Log In
Try it free

Privacy Policy

Privacy and cookies policy
CertifyHub website

  1. Basic Information

The www.certifyhub.net website and web application (hereinafter referred to as the “Service”) enable the use of electronic services offered by CertifyHub OÜ (hereinafter referred to as the “Administrator” or “Service Provider”), as specified in the Terms and Conditions available at www.certifyhub.net/T&C .

This Privacy and Cookies Policy (hereinafter referred to as the “Privacy Policy”) describes how your personal data is collected, used, and deleted while you visit the website, register an account, and use the services provided via the website. The Service Provider ensures compliance with the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”). Terms used in this Privacy Policy with capital letters, unless otherwise stated in the content of the Privacy Policy, have the meanings assigned to them in the Terms and Conditions.

  1. Personal Data Administrator

The Administrator of personal data processed via provision of the Service and application is the Service Provider.

  • For matters concerning the processing of personal data, the Administrator can be contacted: by traditional mail at the address CertifyHub OÜ, Tartu maakond, Kambja vald, Pangodi küla, Karl-Eeriku, 62017;
  • by email at: rodo@certifyhub.net.
  1. Data We Collect and Information on Data Sources

The personal data processed is provided to the Administrator directly by the User in order to register an Account to use the Service. The data inserted by the User during the subscription is required to provide the Service.

In addition, the Administrator may also collect the User’s personal data indirectly. When visiting the website, Administrator and its service providers may collect certain data using tracking technologies like cookies, web beacons and similar technologies. The use of web cookies is described in section 12.

The Service Provider processes the following personal data necessary for providing the Service as well as other data processing activities in connection with providing the Service:

Account Creation and Management

The User can independently register an Account on the Service, during which the Service Provider receives personal data directly from the User.

During Account registration, the User provides the following personal data: a. first name; b. last name; c. email address; d. phone number.

In the Account settings, the User has the option to upload a photo (e.g., image) and enter company data, as well as billing information necessary for issuing an invoice for the purchase of a Subscription.

Payment and Billing

For the performance of accounting obligations in connection with the use of the Service, the User provides: a. financial data; b. pricing plan data.

Use of Certification Services

For providing the Service of issuing digital certificates and badges, the User may provide materials, documents, data, or other information in connection with using the Service.

Website and related product maintenance and quality

For the purpose of providing the website and web application subject to the agreement concluded with the User, the Service Provider may collect the following information of the User: a. IP address of the device; b. device screen size; c. device type (unique device identifiers); d. browser information; e. geographic location (country only).

Web visitor analytics

For the purpose of the Service Provider’s website visitor statistics, the Service Provider may collect the following information of the User: a. online identifiers (including cookie identifiers and IP addresses).

User communication and request resolving

For the provision of customer support to Users and responding to inquiries, the User provides: a. first name; b. last name; c. email address; d. request content and communication.

Newsletters and offers

To send Users newsletters, special offers, and updates related to the Service from which the User can opt-out of at any time, the User provides: a. first name; b. last name; c. email address.

  1. Purposes and Legal Bases for Processing Personal Data

The User’s personal data is processed for the following purposes and on the following legal bases:

  1. When the User gives voluntary consent to the processing of personal data, pursuant to Article 6(1)(a) of the GDPR, which includes conducting analyses and statistics that allow the Service Provider to better tailor the content available on the Service and the services provided to the needs and expectations of Users;
  2. Processing is necessary for the performance of a contract or to take steps at the request of the User prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR, including contracts for the provision of electronic services, which encompasses: a. providing Users with content collected on the Service; b. creating and managing an Account; c. contracts for the provision of electronic services, i.e., a free 30-day trial access to CertifyHub or a CertifyHub Subscription; d. providing the web application and functionalities; e. providing customer support;
  3. Processing is necessary for compliance with a legal obligation to which the Administrator is subject, pursuant to Article 6(1)(c) of the GDPR, which includes: a. making settlements; b. handling complaints; c. performing accounting obligations;
  4. Processing is necessary for the purposes of the legitimate interests pursued by the Administrator, pursuant to Article 6(1)(f) of the GDPR, which includes: a. responding to messages and inquiries from Users; b. establishing, exercising, and defending against potential claims from Users of the Service and the CertifyHub application.
  1. Requirement to Provide Personal Data

Providing data is voluntary; however, providing certain data (not marked as optional) is a condition for the provision of specific Services by the Service Provider (e.g., data necessary for Account registration or CertifyHub Subscription). Failure to provide this data will prevent the use of specific Services.

All consents given by the User for the processing of personal data are voluntary. The User is not obliged to give consent. Failure to give consent means that the Administrator will not be able to use the User’s personal data for the purposes covered by the consent.

  1. Withdrawal of Consent

Consents given can be withdrawn at any time by sending a request to the email address: rodo@certifyhub.net. Withdrawal of consent does not affect the lawfulness of the processing of the User’s personal data carried out based on the consent before its withdrawal.Please note that email marketing messages, if used, may include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the messages we send to you). Clicking on the link will opt you out of further messages. You may also opt-out on your account settings in case this option is available.

