Privacy Notice
Last updated on: January 29, 2025
PRIVACY NOTICE FOR BOTGUARD WEB SITE, SERVICE AND EXTERNAL CONTRACTORS
1. WHO IS THE DATA CONTROLLER?
BotGuard processes Customer personal Data either as a Data controller or Data processor depending on the context of processing.
We act as a Data controller when we pursue our business objectives (e.g. approaching and acquiring customers, negotiating, concluding and managing contracts, marketing our Service, accounting, acting as an employer, and managing Web Site traffic).
We act as a Data processor when we are providing Service to a Customer or End User. The respective Customer or End User to whom we provide the Service is the Data controller for these Data processing operations.
2. WHY AND WHAT PERSONAL DATA DO WE PROCESS AS A DATA CONTROLLER, AND FOR HOW LONG?
Contract Negotiation
We may process your name, role, e-mail address, received and sent e-mail messages, phone number and LinkedIn contact information to contact and negotiate contracts with you or the person you represent. We process this data because it is necessary before entering into a contract. The data may be retained for 3 years.
Contract Fulfillment
We may process your name, role, e-mail address, received and sent e-mail messages, phone number, LinkedIn contact information, associated websites and Web Site to perform our contract with you or the person you are representing. We process this data to perform the contract concluded with you or the person you are representing. The data may be processed for the duration of the agreement and for 3 years following its termination. The Web Site logs may be stored for up to 6 months.
Legal Compliance
If you are our Customer or End User, we may process your name, personal ID code, date of birth, country of residence, invoices and transaction history to comply with legal obligations to retain source documents for accounting. The data is stored for 7 years as of the end of the financial year when a business transaction was recorded in the accounting journals and ledgers.
Contacting Contractual Partners
We may process your name, role and contact details to contact you regarding the services you or the person you are representing is providing to us. We process this data to perform the contract concluded with you or the person you are representing. The data may be processed for the duration of the agreement and for 3 years following its termination.
Marketing
We may process your name, e-mail, company name (employer), job title and phone number to provide you with information about our product offerings and schedule meetings. We process this data under legitimate interest to market our Service or if you have consented to us providing this information to you. We may process this information for 3 years.
Web Traffic Management
For detecting if the connection is from a bot and for preventing malicious bots entering our website, we may process the following data:
- IP-address used to enter the webpage, country of your location, your internet service provider,
- full HTTP(S)-request of the software used by you and the operating system used by you,
- metadata about the connection (TLS handshake data, various properties of network packets),
- metadata about the connection (TLS handshake data, various properties of network packets).
We process this data under our legitimate interest to avoid unwanted resource drain. We may process this information for 6 months.
We also process Customer personal data that is submitted to us directly by any Data subject, for example if the Data subject contacts us with a query or question via Web Site or via any other channel (by sending an e-mail, for example). In such a case we process Customer personal data included in the inquiry to the extent necessary to respond to it.
The legal basis for data processing is GDPR Article 6(1)(f).
3. WHEN DO WE SHARE CUSTOMER PERSONAL DATA?
We may share Customer personal data with our sub-processor to the extent this is necessary for the provision of our Service. These include accounting companies, payment processors, financial institutions, software providers, hosting service providers, customer relationship management tool providers, e-mail service providers, and other service providers that provide tools and services to facilitate our operations.
We may share Customer personal data with independent Data controllers (e.g. law enforcement agencies, tax authorities, financial institutions and other governmental institutions) if this is required under applicable laws.
As a global organization, we may transfer your Personal data to countries outside the European Union (EU) or the European Economic Area (EEA). Such transfers may be necessary for the purposes outlined in this Privacy Notice, including communicating with you, and conducting our business operations effectively.
- Standard Contractual Clauses: We may use standard contractual clauses approved by the European Commission or other relevant data protection authorities to ensure the protection of your Personal data during transfer.
- Binding Corporate Rules (BCRs): Where applicable, we may rely on BCRs adopted by our organization to ensure the protection of Personal data transferred across borders within our corporate group.
- Data Protection Agreements: We may enter into agreements with recipients of your Personal data outside the EU/EEA, imposing obligations on them to protect your Personal data to the same standards required in the EU/EEA.
- Certification Mechanisms: We may rely on certification mechanisms such as the EU-US Data Privacy Framework, where applicable, to ensure that third-party recipients of your Personal data provide an adequate level of protection.
4. WHY AND WHAT PERSONAL DATA DO WE PROCESS AS A DATA PROCESSOR, AND FOR HOW LONG?
As part of provision of our Service to Customers and End Users, we process a limited amount of Personal data concerning the persons who enter or try to enter to the webpages of End Users or who try to enter to the web pages managed by the Customers or their customers. This data includes mostly technical data and cannot be associated with any particular data subject by us. However, in conjunction with additional data not obtained by us (for example, on the basis of data obtained by telecommunications service providers), this technical data could be also associated with a specific Data subject.
