CertifylizeCertifylize

Politika e privatësisë

Mbrojtja e të dhënave tuaja personale është prioritet për ne. Ne i përpunojmë të dhënat personale vetëm në përputhje me rregulloret në fuqi të mbrojtjes së të dhënave. Kjo politikë shpjegon çfarë të dhënash përpunojmë, për çfarë qëllimesh dhe cilat të drejta keni.

1. Kontrolluesi i të dhënave

Kontrolluesi sipas rregullave të mbrojtjes së të dhënave është:
Certifylize
Pronari: Fatmir Hasani
Hauptstraße 32a
79540 Lörrach
Germany
Email: support@certifylize.com
Telefon: +49 176 21667673
VAT ID (Germany): DE330116839
Informacione të tjera ligjore: Njoftim ligjor.

2. Objekti & qëllimet e përpunimit

Ne përpunojmë të dhëna personale vetëm në masën e nevojshme për të ofruar një faqe funksionale dhe shërbimet tona digjitale. Qëllimet tipike përfshijnë:

  • Providing the website and platform features (including verification pages/verify links)
  • Authentication, authorization and account management (including roles/permissions within organizations)
  • Processing certificate/record data initiated by users/issuers (including document uploads, metadata and validity information)
  • Security and abuse prevention (e.g., attack detection, rate limits, fraud/abuse signals)
  • Audit trail / logging of relevant actions (e.g., issuance, status changes, imports, integrations) for traceability
  • Communication (e.g., contact requests, support)
  • Technical analysis for stability and improvement (e.g., performance, error diagnosis)

3. Bazat ligjore

Përpunimi i të dhënave personale bëhet mbi bazën e nenit 6(1) GDPR, veçanërisht:

  • Art. 6(1)(b) GDPR (contract / pre-contract) – e.g., account, platform use, support, billing
  • Art. 6(1)(f) GDPR (legitimate interests) – e.g., IT security, stability, abuse prevention, fraud/attack detection
  • Art. 6(1)(c) GDPR (legal obligation) – e.g., statutory retention requirements
  • Art. 6(1)(a) GDPR (consent) – where we request consent (e.g., optional cookies)

Baza ligjore konkrete varet nga rasti i përpunimit. Në përdorimin B2B mund të jenë relevante edhe marrëveshje kontraktore shtesë.

4. Hosting, të dhëna qasjeje & server logs

When you access our website, information may be processed automatically by your browser and/or our hosting infrastructure to deliver the site and ensure IT security. This may include:

  • IP address
  • date and time of access
  • requested URL/endpoint and status code
  • amount of data transferred
  • referrer URL
  • browser type, operating system, language settings

This processing is necessary for delivering the website, ensuring security (e.g., DDoS protection), detecting abuse, troubleshooting and maintaining stability.

5. Cookies, Local Storage & pëlqime teknike

Depending on usage and features, we may use technical storage mechanisms (e.g., cookies, session storage, local storage) to provide core functionality, such as:

  • session cookies / session tokens (e.g., login session)
  • security tokens (e.g., CSRF protection)
  • technical preferences (e.g., language/locale), if implemented
  • temporary UI/workflow state where technically required

If optional cookies/tracking are used, we will obtain consent where required. The current focus is on technically necessary components.

6. Kontaktet

If you contact us (e.g., via contact form or email), we process the data you provide to handle your request.

  • name
  • email address
  • company (optional)
  • message/request
  • optional technical metadata (e.g., time of request)

Purpose is communication and handling your request (including follow-ups).

We generally store contact data only as long as necessary to process your request or as required by law.

7. Llogaritë e përdoruesve, autentikimi, rolet & operimi i platformës

When using protected areas, we process data required for authentication, authorization, and account operations. For organization-based accounts, we also process role/permission data.

  • login data (e.g., email address)
  • role/permission information (e.g., owner/admin/member)
  • organization/team association
  • session information (e.g., session ID, expiration)
  • security-related logs (e.g., login events, errors)
  • audit logs of relevant actions (e.g., create/update/delete, status changes), depending on setup

Purpose is secure platform operation, account/permission management, traceability of critical actions, and abuse prevention.

