HeatShield and the GDPR

At HeatShield, we're building a better approach to server security. Crucial to this is protecting the data of our customers and their end users.

The European Union's General Data Protection Regulation (GDPR) is a privacy law that came into effect on May 25, 2018. The GDPR sets rules about how companies collect, store, delete, and process the personal data of EU citizens. These rules apply to any company that processes the personal data of EU citizens, even if that company is not located in the EU.

HeatShield is GDPR-compliant. If you have any questions related to the GDPR, you can send them to privacy@heatshield.io.

FAQs

Does the GDPR allow logging IP addresses and other request data?

The primary purpose of logging IP addresses and other request data is for security. The GDPR recognizes that you have a legitimate interest in maintaining security and allows data collection and processing for legitimate interests. Therefore, the reasonable retention of log data such as done by HeatShield is allowed by the GDPR.

How do you become compliant?

At a high level, here are the steps to becoming compliant with the GDPR:

  1. Identify what user data you collect.
  2. Make sure you have a GDPR-allowed basis for its collection and processing.
  3. Make sure you're keeping the data secure.
  4. Make sure any companies you share user data with are GDPR-compliant.
  5. Make sure your Privacy Policy is GDPR-compliant.
  6. Regularly review your data collection, processing, sharing, access, and retention.

Which companies does HeatShield use as sub-processors?

You can find a list of our sub-processors here.

Is HeatShield registered with Privacy Shield?

HeatShield is certified with both the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks.

Privacy Shield is a new framework for protecting user data transferred from the EU to the United States. Privacy Shield is a replacement for Safe Harbor.