NS8 Solutions Data Protection Policy

Effective Date: 03-19-2019

NS8, Inc. ( "NS8" or "We") offers abuse, fraud and user experience protection solutions (" Services") to its customers. These Services rely on the analysis of (abnormal) behavior on our customers' behavior on our customers' websites and platforms which we may compare with and test against historical data in our database. Generally speaking, this is technical data which we cannot trace back to individuals. Security and data protection however are the cornerstone of our solutions and we wish to be fully transparent about our Services. Therefore, insofar our Services process personal data, this data protection policy ("Data Protection Policy") applies and provides more information.

1. THE INFORMATION WE COLLECT

As mentioned above, most of our data has a technical nature and is collected and processed automatically through scripts, cookies and similar technologies. The data covered in this Data Protection Policy ("Data") includes:

  • Device data: including data on devices and machine IDs, operating systems, MAC addresses and similar hardware qualifiers.
  • Websites, applications and browsers: including data on the existence, characteristics and behavior of websites, applications and browsers (e.g., browser type, version, language, preferences).
  • Network and internet information: including URLs, IP addresses, bounce rates, use of spoofing, active (TCP/IP) ports, originating search engine, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
  • Information obtained from our customers: including transaction and limited (non-PCI) payment data, offenses, marketing medium and other feedback data.
  • We obtain information from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law.

2. HOW WE USE THE DATA

The Data we collect is primarily processed for and on behalf of our customers and used to provide our abuse, fraud and user experience protection solutions on their websites, platforms and applications. In providing our Services, we obtain feedback Data from our customers which are added to our database. We process and use this Data for the legitimate interests of our Customers, their bonafide end-users and of us providing our Services, preventing fraud and abuse (including identity and credit card fraud) and securing online websites and environments.

We maintain commercially reasonable risk-based security and data protection enhancing measures, which include end-to-end encryption for the movement of data and encryption for data at rest. For more information on our security practices, please review our Security Policy at https://www.ns8.com/en-us/policies/security.

In addition to the above, we use the Data in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, for example, in connection with legal claims, compliance, regulatory, investigative purposes. This may include sharing the Data with third parties, such as governmental authorities or law enforcement officials.

3. WITH WHOM WE SHARE THE DATA

Our Data is hosted and processed through various hosting providers, including Amazon's AWS. In addition to that, the Data is shared and/or processed by IT service providers for networking and communications (such as Intercom.io, Salesforce.com), and analytical purposes (such as Google).

For service providers and third parties outside of the EEA that are not subject to an adequacy decision from the EC we rely on the aforementioned EU model clauses, their EU-US Privacy Shield Certification and the Binding Corporate Rules they may have adopted. If you wish to hear more about these safeguards, please contact us through the details further below.

4. THIRD PARTY PRACTICES

Our Services are set up in such way that they allow our customers a great deal of control of any (further) use of the Services and Data. As our customers exercise such control and can use and implement the Solutions to their liking (as detailed in their contract with us), we are not responsible for any further use of our Services and Data (including the combination of our Data with other information) by our customers. If you would like to have more information on how the Services and Data are used by our customers, we invite you to read their respective data protection notices and/or contact them directly.

5. INDIVIDUAL RIGHTS

As mentioned above, though much of the data we hold is technical data, some of this data could potentially be linked to an individual. Where this is the case, individuals are entitled to ask us for an overview of the personal data we have about them and also to correct or delete certain personal data, restrict processing of their personal data, or to ask us to transfer some of personal data to other organizations. Certain individuals can also object to some processing of their personal data and, where we have asked for their consent, they can withdraw their consent at any time. Insofar their personal data is processed, certain individuals also have a right to know more about the protection we apply when transferring personal data to non-EEA countries (see par. 3).

Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required by law to maintain the information. Also, once we have disclosed information to third parties, we cannot guarantee the deletion or modification of such information by such third parties. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.

Where applicable, these rights can be exercised by sending us an email through the contact details further below. Furthermore, in the event individuals have unresolved data protection concerns, they have the right to contact their local data protection authority. We are committed to compliance with the General Data Protection Regulation (“GDPR”) where applicable, so please contact us through the details listed below if you have any questions about these rights.

6. DATA RETENTION

Insofar the Data contains or qualifies as personal data, such personal data is only kept for as long as needed for the purposes described in this Data Protection Policy and for our legitimate business purposes, after which it is scrubbed, anonymized or obfuscated as soon as possible unless otherwise required by applicable legislation. This typically happens within 1 year after initial collection of such personal data for the Company’s “Protect” offerings. Historical data (utilized for the Company’s TrueStats offering) will typically lose value after 2 years and will be reconsidered and purged where needed.

7. CHANGES TO THE PRIVACY POLICY

This Data Protection Policy may change from time to time, effective from the date mentioned in the updated version of the Data Protection Policy. Please check this website periodically to review such changes in the Data Protection Policy.

8. GOVERNING LAW

This Data Protection Policy shall be governed by and construed in accordance with the laws of the state of Nevada (unless otherwise required by any laws, regulations and/or directives which are applicable to your country of origin).

9. CONTACT US

E-mail:
support@ns8.com

Data protection officer (David Hansen):
compliance@ns8.com

NS8 Inc
241 W Charleston Blvd, Suite 111
Las Vegas, NV 89102
Attn: Data Protection Officer

NS8’s representative in the EU is:

NS8 B.V.
Weesperstraat 61
1018 VN Amsterdam, Netherlands
Attn: Managing Director