Bitte aktivieren Sie JavaScript in Ihrem Browser, um alle Funktionen dieser Seite nutzen zu können.
You need to activate JavaScript in your browser to use all the functions on this page.

Privacy policy

of Zertificon Solutions GmbH

The protection of your privacy when processing personal data is an important concern for us. We process any personal data in accordance with the General Data Protection Regulation (GDPR). Zertificon Websites may contain links to websites of other providers to which this data protection declaration does not extend.

I. General statements on the collection, use and storage of your personal data and on your data subject rights

Zertificon Solutions GmbH, Tempelhofer Weg 62, 12347 Berlin, Germany (“Zertificon”) is the data controller for the processing carried out on the Website https://www.zertificon.com (hereinafter referred to as the “Website”).

Our data protection officer is

Dr. Michael Funke
JBB Data Consult GmbH
Friedrichstraße 95
10117 Berlin

E-Mail: [email protected]

1. Collection of personal data when visiting our Website

We collect personal data when you use our forms or send us an email. Certain technical data is also automatically collected by our IT systems when you visit the Website (e.g. Internet browser, operating system or time of page view).

2. Use and disclosure of personal data and purpose limitation

Zertificon will not pass on data to third parties, except where described in this privacy policy. Zertificon also uses your personal data for strictly defined purposes. The transfer of personal data to state institutions and authorities may be carried out within the framework of mandatory national legal provisions. Our employees are obliged by us to maintain confidentiality.

Notwithstanding, we use service providers as processors who are strictly bound to our instructions for services that we cannot or cannot reasonably provide ourselves. These are mainly technical services such as website hosting.

3. Data subject rights, in particular the right to object

The General Data Protection Regulation guarantees you certain rights, which you can assert against us – insofar as the legal requirements are met.

Art. 15 GDPR – Right of access: You have the right to obtain confirmation from us as to whether personal data relating to you are being processed and, if so, what these data are and the detailed circumstances of the processing.

Art. 16 GDPR – Right of rectification: You have the right to ask us to rectify incorrect personal data concerning you immediately. You also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

Art. 17 GDPR – Right to deletion: You have the right to demand that we delete any personal data relating to you immediately.

Art. 18 GDPR – Right to limit processing: You have the right to request us to limit processing.

Art. 20 GDPR – Right to data portability: You have the right, in the event of processing based on consent or for the fulfilment of a contract, to receive the personal data concerning you which you have provided us with in a structured, common and machine-readable format and to transfer this data to another responsible party without hindrance from us or to have the data transferred directly to the other responsible party, insofar as this is technically feasible.

Art. 77 GDPR in conjunction with Art. 19 BDSG – Right to complain to a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State in which you are resident, your place of work or the place where the suspected infringement is committed, if you consider that the processing of personal data relating to you is contrary to the law.

In particular Art. 21 – Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is necessary based on a legitimate interest on our part or in order to carry out a task in the public interest, or which is carried out in the exercise of official authority.

If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In order to exercise your right of objection, for example, you can send us an email to one of the email addresses mentioned on our contact page.

Withdrawal of consent

If you have given us your informed consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out until your withdrawal remains lawful.

II. Functions of our Websites

1. Contacting us via forms on our Website

a) Website forms

There are several forms on our Website that you can use to contact us electronically.

Collected data: When you submit our forms, we collect all the information you provide in the respective fields. In addition, we collect certain data to prevent misuse of the forms and to ensure the security of our information technology systems. These are:

  • The IP address
  • Date and time of the form’s transfer

b) Contact and enquiry forms

Storage and processing: If you send us enquiries via our forms, we will store your information in a customer relationship management system (“CRM system”) in order to process your enquiry and answer follow-up questions. We process the data to pursue our legitimate interests in offering you a convenient way to contact us, to answer your enquiries and, if necessary, to be able to trace our communication history at a later date (Art. 6 para. 1 lit. f) GDPR). In this context, the data will not be passed on to third parties.

Deletion and objection: We store your enquiries regularly for a period of 4 years. We are also subject to certain storage and retention obligations under commercial and tax law (Section 147 AO, 257 HGB) and must retain certain documents for a period of 6 or 10 years. If these rules apply to your message, it will be stored for the respective period. This may especially be the case if your email is a commercial or business letter, which must be retained for 6 years.

