Privacy Statement of the PSW Console

Name: PSW GROUP GmbH & Co. KG
Address: Flemmingstraße 20-22, 36041 Fulda, Hessen
Telephone: +49 661 480 276 10
Rating: 4,9

Note: This document is a translation of the German version. In the event of deviations resulting from a translation error, the German-language version shall take precedence. Click here for the German version "Datenschutzerklärung der PSW Konsole".

Thank you for visiting our PSW Console and for your interest in our services and products. The protection of your personal information is very important to us. With this Privacy Notice, we would like to inform you about how we handle your personal data when you visit our websites, when you order our products and also about your rights.

Your PSW-Team

Content

1. Information on the collection of personal data and contact details

Who are we and how can you contact us?

We, the

PSW GROUP GmbH & Co. KG
Flemingstraße 20–22
36041 Fulda
Germany

Phone: +49 661 480 276 10
E-Mail: info (at) psw.de

as the controller, is responsible for protecting your personal data. If you have any questions about data processing, your rights or this privacy statement, our data protection officer, Mr. David Gabel, will be happy to assist you.

You can reach him at: david.gabel(at)your-insider.com

Or our Data Protection Team at: datenschutz(at)psw.de

1.2 Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the character string “https://” and the lock symbol in some browser address bars.

2. Data collection by visiting the PSW Console

2. 0. What data is processed when you visit our PSW Console?

In the following, we will inform you which data is collected during your visit, for what purposes it is processed, on what legal basis the data processing takes place, what options you have to control the collection and processing of the data yourself and when the data is deleted.

2.1 Log-Files

Data collected:

URL of the pages visited
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Used browser
Used operating system
IP adress

Purpose of data processing:
The temporary storage of this data is necessary to enable the website to be delivered to your computer and to ensure the functionality of the website. We also use this data to gain statistical insights into how our websites are used. In addition, we collect the data in order to trace and prevent unauthorized access to the web server and misuse of the websites and to secure our information technology systems.

Legal basis:
We store this data temporarily on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest lies in achieving the purposes described above.

Storage duration and control options:
The data will be deleted when it is no longer necessary to achieve the purposes. Log files are deleted after 30 days at the latest.

2.2 General information about cookies

Our online portal works without third-party cookies. We only use cookies to save the session from where you come to the site or when you are logged in and to secure the shopping cart.

Cookie name	Description	Duration of storage
Shop	Is set when you use the order process via our website and are subsequently logged into our PSW console	24 hours
PSW Console	Will be set if you log in to our PSW console right away and use the order process there	24 hours

3. Data processing when ordering products

3.1 What data do we need to fulfill the contract?

Data collected:
When ordering from us we require your billing address as well as the contact details of the customer/applicant and, if applicable, the certificate holder/subcriber. Depending on which product you choose, the mandatory information may vary. We try to reduce the amount of personal data to a minimum.

In order to fulfill the order, personal data (name and email address) of the certificate holder may have to be transmitted to third parties involved (e.g. certification authorities).

Furthermore, it may be necessary to submit identification documents to verify the applicant. Please note the validation guidelines for the respective products. You can find the validation guidelines in the details of the individual products. Please only send us sensitive information via encrypted transmission channels (e.g. via the order forms or the file upload in the PSW Console.

Purpose of data processing:

Order processing
We transmit the certificate holder's data to the certification authority you have chosen and also use it to check and validate the order.
The contact information provided when ordering the certificate will only be used for communication relating to the order.
The data of the invoice recipient will only be used for invoicing and for information about the expiry of the certificate.
Login Area
The personal data transmitted by the user to create a user account will only be stored and processed for this purpose.
When you open a customer account, you consent to the storage of your inventory data such as name, address, e-mail address and bank details as well as your user data (user name, password). This enables you to place orders with us using your e-mail address or customer number and your personal password. We will obtain your consent for this.
Callback service
We will contact you as part of (pre-)contractual measures.
User requests
We will answer your inquiries within (pre-)contractual measures.
Legal obligation
The processing of your personal data is partly necessary to fulfill our legal obligations, e.g. to comply with tax and commercial law requirements (e.g. §§ 146, 147 AO).
We would like to expressly point out that our e-mail system has an automated archiving process. All incoming and outgoing emails are digitally archived in an audit-proof manner. The retention period can be up to 10 years.

