- Secure Business Email
- Use Cases
- Secure File Transfer
- AS4 Energy
- Relevant blog posts
of Zertificon Solutions GmbH
The protection of your privacy when processing personal data is an important concern for us. We process any personal data in accordance with the General Data Protection Regulation (GDPR). Zertificon Websites may contain links to websites of other providers to which this data protection declaration does not extend.
I. General statements on the collection, use and storage of your personal data and on your data subject rights
Zertificon Solutions GmbH, Tempelhofer Weg 62, 12347 Berlin, Germany (“Zertificon”) is the data controller for the processing carried out on the Website https://www.zertificon.com (hereinafter referred to as the “Website”).
Our data protection officer is
Dr. Michael Funke
JBB Data Consult GmbH
E-Mail: [email protected]
1. Collection of personal data when visiting our Website
We collect personal data when you use our forms or send us an email. Certain technical data is also automatically collected by our IT systems when you visit the Website (e.g. Internet browser, operating system or time of page view).
2. Use and disclosure of personal data and purpose limitation
Notwithstanding, we use service providers as processors who are strictly bound to our instructions for services that we cannot or cannot reasonably provide ourselves. These are mainly technical services such as website hosting.
3. Data subject rights, in particular the right to object
The General Data Protection Regulation guarantees you certain rights, which you can assert against us – insofar as the legal requirements are met.
Art. 15 GDPR – Right of access: You have the right to obtain confirmation from us as to whether personal data relating to you are being processed and, if so, what these data are and the detailed circumstances of the processing.
Art. 16 GDPR – Right of rectification: You have the right to ask us to rectify incorrect personal data concerning you immediately. You also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
Art. 17 GDPR – Right to deletion: You have the right to demand that we delete any personal data relating to you immediately.
Art. 18 GDPR – Right to limit processing: You have the right to request us to limit processing.
Art. 20 GDPR – Right to data portability: You have the right, in the event of processing based on consent or for the fulfilment of a contract, to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and to transfer this data to another responsible party without hindrance from us or to have the data transferred directly to the other responsible party, insofar as this is technically feasible.
Art. 77 GDPR in conjunction with Art. 19 BDSG – Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State in which you are resident, your place of work or the place where the suspected infringement is committed, if you consider that the processing of personal data relating to you is contrary to the law.
In particular Art. 21 – Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is necessary based on a legitimate interest on our part or in order to carry out a task in the public interest, or which is carried out in the exercise of official authority.
If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
In order to exercise your right of objection, for example, you can send us an email to one of the email addresses mentioned on our contact page.
Withdrawal of consent
If you have given us your informed consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out until your withdrawal remains lawful.
II. Functions of our Websites
1. Contacting us via forms on our Website
a) Website forms
There are several forms on our Website that you can use to contact us electronically.
Collected data: When you submit our forms, we collect all the information you provide in the respective fields. In addition, we collect certain data to prevent misuse of the forms and to ensure the security of our information technology systems. These are:
- The IP address
- Date and time of the form’s transfer
b) Contact and enquiry forms
Storage and processing: If you send us enquiries via our forms, we will store your information in a customer relationship management system (“CRM system”) in order to process your enquiry and answer follow-up questions. We process the data to pursue our legitimate interests in offering you a convenient way to contact us, to answer your enquiries and, if necessary, to be able to trace our communication history at a later date (Art. 6 para. 1 lit. f) GDPR). In this context, the data will not be passed on to third parties.
Deletion and objection: We store your enquiries regularly for a period of 4 years. We are also subject to certain storage and retention obligations under commercial and tax law (Section 147 AO, 257 HGB) and must retain certain documents for a period of 6 or 10 years. If these rules apply to your message, it will be stored for the respective period. This may especially be the case if your email is a commercial or business letter, which must be retained for 6 years.
2. Online application
On our Website, you have the possibility to send us your application for a position at Zertificon.