2. Online application

On our Website, you have the possibility to send us your application for a position at Zertificon.

Purpose: We use your personal data to process and decide about your application.

Storage and processing: We use an external service provider to process and store your application. Zertificon and the provider treat the data as strictly confidential and only a limited group of persons can access it. The legal basis for the processing is Sec. 26 para. 1 BDSG.

Deletion: Your personal data will be deleted 6 months after the end of the application process.

3. Newsletter subscription

On our Website, you have the possibility to subscribe to a free newsletter.

Purpose: We will use the data to send and analyze newsletters. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. We use this and possibly other information provided by you (e.g., about your interests) to subdivide (“cluster”) the newsletter recipients into different categories. In this way, the newsletters can be better adapted to the respective target groups.

Double-Opt-In: The subscription takes place in a double-opt-in process. This means that after your initial registration, you will receive an email to confirm your subscription. This confirmation is necessary to verify your identity. The legal basis is your consent, according to Art. 6 para. 1 lit. a) GDPR.

Storage and processing: We will store your email address after the initial registration for verification purposes. If you do not confirm your subscription within three days, we will delete your data. If you confirm the subscription, we will process your data for the time of your subscription. Additionally, we log certain information (for example, date, time, and IP address) about the subscription in order to be able to prove your informed consent afterward.

Recipient: We use the service provider Brevo, formerly SendinBlue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany), to send newsletters.

Withdrawal of consent and deletion: You can unsubscribe at any time. For this purpose, we will provide you with a corresponding link in each newsletter. We will then immediately delete your email address from our newsletter list.

4. Collection of technical data

We collect automated data, in particular to ensure error-free provision of the Website and to optimize our web presence.

a) Cookies

Cookies are small files that are stored on your device. We use cookies to increase the usability and security of the Website. Most cookies are “session cookies”, which are automatically deleted at the end of each browser session. Other cookies will remain on your terminal device either for a certain period or until you delete them actively. These cookies enable us to recognize your device on your next visit. We may use these cookies in order to track your preferences, optimize our Website and to perform online advertisement. Only the cookie on your computer is identified.

You can visit our Website without cookies by selecting *do not accept cookies* in your browser settings. Please refer to the manual of your browser to find out exactly how this works. Additionally, you can delete cookies already set on your computer at any time. If you do not accept cookies, however, this can lead to functional restrictions of our offers.

b) Log files

We collect certain information about accesses to our pages and store them as server log files. We log the following information:

  • IP address
  • Date and time of access
  • Visited website
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used

Storage and processing: We store and process data for security purposes, e.g. to be able to clarify cases of misuse. If data has to be retained as evidence in case of an incident, it will be exempt from deletion until the incident has been clarified. We will also analyze the data to create statistics and to improve our Website. The legal basis for these processings is Art. 6 para. 1 lit. f) GDPR, whereby the mentioned purposes respectively constitute our legitimate interests.

Deletion: We store the log files for a maximum of 30 days and will then delete them.

c) Analysis tools

We use analysis and advertising tools to evaluate the behavior of users on our Website.

Google Tag Manager

We use the Google Tag Manager on this Website to manage Website tags. Tags are small pieces of code on our Website that can be used to, among other things, measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and audience targeting, and test and optimize a Website. Tags can come from Google itself or third-party vendors. Google Tag Manager does not access the data but only serves to manage the tools that collect and process the data.

For more information on Google Tag Manager, please visit:
https://support.google.com/tagmanager/answer/9323295?hl=en

You can find out which tags are set, which data is collected and how you can object or revoke your consent in the further explanations in this section of our data protection declaration.

Google Analytics

This Website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland (“Google”).

Google Analytics uses cookies. The information generated by the cookie about your use of the Website will be transferred to and stored by Google and may be transferred to servers in the United States. However, your IP address will be truncated beforehand within the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address may be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of our Website, compile reports on website activity and providing other services for us relating to the website activity. We have concluded standard contractual clauses of the European Commission, which you can access at https://privacy.google.com/businesses/processorterms/mccs/. The IP address of your device will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings in your browser settings, however, please note that if you do this you may not be able to use the full functionality of this Website. You can also prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this Website:

The legal basis for the use of Google Analytics is your consent. The data will be stored until its withdrawal.

