Privacy Policy
Ascertia respects your privacy and is committed to protecting it
This privacy policy defines the information collection and use practices which Ascertia (as data controller) implements to ensure security of its client’s data. Consent against this privacy policy is taken at your account creation time or other form submissions on the Ascertia website. It is important that you read this privacy policy. In case of any confusion you may also contact us. If you do not agree with this privacy policy, then you should either not register, not submit your personal information on the Ascertia website in the first place OR if already registered on Ascertia website or have submitted personal information, then remove your account as mentioned in this privacy policy – see section Account Deletion below.
This privacy policy explains:
User Rights
Right to be informed – This Privacy Policy details how Ascertia website processes, stores and shares your personal information. You will be informed of any changes to this privacy policy. If we change any information related to you we will notify you of those changes accordingly
Right of access – You can access all of the information of your account from the Ascertia website portal. Any information shared with service providers (processors) will be held securely and not used other than what is explained in this privacy policy. In case you want more information you can contact us – see Contact us section at the end
Right to rectification – You can edit any information from the Ascertia portal. Certain information can’t be rectified as mentioned in this privacy policy
Right to erasure – You can request us to remove your account. Details are mentioned in ‘Account Deletion’
Right to restrict processing – You can request us to restrict processing for your account. See‘Account Deletion, Restrict Processing’
Right to data portability – You can request your data in portable form. See section ‘Data Portability’
Right to object – See section ‘Need more info or complaints’
Rights related to automated decision making including profiling – We don’t do automated decision making or profiling
Information we collect, how it is collected and purpose
To provide you access to the Ascertia products, free/paid certificates or more information Ascertia website requires you to provide personal identifiable information. Some of the information is provided at account registration time and some later. At all times the information mentioned below can be viewed and updated from your Ascertia website account. Some of this information is mandatory for the basic processing of your account while some is optional.
Name (mandatory) – Used in notification emails to identify you. This information may also be used within our marketing platform. This allows us to inform you about updates to our Ascertia products and services and informational blogs. You can opt out of our marketing emails by using the unsubscribe link.
Email (mandatory) – This acts as your unique account ID and is required for login to your Ascertia website account. This information can’t be changed later other than by deleting your account and creating a new account with a different email address. Your email address information is also shared with our marketing platform. You can opt out of our marketing emails by using the unsubscribe link.
Mobile Number (optional) – We may use your phone number to contact you if you have registered, requested a quotation or demo by submitting a website form on www.ascertia.com. If entered, your phone information is also shared with our marketing platform. You can opt out of our marketing emails by using the unsubscribe link.
Company / Website (optional) – This information helps us understand and support you better if we can associate you with a particular organisation. If entered, your company name information is also shared with our marketing platform. You can opt out of our marketing emails by using the unsubscribe link.
Country (optional) – This allows us to recommend local partners in your region to respond to your needs and communicate in your local language if preferred. This also helps us in asking for VAT if you are in the EU region.
Security Question / Answer – (mandatory)- In case you forget your login password the security question and answer can help you to reset your password. This is stored securely in the system.
Password/Confirm Password (mandatory) – This allows you to be authenticated before allowing access to your Ascertia website account. We never store your password in its original clear text form, instead it is held in a one-way encrypted form which is only useful for comparison purposes later.
Billing Info – When making a purchase from the Ascertia website, your billing address is provided to our payment gateway which is eventually provided to us for displaying on invoices that we create for you. The invoices we provide gives you complete details of the payment process including purchaser’s name, purchase date, price, billing address, VAT information and transaction ID. Note that we don’t ask for or store your card information on our systems. This is managed by our payment gateway service which is PCI/DSS compliant. https://www.worldpay.com/us/products/security-compliance/pci-compliance
Miscellaneous Data – EU VAT ID – You can provide your VAT ID at buying time to avoid us charging VAT for the purchases made
Request a Quote / Demo / Contact Us
For certain forms, we ask for the following set of information to know more about you and hence get back to you.
Request a Quote / Demo / Contact Us
For certain forms, we ask for the following set of information to know more about you and hence get back to you.
First, Last Name (mandatory)
Email (mandatory)
Phone (optional)
Job Title or Role (mandatory) – This helps us know more about you which in returns allows us to provide better service e.g. if you are a business user then we will provide you with higher level business/industry level information related to our service. On the other hand if your job role is more technical, we may provide you more detailed technical descriptions of our solutions.
Company (mandatory) – helps us understand and support you better if we can associate you with a particular organisation
You can optionally provide how you came to know about us and any specific project requirements which helps us respond to you in the most efficient way. If submitted, this information is also shared with our marketing and CRM platforms to enable our sales team to contact you accordingly and deal with your request. You can opt out of our marketing emails by using the unsubscribe link.
