Privacy Policy

This turingsign privacy policy relates to the services provided by turingsign for the issuance of digital certificates and the provision of related security solutions, including mobile application and other online services.

We take your privacy seriously and will only use your personal data to deliver the products and services requested.

 

Who are we?

TuringSign Pte. Ltd. is a company incorporated in Singapore, The entity acts as Controller of personal data in relation to the provision of our products and services.

 

Who are our Privacy Officers?

Contact email: privacy@turingsign.com

 

What data is collected?

We collect the data necessary for the provision of the services. The main service is the provision of digital identities, mainly in form of X509 Digital Certificates. TuringSign also provides other related security services around these digital identities.

Personal data that may be included in Digital Certificates can include:

  • First Name
  • Last Name
  • Common Name
  • E-mail address
  • Title (e.g. Mr./Mrs. /Dr.)
  • Job title (professional title)
  • Pseudonym (if relevant)
  • Company/Organization name (if relevant)
  • Organizational Unit (if relevant)
  • Locality
  • State/Province
  • Country
  • Government issued ID document number (e.g. passport, driving license). Only if explicitly requested by the customer.

 

Personal data that is not included in Personal Digital Certificates but that may be requested as part of the Certificate issuance process (e.g. for vetting the identity of an individual). This data can include:

  • Address
  • Telephone number (home/mobile)
  • Identification document details (used for identity vetting)
  • Company registration number and data

 

Personal data is also needed in order to create a user account on our account or certificate management systems in order to log in to the system. This Personal Data consists of:

  • First Name
  • Last Name
  • Email
  • Phone number(s)
  • Password (chosen by user)

 

Certain Digital Certificates such as device certificates for the Internet of Things do not contain any personal data, but personal data may be requested as part of the application for such certificates. This includes the name, title, email address and telephone number of the relevant people involved with the certificate request and approval process.

Note that we do not obtain or manipulate other data such as documents to be signed or encrypted with our security services, this data remains under exclusive control of the end user.

 

Why do we collect information? / Lawful Basis for processing

We rely on a variety of information to run our business. In some cases, this information may include data that relates to an identified or identifiable natural person, which is referred to as Personal Data.

The reason that we collect your Personal Data is that we need it in order to provide you with our products and services, which include the provision of digital certificates and signing services.

The lawful basis for us processing personal data in relation to these services is that processing is necessary for the performance of a contract or to take steps to enter into a contract.

 

Who is collecting it?

We collect data directly from you or indirectly from those organisations who have entered into a contract with us (for example to request certificates for their employees or customers). This indirect collection is considered a “Processor” role activity and requires appropriate compliance of current regulations.

 

How will it be used?

We use your personal data only for the provision of the products and services that we have contracted to provide.

TuringSign can also use your personal data to send marketing information, news or other information related to our products and services. We offer an explicit “opt-in” subscription mechanism, so these messages will only be sent to the persons that gave their previous authorization.

 

Where will it be processed?

Processing activities performed by TuringSign will happen in Singapore or Switzerland.

 

Who will it be shared with?

We do not share your personal data with anyone save to deliver the agreed services (please refer to section “Who is collecting it?”).

 

How is your data protected?

We use a combination of technical, administrative, organizational and physical safeguards to protect your personal data. Access to your personal data is restricted to those who are necessary for the delivery of the services.

 

Retention Periods

TuringSign adapts the WISeKey CP/CPS (available at https://www.wisekey.com/repository) requires that audit logs are retained for at least seven years after the expiration of the digital certificate.

 

Your Rights

We comply with all relevant Data Protection/ Privacy legislation. These provide a number of rights with regard to your personal data.

You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

You have the right to lodge a complaint with the appropriate Data Protection Authority if you believe that we have not complied with our legal obligations.

Please email privacy@turingSign.com to make a request under these provisions. In order to help us deal with such request please provide details of the product/service that the request relates to, the relevant turingsign office/contact person and any other details (such as customer number etc). Please note that we will perform steps to verify your identity before providing any information.

 

Automated Decision Making and Profiling

The GDPR defines profiling as ‘any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements’. We do not perform any profiling.

TuringSign does not use automated decisions in the processing of personal of data.

 

This Privacy Policy

As our organisation grows, this Privacy Policy is also expected to change over time. This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. You should check our site frequently to see the current Privacy Policy that is in effect.

The Privacy Policy was last updated on 30th March 2022.

 

Contact

If you have questions regarding this Privacy Policy, please contact us via email at: privacy@turingSign.com.