Privacy and Compliance

Privacy and Compliance Policies

DOSarrest Internet Security Ltd ensures your privacy information is not sold or distributed to any other companies or organizations.

What information do we collect?
We collect information for you when you register on our site or fill out a form.
When ordering or registering on our site, as appropriate, you may be asked to enter your: name or e-mail address. You may, however, visit our site anonymously.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

To personalize your experience (your information helps us to better respond to your individual needs)

To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)

To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)

To process transactions

Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested by the customer.

To send periodic emails

The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving updates, related product or service information, etc.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties you personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or other rights, property, or safety.

DOSarrest is PCI DSS Level 1 certified and undergoes auditing yearly by a qualified QSA inspector

DOSarrest is fully GDPR Compliant

DOSarrest Data Processing and GDPR

The General Data Protection Regulation (‘GDPR’) replaces the EU Data Protection Directive. Designed to protect the privacy of EU residents, the GDPR gives control of Personal data back to the data subjects and applies to anyone dealing with private information of residents of the EU regardless of what country the data recipient is in.

We take data protection and privacy issues very seriously and are committed to providing services that meet or exceed the requirements of industry recognized regulations. The following outlines DOSarrest’s data processing as it applies to the GDPR. Where pertinent, specific GDPR articles are referenced below.

Terms

‘PERSONAL DATA’ refers to any data relating to an identifiable person, either directly or indirectly - GDPR Art 4(1).

‘PROCESSING’ refers to any operations performed on PERSONAL DATA including, but not limited to, collection, consultation, or transmission - GDPR Art 4(2).

‘CONTROLER’ refers to a party who solely or jointly determines the purpose and means of processing PERSONAL DATA - GDPR Art 4(7).

‘PROCESSOR’ refers to any party which processes PERSONAL DATA on behalf of a CONTROLLER - GDPR Art 4(8).

‘END USER DATA’ refers to any data submitted to DOSarrest for PROCESSING on behalf of the customer. This may or may not contain PERSONAL DATA.

‘CUSTOMER DATA’ refers to any data submitted by the customer to DOSarrest for the purposes of provisioning and managing users and services. This may or may not contain PERSONAL DATA.

DOSarrest as a Data PROCESSOR

On behalf of its customers, DOSarrest PROCESSES requests submitted by end users which may contain PERSONAL DATA. The customer determines what data is submitted to DOSarrest for PROCESSING via the design and configuration of their web resources. The customer further has full control over how the END USER DATA is PROCESSED and how it is encrypted by the DOSarrest services via configuration options and settings available in our DSS customer portal. DOSarrest does not
store or process END USER DATA without explicit customer request - GDPR Art 28(3).

PROCESSING of END USER DATA is only used to differentiate malicious events from legitimate requests, the data is never used to identify any individual -
GDPR Art 11.

DOSarrest adheres to industry standard security practices to ensure the protection of all traffic PROCESSED by DOSarrest services. Furthermore, END USER DATA is not retained once PROCESSING is complete, consequently DOSarrest has no visibility into any specific data that may be transferred through the service -
GDPR Art 32.

CUSTOMER DATA is provided by the customer on a voluntary basis and stored in the customer portal for the purposes of provisioning, managing, and operation of DOSarrest services. Submission, alteration, and deletion of CUSTOMER DATA is under the sole control of the customer - GDPR Art 12.

DOSarrest as a Data CONTROLLER

For the continued operation and security of services offered by DOSarrest we do record basic logs and event records until such time as they are no longer needed. These logs may contain:

IP Address

Timestamp

URL

In some cases, IP addresses combined with additional external data can be used to identify an individual during a specific time period. Because DOSarrest does not distinguish between end user requests and automated requests for the purposes of logging we are committed to protecting all event log data as if it were personal data.

Because DOSarrest jointly determines the purpose and means of processing event log data, DOSarrest is considered a CONTROLLER in this regard - GDPR Art 28(10).