publicly-trusted digital certificates, and is responsible for the collection, use, disclosure, retention, and protection of your personal information in accordance with our privacy standards, this privacy policy, and applicable laws. We have appointed a data protection officer to be responsible for our privacy program. Our Data Protection Officer can be contacted at:

Attn: Data Protection Officer

Sectigo
Unit 7 & 9
Listerhills, Science Park, Campus Road,
Bradford, BD7 1HR
United Kingdom


OVERVIEW

Sectigo values your privacy.

In providing you with access to Sectigo’s products, services, and websites (including, but not limited to, comodoca.com, instantssl.com, enterprisessl.com, positivessl.com, and ssl.comodo.com), Sectigo collects and uses certain information about you. This Privacy Policy is meant to help you understand what information is collected from you, how we use it, and how you can protect your privacy rights.

At a glance, this Privacy Policy contains the following information:

  • What information we collect.
  • How we collect your information.
  • How we use your information.
  • What information we share.
  • What security measures we have in place to protect your information.
  • What rights and choices you have in relation to your information.


This is important to us, so we hope you take the time to read and review it carefully.

DEFINITIONS

We’ve defined the following terms, which are used throughout this Privacy Policy, to provide better clarity on what we mean:

  • Account” refers to a CCM account, an E-PKI account, an S3 account, or any other account at a Sectigo website for which you sign up and log in.
  • Baseline Requirements” refers the most recent version of the CA/B Forum’s Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates.
  • CA/B Forum” means the Certificate Authority and Browser Forum, a consensus-driven forum of certificate authorities (like us) and browsers that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates.
  • Cookies Policy” refers to the most recent version of our Cookies Policy.
  • CPS” refers the most recent version of our Certification Practices Statement.
  • EV Code-Signing Guidelines” means the most recent version of the CA/B Forum’s Guidelines for The Issuance And Management of Extended Validation Code Signing Certificates.
  • EV Guidelines” refers to the most recent version of the CA/B Forum’s Guidelines for the Issuance and Management of Extended Validation Certificates.


WHAT INFORMATION WE COLLECT

INFORMATION YOU GIVE TO US

Sectigo collects personal information in accordance with industry standards mandated by the CA/B Forum (such as the Baseline Requirements and EV Guidelines) when you purchase or use Sectigo products or services or otherwise interact with Sectigo. In most instances, you provide the information directly to Sectigo, such as when you create an Account, sign up for a newsletter, subscribe to Sectigo’s services, use a Sectigo website, download a Sectigo product, or request further information from Sectigo.

When You Purchase Services or Download a Product
When you purchase Sectigo services or download a product, you will provide certain personal information. This information may include personal contact information, such as name, company name, address, phone number, and email address; billing information, such as billing name and address, credit card number, and the number of employees within the organization; or other similar information that may be necessary for us to provide you with products and services. The information that you provide shall be used for such things as setting up or administering your Account, responding to your inquiries, providing you with product updates or improvements, and managing other daily business needs, such as, for example, payment processing, account and contract management, website administration, troubleshooting, security and fraud prevention, corporate governance, reporting and legal compliance and business continuity. If Sectigo would like to process that information for any other purposes, we will first provide you with sufficient information describing such additional use.

When You Order a Certificate
When you order a certificate, you will be required to provide certain information depending on the certificate type (e.g. DV, OV, EV, SMIME, etc.). The exact informational requirements are listed in the CPS for your review. Certain of the submitted details will be displayed within the certificate, and, as a result, will be publicly available.

You have choices about your information, but if you choose not to provide necessary information when purchasing a product or service, or ordering a certificate, (for example, information necessary to validate a certificate), then you may not be able to get that product, service, or certificate.

INFORMATION WE COLLECT FROM YOUR USE

To enable a better experience on our websites and provide you with better functionality and features in our products and services, we collect information about your interactions with Sectigo, like the products and services that you use and how you use them. We may use technologies like cookies, browser analysis tools, or server logs to receive error reports or usage data from software running on your device or our website and applications. We may also obtain data from third parties to enhance our files and better understand our customers.

