|
Privacy Statement
As part of the Altaire/SecureSSL pledge to our customers, we recognise
and respect your right to privacy. This privacy policy statement informs
our customers of the privacy practices employed in the provision of our
products, services and website.
Questions relating to this policy statement should be directed
towards the SecureSSL support team at:
Email: info@securessl.co.uk
Postal: SecureSSL Support, PO Box 1222, Southampton, Hamps, SO16 3YQ, United
Kingdom
CPS and Associated Agreements
This Privacy Policy statement supplements the practices and policies stated
within the Subscriber Agreement (and associated product Schedules), Relying
Party Agreement and Comodo Certification Practice Statement (CPS). Please
refer to these documents for the practices employed by Comodo for the
issuing, management and revocation of certificate based products.
http://www.comodo.net/repository/index.html
Informational Collection and Use
SecureSSL do not collect any information on customers without consent.
As part of the service offerings, customers will be prompted for information
when enrolling for a certificate, downloading a product or requesting
further information. No information is collected about a customer if just
browsing the website.
Certificate enrolment
When enrolling for a certificate, customers will be required to provide
certain information as per the requirements for the certificate product
type. The exact informational requirements are set out in the relevant
Subscriber Agreement and associated schedules and listed in the Comodo
CPS. Some of the submitted details will be displayed within the certificate
and as a result will be publicly available. Details that will become public
are clearly stated as 'public' in the enrolment process, Subscriber Agreement
and associated schedules.
Product Download
When downloading a Comodo product, such as the TrustToolbar Plug-in, you
will be required to submit personal information as specified on the download
page. This information will be used by Comodo to contact the customer
about the services on our site for which they have expressed interest,
including product updates and associated promotional material. It also
aids Comodo in providing improved global services by collating general
demographic information. Please refer to the opt-out policy described
later in this policy statement.
Information Request
Comodo provide the ability to request further information or ask questions
to the support team by displaying email links throughout the website.
If a customer elects to use such links they may be requested to provide
additional information depending on the nature of the contact. Typically,
such additional information may include further contact details, and in
the case of technical support, additional information about the customer's
PC configuration may be required to aid a prompt a accurate response to
the query.
Cookies
A cookie is a piece of data stored on a computer's hard disk containing
information about the owner. SecureSSL employ the use of cookies to gauge
success of internal marketing campaigns and within the use of the Referrer
programs. Such cookies contain no personally identifiable information.
Our partners may also use cookies. Comodo do not exercise any access or
control of such cookies.
Log Files
SecureSSL use log files comprising of IP addresses to analyse trends,
administer the site, track movements throughout the site, calculate the
number of document and file downloads, and gather broad demographic information
for aggregate use. IP addresses are not linked to personally identifiable
information.
Sharing
SecureSSL will share aggregated demographic information with our partners.
This is not linked to any personal information that can identify any individual
person.
External Links
This website contains links to external websites. SecureSSL is not responsible
for the privacy practices of such other sites. This privacy statement
applies solely to information collected by this website. SecureSSL have
no control over the accuracy of information displayed by such websites.
Security
This website takes every precaution to protect our customer's information.
When customers submit sensitive information via the website, such information
is protected both online and off-line.
During certificate enrolment, where sensitive information
is required, the transmission of information is encrypted and protected
using Secure Sockets Layer (SSL). This includes the submission of any
payment information such as credit card details.
SecureSSL use SSL encryption to protect sensitive information
online and do everything in our power to protect user-information off-line.
All of our customer's information, not just the sensitive information
mentioned above, is restricted in our offices. Only employees who need
the information to perform a specific job (for example billing administration
or the development team) are granted access to personally identifiable
information. Our employees must use password-protected screen-savers when
they leave their desk. When they return, they must re-enter their password
to re-gain access to customer information. Furthermore, ALL employees
are kept up-to-date on our security and privacy practices. Every quarter,
as well as any time new policies are added, our employees are notified
and/or reminded about the importance we place on privacy, and what they
can do to ensure our customers' information is protected. The servers
that we store personally identifiable information on are kept in a secure
environment, behind a locked cage. The cryptographic keys used to issue
certificates are maintained in the secure environment of FIPS-140 level
4 accredited IBM 4758 crypto devices.
Supplementation of Information (validation of submitted
details)
In order for SecureSSL to properly fulfil its obligation to our customers,
it is necessary for us to supplement the information we receive with information
from 3rd party sources.
For example, prior to the issuance of some certificate types
SecureSSL may use the WHOIS database, Government sourced companies house
database or Dun & Bradstreet company lookup information to validate
the accuracy of supplied data. This is an integral aspect of the service
provided by SecureSSL.
Service Updates
Established customers will occasionally receive information on products,
services, special deals, and a newsletter. Out of respect for the privacy
of our customers we present the option not to receive these types of communications.
We also send the user service announcement updates. Customers are not
able to unsubscribe from service announcements, which may contain important
security information about the service.
Updating Customer Information
If a customer's personally identifiable information or certificate specific
information changes they may update the original information provided.
Changes can be made by logging into the Members area and using the services
provided in the Manage Account section.
Choice / Opt out
Customers are given the opportunity to 'opt-out' of having information
used for purposes not directly related to the Comodo service offering
at the point where the information is requested. For example, all certificate
enrolment and product downloads has an 'opt-out' mechanism so customers
who buy a product from us, but would prefer not to receive any marketing
material, can request to have their email address kept off of our lists.
If customers no longer wish to receive our newsletter or promotional
materials from our partners, they may opt-out of receiving these communications
by emailing SecureSSL at webmaster@securessl.co.uk.
Customers of our site are always notified when their information
is being collected by any outside parties. We do this so our customers
can make an informed choice as to whether they should proceed with services
that require an outside party, or not.
Certificate Revocation & Expiry
Access to all issued certificates is provided through the Comodo public
repository. Because of the nature of the service provided, there may be
circumstances under which a certificate is revoked (cancelled). Furthermore,
as the lifetime of all certificates is finite (lasting usually 1 year),
certificates will expire.
SecureSSL still provides public access to both revoked and
expired certificates to ensure a party relying on the certificate may
still be able to retrieve the certificate and verify a signature made
with the certificate. Such certificates are flagged as revoked or expired
within the repository.
Customer consent
By using our Web site, customers consent to the collection and use of
this information by SecureSSL and Altaire Limited (the parent company).
If any subsequent changes are made to our privacy policy, we will post
those changes on the policy update page so that customers are always aware
of what information is collected, how it is used and under what circumstances
it may be disclosed.
|
