Confidentiality policy
-
Confidential data
-
Confidential data protection
-
Types of confidential and private data
-
Types of data not regarded as confidential or private
-
Exceptions for the confidentiality of private data
-
Waiver
-
Severability of confidentiality policy clauses
-
The right to seek remedy in court
DigiSign is an accredited supplier of digital certificates on the Romanian market and, in this capacity, it has access to various confidential data of natural and legal persons, holder of the qualified certificates or beneficiaries of other digital certification services.
Consequently, DigiSign is aware of the significance of certification services supplied to beneficiaries and it acknowledges that the disclosure of confidential information to third parties should be according to the law.
Thus, in order to obtain the qualification certificates, the beneficiary gives his express and full consent on DigiSign’s data and information management process, according to the provisions under art. 5, paragraph 1, from the Law no. 677/2001 on people’s protection, regarding the processing of personal data and the free circulation of such data.
Considering that information and data management complies with the provisions under Law no. 455/2001 and under the European Directive1999/93/CE on electronic signatures, as well as with art. 8, letter b), DigiSign complies with the provisions under Law no. 677/2001 and Law no. 676/2001 on personal data processing and on the protection of private law in the telecommunication area in order to secure confidential data and information. Consequently, DigiSign grants special attention to the management and protection of such data.
Confidential data refers to any and all full personal information/details or any and all other types of information regarded as personal data, according to the provisions under art. 3 letter a) from the Law no. 677/2001, revealed by a party to another party and based on the DigiSign Procedure Code regarding certification services, except for data and information that:
(a) Was already known to the public upon the sending of the data;
(b) Was made public upon the request of the party;
(c) Is legitimately obtained by DigiSign from a third party, without infringing any and all obligations towards the respective party;
(d) Was known to the receiver or became public or known at all times by the receiver, prior to the revealing time, otherwise than through the infringement of the confidentiality obligations;
(e) Is generated by the receiver without using or referring to the confidential information;
(f) The party gave its express consent as to the revealing of data towards a third party.
We recommend that you read the information note on personal data protection
The receiver:
(a) Shall not reveal confidential data to third parties, without the Party's prior written consent;
(b) Shall only use confidential information in order to fulfill the obligations resulting from the use of DigiSign services;
(c) Shall take measures in order to prevent the revealing of confidential data;
(d) Shall immediately inform on the imminence of possible prejudices related to the protection of confidential data and shall indicate specific remedies so as to prevent or mitigate the consequences of possible prejudices.
According to the provisions under § 2.8.2 from the Procedure Code, the following subscribers’ data is regarded as confidential and private ("Confidential/private data"):
- Certificates applications records (stipulated under item 2.8.2 from the Procedure Code);
- Transactions records (both full records and the transactions’ audit process);
- Control reports drafted by DigiSign or other auditors (internal or public);
- Recovery plans in the case of disasters and crisis situations management plans;
- DigiSign hardware and software operations security data and the management of certification and specific registration services.
Certificates, certificates withdrawal and DigiSign depositor, as well as the information included therein are regarded as confidential data. The information that is not automatically qualified as confidential under 2.8.1 from the Procedure Code shall not be regarded as confidential or private.
DigiSign shall be entitled to reveal confidential data in the following cases:
a) Legal orders stipulating such revealing;
b) With the consent of the Party (Beneficiary);
c) In the case of legal procedures against the Beneficiary, upon the request of the legal courts or other competent bodies, according to the law.
The infringement of any of the terms, conditions or provisions under this confidentiality policy by any of the Parties shall be regarded as a waiver hereof or as the respective party's right to evade this policy.
Should one or several provisions under this confidentiality policy become null, illegal or void, the lawfulness, validity and legal applicability of the remaining provisions herein shall not be affected or limited in any way whatsoever.
The Party that was prejudiced in any way whatsoever, through the infringement of the confidentiality obligations, as stipulated above, shall hold the right to lodge a complaint with the competent court in order to obtain the remedy of the prejudice.
Online submission of income statements
Find out how to submit income statements on-lineUsing digital certificates for SEAP
MoreCECCAR
Registration AuthorityHow does a DigiSign certificate work
DEMO