Certificate/record content is processed only as part of the respective use. Customers/issuers are responsible for ensuring they process only necessary data and that uploaded content is lawful (especially where personal data is involved).

8. API, Webhooks & log-e teknike

If you use API and/or webhook functionality (e.g., issuing certificates via API key or receiving events via webhooks), we process technical data needed to execute and secure requests.

  • API key/secret association (e.g., to an issuer/account/organization) – keep keys/secrets confidential
  • request and delivery metadata (e.g., time, endpoint/event, status code, retry information)
  • security/abuse signals (e.g., rate limiting, signature/auth failures)
  • logs for troubleshooting and stability (e.g., error messages, trace IDs) where necessary

Please send only data required for the purpose and avoid unnecessary personal data. For webhooks, we recommend signatures/secrets and secure endpoint configuration.

9. Referenca blockchain (hashes), ruajtje off-chain & verifikim

Certifylize may use blockchain technology to anchor checksums (hashes) and references to support consistency verification and tamper detection. Certificates and documents may also be stored off-chain and linked via references.

  • We generally do not store personal data in clear text on-chain.
  • Technical references (e.g., hashes) may be processed as integrity indicators; depending on setup, a transaction/anchor reference may also be stored.
  • Documents (e.g., PDFs, attachments) are typically stored off-chain; the blockchain then serves as a reference layer only.
  • Verification pages/verify links may display technical status information (e.g., valid, revoked, expired), depending on the issuer setup.

Depending on context and underlying inputs, a hash could theoretically be considered personal data. Therefore: data minimization and avoid unnecessary personal data in certificate content. Also note: blockchain entries are generally not erasable, which can technically limit certain rights (e.g., erasure).

10. Marrësit, përpunuesit me porosi & shpërndarja e të dhënave

We disclose personal data only where necessary or legally permitted. Recipient categories may include:

  • IT/hosting providers (processors) for website/platform delivery
  • email/support infrastructure (e.g., inquiries and system emails)
  • storage/upload infrastructure for documents (off-chain), where used
  • payment providers if you use paid services
  • blockchain infrastructure/providers (e.g., nodes/explorers) where technical references are processed
  • public authorities if required by law

Where providers act as processors, we use processor agreements (Art. 28 GDPR) where required.

11. Transferimi i të dhënave në vende të treta

Depending on the providers used, processing in third countries (e.g., the US) may occur. Where required, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses) and consider additional technical measures.

12. Afatet e ruajtjes & fshirja

We retain personal data only as long as needed for the respective purpose. Typical guidance includes:

  • server logs: short-term for operations/security (longer in case of incidents)
  • API/webhook logs: as short as possible; extended where needed for troubleshooting, billing, and security/abuse investigations
  • contact requests: until resolved; longer only if retention duties apply
  • account data: for the duration of the relationship; thereafter as required
  • certificate/record data & uploads: based on issuer/process requirements; deletion may be limited by legal/technical constraints (e.g., blockchain immutability)
  • billing/payment data (if applicable): according to statutory retention periods

Specific periods may vary depending on the case (e.g., support history, security events, legal requirements, contractual terms with organizations).

13. Të drejtat e subjekteve të të dhënave

You have the following rights (where applicable):

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection (Art. 21 GDPR)
  • withdraw consent with effect for the future (Art. 7(3) GDPR), where processing is based on consent

To exercise your rights, email support@certifylize.com. We may request additional information to verify identity and prevent abuse. In certain cases, rights (e.g., erasure) may be limited by legal obligations or technical immutability (e.g., blockchain references).

14. E drejta e ankesës pranë autoritetit mbikëqyrës

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

For Baden-Württemberg, this is in particular the State Commissioner for Data Protection and Freedom of Information (LfDI BW).

15. Siguria e të dhënave

Ne zbatojmë masa teknike dhe organizative të përshtatshme. Shembuj: kontroll qasjeje, role/leje, TLS, log/audit trail, parandalim abuzimi. Shih edhe Siguria & privatësia.

16. Përditësimi i kësaj politike

Ne e përditësojmë këtë politikë në rast ndryshimesh në shërbime ose në mënyrën e përpunimit.

Statusi: janar 2026