Privacy Policy

Effective date: October 15, 2020
Maiswonwell LTD, registration number: 41503048391("us", "we", "our" or the "Company") as the Data Controller operates the www.sslgram.com website (the "Service"). This "Privacy Policy" informs you of our policies regarding the processing (collection, storage, use, disclosure, erasure etc.) of Personal Data when you visit our website and/or use, has used or expressed a with to use any of our Services or if you are in any way connected with these Services, and the choices you have associated with that data. We use your Personal Data to provide and improve the Service, perform a contract and to fulfil legal obligations to which we are the subject.

By using the Service, your Personal Data is processsed in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not have to provide Personal Data to the Company. In cases when the User does not provide the Company with Personal Data necessary for the performance of the contract or Services, as well as for the performance of legal obligations of the Company specified in regulatory enactments, the Company has a legal basis to refuse to provide the User Services in whole or in part.

If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.

Definitions

Personal Data

Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meanins as in Article 4(1) of GDPR.

Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of GDPR.

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the duration of a page visitthe type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).

Cookies

Cookies are small pieces of data stored on a User’s device.

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data. Definition shall have the same meaning as in Article 4(7) of GDPR.

Data Processor (or Service Providers or Sub-contractors)

Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Article 4(8) of GDPR.

Data Subject

Data Subject is any living individual (natural person) who is the subject of Personal Data.

User

The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you, perform a contract and to fulfil legal obligations to which we are the subject.

Types of Data Collected - Personal Data

While using our Service, we may ask you to provide us with certain types of Personal Data that personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

• Identification data – first name, last name, identity code, date of birth;
• Contact data – phone number, e-mail address, residential address (Address, State, Province, ZIP/Postal code, City, Country), correspondence language;
• Incoming and outgoing email correspondence – correspondence with Users;
• Transaction ID (not Credit Card number)
• Cookies
• Usage Data

Purposes and legal basis of your Personal Data processing

There are different purposes for processing Personal Data and each processing activity must rely on one of the legal basis. The Company processes your Personal Data relying on the following legal basis:

• Processing of Personal Data which is required for performance of Services and contract
• We process Personal Data relying on this legal basis if it is necessary for performance of the Services or contract concluded with you or for taking measures required prior to signing the contract at your request.
• Processing of Personal Data which is required for performance of legal obligations of the Company
• In some cases, we need to process your Personal Data because we are obliged to do so under regulatory enactments. If the Personal Data processing is required by regulatory enactments, neither we nor you can influence the processing of such Personal Data.
• Processing of data which is based on the legitimate interest of the Company
• A legitimate interest means that we do not directly need to process your Personal Data to fulfil contractual obligations nor our legal obligations, but the processing is still necessary. The processing may be needed to develop our Services and products making them better for you; to protect our webpage from attacks; to make business decisions by compiling statistics. As under the legitimate interest we are not obligated to process your Personal Data by law or for performance of our contractual obligations but we also do not request your permission for the processing - we give you the right to ask for explanations as well as to present objections, if you consider that processing of your Personal Data for the purposes given in below table breaches your rights.
• Processing of Personal Data based on your consent
• If we have received your consent, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You always have the right to withdraw you consent (each separately as well as all jointly) given to us: you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us: privacy@sslgram.com.
• If you withdraw your consent, we will stop processing your data for the purposes for which the consent was granted. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

In the below table you will find some examples for which purposes and on what legal basis your Personal Data is being processed by us.