Cookies
A cookie is a piece of data that websites send to your computer or other web-based devices to uniquely identify your browser or to store information or settings on your browser based on your use. Cookies allow us to identify you when you return to the website, providing you with a streamlined and customized experience. Sectigo may employ the use of cookies to analyze trends, administer our websites, products or services, gather demographic information or to measure the success of advertising and affiliate network memberships. Sectigo’s resellers and webhosts may also use cookies; although Sectigo does not exercise any access or control of such partners’ cookies.

You can always control the use of cookies, but if you choose to disable all cookies, it may limit your use of certain functions or features on our websites, products or services.

For more information on cookies and how we use them, see our Cookies Policy.

Analytics Tools
Sectigo's websites use Google Analytics, which is a web analytics service provided by Google, Inc. ("Google"), to evaluate your use of the Sectigo website. Google Analytics place a third-party cookie on your computer that is then used to compile reports of visitor traffic and internet usage. Google Analytics does not have a database of individual profiles for each visitor and only collects aggregate data.

For information on how Google Analytics uses data please visit “How Google uses data when you use our partners sites or apps”, Click Here

Log Files
Sectigo uses log files comprising of non-personally identifiable information to analyze trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use.

This information may include your IP address or other proxy servers you use to connect to the Internet, device and application identification numbers, your browser type, your Internet service provider (or mobile carrier), the pages and files you viewed, your operating system and system settings, and the location and time zone associated with your usage. Based on certain Internet standards, we may also collect information about the website you were visiting before and the website you visit after you leave the Sectigo website.

INFORMATION WE COLLECT AND RECEIVE FROM THIRD PARTIES

Information We Collect and Receive from Our Resellers and Webhosts
Sectigo has hundreds of resellers and webhosts that offer you our products and services for purchase directly from them. Sectigo enters into agreements with its resellers and webhosts containing adequate privacy safeguards and protections. When you provide information directly to these resellers or webhosts, you are providing your information subject to the privacy policies and practices of those resellers. You should make sure to review and understand those policies and practices prior to sharing your information.

For Sectigo to provide you with products and services through a reseller or webhost, that specific reseller or webhost must share your information with us. When that information is shared with us, it will be collected and used in accordance with this Privacy Policy.

For more information on Sectigo’s resellers and webhosts, please contact [email protected].

Information We Collect and Receive from Third-Party Sources
For Sectigo to properly validate some types of certificates (such as EV Certificates) in accordance with industry standards, it is necessary for Sectigo to supplement information that Sectigo receives from you or a reseller with information that it gathers from third-party sources.

As such, Sectigo may verify the information you provide us with information from independent third-party sources. The types of certificates, allowable third-party sources, and other relevant information are detailed with specificity in the CPS, the Baseline Requirements, the EV Guidelines, and the EV Code-Signing Guidelines. Information collected from these third-party sources will be used by Sectigo to validate the ordered Certificate. This is an integral aspect of the services provided by Sectigo and is required of Sectigo to validate a certificate.

Sectigo does not have any control over these third-party sources, but once Sectigo collects supplemental information from these sources, Sectigo will protect it in accordance with this Privacy Policy.

Sectigo also collects and receives certificate information from publicly available certificate transparency (CT) logs. Generally, certificates and CT logs do not contain personal information. CT logs were created in the public’s interest to support public oversight and scrutiny of the SSL certificate system. The purpose of the CT log is to provide an open auditing and monitoring system to protect users and to prevent mistaken or malicious issuance of certificates.

CHILDREN’S ONLINE PRIVACY PROTECTION ACT STATEMENT

Sectigo websites, products and services are not directed to children under the age of 16 and Sectigo does not knowingly collect personal data from children under the age of 16. If Sectigo becomes aware that a child under the age of 16 has provided personal data, Sectigo will take steps to delete such information from Sectigo’s files as soon as possible.

HOW WE USE YOUR INFORMATION

Understanding how important your privacy is to you, we limit the use of your information and want you to be clear on how your information will be used. Below is an overview, identifying the information collected, the purpose for which it is collected, the initial legal basis for processing such information, and the period for which we will retain that information.

We are providing the below information about our retention periods to show you that your information is being processed with transparency. Our retention periods, however, are not fixed for all types of information and will vary for reasons such as whether the information is still necessary for the original purpose of the processing, to fulfill (or assert) our or your legal obligations (or rights), and/or to comply with applicable laws or industry requirements. As such, we reserve the right to revise such retention periods where we determine that the information is still, or is no longer, necessary for the purposes for which the information was processed.