SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account

Privacy Policy for FairSSL A/S

Effective from: 20 March 2026 CVR no. 33075782

This privacy policy describes how FairSSL A/S collects, processes and stores personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

1. Data controller

The data controller for the processing of personal data is:

FairSSL A/S

CVR no. 33075782

Åbrovej 29, 8586 Ørum Djurs, Denmark

Data protection contact: Sole Viktor, info@fairssl.dk

You may use encrypted email communication with FairSSL. If you wish to do so, please contact us and request our signature so that encrypted communication can be enabled.

2. Data we collect

Personal data

Name, title, email address, phone number, password hash (never the password itself), address and associated company.

Company data

Company name, CVR/EAN/LEI/VAT number, company status, address and phone number, as well as other information from public registries.

Product data

Product information may contain a combination of personal and company data, DNS names, IP addresses and email addresses.

Cookies

We use cookies to manage sessions and store preferences such as language and currency. Non-essential cookies can be declined (see section 8).

Pixel tracking in emails

Certain emails we send contain a tracking pixel that records whether the email has been received and/or opened.

Phone call recordings

Phone calls may be recorded as part of certificate validation and order confirmation, which is required in order to issue the certificate.

Visit logging

We log visits to our websites and collect information such as IP address, country, browser type, date and time, referring page (referrer) and whether the visit originated from an ad click (e.g. Google Ads).

3. How we collect data

You provide us with the majority of the data we collect directly. We collect and process your data when you:

  • Create an account or place an order for our products or services.
  • Communicate with us by phone, email, contact form or other channels.
  • Use or visit our websites.

We also receive non-personally identifiable data about your visits indirectly from the following sources:

  • Google Analytics
  • Google Ads
  • Server log files

We never sell or share your data with third parties for marketing purposes.

4. How we use data

We process your data in order to:

  • Order processing and account management: Process your orders, manage your account and handle invoicing.
  • Certificate validation: Perform validation via phone and documentation of company information, as required by the Certificate Authority (CA) and the rules they are subject to, including the CA/Browser Forum and WebTrust.
  • Legal requirements: Comply with requirements from authorities and legislation, including the Danish Bookkeeping Act and court orders.
  • Important emails: Send you emails about your orders, monitored products and systems regarding security, technical issues, errors, expiration or other important information that may affect the operation of your products or systems. These emails are not sales or marketing related.
  • Sales and marketing: Sales and marketing emails are only sent if you have actively opted in.

5. Data retention

Your data is stored securely on servers hosted by Amazon Web Services (AWS) in the EU (Frankfurt and Stockholm) and Microsoft Azure in the EU (Paris). See section 6 for details about the individual services.

We retain your data for as long as necessary to comply with legal requirements, resolve disputes and enforce our policies.

Retention periods

  • Accounting data: At least 5 financial years after the most recent recorded activity, in accordance with the Danish Bookkeeping Act.
  • Certificate data: 7-10 years after product expiry, depending on the product type, in accordance with CA/Browser Forum and WebTrust requirements.
  • General: Inactive customer data is not deleted until there are no outstanding payments and 7.5 years have passed since either the most recent accounting activity or the most recent certificate expiry (whichever is later).

6. Data processors and third parties

We share your data with the following categories of third parties, solely to the extent necessary to deliver our products and services.

Certificate Authorities (CAs)

As a reseller, we forward information to CAs for the purpose of validating and issuing the ordered certificates.

  • DigiCert Inc (USA): Transfers are made under the EU-U.S. Data Privacy Framework (DPF).
  • GMO GlobalSign Ltd (UK): Subject to UK GDPR. Transfers to their American parent company use the UK Extension to DPF and Standard Contractual Clauses (SCC).
  • Sectigo Ltd (UK/USA): Transfers are made under the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCC).

Payment processing and accounting

Data is processed to complete transactions and comply with the Danish Bookkeeping Act.

  • Scanpay ApS (DK): Payment gateway.
  • Clearhaus A/S and Nets A/S (DK): Card payment acquiring.
  • Nordea Bank (DK) and Handelsbanken (SE): Processing of bank transfers.
  • Visma e-conomic A/S (DK): Accounting system and invoicing.
  • Enable Banking OY (FI): API-based bank reconciliation (PSD2).

Communication and infrastructure

Tools for support, automated system notifications and internal operations.

  • Freshdesk (Freshworks Inc, USA): Helpdesk system. Data is stored primarily in AWS Frankfurt (Germany). Transfers to the USA are covered by the DPF.
  • Lettermint (Netherlands): Sending of system emails. European service with data stored in the EU.
  • Microsoft 365 and Azure: Office and cloud infrastructure. Data is stored primarily in the EU (Ireland/Netherlands), supplemented by DPF and SCC.

Analytics, advertising and consent

Used for website optimisation and marketing.

  • Google Ireland Limited (IE): Google Analytics and Google Ads. Data is processed within the EU/EEA; any transfer to Google LLC in the USA is covered by the DPF.
  • consent.studio (Vallonic B.V., Netherlands): Cookie and consent management. 100% European-owned, data stored in the EU (France/Scaleway). Not subject to the U.S. CLOUD Act.

Companies requiring exclusively EU-based data processing can contact FairSSL to discuss the options.

7. Data protection during remote installation

During remote installation and support, FairSSL may temporarily gain access to the customer's servers to carry out the agreed task.

All FairSSL employees are bound by confidentiality obligations. Access is used solely for the agreed task and not for any other purpose.

Access credentials received from the customer are deleted upon completion of the task. FairSSL does not store customer passwords or login credentials.

8. Cookies

We use cookies on our websites, divided into three categories: Functional cookies (session, language, currency, security) are always set, as they are necessary for the website to function correctly. Analytics cookies and marketing cookies are only set with your consent.

A complete list of cookies, their purposes and duration is maintained in our cookie consent solution. You can view and change your cookie preferences at any time via the cookie banner on the website.

9. Email communication

We send emails about orders, invoicing, account matters, expiry warnings and important changes to ordered products or changes in the certificate industry that affect many customers. These emails are necessary for operations and cannot be opted out of.

Sales and marketing emails are only sent to customers who have actively given consent (opt-in). You can unsubscribe from marketing emails at any time under profile settings in the control panel.

10. Your rights

As an EEA/EU citizen, you have the following rights under the GDPR:

  • Access: You may request copies of your personal data. For repeated or unfounded requests, we may charge a fee for the time spent.
  • Rectification: You may request that we correct information you believe is inaccurate or incomplete.
  • Erasure: Under certain conditions, you may request that we delete your personal data.
  • Restriction of processing: Under certain conditions, you may request that we restrict the processing of your personal data.
  • Objection: Under certain conditions, you may object to our processing of your personal data.
  • Data portability: Under certain conditions, you may request that we transfer your data to another organisation or directly to you.

We respond to all requests within 1 month. Contact us at info@fairssl.dk to exercise your rights.

You also have the right to file a complaint with the relevant supervisory authority if you believe that we are processing your personal data in violation of the rules. In Denmark, this is Datatilsynet (the Danish Data Protection Agency). In Sweden, this is Integritetsskyddsmyndigheten (IMY) (the Swedish Authority for Privacy Protection).