Data Protection Declaration for Users in EU & EEA
The Responsible Body in the sense of data protection laws, particularly the EU's General Data Protection Regulation (GDPR), is:
CAcert Inc. (association by law of Switzerland)
In this Data Protection Declaration, we will inform you in a simple language about the collection and processing of personal data by CAcert Inc. If you are a member of the CAcert community (you have created your account at www.cacert.org), the following texts are valid, although not every detail is explained there. The CAcert Data Protection Officer will be happy to provide you with the necessary information.
You can view your personal information at any time in your account and edit it if necessary. If you have mistakenly provided incorrect information when trying to register and verify your identity (Assurance) and would like to fix it, contact our Support directly (firstname.lastname@example.org), which will guide you through the rules that you have adopted at registration (CCA). This concerns
- the correction of incorrect personal data,
- saved data deleting,
- data processing restriction, if we still cannot erase your data due to legal obligations.
You may exercise the following rights at any time as part of activity of our Data Protection Officer:
- information about other stored data and their processing,
- objection to the processing of your data with us, and
- data portability, if you have agreed to process the data or have signed a contract with us.
If you have given us your consent, you may cancel it at any time with future effect in accordance with the terms of this policy. You can always contact the supervisor responsible for handling your complaint. Your competent authority will vary according to your country of residence, employment or place of complaint. The list of supervisory authorities in the non-public sector (Germany) is available here.
The purpose of processing by the responsible authority and third parties
We only process your personal data for the purposes of this Data Protection Declaration. The transfer of your personal data to third parties for purposes other than those mentioned above will not take place. We will only pass your personal data to third parties when:
- you have given your explicit consent
- processing is necessary to complete the contract with you,
- processing is necessary to fulfil the statutory obligation,
- processing is necessary to protect legitimate interests, and there is no reason to believe that you have the overriding legitimate interest in not disclosing your information.
Erasing or blocking data
We comply with the principles of data leak prevention and data savings. We therefore retain your personal data only for as long as it is necessary to achieve the purposes stated herein or as determined by different legal periods of retention. After the end of the relevant purpose or the expiry of these deadlines, the relevant data will be blocked or removed in a standard manner and in accordance with legal provisions.
We use so-called cookies on some sites. Cookies are small text files that are transferred from the web server to your computer's hard drive. This automatically gives us certain information, such as the IP address, the browser used, the operating system, and the Internet connection. Cookies cannot be used to run programs or to transfer viruses to your computer.
The data contained in your cookies logs you in to your account and gives you access to the internal parts of your account. They can help you navigate and view our website correctly.
The data collected by us will in no case be passed on to third parties or linked to personal data.
To serve our services, we've shown ads on some sites. The advertising agency (Google Adsense) uses its own cookies. We will keep you in touch with you in more detail.
Registration on our website
When registering (opening an account, gaining CAcert membership, mailing list, bug tracking, wiki editing), some personal information will be collected:
- CAcert community: name, e-mail address, date of birth
- mailing list: email address or name or details of the certificate
- bugtracker: e-mail address, name or pseudonym
- wiki editor: email address, name or pseudonym or certificate details
- Community membership: name, address, contact and communications data (e.g., telephone number and e-mail address), annual subscription payment.
If you are registered, you can access content and services that we only offer to registered users: viewing data, creating certificates, etc. Registered users also have the option of changing or deleting the registration data at any time. Of course, we also give you at any time information about the personal information we have about you. We are pleased to have it repaired or removed at your request, unless it is impeded by any Policies or statutory storage requirements. To contact us in this context, please use the contact details at the end of this Data Protection Declaration.
To protect your data during transmission, we use the latest encryption technology (such as SSL/TLS) in HTTPS.
Wiki and Blog
If users leave comments on our blog or if they post to our wiki, they save not only the name or nickname, but also the creation time. This serves our security as we can be prosecuted for any illegal content on our website, even if it is created by users.
If you have registered for one or more conferences, you will receive the corresponding items electronically. Based on your explicit consent in your account, we will send you irregular regional reports or similar information by email to the specified email address.
