FraudScore’s main goal is to provide its customers and partners with fully transparent approach to the users’ personal data processing. As on May 25, 2018, the General Data Protection Regulation (GDPR) was officially updated and implemented by the European Union, FraudScore is committed to support its clients in the issues of GDPR compliance.
GDPR: what is it and how FraudScore customers are affected?
The General Data Protection Regulation or GDPR is a state law that is devoted to implement new modern regulations to data privacy – basically, to all the issues that are connected with users’ personal data processing. This applies to any company that collects and processes personal data of users in the EU. And it doesn’t matter if the company has offices or anyhow is physically presented in the European Union – if the company deals with and processes personal data of EU users it must comply with GDPR.Learn more
Data Controllers and Data Processors – compliance
with GDPR is a shared responsibility
FraudScore is committed to GDPR compliance as Data Processor
for its Respectful Customers.
How is FraudScore ready to GDPR adherence?
Data Collection, Retention Policies, Data Deletion Process:
- download their personal data;
- stop using their personal data;
- delete all their personal and users data.
- All Stats Report will have a 3-month rolling retention period.
- Physical access control
Measures to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related hardware), where data are processed, including: Hetzner Sicherheit
- Access restriction mechanisms
Measures to prevent data processing systems from being used by unauthorized persons, including:
- authorization using password protected keys with regular rotation
- access limit by IP's
- Data access control
Measures to ensure that persons entitled to use a data processing system gain access only to such Personal Data in accordance with their access rights, and that Personal Data cannot be read, copied, modified or deleted without authorization, including:
Personal data physically divided into parts with same-level access
- Communication and transport control
Measures to ensure that data cannot be read, copied, modified or deleted without authorization during electronic transmission, including:
We use encrypted data transmission only (HTTPS, IPSec)
- Entry control
Measures to monitor whether data have been entered, changed or removed (deleted), and by whom, from data processing systems via logging and reporting capabilities, including:
All data operations are logged. Each journal record signed with chained checksum
- Processing control
The following measures to ensure that data are processed solely in accordance with the instructions of the Controller, including:
Audit control by Controller
- Availability control
Measures to ensure that Personal Data are protected against accidental destruction or loss (physical/logical), including:
- storage hardware mirroring (RAID)
- Separation control
Measures to ensure that the collected data can be processed separately for different purposes, including:
Collected data saved "as-is" and can be converted for different purposes at any time
While the content on this page is to help you understand the GDPR when working with third parties, the information contained should not be construed as legal advice. You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company’s products and services to process personal data.
For more on our GDPR compliance, get in contact with our privacy team — firstname.lastname@example.org.