The SSLOK solution (accessible at https://SSLok.io ) is published by the company CyberSalus. As part of its activities, the company CyberSalus processes users' personal data when they browse or register on the solution.
The concept of "personal data" includes information that allows you to be directly identified as a natural person, such as your name, first name, address, date of birth. Other information than this may also allow you to be identified (a telephone number, an IP address, an order number, etc.).
European Union regulations, and in particular the General Data Protection Regulation (known as the “GDPR”), govern the use of your personal data by third parties.
This privacy policy aims to explain to you the personal data concerning you, used by the company CyberSalus when you browse our solution, the way in which they are used and the rights you have.
Within the meaning of Article 4 §7 of the GDPR, the data controller is the person who determines, alone or jointly, the purposes and means of each processing operation.
The subcontractor is, within the meaning of Article 4 §8, the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
In our capacity as publisher of the website, we act as Data Controller.
In our capacity as provider of an SSL/TLS digital certificate management service to professionals, we act as data controller for processing operations relating to the management of our customers, communication about our offers and services, the proper functioning of our solution and its security. However, we act as a subcontractor for processing operations carried out by our customers using the SSLOK solution.
As part of our activities, we are required to collect and record personal data on our customers and, on their behalf, on users of the solution.
When you register on the solution, we collect data from the fields of the registration form (name, first name, email address, password, company concerned).
When you subscribe to our solution, we collect data relating to your subscription (offer subscribed to, duration of the subscription, billing address, etc.).
When you subscribe to a subscription on our solution, payment by credit card is made via the “Stripe” payment module. SSLOK does not store your bank details, the bank transaction is managed by Stripe.
In addition to the personal data you have provided to us, we may also collect your browsing data through cookies.
Your personal data is used by CyberSalus for the following reasons:
Ensuring that the content of the solution is presented to you in the most effective manner;
Manage and enforce your online use;
Keep you informed, unless you have unsubscribed, of our news;
Issue an invoice to you;
Carry out analyses and statistics on the use of the solution;
Allow you to exercise the rights you have under the rules relating to the protection of your personal data;
Manage your contact requests on the solution (complaints, reports, etc.).
The processing of your personal data by CyberSalus is based on:
The performance of a contract between you and CyberSalus ;
Our legitimate interest in sending you newsletters when you are a customer or your consent to receive them when you are not yet a customer.
Under no circumstances do we sell, exchange or rent your personal data to third parties.
The personal data collected about you is used only by our company. However, as part of our business, we may use subcontractors who may receive communication of your personal data. Where applicable, we ensure the compliance of all subcontractors in compliance with the requirements set by the GDPR and by case law.
Our company has set up, where possible, personal data subcontracting agreements with all of its subcontractors in order to guarantee that the personal data you entrust to us is processed with the same level of requirements as our services. Otherwise, our establishment has ensured that its subcontractors have a level of compliance essentially equivalent to the requirements set by the GDPR.
In general, our company does not disclose your personal data to third parties, except if:You request or authorize the disclosure;
We are compelled to do so by a governmental authority or regulatory body, in the event of a judicial requisition, subpoena or any other similar governmental or judicial request, or to establish or defend a legal claim;
The third party acts as an agent or partner of our establishment in the performance of its activities.
To obtain the list of our subcontractors, please contact us at rgpd@SSLok.io.
The solution usage data is automatically deleted within a maximum of 30 days from collection. Our customers' contact data is deleted within a maximum of 3 years, from your last use of the solution or from our last contact with you, if you have never subscribed to the solution. This retention period is valid for prospecting actions but any information necessary to establish proof of the contractual relationship with our customers is kept for a maximum period of 5 years from the termination of the subscription.
When you subscribe to a subscription, payment is made by credit card. Unless you have expressly requested that your bank details be kept for a future payment, your bank details are immediately archived for a maximum period of 6 months, from your purchase, for proof purposes in the event of a dispute relating to the payment.
The cookies and tracers mentioned below are installed for a maximum period of 6 months.
For more information on the retention periods we apply, please contact us at rgpd@SSLok.io.
SSLOK does not transfer personal data to countries outside the European Union. The data is hosted in France by a French service provider.
We will respond to your request as soon as we act as a data controller. If your request concerns processing for which we are a subcontractor, we will not be able to respond directly to your request and we will forward it to the data controller concerned.
→ Right to informationYou have the right to request certain information that our establishment undertakes to communicate to you in a transparent, clear and precise manner upon request.