If you try to enter the webpage on which the Service is used, the following data about you is processed by us on behalf of the Data controller:
- IP-address used to enter the webpage, country of your location, your internet service provider,
- full HTTP(S)-request of the software used by you and the operating system used by you,
- metadata about the connection (TLS handshake data, various properties of network packets),
- device and movement data such as:
- device motion events,
- mouse movements (coordinates and acceleration) and button dn/up/hold events,
- mobile device support (touch, click, tap, shake, multi finger support, gyroscope, compass; no location data is collected),
- property collector (time zone, browser props, cursor coordinates, button events, velocity, device angle, distinguish between "normal" browsers and headless browsers),
- key events (keypress dn/up), typing speed, and key press time (without being able to identify what is being typed).
Based among other data on the data outlined above, BotGuard software solution will automatically determine whether the visitor of the webpage is a human user, legitimate search engine bot, a malicious bot or hacker and access to the webpage by malicious bot or hacker may be denied.
Data collected as a Data processor is retained by us as long as requested by the Data controller. Generally, the data is stored for 3 months.
As a Data processor, we have informed the data controllers that their privacy notice or similar document must also address the personal data processing activities we perform on their behalf. Therefore, to obtain complete information on how your personal data is processed, you should review this Privacy Notice in conjunction with the relevant data controller's privacy notice.
5. HOW DO WE PROTECT PERSONAL DATA?
To protect your Personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.
6. COOKIES
Our Web Site uses cookies. Cookies are small data files stored on your hard drive by a website. Cookies help us to monitor and improve the functionality and usage of our Web Site and your experience on the Web Site. We can use cookies to see which areas and features are popular and to count visits to our Web Site to recognise you as a returning visitor and to tailor your experience of the Web Site according to your preferences.
We use necessary cookies, that are essential for navigation and to enable the use of Web Site features. The specific cookies used on the Web Site are:
| Name | Purpose | Retention Period |
| session | Used by BotGuard to temporarily store navigation and access details for a logged user. | Session |
| __stripe_mid | This is a Stripe payment gateway cookie used by Stripe for payment fraud prevention. | 1 Year |
You can delete or block cookies on Web Site through your browser settings at any time. However, some cookies might be necessary for the functionality of the Web Site. Therefore, you understand that when blocking or deleting the cookies some features of the Web Site might not function correctly.
For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
In case you have any question concerning the cookies, you may contact us via contact details provided below.
7. YOUR RIGHTS
BotGuard is committed to ensuring that all data subject rights under applicable laws are fully upheld. In particular, every data subject has the following rights:
- the right to access the personal data that BotGuard processes about you;
- the right to request that BotGuard rectifies any inaccurate personal data about you;
- the right to request that BotGuard erases your personal data and/or restricts processing of your personal data if we do not have valid legal basis for processing;
- the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller to the extent that i) your personal data is processed under consent or necessary for the performance or conclusion of a contract with you; and ii) the processing is carried out by automated means;
- the right to object to the processing of your personal data;
- where the processing is carried out under your consent, the right to withdraw your consent.
8. GOVERNING LAW AND JURISDICTION
This Privacy Notice is governed by the laws of the Republic of Estonia. Any disputes arising from these Privacy Notice will be settled in the Harju County Court in the Republic of Estonia, unless you have a right to turn to the court of your residence pursuant to statutory law.
9. CONTACTS
If you have any questions about this Privacy Notice or cookies if you have any concerns about how we use your personal or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:
Botguard OÜ
address Sõpruse pst 145, 13425 Tallinn, Estonia,
e-mail legal@blackwall.com
Definitions
Unless otherwise defined in this Privacy Notice, the terms used in Privacy Notice have the meaning assigned to them in GDPR.
| “BotGuard”, “Provider” or “we”, “us” or “our” | Botguard OÜ, registry code 14847036, address Sõpruse pst 145, 13425 Tallinn, Estonia, e-mail legal@blackwall.com |
| “Customer” | Any person with whom BotGuard has a contractual relationship for the purpose of providing BotGuard services to its end users, or services utilizing the Service to its end users. |
| “Customer personal data” | Personal data related to any person (Customer or End User) who has entered into a contract with BotGuard and to whom we provide the Service. |
| “GDPR” | The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council. |
| “End User” | Any private individual or legal entity other than the Provider that uses the Service as an end user, and not for the purposes of distribution or resale. |
| “Service” | Defined under “Web Site”. |
| “Web Site” |