Chat With Us
We are here for you!
Talk to a fellow human.
Last Updated: May 25, 2018
WHO WE ARE
When you purchase a certificate, you are contracting with Sectigo, a limited company formed under the laws of England and Wales with registered number 04058690 and registered offices at 26 Office Village, Exchange Quay, Trafford Road, 3rd Floor, Salford, Manchester, M5 3EQ, United Kingdom.
Attn: Data Protection Officer
Unit 7 & 9
Listerhills, Science Park, Campus Road,
Bradford, BD7 1HR
Sectigo values your privacy.
This is important to us, so we hope you take the time to read and review it carefully.
WHAT INFORMATION WE COLLECT
INFORMATION YOU GIVE TO US
Sectigo collects personal information in accordance with industry standards mandated by the CA/B Forum (such as the Baseline Requirements and EV Guidelines) when you purchase or use Sectigo products or services or otherwise interact with Sectigo. In most instances, you provide the information directly to Sectigo, such as when you create an Account, sign up for a newsletter, subscribe to Sectigo’s services, use a Sectigo website, download a Sectigo product, or request further information from Sectigo.
When You Purchase Services or Download a Product
When you purchase Sectigo services or download a product, you will provide certain personal information. This information may include personal contact information, such as name, company name, address, phone number, and email address; billing information, such as billing name and address, credit card number, and the number of employees within the organization; or other similar information that may be necessary for us to provide you with products and services. The information that you provide shall be used for such things as setting up or administering your Account, responding to your inquiries, providing you with product updates or improvements, and managing other daily business needs, such as, for example, payment processing, account and contract management, website administration, troubleshooting, security and fraud prevention, corporate governance, reporting and legal compliance and business continuity. If Sectigo would like to process that information for any other purposes, we will first provide you with sufficient information describing such additional use.
When You Order a Certificate
When you order a certificate, you will be required to provide certain information depending on the certificate type (e.g. DV, OV, EV, SMIME, etc.). The exact informational requirements are listed in the CPS for your review. Certain of the submitted details will be displayed within the certificate, and, as a result, will be publicly available.
You have choices about your information, but if you choose not to provide necessary information when purchasing a product or service, or ordering a certificate, (for example, information necessary to validate a certificate), then you may not be able to get that product, service, or certificate.
INFORMATION WE COLLECT FROM YOUR USE
To enable a better experience on our websites and provide you with better functionality and features in our products and services, we collect information about your interactions with Sectigo, like the products and services that you use and how you use them. We may use technologies like cookies, browser analysis tools, or server logs to receive error reports or usage data from software running on your device or our website and applications. We may also obtain data from third parties to enhance our files and better understand our customers.
For more information on cookies and how we use them, see our Cookies Policy.
Sectigo's websites use Google Analytics, which is a web analytics service provided by Google, Inc. ("Google"), to evaluate your use of the Sectigo website. Google Analytics place a third-party cookie on your computer that is then used to compile reports of visitor traffic and internet usage. Google Analytics does not have a database of individual profiles for each visitor and only collects aggregate data.
For information on how Google Analytics uses data please visit “How Google uses data when you use our partners sites or apps”, Click Here
Sectigo uses log files comprising of non-personally identifiable information to analyze trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use.
This information may include your IP address or other proxy servers you use to connect to the Internet, device and application identification numbers, your browser type, your Internet service provider (or mobile carrier), the pages and files you viewed, your operating system and system settings, and the location and time zone associated with your usage. Based on certain Internet standards, we may also collect information about the website you were visiting before and the website you visit after you leave the Sectigo website.
INFORMATION WE COLLECT AND RECEIVE FROM THIRD PARTIES
Information We Collect and Receive from Our Resellers and Webhosts
Sectigo has hundreds of resellers and webhosts that offer you our products and services for purchase directly from them. Sectigo enters into agreements with its resellers and webhosts containing adequate privacy safeguards and protections. When you provide information directly to these resellers or webhosts, you are providing your information subject to the privacy policies and practices of those resellers. You should make sure to review and understand those policies and practices prior to sharing your information.
For more information on Sectigo’s resellers and webhosts, please contact firstname.lastname@example.org.
Information We Collect and Receive from Third-Party Sources
For Sectigo to properly validate some types of certificates (such as EV Certificates) in accordance with industry standards, it is necessary for Sectigo to supplement information that Sectigo receives from you or a reseller with information that it gathers from third-party sources.
As such, Sectigo may verify the information you provide us with information from independent third-party sources. The types of certificates, allowable third-party sources, and other relevant information are detailed with specificity in the CPS, the Baseline Requirements, the EV Guidelines, and the EV Code-Signing Guidelines. Information collected from these third-party sources will be used by Sectigo to validate the ordered Certificate. This is an integral aspect of the services provided by Sectigo and is required of Sectigo to validate a certificate.
Sectigo also collects and receives certificate information from publicly available certificate transparency (CT) logs. Generally, certificates and CT logs do not contain personal information. CT logs were created in the public’s interest to support public oversight and scrutiny of the SSL certificate system. The purpose of the CT log is to provide an open auditing and monitoring system to protect users and to prevent mistaken or malicious issuance of certificates.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT STATEMENT
Sectigo websites, products and services are not directed to children under the age of 16 and Sectigo does not knowingly collect personal data from children under the age of 16. If Sectigo becomes aware that a child under the age of 16 has provided personal data, Sectigo will take steps to delete such information from Sectigo’s files as soon as possible.
HOW WE USE YOUR INFORMATION
Understanding how important your privacy is to you, we limit the use of your information and want you to be clear on how your information will be used. Below is an overview, identifying the information collected, the purpose for which it is collected, the initial legal basis for processing such information, and the period for which we will retain that information.
We are providing the below information about our retention periods to show you that your information is being processed with transparency. Our retention periods, however, are not fixed for all types of information and will vary for reasons such as whether the information is still necessary for the original purpose of the processing, to fulfill (or assert) our or your legal obligations (or rights), and/or to comply with applicable laws or industry requirements. As such, we reserve the right to revise such retention periods where we determine that the information is still, or is no longer, necessary for the purposes for which the information was processed.