GDPR Information

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address – when it can be related to a person).

ClickGuard customers are data controllers under the GDPR. Under GDPR, ClickGuard processes personal data under the following legal bases: Legitimate Interests (Article 6(1)(f) GDPR) – for fraud detection, security, and service functionality. Contractual Obligation (Article 6(1)(b) GDPR) – when processing is necessary for delivering services to customers. Legal Compliance (Article 6(1)(c) GDPR) – when data is required to fulfill legal obligations.

‍

Consent (Article 6(1)(a) GDPR) – when required, ClickGuard will obtain explicit consent from users before collecting personal data.

ClickGuard acts as a data processor under the GDPR. In a nutshell, ClickGuard’s customers control the data and ClickGuard processes it on their behalf.

ClickGuard stores data that customers have given voluntarily. For example, ClickGuard may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for click fraud protection services or seek support help. ClickGuard may also collect other identifying information from its customers, such as IP addresses.

As a data processor, ClickGuardClickGUARD collects and stores:

‍
(1) Data on persons and bots that click on advertisements served by AdWords on behalf of

‍

• ClickGuardClickGUARD’s customers:
• Operating System and OS version
• Browser and Browser version
• IP address and GEO-location information based on the recorded IP address

(2) Data on persons and bots that visit ClickGuardClickGUARD’s customers’ website(s):

‍

• IP address
• Operating System and OS version
• Browser and Browser version
• Time spent on site
• Interaction with website
• Browserfingerprint (anonymized / hashed)

‍

Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. ClickGuard Data Processing Agreement outlines the privacy and security protections in place at ClickGuard.

In order to use ClickGuard services, customers need to accept the DPA, which is provided with a link on our website: Data Processing Agreement. By agreeing to ClickGuard’s Terms of Service, customers are automatically accepting the DPA and do not need to sign a separate document.

Yes. DPA is a publicly available document and customers who wish to share it with their customers to confirm ClickGuard security measures and other relevant terms may freely do so.

ClickGuard may transfer and process data outside the EU, particularly in the United States. Under GDPR, ClickGuard ensures all data transfers comply with: Standard Contractual Clauses (SCCs) as per Commission Implementing Decision (EU) 2021/914, ensuring adequate data protection in non-EU countries. Binding Corporate Rules (BCRs) where applicable, for secure internal transfers. Adequacy Decisions (Article 45 GDPR) if the data is transferred to a jurisdiction with recognized data protection laws. Supplementary Measures (as per Schrems II ruling) including encryption and anonymization where necessary. ClickGuard continuously monitors legal developments and ensures full compliance with EU data protection laws.

ClickGuard follows strict data retention policies in compliance with GDPR Article 5(1)(e). Personal data is stored only for as long as necessary for the purpose it was collected, after which it is securely deleted or anonymized. Customers have the right to Request erasure (right to be forgotten) under Article 17 GDPR. Request data portability under Article 20 GDPR. Restrict processing of their data under Article 18 GDPR. ClickGuard ensures deletion requests are processed within 30 days unless legal retention obligations apply.

Customers can export their ClickGuard data in CSV file format within the ClickGuard application dashboard. Additionally, the data can be provided per written request.

ClickGuard implements robust security measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include:

‍

Encryption of data both in transit and at rest (AES-256, TLS 1.3). Access controls with multi-factor authentication (MFA) for internal staff. Regular security audits and penetration testing. Compliance with ISO/IEC 27001 and NIST security standards. ClickGuard ensures continuous updates to security protocols to meet evolving threats and industry best practices.

‍

If you have any questions regarding GDPR compliance, data protection, or your rights, you may contact:
‍

Data Protection Officer (DPO)

Email: privacy@clickguard.com

Postal Address: ClickGuardClickGUARD, 221 W 9th St, Ste 318, Wilmington, DE 19801, United States

‍

Supervisory Authority: If you believe ClickGuard has not addressed your data protection rights, you have the right to file a complaint with the Data Protection Authority (DPA) in your country of residence.

‍