NS8 Solutions Data Protection Policy

Effective Date: 05-25-2018

NS8, Inc. ( "NS8" or "We") offers abuse, fraud user experience protection solutions (" Services") to its customers. These Services rely the analysis of (abnormal) behavior on our customers' websites and platforms which we may compare with and test against historical data in our database. Generally speaking, this is technical data which we cannot trace back to individuals. Security and data protection however are the cornerstone of our solutions and we wish to be fully transparent about our Services. Therefore, insofar our Services process personal data, this data protection policy (" Data Protection Policy") applies and provides more information.

1. THE INFORMATION WE COLLECT

As mentioned above, most of our data has a technical nature and is collected and processed automatically through scripts, cookies and similar technologies. The data covered in this Data Protection Policy (" Data") includes:

  • Device data: including data on devices and machine IDs, operating systems, MAC addressess and similar hardware qualifiers.
  • Websites, applications and browsers: including data on the existence, characteristics and behavior of websites, applications and browsers (e.g., browser type, version, language, preferences).
  • Network and internet information: including URLs, IP addresses, bounce rates, use of spoofing, active (TCP/IP) ports, originating search engine, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
  • Information obtained from our customers: including transaction and payment data, offences, marketing medium and other feedback data.
  • Information from third-party sources: We obtain information from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law.

2. HOW WE USE THE DATA

The Data we collect is primarily processed for and on behalf of our customers and used to provide our abuse, fraud user experience protection solutions on their websites, platforms and applications. In providing our Services, we obtain feedback Data from our customers which are added to our database. We process and use this Data for the legitimate interests of our Customers, their bonafide end-users and of us providing our Services, preventing fraud and abuse (including identity and credit card fraud) and securing online websites and environments. We have taken extensive security and data protection enhancing measures, which include end-to-end encryption, anonymization, aggregation, tokenization and pseudonymisation of Data and the use of projection and differential privacy techniques.

In addition to the above, we use the Data in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, for example, in connection with legal claims, compliance, regulatory, investigative purposes. This may include sharing the Data with third parties, such as governmental authorities or law enforcement officials.

3. WITH WHOM WE SHARE THE DATA

Our Data is hosted and processed through various hosting providers, including Amazon's AWS, Microsoft's Azure, Rackspace. In addition to that, the Data is shared and/or processed by IT service providers for networking and communications (such as Intercom.io), security such as Fox IT) and analytical purposes (such as Google).

For service providers and third parties outside of the EEA that are not subject to an adequacy decision from the EC ( read more here) we rely on the aforementioned EU model clauses, their EU-US Privacy Shield Certification ( read more here) and the Binding Corporate Rules they may have adopted ( read more here). If you wish to hear more about these safeguards, please contact us through the details further below.

4. THIRD PARTY PRACTICES

Our Services are set up in such way that they allow our customers with a great deal of control of any (further) use of the Services and Data. As our customers exercise such control and can use and implement the Solutions to their liking (as detailed in their contract with us), we are not responsible for any further use of our Services and Data (including the combination of our Data with other information) by our customers. If you would like to have more information on how the Services and Data are used by our customers, we invite you to read their respective data protection notices and/or contact them directly.

5. INDIVIDUAL RIGHTS

As mentioned above, though much of the data we hold is technical data, some if this data could potentially be linked to an individual. Where this is the case, individuals are entitled to ask us for an overview of the personal data we have about them and also to correct or delete certain personal data, restrict processing of their personal data, or to ask us to transfer some of personal data to other organisations. Individuals can also object to some processing of their personal data and, where we have asked for their consent, they can withdraw their consent at any time. Insofar their personal data is processed, individuals also have a right to know more about the protection we apply when transferring personal data to non-EEA countries (see par. 3). These rights can be exercised by sending us an email through the contact details further below. Furthermore, in the event individuals have unresolved data protection concerns, they have the right to contact their local data protection authority.

Please note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.

6. DATA RETENTION

Insofar the Data contains or qualifies as personal data, such personal data is only kept for as long as needed for the purposes described in this Data Protection Policy, after which it is scrubbed, anonymized or obfuscated as soon as possible. This typically happens within 90 days after initial collection of such personal data. Historical data will typically lose value after 2 years and will be reconsidered and purged where needed.

7. CHANGES TO THE PRIVACY POLICY

This Data Protection Policy may change from time to time, effective from the date mentioned in the updated version of the Data Protection Policy. Please check this website periodically to review such changes in the Data Protection Policy.

8. GOVERNING LAW

This Data Protection Policy shall be governed by and construed in accordance with the laws of the state of Nevada (unless otherwise required by any laws, regulations and/or directives which are applicable to your country of origin).

9. Contact US

E-mail:
support@ns8.com

Data protection officer (David Hansen):
compliance@ns8.com

Adress:

NS8 Inc
241 W Charleston Blvd, Suite 111
Las Vegas, NV 89102
Attn: NS8 Contract Administrator