Privacy Policy for ZONER Software, a.s.

The Privacy Policy, which describes the processing of your personal information by ZONER software, a.s. and the processing when issuing an SSL / TLS certificate can be found in this document.

Introductory Provisions

ZONER software, a.s., Company ID: 494 37 381, registered address Brno, Nové sady 583/18, postcode 602 00, contact email address: admin@zoner.cz (hereinafter referred to as “Company“), provides its services in accordance with valid legislation and handles customer's personal data in accordance with valid legal regulations. The Company is the Data Controller.

This document provides customers with information about the processing of their personal data and their related rights and obligations. This document may be revised and updated as necessary. We declare that all internal processes concerning the processing of personal data are in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.

When processing personal data, we comply with personal data processing regulations, and we focus on legality, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality of personal data. The Company handles personal data both manually and automatically. The Company keeps records of all activities, both manual and automated, in which personal data are processed.

What data do we process and why?

We promise not to require more data than is strictly necessary to achieve each of the following purposes.

If you decide to use the services offered by ZONER software, a.s., to subscribe (i.e. conclude a contract with our Company), you will be required to share the following personal data: name, address, email address, phone number, user name and password while creating your customer account. We have to process these data in order to identify you and authorise and run your customer account, without which you would not be able to use our services. We process the personal data needed to run a customer´s account even after terminating the provided services. We do so to enable you to order further services without the need to set up a new customer account, as this is in the interest of our Company.

For the purposes of ordering or providing services, and identifying you, we also process your personal data: name, address, email address, telephone (all of which may also be referred to as "basic identification") or if need be, further personal data (e.g. from mutual email or telephone communication) which we obtain from you in connection with the service provided and the processing of which is necessary to provide the service. We have to process these personal data to provide your services and we cannot provide them without such processing.

Here is a list of other personal data which we process in connection with the SSL market service:

  • • Access IP address

The processing of the aforementioned personal data is necessary to conclude and/or perform the contract and therefore does not require your consent. The legal basis for this processing is the necessity to complete the contract. You do not have to provide these personal data, however, if you do not provide them or if you disagree with their processing for the purposes mentioned above, we will be forced to refuse to enter into a contract with you.

In connection with the provided services, we also process your personal data regarding the services provided, in particular the type of services provided, their scope and price, and information on payment ethics. All the data detailed in this paragraph are obtained in connection with the provision of the services and we process them together with the basic identification data in order to improve our services and / or to protect the interests of our Company (including the possibility to enforce our Company's legitimate rights or protection of our Company's rights). As this processing is necessary for the legitimate interests of our Company, your consent is not required. The legal basis for processing is the necessity for our Company’s legitimate interests.

We further process our customers’ personal data to fulfil legal obligations. For reasons required by the Accounting Act and by other legal regulations, in particular in the taxation field, we hold documents (in electronic or paper form) containing personal data, in particular invoices and documents which give a legal reason to issue an invoice, for a statutory period.

Personal data consisting of operational and localisation data and logs created or processed in the provision of public communications networks, publicly available electronic communications services and the associated IP addresses, are subject to the law. After the legal deadline (see below), we will no longer process these personal data for this purpose. The legal basis for this processing is fulfil our legal obligations. Since this information is needed from you in connection with the services provided, we must require, or need to obtain it from other sources because it is necessary to meet legal obligations, refusing to provide it or disagreeing with their processing would mean that we would not be able to conclude a contract with you or provide you with services.

We also use customers’ personal data to send SSL/TLS certificate alerts, operational reports and our Newsletter. We never provide personal data for third party marketing purposes. Personal data, which are email addresses, are processed with the purpose of sending information about our products in an electronic form. We do so without your agreement, which is in accordance with the law, as such action is in the legitimate interest of our Company. The condition for sending the Newsletter, which can contain business announcements, is the customer's clear option and it is easy and free to refuse such a use of their email address. If you inform us that you do not wish to receive the announcements titled Newsletter, we will stop processing your data for this purpose. The legal basis for the processing is our Company’s legitimate interests.

By visiting our company's website, you also share personal information about your IP address, location, browser, system, or screen resolution. These personal data are collected through Google's web analytics and only serve our needs to analyse and improve our services. Because these data are collected and processed for our legitimate interests, your consent to such processing is not required. The legal basis for this processing is for the legitimate interests of our company. For more about protecting Google's privacy, see their policies.

If you consent to the storage of cookies on your end device while visiting our Company's website, we process your cookie file behaviour records located on our company's website to improve how this website is run. We require your consent for this processing.

How long does it take to process personal data?

We process your personal data only for the duration of the reason to process them. Personal data required to maintain a customer account will be processed for the purpose of maintaining a customer account during the provision of services. If a customer does not cancel their customer account after terminating services, we will continue to process their personal data necessary to keep the customer account for 3 years.

The operational and localization records are required to be kept by law for 6 months, on the basis of fulfilling the legal obligations imposed by law.

After terminating the provision of the ordered service and after the terminating all related contractual obligations (including any possible warranty), we will stop processing your personal data for this purpose and erase them unless such personal data or some of them are processed for another purpose.

If we process personal data to fulfil a legal obligation, we will terminate the processing for this purpose after the expiry of the specified period.

Are third parties provided with personal data?

The transfer of personal data to third parties is necessary to order and process the SSL / TLS certificate for the applicant. In particular, the personal data of the certificate applicant (organizational contact and technical contact) is given to the DigiCert Certification Authority (DigiCert, Inc., 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043, USA) for verification to the following extent:

  • • name and surname;
  • • address (work address, if a company is requesting the certificate);
  • • email address;
  • • telephone number of the natural person.

By handing over personal information to DigiCert, Inc., personal data get transferred outside the EU. The transfer is solely based on the explicit and demonstrable consent of the customer to the transfer of such personal data required to obtain the SSL / TLS certificate. The protection of personal data in non-EU territories is guaranteed by the Company's participance in DigiCert, Inc. in Privacy Shield, which will be active no later than May 25, 2018.

We only hand over personal data to the extent strictly necessary to provide the ordered service. We are authorized to handle the personal data without your consent, as we would otherwise not be able to fulfil the agreement and provide you with the requested service. However, we are always required to ensure that these third parties comply with all data protection obligations and do not use your personal data for any other purpose without your consent. If the third party receiving the personal data is not specified in this Policy, it will be communicated to you when ordering the service.

Who has access to personal data?

Access to your personal data in our company is restricted to persons who necessarily require them for the purpose for which the personal data is processed. For this purpose, a regular audit takes place in our company.

Customer support employees only have access to the personal data they need to authorize requests and identify the customer. This approach is necessary for proper customer service support. Employees with access to personal data are adequately trained to protect their privacy and are required to maintain confidentiality.

Application of data subject's rights

If you need to apply the data subject's rights in the sense of the Policy, or if you have queries or other suggestions, please contact us at admin@zoner.cz.

If you have any doubts about the compliance of your personal data’s processing with legal regulations, you have the option of submitting a complaint to the supervisory authority that supervises the processing of your personal data.

These policies are effective from May 25, 2018