Privacy Shield Notice
Effective: 28 January, 2019
RedShield Security US LLC (“RedShield”, “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shields”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. For more information on the Privacy Shields, visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome. Our certification can be found at https://www.privacyshield.gov/list.
We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is conflict between the Privacy Shields and our policies (including this notice), the principles of the Privacy Shields shall govern where applicable.
ScopeRedShield adheres to the principles of the Privacy Shields with respect to personal data provided by:
(i) visitors to the RedShield website and portal,
(ii) users of our services (i.e. subscribers to our shielding plans), and
(iii) information collected from visitors to the web applications of our subscribers.
RedShield performs a proxy function for information controlled by our subscribers, it’s our subscribers and their users who control the content transmitted across the RedShield network. RedShield transmit, route, switch or cache information on behalf of our subscribers. Traffic identified as malicious is recorded for investigation, should this be warranted, occasionally genuine application traffic is mis-diagnosed in this way.
Information ProcessedRedShield provides application protection and security services that subscribers utilise to improve and protect their web assets. Services include the following:
– Content Delivery Network (CDN),
– DoS and DDoS protection,
– Web Application Firewall,
– SSL certificate management
In the process of consuming our services information may be gathered regarding interactions with our subscriber web applications. RedShield does not solicit the collection of this information, however this data may include sensitive information, for example contact information, IP addresses, and security information.
Purposes of Data ProcessingRedShield processes data submitted to our subscribers web applications by Internet users, for the purpose of providing the security shielding service, in this way personal data may be processed by the shielding solution.
Processing of these traffic streams allows RedShield to assess the exchange and to address any identified technical and security issues.
Employee DataRedShield may process human resources data of existing, potential or former employees to enable our employment relationship under the EU-U.S. Privacy Shield Framework.
RedShield commits to cooperate with European data protection authorities and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.
Choices to Limit Information Use
Should there be a requirement to disclose your personal information to a third party you will be consulted, and have an opportunity to opt out.
Your agreement will be sought prior to disclosing your information to a third party, or if the information we hold is to be used for a purpose that is materially different from the purpose(s) for which it was originally collected.
Enquiries and ComplaintsIn the instance that you believe that RedShield retains copies of your personal information that falls within the scope of the Privacy Shields, you can send queries to email@example.com. RedShield will respond to your enquiry within 30 days of receipt and verification of your identity.
Should you have an unresolved privacy or data use concern that you feel we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (this is free of charge) at https://www.jamsadr.com/about/submit-a-case.
If neither we nor our dispute resolution provider are able to resolve your complaint, as a last resort you may engage in binding arbitration through the Privacy Shield Panel.
Third Parties and Personal Data AccessIn the course of providing the shielding service RedShield use a limited number of third party services. These third parties provide services such as billing solutions, customer support, hosting, and other technical operations. These third parties may access, process, or store personal data in the course of providing their services.
We maintain contracts with these third parties and restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, we may be liable for such parties if they fail to meet these obligations.
RedShield’s core business depends on the security of the communications between our users and customers, as such RedShield will never use or share your personal information in ways unrelated to the direct provision of the services we provide. RedShield do not provide personal information to any third parties for marketing purposes.
Data Access RightsPersons located in the European Union, EEA, or Switzerland, have the right to access personal data that we hold about them. RedShield take their privacy obligations seriously, and have made stated commitments to uphold those rights.
Should you believe that we hold such data about you please contact us at firstname.lastname@example.org and we will address your requirements, whether this is correcting, deleting, or limiting RedShield’s use of this information. We have tested processes in place that facilitate the identification and removal of personal data, once identified, from our systems.