How we protect your rights under European privacy law
At Shieldz, we're committed to ensuring compliance with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area (EEA).
This page provides detailed information about how we adhere to GDPR principles and how you can exercise your rights under this regulation. This GDPR Compliance policy should be read together with our Privacy Policy, which provides more general information about how we collect, use, and protect personal data.
We adhere to the following GDPR principles when processing personal data:
Under GDPR, we process personal data only when we have a legal basis to do so. The legal bases we rely on include:
We process personal data to fulfill our contractual obligations to you, such as providing our licensing services, managing your account, and processing payments.
We process personal data for our legitimate interests, such as improving our services, preventing fraud, and ensuring the security of our platform. We balance our interests against your rights and interests to ensure that our processing is fair and proportionate.
In some cases, we process personal data based on your explicit consent, such as for marketing communications. You have the right to withdraw this consent at any time.
We process personal data to comply with legal obligations, such as tax and regulatory requirements.
| Type of Data | Legal Basis | Purpose |
|---|---|---|
| Account information (name, email, company) | Contract | To provide our services and manage your account |
| Payment information | Contract, Legal Obligation | To process payments and comply with financial regulations |
| Hardware ID (HWID) | Contract, Legitimate Interest | To verify licenses and prevent unauthorized use |
| IP address | Legitimate Interest | To prevent fraud and secure our platform |
| Usage data | Legitimate Interest | To improve our services and user experience |
| Marketing preferences | Consent | To send promotional communications |
As a data subject in the European Union or European Economic Area, you have certain rights regarding your personal data:
You have the right to obtain confirmation about whether we process your personal data and to receive a copy of your personal data that we hold.
You have the right to have inaccurate personal data rectified and incomplete personal data completed.
Under certain circumstances, you have the right to have your personal data erased (the "right to be forgotten").
You have the right to restrict the processing of your personal data under certain conditions.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You have the right to object to the processing of your personal data under certain conditions.
You can exercise your rights by:
We will respond to your request within one month, though in certain complex cases or if we receive a large volume of requests, we may extend this period by up to two additional months. We will inform you if such an extension is necessary.
If you're not satisfied with our response, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
As a global company, we may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your personal data.
Where possible, we transfer data to countries that have been recognized by the European Commission as providing adequate protection for personal data.
For transfers to countries without an adequacy decision, we implement the European Commission's Standard Contractual Clauses, which provide appropriate safeguards for the transfer of personal data.
For transfers to the United States, we may rely on the EU-US Privacy Shield Framework for organizations that have certified their compliance.
Where our processing activities involve high risks to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize those risks. Our DPIAs consider:
We have robust procedures in place to detect, investigate, and report data breaches:
We have appointed a Data Protection Officer (DPO) responsible for overseeing our compliance with GDPR. You can contact our DPO if you have any questions or concerns about our processing of your personal data:
Address: 123 Security Lane, Suite 456, San Francisco, CA 94105, USAWe implement the principles of "privacy by design" and "privacy by default" in our systems and processes:
These principles are embedded in our development processes, product features, and organizational practices.
We ensure that all our employees understand the importance of data protection and their responsibilities under GDPR:
We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or to comply with regulatory requirements. When we make changes, we will update the "Last Updated" date at the top of this policy and notify you through a service notification or other reasonable means. Your continued use of our services after the changes take effect constitutes your acceptance of the revised policy.
If you have any questions, concerns, or requests regarding this GDPR Compliance Policy or our data protection practices, please contact our Data Protection Officer at: