Please read this privacy statement carefully before using this service.
1.1. We, ZeroSSL GmbH, FN 443956b (the “Company“), e-mail address: [[email protected]] (the „E-Mail Address“), process your personal data as part of your use of our products (“Products”) or platform (“Platform” and, together with the Products, “Services”). We deal with your personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the General Data Protection Regulation („GDPR“) and the Austrian data protection act in its current form.
1.2. In this Privacy Policy we want to provide you with information about the company, the nature, scope and purposes of the data collection and use, trying to offer you an insight into the processing of your personal data.
1.3. For some of our Products we will only process data pursuant to purposes and means you determine. In these cases, we will provide you with separate data processing agreements.
1.4. The controller for the processing of your personal data within the meaning of the GDPR is the Company. You can contact us via mail under the address shown below or via e-mail using the E-Mail Address.
Company address:
ZeroSSL GmbH
Salzgries 19/3+4
1010 Vienna, Austria
If you have concerns about how we handle your personal information, you can file a complaint with your local privacy regulator.
2.1. General: We process such personal data that you as a user of the Services make available to us, for example upon registration or when using the Services (the „Data").
2.2. Website Use: If you visit our website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary for us in order to display the website correctly and guarantee the necessary stability and security:
2.3. Registration Data: Upon registration we collect and process the following information:
2.4. Product Use Data: Personal data processed in the course of your use of ZeroSSL services including certificate issuance and management, domain validation processes, API interactions, and related platform functionality is processed by us solely as a data processor acting on your behalf and in accordance with your instructions, and not as an independent data controller. Further details on this processing, including roles, responsibilities, security measures, and sub-processing, are set out in the applicable Data Processing Agreement.
3.1. Purpose: The processing of Data pursues the following purposes ("Purposes"):
3.2. Lawfulness of Processing: The lawfulness of processing (Art. 6 GDPR) stems from:
3.3. Legitimate Interests: The legitimate interests are to monitor, analyze and improve the Services, to support you, to protect the security, integrity, performance and functionality of the Services, and to provide you with marketing communications and, where applicable, personalised advertising.
4.1. Use: We use Data that you, as user of the product, have provided us with, only for the Purposes.
4.2. Transfer: We transmit Data to third parties only, if this is (i) necessary for the Purposes, e.g. when we use service providers, (ii) due to a request from a national authority, (iii) due to a court ruling, or (iv) if you have consented beforehand.
4.3. Service Providers:
| Category | Service Provider | Purpose of Processing | Data Processed | |
|---|---|---|---|---|
| 1 | Hosting & Infrastructure | Amazon Web Services (AWS) | Hosting, compute, storage | Account data, certificate data, logs |
| 2 | Payment Processing | Stripe Payments Europe Ltd | Payment processing and billing | Payment details, billing information |
| 3 | Customer Support | Zendesk, Inc. | Customer support | Support tickets, account data, communication data |
| 4 | Email Communication | Mailchimp (Rocket Science Group LLC) | Transactional and marketing emails | Email addresses, communication metadata |
| 5 | Diagnostics & Monitoring | Sentry (Functional Software, Inc.) | Error tracking and diagnostics | Error logs, technical metadata |
| 6 | Internal Operations | Microsoft Corporation | Internal communication, documentation, reporting | Internal documents, user identifiers |
| 7 | Internal Operations | Google LLC / Google Cloud EMEA | Internal documentation and reporting | Internal business data, user identifiers |
| 8 | Development Tools | Atlassian Pty Ltd (Jira, Confluence) | Issue tracking and documentation | Project data, issue data, metadata |
| 9 | Automation & Integrations | Zapier | Workflow automation between services | Data transferred through automated workflows |
| 10 | Surveys & Feedback | Typeform | Survey and feedback collection | Survey responses, contact data |
4.4. International Data Transfers: When using some of our service providers, personal data may be transferred to recipients outside the European Economic Area (EEA), including the United States.
In such cases, we ensure appropriate safeguards are in place, including:
You may contact us for more information about these safeguards.
5.1. We retain personal information as long as we are providing products and services to you, or as long as we are addressing any concerns, questions, complaints, or requests from you, depending on our interactions. If there is a contract or agreement, retention obligations will follow those terms.
