Privacy Shield Notice

Effective: 28 January, 2019


Introduction

RedShield Security US LLC (“RedShield”, “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shields”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. For more information on the Privacy Shields, visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome. Our certification can be found at https://www.privacyshield.gov/list.


We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is conflict between the Privacy Shields and our policies (including this notice), the principles of the Privacy Shields shall govern where applicable.


Scope

RedShield adheres to the principles of the Privacy Shields with respect to personal data provided by:


(i) visitors to the RedShield website and portal,
(ii) users of our services (i.e. subscribers to our shielding plans), and
(iii) information collected from visitors to the web applications of our subscribers.


RedShield performs a proxy function for information controlled by our subscribers, it’s our subscribers and their users who control the content transmitted across the RedShield network. RedShield transmit, route, switch or cache information on behalf of our subscribers. Traffic identified as malicious is recorded for investigation, should this be warranted, occasionally genuine application traffic is mis-diagnosed in this way.


Information Processed

RedShield provides application protection and security services that subscribers utilise to improve and protect their web assets. Services include the following:


- Content Delivery Network (CDN),
- DoS and DDoS protection,
- Web Application Firewall,
- SSL certificate management


In the process of consuming our services information may be gathered regarding interactions with our subscriber web applications. RedShield does not solicit the collection of this information, however this data may include sensitive information, for example contact information, IP addresses, and security information.


Purposes of Data Processing

RedShield processes data submitted to our subscribers web applications by Internet users, for the purpose of providing the security shielding service, in this way personal data may be processed by the shielding solution.

Processing of these traffic streams allows RedShield to assess the exchange and to address any identified technical and security issues.


Employee Data

RedShield may process human resources data of existing, potential or former employees to enable our employment relationship under the EU-U.S. Privacy Shield Framework.

RedShield commits to cooperate with European data protection authorities and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.


Enquiries and Complaints

In the instance that you believe that RedShield retains copies of your personal information that falls within the scope of the Privacy Shields, you can send queries to privacy@redshield.co. RedShield will respond to your enquiry within 30 days of receipt and verification of your identity.


Should you have an unresolved privacy or data use concern that you feel we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (this is free of charge) at https://www.jamsadr.com/about/submit-a-case.


Further arbitration support, should it be required, is available through the Privacy Shield Panel.


Third Parties and Personal Data Access

In the course of providing the shielding service RedShield use a limited number of third party services. These third parties provide services such as billing solutions, customer support, hosting, and other technical operations. These third parties may access, process, or store personal data in the course of providing their services.


We maintain contracts with these third parties and restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, we may be liable for such parties if they fail to meet these obligations.


RedShield's core business depends on the security of the communications between our users and customers, as such RedShield will never use or share your personal information in ways unrelated to the direct provision of the services we provide. RedShield do not provide personal information to any third parties for marketing purposes.


Data Access Rights


Persons located in the European Union, EEA, or Switzerland, have the right to access personal data that we hold about them. RedShield take their privacy obligations seriously, and have made stated commitments to uphold those rights.


Should you believe that we hold such data about you please contact us at privacy@redshield.co and we will address your requirements, whether this is correcting, deleting, or limiting RedShield's use of this information. We have tested processes in place that facilitate the identification and removal of personal data, once identified, from our systems.


Required Disclosure

RedShield's commitment under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. As such, we may be required to disclose personal data in response to lawful requests. Under these circumstances, we may be prohibited by law or other legal process from providing notice of disclosure.