Purpose: We use your personal data to process and decide about your application.
Storage and processing: We use an external service provider to process and store your application. Zertificon and the provider treat the data as strictly confidential and only a limited group of persons can access it. The legal basis for the processing is Sec. 26 para. 1 BDSG.
Deletion: Your personal data will be deleted 6 months after the end of the application process.
3. Newsletter subscription
On our Website, you have the possibility to subscribe to a free newsletter.
Purpose: We will use the data to send and analyze newsletters. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. We use this and possibly other information provided by you (e.g., about your interests) to subdivide (“cluster”) the newsletter recipients into different categories. In this way, the newsletters can be better adapted to the respective target groups.
Double-Opt-In: The subscription takes place in a double-opt-in process. This means that after your initial registration, you will receive an email to confirm your subscription. This confirmation is necessary to verify your identity. The legal basis is your consent, according to Art. 6 para. 1 lit. a) GDPR.
Storage and processing: We will store your email address after the initial registration for verification purposes. If you do not confirm your subscription within three days, we will delete your data. If you confirm the subscription, we will process your data for the time of your subscription. Additionally, we log certain information (for example, date, time, and IP address) about the subscription in order to be able to prove your informed consent afterward.
Recipient: We use the service provider SendinBlue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) to send newsletters.
Withdrawal of consent and deletion: You can unsubscribe at any time. For this purpose, we will provide you with a corresponding link in each newsletter. We will then immediately delete your email address from our newsletter list.
4. Collection of technical data
We collect automated data, in particular to ensure error-free provision of the Website and to optimize our web presence.
You can visit our Website without cookies by selecting *do not accept cookies* in your browser settings. Please refer to the manual of your browser to find out exactly how this works. Additionally, you can delete cookies already set on your computer at any time. If you do not accept cookies, however, this can lead to functional restrictions of our offers.
b) Log files
We collect certain information about accesses to our pages and store them as server log files. We log the following information:
- IP address
- Date and time of access
- Visited website
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
Storage and processing: We store and process data for security purposes, e.g. to be able to clarify cases of misuse. If data has to be retained as evidence in case of an incident, it will be exempt from deletion until the incident has been clarified. We will also analyze the data to create statistics and to improve our Website. The legal basis for these processings is Art. 6 para. 1 lit. f) GDPR, whereby the mentioned purposes respectively constitute our legitimate interests.
Deletion: We store the log files for a maximum of 30 days and will then delete them.
c) Analysis tools
We use analysis and advertising tools to evaluate the behavior of users on our Website.
Google Tag Manager
We use the Google Tag Manager on this Website to manage Website tags. Tags are small pieces of code on our Website that can be used to, among other things, measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize a Website. Tags can come from Google itself or third-party vendors. Google Tag Manager does not access the data but only serves to manage the tools that collect and process the data.
For more information on Google Tag Manager, please visit:
You can find out which tags are set, which data is collected and how you can object or revoke your consent in the further explanations in this section of our data protection declaration.
This Website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland (“Google”).
You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this Website:
The legal basis for the use of Google Analytics is your consent. The data will be stored until its withdrawal.
d) Advertising services
Google Ads (formerly Doubleclick)
Your data may be transferred to Google LLC or other recipients who process data in third countries, including the USA. For the data transfer to the USA, we or Google Ireland Ltd. have concluded standard contractual clauses with Google LLC. Copies of the standard contractual clauses used are available at:
You can prevent the collection of data generated by the cookies and related to your use of the Website to Google, as well as the processing of this data by Google, by choosing the appropriate settings under the following link http://www.google.com/settings/ads.
For more information, please visit: https://policies.google.com/privacy?hl=us.
Zertificon uses technical and organizational measures in order to protect the data we process against manipulation, loss, destruction and against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
IV. Data Protection Officer
Our data protection officer is: Dr. Michael Funke. You can reach him at our postal address or at [email protected].