Purpose of processing	Personal Data categories	Legal basis of processing
Pre-contractual relations (offer requests and responses thereto)	Identification data, Contact data, Incoming and outgoing email correspondence	Performance of Services and contract
Payments (calculating and managing fees for the Services used by User, invoice preparation, issuing and collecting payments)	Identification data, Contact data, Transaction ID (not Credit Card number)	Performance of Services and contract
Provision and maintenance of our Service; maintenance and development of customer relationship, (signing contracts, passing information on contract fulfilment, notifying you about changes to our Service, providing customer support)	Identification data, Contact data, Incoming and outgoing email correspondence	Performance of Services and contract
Managing circumstances and events influencing offering services to Users (informing, resolving complaints)	Identification data, Contact data	Performance of Services and contract
Client identification	Identification data	Performance of Services and contract
To operate our Service	Session Cookies	Performance of Services and contract
Client identification	Identification data	Legal obligation
Accounting (incl. preservation of accounting base documents)	Identification data, Contact data	Legal obligation
Informing the Data State Inspectorate of Republic of Latvia and the Data Subject about Personal Data violations	Identification data, Contact data	Legal obligation
Responding to public authorities' and state institutions' information requests	Identification data, Contact data	Legal obligation
Service development (inc. to gather analysis or valuable information so that we can improve our Service)	Identification data, Contact data, Usage Data	Legitimate interest
Intra-group data exchange	Identification data, Contact data	Legitimate interest
Maintaining and developing client relationship (responding to queries, general client service, info exchange)	Identification data, Contact data, Usage Data	Legitimate interest
General service statistics	Anonymized data	Legitimate interest
Providing evidence against claims of service non-compliance and/or the failure to fulfil contractual obligations, as well as providing evidence against a possible claim which may arise from any offence which may be committed; Customer service control and improvement	Incoming and outgoing email correspondence, Usage Data	Legitimate interest
For security purposes to detect, prevent and address technical issues and to monitor the usage of our Service	Security Cookies, Usage Data	Legitimate interest
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information	Contact data	Legitimate interest
Direct marketing (e-mails, SMS)	Identification data, Contact data	Consent
To remember your preferences and various settings	Preference Cookies	Consent

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use Cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

Retention of Data

The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Personal data is processed in the European Union / European Economic Area (EU / EEA). However, if Personal Data is transferred outside the EU / EEA, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the EU / EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The Company shall only transfer Personal Data if there is a legitimate basis for it and appropriate safeguards have been put in place: (i) the contract with the recipient includes standard EU data protection clauses or other agreed rules, codes of conduct, certifications approved under the GDPR or (ii) the recipient is located in a country that provides an adequate level of protection of Personal Data in accordance with a decision of the EU Commission. Upon request, the User can receive more detailed information on the transfer of Personal Data to countries outside the EU / EEA.

The Company will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.

Disclosure of Data

When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.

When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.

The Company is also obliged to transfer Personal Data to state or local government institutions in cases specified in regulatory enactments (for example, Financial and Capital Market Commission, Consumer Rights Protection Centre, State Revenue Service, Financial Intelligence Unit of Latvia, State Security Service, State Police and other law enforcement agencies and financial investigation institutions), courts, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc.).

Disclosure for Law Enforcement

Under certain circumstances, The Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

The Company may disclose your Personal Data in the good faith belief that such action is necessary to:

• To comply with a legal obligation
• To protect and defend the rights or property of The Company
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of Users of the Service or the public
• To protect against legal liability

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

However, the Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data. Some examples of the measures we use:

• Physical measures - paper-based documents containing Personal Data are stored in locked rooms and cabinets to which only certain employees have access for fulfilling their job duties; data processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current instability and power outages.
• Technical measures - all employee work computers are protected with password protected screensavers when the employee leaves; it is ensured that the IT- system does not accept new login attempts and locks the username if certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
• Organizational means - all IT system Users are assigned roles and profiles; it is ensured that access rights are deleted when an employee leaves the Company; it is ensured that there is no access from publicly used rooms to rooms where Personal Data is being processed.
• In case we use external companies for providing services, which include data processing, we conclude data protection agreements with such Service Providers obligating them to: a) take appropriate measures to ensure confidentiality and security of the personal and ii) process Personal Data in accordance with the applicable legal requirements.

Your Rights

• Right to be informed and Right of access (GDPR)

  The Company aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.

  If you wish to be informed what Personal Data we hold about you and receive a copy of the Personal Data we hold about you, please contact us.

  You have the right to data portability for the information you provide to The Company. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. Please note that we may ask you to verify your identity before responding to such requests.

  We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by The Company will only be in connection with the provision of agreed services and products. The exceptions are: providing information to CA, Bank, Payment gateways, ShopperApproved.com service and Government entities.

• Right to rectification (GDPR)

  You have rights to request updating any personal information about you if it is inaccurate or incomplete. Please note, we are not able to modify any invoices for previous months, as all information already sent to local TAX/VAT office with original information provided.

• Right to erasure (GDPR)

  The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have Personal Data erased and to prevent processing in specific circumstances: (i)where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii) the Personal Data is processed in relation to the offer of information society services to a child; (iii) when you withdraws consent; (iv) the Personal Data was unlawfully processed (ie otherwise in breach of the GDPR); (v) when the individual objects to the processing and there is no overriding legitimate interest or other legal basis for continuing the processing; (vi) the Personal Data has to be erased in order to comply with a legal obligation.

