Last Updated: 04/28/2020

The purpose of this document is to address relevant topics and questions linked to GDPR and how it influences Traffic Armor's customers.

It's given in an understandable FAQ format and references relevant documents.

What is the GDPR?

Passed in 2016, the new General Data Protection Regulation (GDPR) is the single most significant legislative change in EU data protection laws that replaced the 1995 EU Data Protection Directive on May 25th, 2018. It seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual's personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

Traffic Armor supports the GDPR principles of protecting the fundamental right of privacy for European citizens.

Who does the GDPR apply to?

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual's name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual's IP address - when it can be related to a person).

What is Traffic Armor's role under GDPR?

Traffic Armor acts as a data processor under the GDPR. In a nutshell, Traffic Armor's customers own the data and Traffic Armor processes it in their behalf.

What personal data does Traffic Armor collect from its customers?

Traffic Armor stores data that customers have given voluntarily. For example, Traffic Armor may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for click fraud protection services or seek support help. Traffic Armor may also collect other identifying information from it's customers, such as IP address.

What other personal data does Traffic Armor collect?

As a data processor, Traffic Armor collects and stores data on persons and bots that visit Traffic Armor's customers' website(s); including:

- Operating System and OS version
- Browser and Browser version
- IP address and GEO-location information based on the recorded IP address
- Browser and Browser version
- Time spent on site
- Browser fingerprint (hashed)
- User Agent
- HTTP Request Header
- HTTP Request Parameters
- Device ID
- Request time
- Unique Identifier (UID) generated by us

Our platform does not collect any data which by itself identifies an individual such as a name, address, phone number, email address. We also do not collect any "sensitive" or "special categories of personal data" as defined under the European data protection laws as well as personal data of children as defined in Applicable laws.

What is Traffic Armor Data Processing Agreement (DPA)?

Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Traffic Armor Data Processing Agreement outlines the privacy and security protections in place at Traffic Armor.

Are customers required to sign / accept Traffic Armor DPA?

In order to use Traffic Armor services, customers need to accept the DPA, which is provided with a link on our website: Data Processing Agreement. By agreeing to Traffic Armor's Terms of Service, customers are automatically accepting the DPA and do not need to sign a separate document.

Can customers share the Traffic Armor DPA with their customers?

Yes. DPA is a publicly available document and customers who wish to share it with their customers to confirm Traffic Armor security measures and other relevant terms may freely do so.

Does Traffic Armor store data outside EU?

The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria. Traffic Armor provides a level of protection of privacy that complies with the EU rules. To confirm this, Traffic Armor will certify the company under the Privacy Shield.

How does Traffic Armor handle delete-instructions from customers?

Data collected by Traffic Armor as a data processor is periodically removed, based on the "Data Retention" section of our Terms of Service. If right to erasure applies, have the ability to remove or delete personal information they have shared with Traffic Armor by making an explicit request. Likewise, customers may deactivate their account and request that all personal data Traffic Armor has collected and stored is deleted.

"To prevent fraudulent removal requests", we may need to further verify the identity of a person making the request; including, but not limited to, document verification.

How can a customer view and download content from Traffic Armor services?

Customers can export their Traffic Armor data in CSV file format within Traffic Armor application dashboard. Additionally, the data can be provided per written request.