Online Chat – Ascertia website provides an online chat system which helps customers and partners to communicate with us and get help on our products and services. You can initiate the chat by providing basic information including your name, email address and question (optional). Once sent you are connected to a support representative who may ask for the details about the issues you are facing. To help us identify your environment we may automatically fetch the following information:
IP Address
Platform / Operating System
Color Depth / Resolution / ISP details
City / Region / Country / Postal Code
Latitude / Longitude
This information is only kept during the chat session and removed automatically as the chat session closes.
Requesting for PDF Sign&Seal licenses – If you are a PDF Sign&Seal reseller partner you can request PDF Sign&Seal licenses from the Ascertia website via secure access (SSL client authentication) to our reseller area. As part of requesting the licenses we ask the following information.
Company Name (mandatory) – This is the company name for which licenses are required
Company Address – Address of the company for which licenses are required
Company Phone – Phone of the company for which licenses are required
Country (mandatory) – Country of the company for which licenses are required
This information helps Ascertia recognise the reseller partner and how to best manage the request for licenses.
Support Tickets – Using our Ascertia website you can raise support tickets against the Ascertia products. In general, these contain only information of a technical matter but may contain certain customer’s personal information you provide yourself. In all cases the information given or requested is to help address customer and partner support needs.
Certificate Generation – Ascertia allows you to either obtain free digital certificates or paid ones. For both you have to provide some personal information which can be kept inside the digital certificate. Information asked is:
Email (mandatory) – This information is used to construct the digital certificate which the user requires
Name (mandatory) – This information is used to construct the digital certificate which the user requires
Organisation, Organisation Unit, Locality, State, Country – Phone of the company for which licenses are required
Country (mandatory) – This information is optional and used to construct the digital certificate and is common for such certificates as this helps identify the user in their systems.
Password – This information is used to protect the generated Private Key file (PFX). It is important to protect your PFX file to avoid misuse. Note that we don’t store your PFX password.
Following is the list of information gathered automatically by Ascertia website:
IP Address (system identified) – We record IP Addresses for license activation of our PDF Sign&Seal product to avoid misuse of product licenses. This information is shown inside your Ascertia website account and hence helps you track machines where PDF Sign&Seal license were activated.
Usage Data – Information related to the ways in which you interacted with our services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed, the amount of time spent on particular pages, the date and time you used the services, the frequency of your use of the services, and other similar information. See Information Sharing for more details
Logs – Ascertia website generates server-side logs which helps administrators to debug any application related issues. Logs are kept for 30 days.
Information storage and security
Ascertia is committed to protecting the information you provide us. To prevent unauthorised access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, Ascertia has in place appropriate physical and managerial procedures to safeguard the information we collect. This security measure is working when you see either the symbol of an unbroken key or closed lock (depending on your browser) on the bottom of your browser window.
All of your personal data is stored in our database (encrypted) and system logs in secure manner within data centers operating in the EU region. Back up of your data is also done within the EU region. All of your information is transferred from your machine to our servers over TLS to provide end-to-end confidentiality and data integrity protection to ensure that the information you send to us is not intercepted by anyone in transit. This is true also for any personal data moving from our servers to any 3rd party service providers. We use modern and secure versions of TLS with SSL v2 and v3 being blocked. There is a small of personal data which our service provides (processors) keep outside of EU region. See section Information Sharing below for more details.
Information Sharing
We do not sell your information to anyone. We do not share your information within anyone other than the third parties as described in this section of the Privacy Policy. To be clear, when we share the only purpose of sharing information is to assist you to perform relevant activities, giving you the best user experience and to fulfill your needs.
We ensure that we only engage with reputable organisations offering suitable guarantees to ensure the security of your personal data. We ensure that all of service providers mentioned in this privacy policy have signed proper contracts with us to ensure they have proper privacy policies and abide by GDPR.
Sharing with Service Providers
HubSpot and Salesforce – Information is sent to our marketing platform (HubSpot) and CRM platform (Salesforce) to allow us to communicate with you more effectively regarding our products and services updates and to provide you informative blogs, newsletters and information relating to the e-signature industry. This help you improve your understanding of our products and solutions generally. Our marketing platform (HubSpot) is accessible to our authorised partner BambooPR, who are responsible for creating and reviewing content pieces including blog posts and newsletters. Information which HubSpot and Salesforce manages on our behalf includes:
Your Name, Email, Company, Phone, and Job Title.
The information you provide us in any website form including “contact us”
Both of these organisations are ISO 27001 certified service providers. The information is stored inside their USA/EU held data centres and is not shared with other clients. HubSpot and Salesforce both have the EU-US privacy shield certificates.
Microsoft Azure – Hosting provider where static site is running on this and no personal information is stored there.
4D Data Centres LTD – Hosting provider where dynamic site is running.
