GDPR

FraudScore's main goal is to provide its customers and partners with fully transparent approach to the users' personal data processing. As on May 25, 2018, the General Data Protection Regulation (GDPR) was officially updated and implemented by the European Union, FraudScore is committed to support its clients in the issues of GDPR compliance.

GDPR: what is it and how FraudScore customers are affected?

The General Data Protection Regulation or GDPR is a state law that is devoted to implement new modern regulations to data privacy – basically, to all the issues that are connected with users' personal data processing. This applies to any company that collects and processes personal data of users in the EU. And it doesn't matter if the company has offices or anyhow is physically presented in the European Union – if the company deals with and processes personal data of EU users it must comply with GDPR.

Data Controllers and Data Processors – compliance with GDPR is a shared responsibility

FraudScore is committed to GDPR compliance as Data Processor for its Respectful Customers. How is FraudScore ready to GDPR adherence?

Data Collection, Retention Policies, Data Deletion Process:

We enable our users at the account level to:

• download their personal data;
• stop using their personal data;
• delete all their personal and users data.

With data minimization principles in mind, we've made the following changes:

• All Stats Report will have a 3-month rolling retention period.

The measures that are required by articles 17, 30 and art. 32 para. 4 GDPR include:

• Physical access control

  Measures to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related hardware), where data are processed, including: Hetzner Sicherheit

• Access restriction mechanisms

  Measures to prevent data processing systems from being used by unauthorized persons, including: authorization using password protected keys with regular rotation; access limit by IP's.

• Data access control

  Measures to ensure that persons entitled to use a data processing system gain access only to such Personal Data in accordance with their access rights, and that Personal Data cannot be read, copied, modified or deleted without authorization, including: Personal data physically divided into parts with same-level access.

• Communication and transport control

  Measures to ensure that data cannot be read, copied, modified or deleted without authorization during electronic transmission, including: We use encrypted data transmission only (HTTPS, IPSec).

• Entry control

  Measures to monitor whether data have been entered, changed or removed (deleted), and by whom, from data processing systems via logging and reporting capabilities, including: All data operations are logged. Each journal record signed with chained checksum.

• Processing control

  The following measures to ensure that data are processed solely in accordance with the instructions of the Controller, including: Audit control by Controller.

• Availability control

  Measures to ensure that Personal Data are protected against accidental destruction or loss (physical/logical), including: replication; backups; storage hardware mirroring (RAID).

• Separation control

  Measures to ensure that the collected data can be processed separately for different purposes, including: Collected data saved "as-is" and can be converted for different purposes at any time.

Updated Documentation

We updated our Terms of Use and Privacy Policy.

For more on our GDPR compliance, get in contact with our privacy team — sales@fraudscore.mobi.