Fraud Protection – Privacy Notice

This Privacy Notice applies to:

• All stages of personal data processing in the context of operating the Fraud Protection solution provided by Group-IB Global Private Limited (Singapore), Group-IB Europe B.V. (the Netherlands), Group-IB MEA FZ-LLC (the UAE), and Group-IB TSHK MCHJ (Uzbekistan) (collectively, “Group-IB”).

This Notice may be amended at any time. Group-IB will not alter the data subject’s rights under this Privacy Notice without explicit consent. Our clients will be informed in advance about any significant changes to the Notice by email.

Group-IB takes data security extremely seriously and is committed to processing data responsibly and in strict compliance with applicable data protection laws, including, where applicable, the EU General Data Protection Regulation (EU GDPR), Singapore’s Personal Data Protection Act (PDPA), and others. This Notice explains how we process personal information while making every effort to comply with the highest standards.

Personal data analysis is not the main purpose of Group-IB Fraud Protection.
There may be cases when personal data is obtained during the operation of Group-IB Fraud Protection. Given we equate the possibility of personal data processing with actual personal data processing. Below is detailed information about the personal data processing associated with Group-IB Fraud Protection.

Save for the personal data processing conducted by Group-IB Europe B.V. under separate agreements on data processing (DPA), we reserve the right to share personal data within Group-IB insofar as reasonably necessary for Fraud Protection functional.

In some circumstances, we may be legally obliged to share personal data. For example:

• under a court order;
• in order to establish, exercise, or defend our legal rights (including providing information to third parties for the purposes of fraud prevention);
• when cooperating with supervisory authorities to handle complaints or investigations.

We will share personal data only in cases where both we and a competent authority have a legal basis to share the information.

We will not share personal data with any third party for the purpose of their or any other third party’s direct marketing without obtaining a respective express written consent.

Group-IB Global Private Limited (Singapore) – TBA

Group-IB Europe B.V. (the Netherlands) – Hetzner Online GmbH (Germany)

Group-IB MEA FZ-LLC (the UAE) – TBA

Group-IB TSHK MCHJ (Uzbekistan) – TBA

We take all reasonable technical and organizational precautions to prevent personal data from being leaked, lost, misused, or altered. We have implemented the following measures:

• Access control mechanisms at each layer of the stack, dividing our infrastructure into zones, environments, and services;
• Proactive intelligence-based security controls that help prevent most threats to the Group-IB’s infrastructure;
• Risk and information security management for all assets and business processes;
• Network security controls: network segmentation, encrypted protocols, firewalls, etc.;
• 24/7 security incident management with holistic threat hunting capabilities;
• Vulnerability/patch management across all systems.

Group-IB appreciates and ensures the rights of personal data subjects (where applicable):

• Right of access. Data subjects have the right to ask us for copies of their personal data.
• Right to rectification. Data subjects have the right to ask us to rectify information that they think is inaccurate. Data subjects also have the right to ask us to complete information that they think is incomplete.
• Right to erasure. Data subjects have the right to ask us to erase their personal data.
• Right to restriction of processing. Data subjects have the right to ask us to restrict the processing of their personal data.
• Right to object to processing. Data subjects have the right to object to processing if we process personal data as part of our legitimate interests.
• Right to data portability. This only applies to personal data that data subjects have given us. Data subjects have the right to request the transfer of any such information to another organization or provide it to them. This right only applies if we are processing information obtained with consent, as part of discussions about entering a contract, and if the processing is automated.
• Right to withdraw consent. If we process personal data provided under a consent, data subjects have the right to withdraw consent at any time.
• Right to be informed. Data subjects have the right to obtain information about the personal data processing and any third parties involved.
• Right to lodge a complaint with a supervisory authority or lodge a complaint with us.
• Right to be notified about a data breach.
• Right to contact our DPO

Our products and services are not intended for children. We do not wish to receive or unknowingly collect personal data relating to children.

We do not use automated decision making. We also do not use your personal data to automatically evaluate aspects of your personality (profiling).

If you would like to contact us regarding our privacy practices, please email an email to privacy@group-ib.com.