Worldpay – At buying time your name will be sent to Worldpay. Worldpay is a PCI-DSS compliant company and also certified as ISO 27001. Your personal information is only kept in the European region
For more details about privacy capability of these services and in particular GDPR see the following links:
Sharing with law enforcement agencies
We may share your information when we have to comply with legal process (e.g. a aasd). All of this will be done in good faith and done to investigate possible illegal activities. We may also share your information in circumstances involving potential threats to the safety of Ascertia, our employees, users, or the public. We may share if we find violations of this privacy policy or our terms of agreements. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organisations.
Consent
We may share your information in other ways if you have consented to such sharing. For example, we publish customer testimonials on our website.
By using the services, you acknowledge that some of your information may be transferred outside of EU as our service providers data centres are hosted outside EU with sufficient protection applied in place.
Merger or Acquisition
If we merge with or are acquired by another company or if all or a substantial portion of our assets are acquired by another company, in those cases your information will likely to be one of the assets that is transferred.
Accessing Your Information
We provide users to access and change all of your account information which includes your profile information. You cannot change information which is automatically system-created like personal data which goes inside invoices or logs.
In case you are failing to modify any information contact us using the contact information below. We will review and respond within 3 working days on how to modify any inaccurate or incomplete information as per the laws. Note that your ID (email) cannot be changed once an account is created as this is your unique link to your account. In case you want to change this, you will need to create a new account with the different email address. Once done you can contact us to delete the previous account.
Email and Direct Marketing Choices
We provide opt-out information in all marketing / information emails we send via an “unsubscribe” link which is set in the bottom of the emails. If initiated it may take a day to opt out. You can also opt out of such emails using your profile area.
Data Retention
Your account held data is kept at all times unless a user request via email to delete his data. We may keep some information in the web logs which is automatically cleared in 30 days. Logs are kept in rolling fashion and contain information to help us troubleshoot issues. If you were paid-up customer then your information may be kept for accounting purposes as per the law.
Account Deletion, Restrict Processing
Any account deletion requests will be processed within 7 days. As per your request we will delete all of your personal information. Even after account deletion we may keep certain information like name, email as part of our billing accounts. You will no longer receive any marketing or commercial emails. Any requests to restrict-processing will be processed within 3 days.
For account deletion or restricting processing of your information, a formal request is required from you (the Subject). You must send an email using the same email account which is configured inside Ascertia website. You will be informed once your data is deleted.
Data Portability
If you need a copy of your personal information in machine ready format then you must send an email using the email account which is configured inside Ascertia website. We will process your request in 14 days and return the information in CSV format where possible. Certain data may still be in other formats e.g. XML.
Protection Guarantees
We employ physical, logical, and administrative measures to help prevent unauthorised access to your information. Each measure is applied based on the nature and sensitivity of the information. As a responsible entity we work on all the possible areas which could impact user’s privacy. We closely monitor the GDPR standard and ensure our product and services abide by all the rules set forward. Having said we cannot 100% guarantee you that information we collect or store will be protected from all unauthorised access and thereby used in a manner that is inconsistent with this privacy policy.
In case we find a breach which impacts your personal data then we will investigate and inform you within 72 hours of us becoming aware of it. We will inform you about the issue and the details via your email.
Children Privacy
Ascertia is committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. We only provide service to you if at least 18 years of age (or, as applicable, the age of majority in the state or province in which you reside), and that you possess the legal right and ability to enter into this Agreement.
Changes to this Privacy Policy
We reserve the right to amend this privacy policy as we add more features and to comply with laws or to give better user protection. Kindly regularly check this page for any new changes. If we make any changes to this policy, we will post the changes here and will notify you by email once the changes take effect. Please review changes carefully. If you are continually using our service post the email sent regarding the changes to this privacy policy, this will mean you consent to those changes.
Links to non-Ascertia websites
The Ascertia websites may provide links to third-party websites for your convenience and information. If you access those links, you will leave the Ascertia website. Ascertia does not control those sites or their privacy practices, which may differ from Ascertia’s. We do not endorse or make any representations about third-party websites. The personal data you choose to give to unrelated third parties is not covered by the Ascertia Privacy Statement. We encourage you to review the privacy policy of any company before submitting your personal information. Some third-party companies may choose to share their personal data with Ascertia; that sharing is governed by that third-party company’s privacy policy.
Contact us, need more info or complaints
If you have any queries, suggestions regarding our privacy policy or complaints, you may contact us at privacy@ascertia.com. We aim to respond to your complaints within 7 working days. You also have the right to lodge a complaint with a supervisory authority. You can also contact us by writing us at: Surrey Research Park, 40 Occam Road, Guildford, GU2 7YG, United Kingdom. In case you want to be in touch with our Data Protection Officer then you can write to privacy@ascertia.com.