  1. Personal Data Retention Period

The User’s personal data will be retained by the Administrator for the following periods:

  1. Processing data for the purpose of providing Services based on the Agreement concluded with the Service Provider – personal data will be processed for the duration of the Services in accordance with the Terms and Conditions, but no longer than until the termination, expiration, or dissolution of the Agreement and Account deletion;
  2. Processing data to comply with legal obligations imposed on the Administrator – personal data will be processed for the period specified in the generally applicable laws, particularly in accordance with the Accounting Act or until the complaint process is resolved;
  3. In the case of processing personal data based on given consent – personal data will be processed until the consent is withdrawn;
  4. In the case of processing personal data based on the legitimate interests of the Administrator – personal data will be processed for the duration of the Administrator’s legitimate interest or until an objection to such processing is raised, or until potential claims are time-barred.
  1. Recipients of Users’ Personal Data

We may transfer your personal data only to authorized recipients or categories of data recipients in justified cases based on applicable legal provisions or an agreement concluded by the Administrator, including:

  1. Stripe (payment gateway);
  2. service providers used by the Administrator in operating the Service and CertifyHub, e.g., entities managing the Administrator’s IT systems and websites, entities providing the Service Provider with analytical and marketing tools;
  3. entities providing legal, accounting, and tax services;
  4. hosting providers;
  5. providers of analytical and marketing tools.

Service Provider’s employees, business partners and third-party service providers have access to personal data to the extent necessary for the performance of their work or contractual duties and are covered by confidentiality obligations.

Service Provider may disclose personal data if required to do so by law or in good faith belief that such action is necessary to comply with legal obligations, such as exchange of tax information or performance of anti-money laundering obligations.

Any references or links to third-party websites, services or products are subject to separate privacy policies and terms that the Service Provider does not control nor is responsible for. Please read third-party policies additionally to understand their scope.

  1. User Rights

In accordance with the GDPR, in connection with the processing of personal data by the Service Provider, Users have the following rights:

  1. the right to withdraw consent (Article 7 of the GDPR);
  2. the right to access their personal data (Article 15 of the GDPR);
  3. the right to request rectification of their personal data (Article 16 of the GDPR);
  4. the right to request the erasure of their personal data (Article 17 of the GDPR);
  5. the right to request the restriction of the processing of personal data (Article 18 of the GDPR);
  6. the right to data portability, i.e., the right to receive from the Service Provider the User’s personal data in a structured, commonly used, machine-readable format; the User may transmit this data to another data controller or request that the Service Provider transmit this data to another controller, but the Service Provider will do so only if such an action is technically feasible (Article 20 of the GDPR);
  7. the right to object to the processing of the User’s data based on the legitimate interest of the Administrator, which is not overriding the User’s interest or rights and freedoms, and the right to object to the processing of the User’s data for direct marketing purposes (Article 21 of the GDPR).

If you have questions or concerns about our use of your personal information or to exercise the above-mentioned rights, please contact the Administrator via the email: rodo@certifyhub.net, or by traditional mail at the Administrator’s address. The application to exercise the User’s rights shall be responded to within a maximum of 30 calendar days.

You may also lodge a complaint to the supervisory authority, the Estonian Data Protection Inspectorate, info@aki.ee.

  1. Automated Decision-Making

No decisions will be made based on Users’ personal data in an automated manner, including profiling.

  1. Transfer of Data to Third Countries (Outside the European Economic Area)

As a rule, Users’ personal data will not be transferred to third countries or international organizations. The Administrator processes personal data in the European Union (EU) and within the European Economic Area (EEA).

The Administrator uses the services and analytical and marketing tools specified in section 12. Due to the location of their providers’ servers, data may be transferred outside the European Economic Area. The basis for data transfer is specified in section 12.

If the Administrator uses service providers that process your data outside the EEA, the Administrator makes sure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place (e.g. additional safeguards through Standard Contractual Clauses).

  1. Cookies

The Service may use cookies, which are files containing information that are stored by the server used by the Administrator on the User’s end device (e.g., computer, smartphone).

Web browsers installed on the User’s device allow for the management of cookie settings. Depending on the web browser used, the User can change these settings, in particular, the User can disable the default handling of cookies, specify which cookies should be blocked, or delete cookies stored on the User’s device. Detailed information on cookie settings is available in the web browser settings.

Cookies are used with the User’s consent. The User gives consent through the settings of the web browser installed on their device.The Service Provider has the right to change the conditions for processing personal data. In the event, that there are substantial changes, the Service Provider will provide at least 1 (one) month’s notice in advance through the website before the substantial changes take effect.

CertifyHub

A Tool for Quickly Issuing Hundreds of Certificates and Badges

© 2022 All rights reserved CertifyHub OÜ