Legal basis:

The legal basis for the transfer is the contract that you have concluded with us in accordance with Art. 6 para. 1 lit. b GDPR.
The legal basis is the consent you have given us in accordance with Art. 6 para. 1 lit. a GDPR.
The legal basis for our legitimate interests is Art. 6 para. 1 lit. f GDPR.
The legal basis of our legal obligation is Art. 6 para. 1 lit. c GDPR

3.2 Who receives your data?

We and the following certification authorities are each independently responsible. Within the scope of the validation carried out by us, there is joint responsibility with the certification authorities. In the following table, we list the respective responsible bodies and inform you where they have their headquarters and where you can view their data protection policy.

Certification authority	Location	Privacy policy
Sectigo Limited vormals - Comodo Security Solutions, Inc. - Comodo Group, Inc.	(UK)	Privacy policy Sectigo
DigiCert, Inc - Symantec Corporation - as well as the brands Thawte; GeoTrust und RapidSSL	(US) (US) (US)	Privacy policy DigiCert
GMO GlobalSign, Inc. - AlphaSSL US - AlphaSSL EU	(US) (US) UK	Privacy policy GlobalSign
SwissSign Group Ltd. SwissSign AG	CH CH	Privacy policy SwissSign
Asseco Data Systems S.A. - CERTUM PC	PL PL	Privacy policy Certum
UBISECURE OY - UBISECURE (RapidLEI)	FI FI	Privacy policy UBISECURE
D-Trust GmbH	DE	Privacy policy D-Trust
Eviden Germany GmbH - ATOS	FR	Privacy policy Eviden
Entrust Corporation	US	Privacy policy Entrust
procilon GmbH	DE	Privacy policy procilon
Signius UG	DE	Privacy policy Signius

If you activate Trusted Shops buyer protection when ordering, we transmit the e-mail address to Trusted Shops.

We have suitable guarantees and an agreed level of security for the above-mentioned data transfers.

3.3 You need an installation service

If you have problems with the creation of the CSR (Certificate Signing Request) or the installation of the certificate, you can book an installation service by a technician with us.

The technician connects with the help of the remote access software TeamViewer by

TeamViewer Germany GmbH
Bahnhofsplatz 2
73037 Göppingen (DE)

to your computer.

TeamViewer GmbH records the TeamViewerID and the IP address when the connection is established. The connection between the technician's computer and your computer is end-to-end encrypted. This means that no data can be read from your computer. Further information can be found in the TeamViewer GmbH privacy policy.

Please make sure that you close all programs and files that you do not wish to disclose before you agree to the connection with the technician.

4. Payment

Payment data is collected as part of the ordering process. For orders on our website, you have the option of choosing between different payment methods. Details can be found in our General Terms and Conditions.

Purchase on invoice
direct debit
PayPal
by credit card (Stripe)

4.1 Paypal

It is possible to process the payment transaction with the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

Data collected:

If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. In this case, you conclude a contract for payment transmission. PayPal acts as a broker and thus as a controller in its own right.

This regularly involves the following data:

name
Address
Company name
E-mail address
Telephone and mobile number
IP address

Purpose of data processing:

The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of PayPal. For more information, please refer to PayPal's privacy policy.

Legal basis:

The legal basis for data processing is Art. 6 (1) b) GDPR, as the processing of the data is necessary for payment with PayPal and thus for the performance of the contract.

4.2 Stripe

The payment service provider for credit card payments Stripe (Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin) processes payments for us.

