GDPR
General Data Protection Regulation (GDPR) Policy
Date Last Updated: 1 September, 2024
Introduction
The objective of this document is to comprehensively address the various aspects and concerns related to the General Data Protection Regulation (GDPR) and its implications for MaxGuard and its valued clients. Presented in a structured Frequently Asked Questions (FAQ) format, this policy aims to provide clear guidance while referencing authoritative publications that offer insights into GDPR compliance.
Definition and Significance of the GDPR
The General Data Protection Regulation (GDPR) represents a transformative legal framework that came into effect on May 25, 2018, superseding the 1995 EU Data Protection Directive. This monumental reform serves as the cornerstone of data protection legislation within the European Union (EU), encompassing a wide range of essential provisions aimed at strengthening the security and safeguarding of personal data. The GDPR strives to establish a harmonized, comprehensive, and uniform set of regulations applicable across all EU member states.
Fundamental Principles and Scope
The GDPR enforces rigorous rules governing the collection, usage, and disclosure of personal information. It imposes strict obligations on businesses, mandating them to process personal data in a manner that is fair, transparent, and lawful. Key among these obligations is the empowerment of individuals to exercise their legal rights concerning their personal data, such as the right to access, rectify, and erase their data. Additionally, organizations are required to implement robust security measures to ensure the protection of the personal data they process.
Applicability of the GDPR
The GDPR is applicable not only to EU-based entities and individuals but also to non-EU entities and individuals who process the personal data of EU residents. The definition of personal data under the GDPR is broad, encompassing any information that relates to an identified or identifiable natural person. This definition encompasses both obvious personal identifiers, such as names and contact details, as well as indirect identifiers that can be used to identify an individual, including IP addresses when they can be linked to a specific person.
MaxGuard's Role and Responsibilities
In the context of the GDPR, MaxGuard operates as a data processor, diligently processing personal data on behalf of our esteemed clients who act as data controllers. Our role is to execute the instructions provided by our clients while ensuring compliance with the GDPR’s stringent requirements.
Types of Personally Identifiable Information Collected by MaxGuard
MaxGuard collects personally identifiable information (PII) that is willingly provided by our valued customers. When clients engage our click fraud prevention services or seek assistance, we may gather and retain contact information such as names, email addresses, phone numbers, and physical addresses. Additionally, as part of our services, MaxGuard may collect other identifiable data from our clients, including IP addresses.
Moreover, as a data processor, MaxGuard accumulates and maintains information regarding individuals and bots that visit the websites of our clients. This information encompasses details such as operating system specifications, IP addresses (accompanied by geolocation data based on the recorded IP addresses), browser information, duration of site visits, browser fingerprints (hashed representations), user agent data, HTTP request headers and parameters, device identifiers, request times, and unique identifiers (UIDs) generated by our systems.
Importantly, it should be noted that MaxGuard does not collect personally identifiable information such as names, addresses, phone numbers, or email addresses through our platform. Furthermore, we strictly adhere to European data protection regulations and do not gather sensitive or special categories of personal data as defined by such regulations. Moreover, we refrain from intentionally collecting personal data of children as outlined in applicable legislation.
MaxGuard's Data Processing Agreement (DPA)
As organizations processing personal data of EU residents, MaxGuard and our valued clients have an obligation to uphold privacy and security standards set forth by the GDPR. To fulfill this obligation, it is essential for companies to ensure that their chosen data processors maintain appropriate privacy and security safeguards. The MaxGuard Data Processing Agreement (DPA) outlines the specific measures and commitments we undertake to protect personal data in accordance with GDPR requirements.
Acceptance and Approval of MaxGuard's DPA
In order to utilize MaxGuard’s services, clients are required to accept and approve the Data Processing Agreement (DPA). This acceptance can be completed by clicking the provided link on our website, thereby acknowledging compliance with the terms of the DPA. We aim to streamline this process, eliminating the need for additional paperwork or formal agreements.
Sharing the MaxGuard DPA with Clients
MaxGuard’s Data Processing Agreement is an openly accessible document that can be shared with clients without any restrictions. Clients are encouraged to share the DPA with their own clients as a means to verify MaxGuard’s adherence to security measures and other pertinent conditions.
Data Storage and Transfers
The GDPR enforces restrictions on the transfer of personal data outside the EU, requiring compliance with specific conditions for transferring personal data to non-EU recipients. MaxGuard acknowledges the importance of privacy protection and ensures alignment with EU regulations. To demonstrate our commitment, MaxGuard will obtain certification under the Privacy Shield framework, substantiating our compliance with EU data protection requirements.
Handling Customer Deletion Requests
MaxGuard diligently follows the principles outlined in our Terms of Service regarding data retention. As a responsible data processor, we regularly erase data collected on behalf of our clients. Users have the right to request the deletion or erasure of any personal information they have provided to MaxGuard. Additionally, customers retain the ability to cancel their accounts and request the permanent deletion of any personal data collected and stored by MaxGuard.
To prevent fraudulent removal requests, it may be necessary for MaxGuard to verify the identity of the person making the request, which may involve additional measures such as document verification.
Accessing and Downloading Content from MaxGuard Services
MaxGuard provides users with convenient methods to access and download their data. Users can export their MaxGuard data in CSV format through the application dashboard. Additionally, users have the option to request access to their data in writing, and we will endeavor to accommodate such requests promptly.
Conclusion
MaxGuard values the trust our clients place in us, and we are fully committed to safeguarding their privacy and complying with the GDPR and other relevant data protection regulations. This comprehensive GDPR Policy aims to provide clear guidance on how MaxGuard handles personal data, ensures security measures, and respects individual rights. For any inquiries or concerns regarding this policy or our privacy practices, please do not hesitate to contact MaxGuard’s Privacy Office using the provided contact details.
MaxGuard Privacy Office:
Email: privacy@maxguard.io
At MaxGuard, we prioritize the protection of your personal data and strive to provide you with meaningful choices and transparency in the handling of your information.