To receive these emails, it is sufficient to enter your e-mail address. When you sign in to receive these emails, the information you provide will only be used for that purpose. Participants may also be informed by e-mail of service or registration circumstances (such as bid changes or technical conditions). For effective registration, we need a valid email address. To verify that the owner of the appropriate email address has actually signed up, we use the "Double opt-in" procedure. We therefore record the order of the newsletter, sending the confirmation message and receiving the required response. Other data is not collected. The data will only be used for registration and will not be passed on to third parties.
You may at any time revoke your consent to the storage of your personal data and its use for sending by logging out of the mailing lists directly to lists.cacert.org and removing a check from your local account information. The Privacy Officer or Support does not have access to your account. However, if you have problems leaving the list, they can guide you.
If you have any question via email or if you use the contact form, you are giving us your consent to use your address for your reply. This requires a valid email address. This is used to assign a query and a subsequent response. Specification of additional data is optional. The information you provide will be stored for the purpose of processing queries and possible follow-up questions. Once the request is processed, we will automatically remove personal information. If you are sending a request to a public conference, the copy will be sent to all members of the list and archive. Deleting these recipients by CAcert is not technically possible.
Changing our Data Protection Declaration
Questions for the data protection officer
If you have any privacy concerns, please send us an e-mail or contact the CAcert Inc. Data Protection Officer directly. You can write in English or German:
Uhlbacher Platz 1
eu-data-protection <NO-SPAM> <AT> cacert <DOT> org
Data Protection Declaration for Using Google AdSense
Information obtained through cookies and web beacons, your IP addresses, and the delivery of ad formats are sent and stored by Google on a server located in the United States of America. Google may share this information with third parties, as required by law, or if Google provides data processing to third parties. However, Google combines your IP address with other stored data.
Your browser settings may prevent you from storing the cookies on your computer. However, it is possible that the content of these web pages will no longer be used to the same extent. By using this site, you consent to the processing of personal information by Google as described above and for the above purposes. We recommend that you sign out of other accounts before visiting CAcert. Google AdSense is explained in more detail here.
For more information, please see Google's Data Protection Declaration. If you have a Google Account, you can edit settings where Google can collect data using ads. For any questions about Google-advertised advertising and the information it collects, please contact:
1600 Amphitheatre Parkway
Data Protection Declaration for PayPal Payment Service
PayPal has certain components integrated on your website. PayPal is a payment service provider online. Payments are made through so-called PayPal accounts, which are virtual private or corporate accounts. In addition, PayPal has the ability to process virtual payments via payment cards if the user does not have a PayPal account. PayPal is managed through an email address and therefore does not have a classic account number. PayPal allows you to initiate online payments to third parties or receive payments. PayPal also takes over administrator functions and offers buyer protection services.
European Operational Society of PayPal is
PayPal (Europe) S.à.r.l. & Cie. S.C.A.
Boulevard Royal 22-24
If the responsible person [the buyer] selects a "PayPal" payment order during the order process in our online store, the data on this person will be automatically sent to PayPal. By selecting this payment option, the person in question agrees to transfer the personal data needed to process payments. Personal information sent to the PayPal service is usually a name, surname, address, email address, IP address, phone number, mobile phone number and other data needed to process payments. To complete the purchase agreement, you also need personal information related to your order.
The purpose of data transfer is to process payments and to prevent fraud. The responsible person's personally identifiable information will be provided to the PayPal service, especially if there is a legitimate interest in the transfer. Personal information exchanged between PayPal and the responsible person can be transferred to intelligence services. This transmission is focused on the identification and control of credibility.
PayPal may disclose personal data to affiliates and service providers or subcontractors to the extent necessary to perform their contractual obligations or process data on behalf of the Company.
The responsible person has the option of withdrawing at any time the consent to the processing of personal data by the PayPal service. The appeal has no effect on the personal data that must be processed, used or transferred to the contractual processing of payments. PayPal's applicable Data Protection Declaration can be found here.