Privacy Statement


As part of the Digi-Sign pledge to our customers, we recognise and respect your right to privacy. This privacy policy statement informs our customers of the privacy practices employed in the provision of Digi-Sign's solutions, services and website. Questions relating to this policy statement should be directed towards the Digi-Sign support team at info@digi-sign.com.

CPS and Associated Agreements

This Privacy Policy statement supplements the practices and policies stated within the Subscriber Agreement (and associated solution Schedules), Relying Party Agreement and Digi-Sign Certification Practice Statement (CPS). Please refer to these documents for the practices employed by Digi-Sign for the issuing, management and revocation of certificate based solutions.

http://www.digi-sign.com/repository

Informational Collection and Use

Digi-Sign do not collect any information on its customers without consent. As part of the service offerings, customers will be prompted for information when enrolling for a certificate, downloading a solution or requesting further information. No information is collected about a customer if just browsing the website.

Anti-Spam Policy

Digi-Sign does not employ the use of spam for propogating its solution awareness or special offers.

Certificate enrolment

When enrolling for a certificate, customers will be required to provide certain information as per the requirements for the certificate solution type. The exact informational requirements are set out in the relevant Subscriber Agreement and associated schedules and listed in the Digi-Sign CPS. Some of the submitted details will be displayed within the certificate and as a result will be publicly available. Details that will become public are clearly stated as 'public' in the enrollment process, Subscriber Agreement and associated schedules.

Solution Download

When downloading a Digi-Sign solution, you will be required to submit personal information as specified on the download page. This information will be used by Digi-Sign to contact the customer about the services on our site for which they have expressed interest, including solution updates and associated promotional material. It also aids Digi-Sign in providing improved global services by collating general demographic information. Please refer to the opt-out policy described later in this policy statement.

Information Request

Digi-Sign provide the ability to request further information or ask questions to the support team by displaying email links throughout the website. If a customer elects to use such links they may be requested to provide additional information depending on the nature of the contact. Typically, such additional information may include further contact details, and in the case of technical support, additional information about the customer's PC configuration may be required to aid a prompt a accurate response to the query.

Cookies

A cookie is a piece of data stored on a computer's hard disk containing information about the owner. At the time of publishing this statement Digi-Sign does not employ the use of cookies for measuring the success of advertising and affiliate network membership. Our partners may use cookies. Digi-Sign do not exercise any access or control of such cookies.

Log Files

Digi-Sign use log files comprising of IP addresses to analyse trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Sharing

Digi-Sign will share aggregated demographic information with our partners. This is not linked to any personal information that can identify any individual person.

External Links

The Digi-Sign website contains links to external websites. Digi-Sign is not responsible for the privacy practices of such other sites. This privacy statement applies solely to information collected by this website. Digi-Sign have no control over the accuracy of information displayed by such websites.

Security

This website takes every precaution to protect our customer's information. When customers submit sensitive information via the website, such information is protected both online and off-line.

During certificate enrolment, where sensitive information is required, the transmission of information is encrypted and protected using Secure Sockets Layer (SSL). This includes the submission of any payment information such as credit card details.

Digi-Sign use SSL encryption to protect sensitive information online and do everything in our power to protect user-information off-line. All of our customer's information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example billing administration or the development team) are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to customer information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers' information is protected. The servers that we store personally identifiable information on are kept in a secure environment, behind a locked cage. The cryptographic keys used to issue certificates are maintained in the secure environment of FIPS-140 level 4 accredited IBM 4758 crypto devices.

Supplementation of Information (validation of submitted details)

In order for Digi-Sign to properly fulfil its obligation to our customers, it is necessary for us to supplement the information we receive with information from 3rd party sources.

For example, prior to the issuance of some certificate types Digi-Sign may use the WHOIS database, Government sourced companies house database or Dun & Bradstreet company lookup information to validate the accuracy of supplied data. This is an integral aspect of the service provided by Digi-Sign.

Service Updates

Established customers will occasionally receive information on solutions, services, special deals, and a newsletter. Out of respect for the privacy of our customers we present the option not to receive these types of communications. We also send the user service announcement updates. Customers are not able to unsubscribe from service announcements, which may contain important security information about the service.

Updating Customer Information

If a customer's personally identifiable information or certificate specific information changes they may update the original information provided. Changes can be made by logging into the Members area and using the services provided in the Manage Account section.

Choice / Opt out

Customers are given the opportunity to 'opt-out' of having information used for purposes not directly related to the Digi-Sign service offering at the point where the information is requested. For example, all certificate enrolment and solution downloads has an 'opt-out' mechanism so customers who buy a solution from us, but would prefer not to receive any marketing material, can request to have their email address kept off of our lists.

If customers no longer wish to receive our newsletter or promotional materials from our partners, they may opt-out of receiving these communications by emailing Digi-Sign at info@digi-sign.com.

Customers of our site are always notified when their information is being collected by any outside parties. We do this so our customers can make an informed choice as to whether they should proceed with services that require an outside party, or not.

Certificate Revocation & Expiry

Access to all issued certificates is provided through the Digi-Sign public repository. Because of the nature of the service provided, there may be circumstances under which a certificate is revoked (cancelled). Furthermore, as the lifetime of all certificates is finite (lasting usually 1 year), certificates will expire.

Digi-Sign still provides public access to both revoked and expired certificates to ensure a party relying on the certificate may still be able to retrieve the certificate and verify a signature made with the certificate. Such certificates are flagged as revoked or expired within the repository.

Customer consent

By using our Web site, customers consent to the collection and use of this information by Digi-Sign Limited. If any subsequent changes are made to our privacy policy, we will post those changes on the policy update page so that customers are always aware of what information is collected, how it is used and under what circumstances it may be disclosed.