TERMS AND CONDITIONS
Data Protection and Confidentiality Policy
1. certSIGN’s commitment
In providing the Trust4Mobile service (“Service”), certSIGN S.A., a company established and functioning in accordance with the Romanian law, registered at the Trade Register in Bucharest, under number J40/484/2006, bearing the following Fiscal Identification Code RO18288250, with its registered office in Bucharest, 107A, Olteniței Street, C1 building, ground floor, District 4 (“certSIGN”), is committed to protect and respect the private life of its customers (“Customers”), in accordance with the highest ethical standards of the industry and the legal provisions in force, in particular Romanian Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
Please read these rules and principles carefully, to understand our practices and our vision regarding the confidentiality of your personal data and the content of the calls and messages you make, send or receive using the Service.
2. Protection of Client personal data
This section sets the rules and principles based on which certSIGN, as operator of personal data registered with the National Supervisory Authority for Personal Data Processing under no. 3160, collects and processes the personal data of its customers.
a. Purpose of collecting and processing personal data of Customers
certSIGN will collect and process personal data of customers for the following purposes:
- In order to provide the Service and fulfil other obligations resulting from the contract concluded between certSIGN and the Client, as well as in order to notify the Client concerning any changes regarding the Services or other products or services provided by certSIGN;
- For advertising and marketing purposes, with the explicit consent of the Client.
b. Categories of Data Collected and Processed by certSIGN
In order to provide the Service, certSIGN may collect and process the following information and personal data of Customers, for the purposes described below:
- (i) The data the Client delivers when completing the forms available on the website of the Service www.trust4mobile.ro or through the trust4Mobile application, in the following situations:
- Email address, last name and first name of Client, for Client registration in view of creating a personal account on the webpage of the Service, if the Client intends to create such an account;
- Email address, last name and first name of Client, if the Client requests to subscribe to the Service or to additional services provided by certSIGN;
- Email address, last name and first name and phone number of Client, when reporting an issue regarding the functioning of the Service or the webpage of the Service;
- The data the Client provides when contacting certSIGN or one of certSIGN’s employees and that is necessary for providing the Service or for the fulfilment of other obligations arising from the contract between certSIGN and the Client, as requested by the Client.
- Data necessary to carry out or relating to transactions made by the Client on the website of the Service or otherwise:
- Data necessary for certSIGN to fulfil the orders placed by the Client, including billing information, contact name, phone number, shipping address for the encryption devices (tokens) and details about the devices where the “Trust4Mobile” application is to be installed;
- Data regarding the payment of the service;
- Data necessary for conducting studies, for research purposes, in view of constantly improving the Service or for developing additional services, if the client wishes to provide such data;
- Data regarding the visits on the website of the service, including traffic data, location data, logs and other such data, and the resources accessed, in order to improve the website of the Service; by way of exception, certSIGN will not collect and/or process the logs regarding visits that require Client authentication.
certSIGN does not collect data regarding the calls or messages the Clients make, send or receive using the Service, such as traffic data, location data, logs and other such data, excepting logs regarding errors of the used protocol.
Note: If certSIGN intends to store information or to gain access stored on the terminal equipment of a subscriber or user (e.g. using cookies), specific provisions will apply regarding the approval and notification of the Client.
c. Personal Data Storage
The data collected from Clients are not transferred or stored at a location outside Romania. The data may be processed by certSIGN’s or its providers’ staff, in order to fulfil your orders, to make the payments and to provide support services. By submitting personal data, you agree with this transfer, storage and processing. certSIGN will take all the reasonably necessary steps to ensure that the transfer, the storage and processing are carried out in accordance with the rules and principles set out in these Terms and Conditions.
certSIGN implements strict procedures and security mechanisms to prevent unauthorized access to the Clients’ personal data. All data provided by the Clients to certSIGN are stored on secured servers. All the credit card transactions are protected by encryption.
certSIGN will make every effort to ensure the protection of data received from Clients, but is not responsible for any harm to the security of that data during its transmission through the Internet.
If the Client receives from certSIGN a password that allows access to certain sections of the Service website, the Client holds the entire responsibility for maintaining the password confidential.
d. Disclosure of Client Personal Data to Third Parties
certSIGN may disclose Client personal data to third parties in the following situations:
- If data disclosure is mandatory by law;
- If data disclosure is necessary in order to fulfil the obligations arising from the contracts between certSIGN and the Client, in view of protecting certSIGN’s legitimate interests or to protect the life, physical integrity or health of an individual;
- If certSIGN finalizes the processing operations:
- for companies of the same group as certSIGN or
- for other companies, if these companies acquire some assets or shares from certSIGN, situation where certSIGN may disclose these data to the company within the same group and to the buyer of the assets or shares respectively if the purpose of the subsequent processing performed by these recipients are similar to the purpose of the initial processing performed by certSIGN.
Client’s rights with regard to the processing of personal data
The Client shall have the rights provided by Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, in particular:
- The right of access to data;
- The right to change the data;
- The right to object to the processing of personal data concerning him/her;
- The right to request data deletion;
- The right to not be subject to individual decisions;
- The right to refer to a court of law; and
- Any other rights provided by law with regard to processing of personal data.
To exercise these rights, the Client may refer to certSIGN’s Support Department, via e-mail to the following address firstname.lastname@example.org, by fax (+4021)3119905 or telephone (+4031)1011870.
In addition, the Client may refuse to provide their personal data to certSIGN. The Client’s refusal to provide such data may render certSIGN unable to provide the Service.
3. Confidentiality of Client Communication
This section sets the rules and principles based on which certSIGN ensures the confidentiality of the content of calls and messages sent or received by Clients using the Service ("Communications").
a. Ensuring communications confidentiality
certSIGN implements strict procedures and security mechanisms to prevent unauthorized access to the contents of communications made by the Client using the Service. The Service allows the encryption of Clients’ communications, through a key generated during the process of mobile device authentication. A unique cryptographic key is generated for each call/message and it is sent directly between the two users and it is destroyed for both mobile devices after ending the call/ deleting the message. SMS messages are encrypted at all times, both during transit and on the mobile devices of the two users. The user can set the messages to be stored for a predefined amount of time. Deleting the message makes it impossible to recover it.
certSIGN does not have access to the content of the calls or messages made, sent or received by the Clients through the Service; it does not collect and does not store data regarding the respective content.
certSIGN exercises due diligence to ensure the confidentiality of the Clients’ communications, performed through the Service, within its legal obligations. certSIGN is not liable for any damages to the confidentiality of Client communication, through illegal practices of third parties that involve actions on devices used by Clients or surveillance or environmental interception of communications.
If the Client receives from certSIGN a password that allows access to the encryption device (token), the Client holds the entire responsibility for maintaining the password confidential.
b. certSIGN’s liability and obligations related to unlawful or apparent unlawful customer activities
certSIGN is not liable for the acts or actions committed by Clients through, resulting from or in connection with calls or messages made, sent or received by Clients through the Service.
If acknowledging by any means the involvement of Clients, by using the Service, in apparently illegal activities or in providing apparently illegal information, certSIGN shall immediately inform the competent public authorities and shall take all reasonable measures not to alter the respective information.
certSIGN will stop providing the Service to certain users, temporarily or permanently, if the measure was dictated by a public authority or court of law.
4. Changes to Terms and Conditions
Any change made to these Terms and Conditions will be published on the website of the Service, in their dedicated section and, where applicable, the Clients will be notified by e-mail. For questions, comments or suggestions on these Terms and Conditions, please contact us at email@example.com.