→ Right of access and communication of all data concerning youYou can request access to your data and obtain a copy when it is processed. Our establishment is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right of rectificationYou can obtain the rectification of your data when it is erroneous or inaccurate. Our institution is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right to be forgottenYou can request the deletion of all the data we hold about you, within the limits of the data that are necessary for it to fulfill its contractual or legal obligations. Our institution is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right to objectYou can object, at any time, to processing when you are placed in a particular situation. Proof is required. Our institution is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right to data portabilityYou can ask us to return all data concerning you in a machine-readable and understandable format or ask us to transmit them to another training organization. Our establishment is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right to restriction of processingYou can ask our establishment to keep your data without using it. This data is therefore frozen for a temporary period in cases where you exercise another right in parallel (e.g. contesting the accuracy of the data, objecting to the processing of your data, unlawfulness of the processing). Our establishment is entitled to ask you for identification when we have reasonable doubts about your real identity or when the request concerns sensitive data within the meaning of Article 9 of the GDPR.
→ Right to withdraw consentWhen the processing of your data is subject to the collection of your consent, you have the possibility at any time, on our website or with our services, to withdraw this consent.
→ Right to humanization (automated individual decisions)To the extent that our establishment is required to make fully automated decisions concerning you, you have the possibility to ask us to use human intervention in making said decision. This right is granted to you outside of any contractual requirements or when you have not waived it in an informed, explicit and unambiguous manner.
To exercise your rights, contact the data protection department at the following address rgpd@SSLok.io.
→ Right to define the fate of your information in the event of deathYou can, in advance, communicate general or specific directives allowing you to decide how your information will be processed in the event of death. In the absence of such instructions, your heirs will be able to exercise, on your behalf, the rights mentioned above.
→ Right to lodge a complaint with the CNILIf you consider that our data protection policy does not comply with European regulations or that your rights are not respected, you can, at any time, lodge a complaint with the CNIL on the website www.cnil.fr or by post (3 Place de la Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07).
Cookies are data stored in an Internet user's terminal equipment and used by the solution to send information to the Internet user's browser, and allowing this browser to return information to the original solution (for example a connection identifier, the choice of a language or a date).
Cookies make it possible to store, for the duration of the validity of the cookie concerned, status information, when a browser accesses the different pages of a solution or when this browser subsequently returns to this solution.
Only the issuer of a cookie can read or modify the information contained therein.
You are informed that, during your visits to the solution, cookies may be installed on your terminal equipment.
We use several categories of cookies including:
Cookies deemed “necessary” for the proper functioning of the solution;
Fraud prevention cookies for payments;
Cookies called "necessary" for the proper functioning of the solution make it easier for you to navigate the solution by simplifying the essential functions of the solution (such as navigation between pages). The proper functioning of the solution depends in part on these cookies;
Payment cookies. They are used in order to be able to proceed with the purchase of an SSLOK subscription.
You have several options to configure the installation of cookies. In particular, you can manage your consent for each purpose on the solution from the cookie banner but also from your customer area.
The security of our hosting servers
The hosting servers on which our establishment processes and stores your data are exclusively located in France and meet a level of security consistent with the typology of the latter.
In accordance with the General Data Protection Regulation, an impact analysis is carried out in the event of sensitive processing in order to determine our ability to process this data securely. When an impact analysis must be carried out on subcontracted processing, we collaborate with the data controller so that the latter has all the information allowing it to carry out this analysis.
The measures implemented to respect our commitment
As part of its activities, our company attaches the utmost importance to the security and integrity of the personal data of its customers and their users.
Thus, and in accordance with the GDPR, we undertake to take all useful precautions to preserve the security of your data and in particular to protect them against any accidental or illicit destruction, accidental loss, alteration, dissemination or unauthorized access, as well as against any other form of illicit processing or communication to unauthorized persons.
Furthermore, in order to avoid any unauthorized access, and to guarantee the accuracy and proper use of your data, SSLOK has implemented appropriate digital, physical and management procedures to safeguard and preserve the data collected through its services.
Despite everything, no one can consider themselves to be completely safe from malicious acts.
This is why, in the event that a security breach presents a high risk for the integrity or confidentiality of your data, our establishment undertakes to inform you within a reasonable time and to take all possible measures to neutralize the intrusion and minimize its impacts.
In the event that you suffer damage due to the exploitation of a security breach by a third party, we undertake to provide you with all necessary assistance so that you can assert your rights.
It should be borne in mind that any person exploiting a security breach is exposed to criminal sanctions and that we will take all measures, including by filing a complaint and/or taking legal action, to preserve the data, our rights and those of the persons concerned and to limit the impact as much as possible.
CyberSalus reserves the right to change this Privacy Policy at any time, including in accordance with changes in applicable laws and regulations. Any changes will be posted on our website. This notification will include a link to the amended Privacy Policy for a reasonable period of time. We may also communicate this change by any other written means at our convenience.