Privacy Policy — SSL Managed
Last updated: 2026-04-29
3SR, registered in France (228 Boulevard de la République, 33510 Andernos-les-Bains), publishes SSL Managed on Microsoft Commercial Marketplace as an Azure Managed Application. This privacy policy describes the data practices specific to this product.
1. Data we collect
1.1 Inside your Azure tenant
The Managed Application deploys a Key Vault and a Storage Account in your Azure tenant. The certificates and private keys are stored in your Key Vault. The list of Common Names (CN) you ask 3SR to manage is stored as a JSON file in your Storage Account container sslcerts.
3SR personnel access these resources to renew certificates on your behalf. 3SR does not extract certificate material; renewal is performed by pushing new certificates directly to your Key Vault.
1.2 What 3SR collects outside your tenant — vetting documents
For SSL Managed to operate, 3SR collects vetting documents required by the Certificate Authority (GlobalSign Managed SSL — see §3) :
- Organization vetting documents: company registration certificate (KBIS for French companies), articles of incorporation, proof of address, identity of authorized signatory. Collected at onboarding, transmitted to GlobalSign for validation. Retention by 3SR : 7 years (legal accounting period). Retention by GlobalSign : per their own policy, typically the duration of the subscriber agreement.
- Domain vetting metadata: list of DNS domains you ask 3SR to register, DNS TXT validation records exchanged during validation. Retention : duration of the SSL Managed subscription + 1 year.
1.3 Other data outside your tenant
- Marketplace lead capture: name, company, email, phone (optional). Stored in 3SR's Azure storage in EU. Used to follow up on enquiries. Retention: 5 years.
- Support emails at support@3sr.fr: your email + content. Stored on 3SR's Microsoft 365. Retention: 7 years.
- Operational notifications (renewal completed, certificate about to expire) sent to the contact email you provided to 3SR. Retention: 1 year.
2. Cookies and tracking
SSL Managed uses no cookies. This public website (marketplace.3sr.fr) uses no third-party trackers and no cookies.
3. Third-party services and Certificate Authority
3SR uses GlobalSign Managed SSL as the Certificate Authority for all SSL Managed certificate issuances and renewals. 3SR operates an internal API relay that authenticates against GlobalSign on the Customer's behalf. The following data is shared with GlobalSign for the purposes of certificate issuance:
- Organization vetting documents (KBIS, etc.)
- Domain DNS information (for domain validation)
- Common Names (CN) and Subject Alternative Names (SAN) of certificates to issue
GlobalSign is GMO GlobalSign K.K., a Japanese certificate authority with European subsidiaries. Refer to GlobalSign's privacy notice : https://www.globalsign.com/en/repository/globalsign-privacy-policy.
No third party other than GlobalSign and the Microsoft services listed in §6 receives any Customer data.
4. Legal basis (GDPR Art. 6)
- Lead capture & support: contractual interest + your explicit action
- Operational notifications: necessity for the service you contracted
5. Your rights (GDPR)
Right to access, rectification, erasure, restriction, objection, portability. Contact dpo@3sr.fr — response within 30 days.
6. Subprocessors
| Service | Role | Location |
|---|---|---|
| GMO GlobalSign K.K. (GlobalSign Managed SSL) | Certificate Authority — vetting and certificate issuance | EU presence (BE, UK), parent JP. Standard Contractual Clauses applicable for non-EU transfers. |
| Microsoft Azure (West Europe / France Central) | Lead capture infrastructure | EU |
| Microsoft 365 | Email + ticketing | EU |
GlobalSign processes vetting documents and certificate issuance metadata as a separate data controller for its CA records (legal CA obligation). For Customer-specific data (CN list, contact email), GlobalSign acts as a subprocessor of 3SR.
7. Security
- 3SR systems use Microsoft Entra ID + MFA enforced
- 3SR personnel accessing customer Key Vaults are limited to a named operations team with audit logs (7 years)
- Certificate operations logged in your Key Vault audit logs (you control retention)
8. Changes to this policy
Material changes announced via support@3sr.fr.
9. Complaints
French Data Protection Authority (CNIL) — https://www.cnil.fr.
10. Contact
3SR — 228 Boulevard de la République, 33510 Andernos-les-Bains, France. Privacy: dpo@3sr.fr · General: support@3sr.fr