HeatShield and the GDPR

At HeatShield, we're building a better approach to server security. Crucial to this is protecting the data of our customers and their end users.

The European Union's General Data Protection Regulation (GDPR) is a privacy law that came into effect on May 25, 2018. The GDPR sets rules about how companies collect, store, delete, and process the personal data of EU citizens. These rules apply to any company that processes the personal data of EU citizens, even if that company is not located in the EU.

HeatShield is GDPR-compliant. If you have any questions related to the GDPR, you can send them to privacy@heatshield.io.

FAQs

Does the GDPR allow logging IP addresses and other request data?

The primary purpose of logging IP addresses and other request data is for security. The GDPR recognizes that you have a legitimate interest in maintaining security and allows data collection and processing for legitimate interests. Therefore, the reasonable retention of log data such as done by HeatShield is allowed by the GDPR.

How do you become compliant?

At a high level, here are the steps to becoming compliant with the GDPR:

  1. Identify what user data you collect.
  2. Make sure you have a GDPR-allowed basis for its collection and processing.
  3. Make sure you're keeping the data secure.
  4. Make sure any companies you share user data with are GDPR-compliant.
  5. Make sure your Privacy Policy is GDPR-compliant.
  6. Regularly review your data collection, processing, sharing, access, and retention.

Which companies does HeatShield use as sub-processors?

You can find a list of our sub-processors here.

Is HeatShield registered with Privacy Shield?

Privacy Shield is a new framework for protecting user data transferred from the EU to the United States. Privacy Shield is a replacement for Safe Harbor.

Prior to the GDPR going into effect, we updated our Privacy Policy to comply with Privacy Shield's requirements and have applied for certification under both the the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Due to the large volume of applications Privacy Shield has been receiving, the Privacy Shield Team at the U.S. Department of Commerce is asking for patience while they process applications.