Policy for personal data protection at ZONER a.s.

Here you will find the Personal Data Processing Policy document, which describes the processing of your personal data by ZONER a.s. and processing when issuing an SSL / TLS certificate.

Introductory provisions

ZONER a.s., Company ID: 494 37 381, with registered office in Brno, Nové sady 583/18, postal code 602 00, which is registered in the Commercial Register at the Regional Court in Brno, section B, insert no. 5824, contact e-mail address: info@sslmarket.cz (hereinafter also referred to as the “Company”), provides its services in accordance with applicable legislation and handles customers' personal data in accordance with applicable legal regulations. The company is an administrator.

This document provides our customers with information on the processing of their personal data and their related rights and obligations. This document may be revised and updated as necessary.

We declare that all internal processes concerning the processing of personal data are carried out in accordance with Act No. 101/2000 Coll. on the protection of personal data and amending certain laws, as amended and after 25 May 2018 also in accordance with REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), otherwise known as GDPR.

When processing personal data, we adhere to the principles of the legality of personal data processing and further focus on legality, fairness, transparency, purpose limitation, data minimization, accuracy, storage restrictions, integrity and confidentiality of personal data.

The company processes personal data manually and automatically. The company keeps records of all activities, both manual and automated, in which personal data are processed.

What data do we process and why?

We undertake not to require more information from you than is strictly necessary to achieve each of the purposes set out below.

If you decide to use the services offered by ZONER a.s., ordering them means concluding a contract with the company. When creating a customer account, we require the following personal information: name, address, e-mail address, telephone number, login name and password. We must process these personal data for the purpose of your identification, authorization and operation of your customer account, without which it is not possible to use our services. We process personal data necessary for the operation of a customer account even after the termination of the provision of services, in order to be able to order other services without the need to create a new customer account, as it is in the interest of our company.

For the purposes of ordering the services, their provision and your identification, we also process your personal data: name, address, e-mail address, telephone (all these data may be referred to only as "basic identification data") and possibly other personal data (e.g., from mutual email or telephone communication), which we obtain from you in connection with the provided service and the processing of which is necessary to provide the given service. We cannot provide the services you have ordered without processing the data.

Here is a list of other personal information we process in connection with the SSLmarket service:

  • Access IP address

Processing the personal data above is necessary to conclude and/or perform the contract and therefore does not require your consent. The legal basis for this processing is the need to fulfil the contract. You do not have to provide us with these personal data, however, if you do not provide us with these data or if you do not agree to their processing for the stated purposes, we will be forced to refuse to conclude the contract with you.

In connection with the services provided, we also process your personal data relating to the services provided. In particular, these are data on the type of services provided, their scope and price, and information on payment morale. In the premises of our company, which are intended for contact with customers, camera recordings are stored. These records are also personal data intended to prevent damage. We collect all data mentioned in this paragraph in connection with providing services and processing it in connection with basic identification data in order to improve the services provided and / or protect our company's interests (including any enforcement of our legitimate claims or protection of our company other proceedings). Therefore, as this is processing necessary for the purposes of our company`s legitimate interests, your consent is not required. The necessity for the purposes of the legitimate interests of our company forms the legal basis of the processing.

To fulfil legal obligations, we also process our customers` personal data. For reasons required by the Accounting Act and other legal regulations, especially in the area of taxes, we keep documents (in electronic or paper form) containing personal data, especially invoices and documents from which the legal reason for issuing an invoice follows, for a period specified by law. Pursuant to Section 97, Paragraph 3 of Act No. 127/2005 Coll., On Electronic Communications and on the Amendment of Certain Related Acts (the Electronic Communications Act), we are obliged to store personal data consisting of operational, location data and records (so-called logs), which are created or processed in the provision of public communications networks and in the provision of publicly available electronic communications services, and related IP addresses. After the expiration of the statutory period (see below), we will no longer process these personal data for this purpose. The legal basis for this processing is to fulfil legal obligations. Since we have to request this information from you in connection with the services provided, or we must obtain them from other sources. As this is necessary to fulfil legal obligations, refusing to provide them or refusing to process them would result in us not being able to enter into a contract with you and provide you with services.

