Privacy Shield Notice
Effective: 28 January, 2019
RedShield Security Limited (“RedShield”, “we”, “us” or “our”) has certified our shielding services, for which we act as a data processor, under both the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shields”). For more information on the Privacy Shields, visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome. Our certification can be found at https://www.privacyshield.gov/list.
We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is conflict between the Privacy Shields and our policies (including this notice), the principles of the Privacy Shields shall govern where applicable.
RedShield adheres to the principles of the Privacy Shields with respect to personal data provided by:
(i) visitors to the RedShield website and portal,
(ii) users of our services (i.e. subscribers to our shielding plans), and
(iii) information collected from visitors to the web applications of our subscribers.
RedShield performs a proxy function for information controlled by our subscribers, it’s our subscribers and their users who control the content transmitted across the RedShield network. RedShield transmit, route, switch or cache information on behalf of our subscribers. Traffic identified as malicious is recorded for investigation, should this be warranted, occasionally genuine application traffic is mis-diagnosed in this way.
RedShield provides application protection and security services that subscribers utilise to improve and protect their web assets. Services include the following:
- Content Delivery Network (CDN),
- DoS and DDoS protection,
- Web Application Firewall,
- SSL certificate management
In the process of consuming our services information may be gathered regarding interactions with our subscriber web applications. RedShield does not solicit the collection of this information, however this data may include sensitive information, for example contact information, IP addresses, and security information.
Purposes of Data Processing
RedShield processes data submitted to our subscribers web applications by Internet users, for the purpose of providing the security shielding service, in this way personal data may be processed by the shielding solution.
Processing of these traffic streams allows RedShield to assess the exchange and to address any identified technical and security issues.
RedShield may process human resources data of existing, potential or former employees to enable our employment relationship under the EU-U.S. Privacy Shield Framework.
RedShield commits to cooperate with European data protection authorities and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.
Enquiries and Complaints
In the instance that you believe that RedShield retains copies of your personal information that falls within the scope of the Privacy Shields, you can send queries to email@example.com. RedShield will respond to your enquiry within 30 days of receipt and verification of your identity.
Should you have an unresolved privacy or data use concern that you feel we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (this is free of charge) at https://www.jamsadr.com/about/submit-a-case.
Further arbitration support, should it be required, is available through the Privacy Shield Panel.
Third Parties and Personal Data Access
In the course of providing the shielding service RedShield use a limited number of third party services. These third parties provide services such as billing solutions, customer support, hosting, and other technical operations. These third parties may access, process, or store personal data in the course of providing their services.
We maintain contracts with these third parties and restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, we may be liable for such parties if they fail to meet these obligations.
RedShield's core business depends on the security of the communications between our users and customers, as such RedShield will never use or share your personal information in ways unrelated to the direct provision of the services we provide. RedShield do not provide personal information to any third parties for marketing purposes.
Data Access Rights
Persons located in the European Union, EEA, or Switzerland, have the right to access personal data that we hold about them. RedShield take their privacy obligations seriously, and have made stated commitments to uphold those rights.
Should you believe that we hold such data about you please contact us at firstname.lastname@example.org and we will address your requirements, whether this is correcting, deleting, or limiting RedShield's use of this information. We have tested processes in place that facilitate the identification and removal of personal data, once identified, from our systems.
RedShield's commitment under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. As such, we may be required to disclose personal data in response to lawful requests. Under these circumstances, we may be prohibited by law or other legal process from providing notice of disclosure.