CMC-CA is a public digital signature certification service. C.SIGN is an authentication and authorization service, enabling the end-users to authenticate themselves to multiple Internet services in a secure manner, owned by CMC Corporation and operated by CMC Technology and Solution Company Limited (referred to as “CMC TS™”). A USB peripheral (“C.SIGN key”) or a client software program, activated by a user and device specific PIN code, is used by end-users to manage their accounts in a centralized but secure manner.

No disclosure of personal data of any kind (such as name, age, location, face data) is necessary to use C.SIGN when the service is only used to manage end-user’s access credentials for Internet services. The end-user’s username and password information related to an Internet service are not stored in software clients although a list of the Internet services accessible by certain C.SIGN account is stored. When C.SIGN is used in the manner described above, the information concerning C.SIGN keys or accounts cannot be directly linked to any particular person.

C.SIGN provides end-users an option to store personal data in their C.SIGN keys and software clients. End-users may store personal data that may be necessary for using some Internet services, for example to verify to an Internet service that the end-user is of a certain age. All personal data disclosed by an end-user is stored permanently only in the end-user’s C.SIGN key or software client and is disclosed to an Internet service only upon a query from the service and only with an express consent of the end-user for each query separately. Temporary processing of the end-user’s personal data by C.SIGN is necessary when the end-user discloses or edits the personal data stored in the C.SIGN key or software client, or when end-user data is disclosed to an Internet service. The data is always discarded without delay after being processed and is not stored by C.SIGN in any other place than the end-user’s C.SIGN key or software client.

An end-user may choose to disclose optional personal data (such as an e-mail address or a phone number) to be used by C.SIGN for the purposes of communication between the end-user and C.SIGN.

Any data concerning the use by a specific end-user of different Internet services via C.SIGN may only be stored in and used by C.SIGN or CMC TS™ for the purpose of fraud detection or other similar purposes, and to compile an end-user specific trust index which it may provide to third parties upon their request without obtaining a separate consent from the end-user. The trust index is only a technical attribute which cannot be reduced to personal information relating to any private person.

Personal end-user data stored in C.SIGN may be transferred within C.SIGN to any server in any country worldwide. CMC TS™ always protects any personal data by using adequate data security procedures and technologies. The core principle of C.SIGN is to store all personal data (except of the above mentioned optional contact information) in a decentralized manner into the C.SIGN keys and/or software clients, which are at the sole possession and control of the end-users themselves. Thus the protection by each end-user of the C.SIGN key or software client and the associated PIN code is the key aspect of the protection of the personal data stored in C.SIGN. If a C.SIGN key or a device with C.SIGN client software is lost by an end-user, the end-user’s personal data may be at risk, and cannot be recovered by CMC TS™. It is essential that end-user has a copy of her unlock code, which can be used to revoke and lock lost C.SIGN key or software client. CMC TS™ is not responsible for end-users’ data or the authenticity thereof in any way, except that CMC TS™ undertakes to use adequate data security procedures and technologies during the processing of the end-users’ data. CMC TS™ shall not be liable for any damages caused by inaccurate end-user data or the loss of any end-user data.

CMC TS™ shall not use, store or disclose the end-user’s personal data in any other manner than what has been described herein without the consent of the end-user. Any personal data disclosed to C.SIGN that is not automatically destroyed immediately after processing shall be destroyed without undue delay after the end-user finally ceases to use C.SIGN. The end-user is responsible for destroying data stored in the C.SIGN key or software clients.

An end-user shall hereby expressly consent to the collection and processing of personal data before using C.SIGN. Consent to collect and process personal data may be revoked by the end-user at any time, but use of C.SIGN must be discontinued after such revocation. An end-user may inspect and amend the personal data stored into C.SIGN at any time by using tools provided at C.SIGN web site or by using the contact information below. Please note that CMC TS™ does not have implicit access to the information stored into the end-users’ C.SIGN keys or software clients.

CMC-CA is operated by CMC TECHNOLOGY AND SOLUTION COMPANY LIMITED (“CMC TS™”).
Address: 16th floor, CMC Tower, Duy Tan, Dich Vong Hau, Cau Giay, Hanoi.

Please contact ca-support@cmc.vn in any matters relating to this Privacy Policy.