Data may be retained longer if required by legal obligations, to maintain necessary records for legal, financial, compliance, or other reporting purposes, or to enforce our rights and agreements. Data may also be retained for statistical analysis or research purposes.
We implement security measures to protect personal information from loss, misuse, unauthorized access, alteration, disclosure, or destruction. Additionally, we have measures to ensure the ongoing confidentiality, integrity, and availability of systems and services processing personal information, and to restore data availability and access promptly in case of an incident.
5.2. Deletion: Data will be deleted if you (a) revoke your consent to the storage (b) Data is not needed to fulfill the user contract concerning the Product anymore, or (c) the storage is or becomes legally impermissible. A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.
5.3. Safety Measures: To avoid unauthorized access to Data and generally secure the Data, we apply the following safety measures: encrypted transmission, encrypted storage, an authorization concept, a data backup concept, and physical safety measures for servers. Those safety measures are constantly revised to comply with the latest technological developments.
6.1. Exercise of Rights: To exercise the rights defined in Section 6.2 to 6.6, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4.
6.2. Revocation of Consent: You can revoke the consent for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation.
6.3. Right of Access: You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among others, processing purposes, categories of Data, potential recipients or the duration of storage.
6.4. Right to Rectification: You have the right to obtain from us the rectification of inaccurate Data concerning you. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification.
6.5. Right to Erasure: Should you decide that you do not want us to process your data any further, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4. We will erase your Data immediately and inform you of this process. Should mandatory provisions of law prevent such erasure, we will inform you without undue delay thereof.
6.6. Right to Restriction of Processing: You have the right to obtain from us a restriction of processing of your Data in the following cases:
6.7. Right to Data Portability: You have the right to (i) receive your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us.
6.8. Right to Object: You have the right to object at any time to the processing of Data.
6.9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde), if you think that the processing of Data infringes applicable law, especially the GDPR.
6.10. We do not carry out automated decision-making or profiling that produces legal or similarly significant effects concerning you within the meaning of Art. 22 GDPR.
Depending on your location, you may have basic rights under privacy and data protection laws related to the data we process about you. You may exercise those rights by emailing us at [email protected] with the subject SAR.
These rights are free in most cases, and we will aim to respond to your request within 30 days or the specific timeframe required by the laws applicable to personal information about you. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be legal or other official reasons that we may not be able to address the specific request you make related to your rights. These rights relate to:
Access to your personal information about you. You have the right to request details about the personal data we hold and how it has been processed, as well as correct any inaccuracies.
Correction of inaccurate or incomplete personal information about you;
Deletion of personal information about you;
Restrictions, temporarily or permanently, on our processing of some or all personal information about you;
Transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and
Opt-out or object to our use of personal information about you where our use is based on your consent or our legitimate interests.
If you would like to opt-out of receiving sales and marketing communications from us, you may update your communication preferences here.
By submitting an individual rights request, you consent to us using your information to respond via email. You can withdraw consent through that email. Your consent includes sending your request to our U.S. headquarters. Without consent, we cannot respond to your request.
Additional Rights for U.S. Residents
If you are a resident of California, you may have certain additional privacy rights. For additional information on these rights, please visit our CCPA Privacy Notice Tab for more information.
8.1. What are Cookies? The Website uses 'cookies' - small text files that are placed on the user's computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user's browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.
8.2. Disabling of Cookies: The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari). However, in this case the user may jeopardize his/her use of the complete range of functions on the Website.
8.3. Cookie Policy: Please see our Cookie Policy for more information.
We use analytics tools to evaluate and improve the use of our Website and Services. These tools may process technical data such as IP addresses, device information, and usage data. Non-essential cookies are only set after your consent has been obtained via our cookie management tools.
For more information, please refer to our Cookie Policy.
9.1. Google Analytics:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Further information:
https://www.google.com/analytics/terms/
https://policies.google.com/privacy
10.1. If the Company decides to change this Privacy Policy, it will post those changes directly in the Services. Should the changes be material to you, you may be notified via email or within the Services and asked to review the updated Privacy Policy.