  We are not able to delete/remove issued and paid invoices, as we need to provide that information to local TAX/VAT office, however, rest information will be removed on your request.

• Right to restrict processing (GDPR)

  You have rights under certain circumstances to request to ‘block’ or suppress processing of Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When processing is restricted, we are permitted to store the Personal Data, but not further process it.

• Right to object (GDPR)

  You have the right to object to such data processing which is based on the Company’s legitimate interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data when you present an objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise or defence of legal claims. You also have the right to object at any time to processing of your Personal Data concerning for direct marketing. Upon receiving such objection we shall stop processing your Personal Data for direct marketing.

• Right to data portability (GDPR)

  If you want to exercise any of the abovementioned rights, please contact us using the e-mail address privacy@sslgram.com. In order to respond to your inquiry, we must first authenticate you to avoid granting information to unauthorized persons. We will respond to your inquiries within 30 days.

  We respect your privacy and wish that processing your Personal Data by us would be understandable and transparent. For that we have also drafted these Privacy Policy. Should you need further information about processing your Personal Data or exercising your rights, please contact us at e-mail address privacy@sslgram.com.

  If you believe that processing of your Personal Data violates the GDPR requirements, you have the right to turn to the Data State Inspectorate of Republic of Latvia (info@dvi.gov.lv) and the courts to protect your rights and interests.

• Right to contact us, submit a complaint to the Data State Inspectorate of Republic of Latvia and the court (GDPR)

  In case processing the Personal Data is based on your consent or on a contract between us and Personal Data is processed automatically, you have the right to access Personal Data concerning you which you have given to us in a structured, generally usable and in machine readable form. You have rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way. We will provide all Personal Data in a structured way using open formats like CSV.

Service Providers (Sub-contractors)

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Vendors - Certificate Authorities (Sub-contractors)

We use third-party Service Providers to process/issue SSL certificates, PCI compliance tools, Domains and other services. To ensure performance of Services and contract we are permitted to pass your personal information and order details to our third-party Service providers.

• Sectigo

  We are Strategic partner of Comodo Inc.

  More than 600 people in Comodo team create Online Trust for individuals, small to medium businesses, e-merchants and large enterprises. Comodo provides Internet Security Software, Email Security & Messaging, Hosted DNS, SSL Certificates, PKI Management, Browsers and much more. Read Privacy Policy

• DigiCert

  Platinum partner of DigiCert

  DigiCert is the world’s premier high-assurance digital certificate provider. We simplify SSL/TLS and PKI, and provide identity, authentication, and encryption solutions for the web and the Internet of Things (IoT). DigiCert operates GeoTrust, RapidSSL and Thawte brands. Read Privacy Policy

• RapidLEI

  RapidLEI Strategic partner

  The mission of SSL Certificates from RapidSSL is to provide you an SSL certificate as fast as possible, that is why all processes are fully automated. No paperwork, all you need to get your SSL is to prove domain ownership via email. RapidSSL is owned and operated by GeoTrust. Get more information on www.rapidlei.com

  RapidLEI has the rights passing all LEI code related information to processes orders to it's own sub-contractors. The Company confirmed next sub-contractors with RapidLEI: Bloomberg L.P. (“BLP”), EQS Group AG, LEI Register OÜ.

Analytics (Sub-contractor)

We may use third-party Service Providers to monitor and analyze the use of our Service.

• Google Analytics

  Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

  You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

  For more information on the privacy practices of Google, please visit the Google Privacy Terms web page

Behavioral Remarketing (Sub-contractor)

The Comapny uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Service.

• Google Ads

  Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.

  Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

Payments (Sub-contractors)

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processors we work with are:

• PayPal or Braintree

  PayPal is a global leader in online payment solutions with more than 203 million accounts worldwide. Available in 202 countries and 25 currencies around the world. We accept direct payments from PayPal accounts, as well as Credit card payments using PayPal services. Their Privacy Policy

• Skrill (MoneyBookers)

  Skrill is a truly global company. Based at London with offices throughout Europe and the US. Their staff of over 500 represents more than 30 nationalities. We accept direct payments from Skrill accounts, as well as Credit card payments using their services. Their Privacy Policy

• Webmoney

  WebMoney Transfer is a global settlement system and environment for online business activities, established in 1998. Since then, over 36 million people from all over the world have joined the system. We accept direct payments in various currencies using Webmoney Payment processing platform. Their Privacy Policy

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: support@sslgram.com
• By email: marily@sslgram.com