CERTSIGN S.A. (hereafter referred to as “certSIGN”), with the registered office in Bucharest, 107A, Olteniței Road, building C1, 1st floor, room 16, 4th Sector, registered with the Trade Register under the no. J40/484/17.01.2006, CUI 18288250, phone: 0311 011 870, fax: 021 311 9905, e-mail:, processes the personal data of users of the website, in its capacity of personal data controller, in accordance with the provisions of art. 4, para. 7 of the GDPR.

1. Grounds and purposes for processing personal data

The purposes for processing your personal data are:

1.1. initiating the contractual relationship, negotiating, concluding and running contracts with certSIGN’s contractual partners, including the provision of services, delivery and payment of contracted products or supplying information regarding the development status of contracted services or creating user accounts on the website with the aim to contract services, in accordance with Article 6 (1) (b) of GDPR;

1.2. fulfilling legal obligations of CERTSIGN in the context of conducting contractual relations, according to article 6 (1) (c) of GDPR, such as: drawing up and keeping of financial and accounting documents; keeping personal data throughout the contractual relationship and archiving documents; conducting audits; transmission of information representing personal data at the request of the competent state authorities; ensuring the security of systems and databases (including by backing up); other applicable legal obligations depending on the nature of the contractual relationship and / or the quality of the contractual partner;

1.3. to pursue the legitimate interests of the Data Controller or a third party in accordance with Article 6(1) (f) of the GDPR, such as: for the internal reporting of the controller or for streamlining the company’s processes; for the management of contracts or supporting accounting documents; for communicating with the representatives of contractual partners, for solving complaints; for auditing or verifying internal processes; fraud prevention; for the protection of the operator’s rights such as the recovery of his claims and the formulation of defense actions in the event of a dispute;

1.4. transmission of newsletters, promotional materials, marketing communications, commercial offers or any relevant information on certSIGN products and services if you have given your consent to this, according to art. 6 (1) (a) of GDPR.

The legal grounds for data processing operations refer to Article 6 (1) (a), (b), (c) and (f) of the GDPR, as detailed above.

2. Categories of personal data

The categories of personal data that CERTSIGN processes for the purposes mentioned above may be but not limited to:

  • name, surname;
  • name of company represented;
  • e-mail address;
  • data from logs such as IP address, data about your actions on the website;
  • cookies;
  • other data that the users may supply to certSIGN in the messages they send.

3. Transmission of data and the consequences of non-compliance

The provision of the aforementioned personal data is necessary to achieve the purposes specified above. Your refusal to provide the data will make it impossible to provide the services or products covered by the contracts.

Should you no longer want to receive promotional materials and marketing communications regarding our products and services, we will no longer process your data for this purpose.

4. Duration of personal data processing

CERTSIGN processes all information and personal data provided by the contractual partners throughout the negotiation and conduct of the contractual relationship. Upon termination of these relations, personal information and data will be archived for a period of 10 years. After this period, your personal data will be destroyed in accordance with Law 16/1996 on National Archives.

Also, should you no longer want to receive newsletters, promotional materials, marketing communications, commercial offers or any other relevant information about our products and services, certSIGN will no longer process your data for this purpose.

5. Transmission of personal data for achieving the processing purposes of certSIGN

Your personal data may be disclosed to: data subjects, auditors for the fulfillment of the audit obligations to which certSIGN is subject, the supervisory body under the law applicable to the service provided, public authorities and institutions under public law obligations, lawyers to represent us in the event of a dispute or for consultancy, bailiffs for contractual communications or enforcement of any court decisions, debt collection companies, CERTSIGN affiliates and contractual partners (courier companies, suppliers, subcontractors, consultants and technical experts, etc.) for concluding and conducting contracts in any other situations justified with your prior notice, but only but only for the purpose of fulfilling the purposes mentioned above and pursuing with priority the protection of your rights.

6. Transfer of personal data outside the European Union

To achieve some of the aforementioned data processing purposes, certSIGN transfers your personal data outside of the European Union. The data transfer is carried out in compliance with the rights of the data subjects based on adequate guarantees in accordance with art. 46 of the GDPR.

7. Rights of Data Subjects

The rights you benefit from in accordance with the provisions of EU Regulation 2016/679 are:

  • Right to information: the right to be informed about to the operations of processing your personal data according to art. 13 and 14 of the GDPR;
  • Right of access to data: the right to obtain from the data controller confirmation of the fact that the personal data concerning you are or are not processed by him as well as information regarding the operations of processing your data according to art. 15 of the GDPR;
  • The right to rectification: the right to obtain the rectification of inaccurate data concerning you, as well as the completion of incomplete data, according to art. 16 of the GDPR;
  • The right to restrict processing of your personal data under the conditions regulated by art. 18 of the GDPR;
  • The right to delete the data under the conditions of art. 17 of the GDPR;
  • The right to obtain the notification by certSIGN of the recipients to whom it has disclosed the personal data any deletion, rectification or restriction of the processing of personal data carried out in accordance with art. 16, 17 paragraphs (1) and 18 of the GDPR, unless this proves impossible or involves disproportionate efforts (art. 19 of the GDPR);
  • The right to portability of the data that you have provided to us, insofar as the data processing operation is based on consent or is based on the contract concluded with you under the conditions of art. 20 of the GDPR;
  • The right to object for reasons related to your particular situation regarding the processing of data carried out for the purpose of pursuing the legitimate interests of certSIGN or third parties, according to art. 21 of the GDPR;
  • The right not to be subject to a decision based exclusively on automatic processing, including the creation of profiles, which produces legal effects concerning the data subject or similarly affects him to a significant extent, in accordance with art. 22 of the GDPR.

You, as the data subject, also have the right to withdraw your consent at any time, to the extent that the data processing operation is based on your consent without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal ( Article 7 (3) of the GDPR).

At the same time, we inform you that you have the right to contact the National Authority for the Supervision of Personal Data Processing - ANSPDCP for the protection of any rights granted by the applicable legislation in the field of personal data protection, which have been violated, and to appeal to the competent courts.

In order to exercise your rights over personal data, you can contact the Department of Personal Data Protection of CERTSIGN using the following contact details:

  • e-mail address:
  • fax:(+4021) 311 99 05
  • 29A, Tudor Vladimirescu Bvd, nr. 29A, AFI Tech Park 1, 2nd floor, Bucharest, sector 5.

Should you submit a request regarding your rights over the processing of personal data, you will receive a reply as soon as possible, within 30 days, under the provisions of GDPR.

We connect service providers with customers—100% online

certME allows users to register and authenticate with service providers exclusively online, eliminating physical travel at the counter, standing in queues and filling out forms.