We also use customers' personal data to send notifications about SSL / TLS certificates, operational messages and to send our Newsletter. We never provide personal information for third-party marketing purposes. We process personal data, which is an e-mail address, for the purpose of sending our communications about our company's products electronically, without your consent in accordance with the law, as this is in the legitimate interest of our company. The condition for sending the Newsletter, which may contain a commercial message, is that the customer has a clear and unambiguous possibility to simply and free of charge refuse consent to such use of the e-mail address. If you tell us that you do not agree with us sending messages marked as Newsletter, we will stop processing your personal data for this purpose. The legal basis for this processing is for the purposes of our company`s legitimate interests.

By visiting our company's website, you also provide us with personal information about your IP address, location, browser, system or screen resolution. These personal data are collected through Google web analytics and are used only for our purposes in order to analyze and improve our services. As these data are obtained and processed for the purposes of our legitimate interests, your consent to such processing is not required. The legal basis for this processing is necessity for the purposes of the legitimate interests of our company. You can find more about Google's privacy policy in the company's policies.

If you consent to the storage of cookies on your end device when you visit our company's website, we process behaviour records about you from cookies placed on our company's website, for the purpose of better website operation. The legal basis for this processing is your consent.

How long do we process your personal data for?

We only process your personal data for the duration of the reason for processing your personal data.

Personal data that is necessary to maintain a customer account will be processed for the purpose of maintaining a customer account for the period of providing services. If the customer does not cancel their customer account even after the end of the provision of services, we will continue to process their personal data, which is necessary for us to maintain their customer account, for a period of 3 years.

Operational and location records, which we are required to process by law, are kept for a period of 6 months on the basis of a legal reason for fulfilling legal obligations imposed on us by Section 97 (3) of Act No. 127/2005 Coll., On Electronic Communications and on Amendments to Certain Related Acts. (Electronic Communications Act).

Upon terminating the provision of the ordered service and terminating all related obligations under the contract (including any warranty), we will stop processing your personal data for this purpose and delete them if these personal data or some of them are not processed for another purpose.

If we process personal data to fulfil a legal obligation, we will terminate the processing for this purpose after the expiration of the specified period.

Is personal data provided to third parties?

The transfer of personal data to third parties is necessary to order and process the SSL / TLS certificate for its applicant. Specifically, the personal information of the certificate applicant (organizational contact and technical contact) is provided to the DigiCert certification authority (DigiCert, Inc., 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043, USA) for verification, to the extent of:

  • name and surname,
  • address (business, if a company is the certificate's requestor),
  • email address,
  • telephone number of the natural person

By transferring personal information to the administrator of DigiCert, Inc. personal data is transferred outside the EU. The transfer takes place exclusively on the basis of the customer's express and verifiable consent to the transfer of this personal data necessary to obtain an SSL / TLS certificate. The protection of personal data outside the EU is guaranteed by the participation of DigiCert, Inc. in the Privacy Shield program, in which it will be active no later than May 25, 2018.

We transfer personal data only to the extent necessary for the provision of the ordered service. We are entitled to such handling of personal data without your consent, as otherwise we would not be able to fulfill the contract and provide you with the required service. However, we are always obliged to ensure that these third parties comply with all obligations related to the protection of personal data and do not use your personal data for any other purpose without your consent. If the specifications of the third party to whom the personal information will be transferred are not stated in this policy, you will be notified when ordering the service.

Who has access to personal data?

Access to your personal data in our company is restricted to persons who require the data to achieve the purpose for which the personal data is processed. For this purpose, our company is regularly audited.

Customer support staff only have access to the personal information they need to authorize requests and identify the customer. This approach is necessary for the proper operation of customer service support.

Employees who have access to personal data are properly trained in their protection and are obliged to observe confidentiality.

Exercising the rights of the data subject

If you need to exercise the rights of the data subject in the sense of the Regulation, questions or other suggestions, contact us at info@sslmarket.cz.

In case of any doubts about the compliance of your personal data`s processing with legal regulations, you have the opportunity to file a complaint with the supervisory authority, which is the Office for Personal Data Protection in the Czech Republic (see www.uoou.cz)..

This policy is effective from 25 May 2018

Last update: 11 May 2018