Data collected:

If you choose Stripe as your payment method, your data required for the payment process will be automatically transmitted to Stripe. In this case, you conclude a contract for payment transmission. Stripe acts as a broker and thus as an independent controller.

This regularly involves the following data:

name
Address
Company name
E-mail address
IP address

We do not have access to the credit card information.

Purpose of data processing:

The data transmitted to Stripe may be transmitted by Stripe to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Stripe may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of Stripe. Further information can be found in Stripe’s privacy policy.

Legal basis:

The legal basis for data processing is Art. 6 (1) b) GDPR, as the processing of the data is necessary for payment with Stripe and thus for the performance of the contract.

5. Rights of the data subject

5.0 What rights do you have and how can you exercise them?

5.1 Revocation of consent
You can revoke any consent you have given to the processing of your personal data at any time with effect for the future. Please note that the revocation has no effect on the legality of the previous data processing and that it does not extend to such data processing for which there is a legal reason for permission and which may therefore be processed without your consent.

5.2 Further rights of data subjects
In addition, in accordance with Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), you are entitled to the following data subject rights if the legal requirements are met:

Information:
You can request at any time that we provide you with information about which of your personal data we process and how, and that we provide you with a copy of the personal data we have stored about you, Art. 15 GDPR.

Rectification:
You may request the rectification of inaccurate personal data and the completion of incomplete personal data, Art. 16 GDPR.

Erasure/ Right to be forgotten:
For the deletion of your personal data: Please note that data that we need for the performance and execution of contracts and for the assertion, exercise and defense of legal claims as well as data for which there are legal, regulatory or contractual retention obligations are excluded from deletion, Art. 17 GDPR.

Restriction of processing:
Under certain circumstances, you can request the restriction of processing, e.g. if you believe that your data is incorrect, if the processing is unlawful or if you have objected to the data processing. This means that your data may only be processed to a very limited extent without your consent, e.g. to assert, exercise and defend legal claims or to protect the rights of other natural and legal persons, Art. 18 GDPR.

Objection to data processing:
You have the option to object to data processing for direct marketing purposes at any time. You can also object to data processing based on a legitimate interest at any time if there are special reasons, Art. 21 GDPR.

Data portability:
You have the right to receive the data that you have provided to us and that we process on the basis of your consent or for the performance of a contract in a commonly used, machine-readable format and, where technically feasible, to request the direct transfer of this data to third parties, Art. 20 GDPR.

5.3 Contact channels

You can exercise your rights via the following contact channels:

Mr. David Gabel
Data Protection Officer
Am Bürgerl 1
92431 Neunburg vorm Wald
Germany

E-mail address: david.gabel(at)your-insider.com

Alternatively, you can also contact our data protection team at datenschutz(at)psw.de.

5.4 Right to lodge a complaint with a supervisory authority

If, for example, you believe that our data processing is unlawful or that we have not granted the rights described above to the extent necessary, you have the right to lodge a complaint with the competent data protection supervisory authority.

6. Deletion of personal data

6.0 When is your data deleted?

The duration of the storage of personal data is determined by the respective statutory retention period:

We keep your information and communication regarding your order for 6 years after the contract expires in order to be able to meet commercial law requirements.
The invoices for your orders must be kept for 10 years for tax reasons.
Validation documentation related to your orders (such as identification documents and audio recordings of the confirmation call) will be retained for 7 years from the end of the year in which the certificate/order expires. This is a requirement of the certification authorities in order to be able to check our integrity.

After this period has expired, the corresponding data will be routinely deleted if it is no longer required for the fulfillment or initiation of the contract and/or if we no longer have a legitimate interest in its continued storage.

7. Changes

We regularly make changes to our privacy notice in order to remain compliant with legal regulations in the future. Your rights to information, correction, deletion and objection remain unaffected by such changes. Please always note the latest update. [Version 1 / Status: 06.2024]