For more information on terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://tools.google.com/dlpage/gaoptout?hl=en.

d) Advertising services

Google Ads (formerly Doubleclick)

Google Ads is a service provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland (“Google”). Google uses cookies to present you with ads that are relevant to you. Google assigns a pseudonymous identification number (ID) to your browser for this purpose. This ID is used to check which ads have been displayed in your browser and which ads have been clicked on. The Google Ads cookies allow Google and its partner sites to serve ads based on previous visits to our site or other sites on the Internet. The cookies may occasionally include an additional anonymized identifier to track the user’s contact with a particular campaign. Google acts as our processor for certain functions and as an own controller for other functions.

Your data may be transferred to Google LLC or other recipients who process data in third countries, including the USA. For the data transfer to the USA, we or Google Ireland Ltd. have concluded standard contractual clauses with Google LLC. Copies of the standard contractual clauses used are available at:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32010D0087,
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32001D0497,
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32004D0915.

You can prevent the collection of data generated by the cookies and related to your use of the Website to Google, as well as the processing of this data by Google, by choosing the appropriate settings under the following link http://www.google.com/settings/ads.

For more information, please visit: https://policies.google.com/privacy?hl=us.

5. Request for certificate issuance in the Zertificon portal for Z1 SecureMail ONE

For the creation of S/MIME certificates in the product Z1 SecureMail ONE, the email address, first and last name of the certificate applicant are transmitted to a subcontractor in the EU for processing (SwissSign, Sägereistrasse 25, CH-8152 Glattbrugg).

III. Security

Zertificon uses technical and organizational measures in order to protect the data we process against manipulation, loss, destruction and against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

IV. Online meetings and webinars via “Zoom”

We offer you the opportunity to register for and participate in online webinars and meetings (collectively referred to as webinars).

Purpose: Our webinars generally require registration. Registration can be accessed via a link on our website. We process the personal data you provide when registering in order to complete your registration and to prepare and conduct the webinar. In addition, with your permission, we process the personal data provided during registration as part of our customer relationship management in order to be able to contact you as a user specifically by email. Your email address will be used exclusively for these purposes. You can unsubscribe from these email notifications at any time by clicking on the unsubscribe link in the corresponding email or by contacting us directly.

Storage and processing: When you register and participate in the webinar, we process the following personal data.

  • Details of webinar participants: first name, last name, email address, company, position, industry
  • User details for online meetings: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional). To participate in a webinar, you must at least provide your name.
  • Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat
  • When dialing in by telephone: details of the incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
  • Text, audio and video data: you may have the opportunity to use the chat, question or survey functions in a webinar. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the applications.

If we make recordings, we will of course inform you of this separately and ask for your consent if necessary. The application will also show you when a recording is in progress.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. In the case of webinars, we may also process the questions and contributions made in the chat by webinar participants via the Q&A area for the purposes of recording and following up webinars.

The legal basis for data processing during a webinar is Art. 6 para. 1 lit. b) GDPR.

If you register and give us your consent to contact you, the following personal data will be processed for sending emails as part of customer relations management:

  • First name, last name, email address, company, position, sector

The legal basis for contacting us as part of the registration process is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Recipients: We use the service provider Zoom of Zoom Video Communications, Inc. as a processor bound by instructions to conduct the webinars. Zoom Video Communications Inc. also processes personal data in third countries, including the USA. An adequate level of data protection also exists for processing outside the EU, as we have been concluded EU standard contractual clauses EU standard contractual clauses with Zoom Video Communications Inc. as additional protective measures. We have also set up our Zoom configuration in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.

We use the service provider Brevo, formerly SendinBlue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany), to send newsletters and other target group-specific emails in fulfillment of your contact request.

Deletion: If you have given us your consent to contact you as part of the registration process, the following applies with regard to the duration of the processing of your data:

Your email address will be stored until you confirm your consent to be contacted in order to guarantee the double opt-in. If confirmation is not received within three days, all data will be deleted. After confirmation, your data will be stored for as long as it is intended to send a newsletter or other target group-specific email and you have not objected to the use of your data or withdrawn your consent. Consent to contact is logged in order to be able to prove the consent process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

V. Data Protection Officer

Our data protection officer is: Dr. Michael Funke. You can reach him at our postal address or at [email protected].

WordPress Cookie Plugin by Real Cookie Banner