Certello Validator – Privacy & GDPR Terms

1. Controller

Certello AB
Org.nr: 559540-7668
Adress: Skråmsta 553, 193 91 Sigtuna, Sweden
(“Certello”, “we”, “our”, “us”)

Certello is responsible for the processing of personal data related to the Certello Validator service.

2. Purpose and Scope

This document describes how Certello handles all uploaded files and related data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). The purpose is to ensure transparency, user trust, and full legal compliance for the Certello Validator service — a web-based solution for validating digital documents according to WCAG 2.1 AA and the European Accessibility Act (Tillgänglighetsdirektivet, TD).

3. Data Processing Principles

• Uploaded files are processed solely for accessibility validation and certification purposes.
• Files are not stored permanently and are automatically deleted after validation or no later than 60 minutes after upload.
• No content from uploaded files is ever used for AI training, analytics, or third-party sharing.
• Technical logs (e.g., file ID, timestamp) are fully anonymized.
• All transfers are encrypted via HTTPS/TLS 1.3.

4. Legal Basis

Processing is based on the user’s explicit consent under Article 6(1)(a) GDPR. By checking the acceptance box and uploading a file, the user grants consent for temporary processing in accordance with this policy.

5. Data Categories

The following data may be processed temporarily:

• Uploaded document content (PDF or similar formats)
• Technical metadata (file name, size, format, time, anonymized ID)
• Optional user contact details if provided voluntarily (e.g., email for receipt delivery)

6. Storage and Retention

• Files and all derived data are automatically deleted after validation or expiry of the download link.
• No manual backups or copies are kept.
• Metadata is retained only for aggregated, anonymous usage statistics.

7. User Responsibilities and Liability

Users are responsible for ensuring that uploaded content does not contain sensitive personal data, confidential information, or any material that infringes on intellectual property rights. Certello accepts no liability for content uploaded by users.

8. Subprocessors

Temporary cloud storage and processing may be handled by GDPR-compliant providers within the EU/EEA (e.g., AWS EU, Azure North Europe). No data is transferred outside the EU without appropriate safeguards.

9. User Rights

Users may at any time request:

• Access to their personal data
• Correction or deletion
• Withdrawal of consent

Requests can be sent to privacy@certello.se. Since files are deleted immediately after processing, subsequent deletion requests typically cannot be fulfilled because no personal data remains.

10. Updates

Certello may update these terms as necessary to comply with new regulations or technical changes. The current version is always available at www.certello.se/privacy.

11. Contact

Certello AB
Skråmsta 553, 193 91 Sigtuna, Sweden
Email: privacy@certello.se
Website: www.certello.se