Veracity Privacy and Data Protection Policy for the Provision of Cybersecurity Solutions

Veracity Trust Network is a cybersecurity provider that specializes in protecting organisations from the threat of bot attacks. We use machine-learning solutions to detect and block malicious bots, which can be used to steal data, commit fraud, and disrupt a company’s operations.

In connection with providing these solutions to customers, Veracity provides solutions for the digital assets of Veracity’s customers that control the actual data, including personal data utilised by Veracity in providing such solutions. In these cases, the customer acts as the data controller, and Veracity as the data processor. If you want to obtain further information, which is not supplied below, please refer to the concerned (customers) website privacy policy.

  1. What data does the Veracity platform capture on its customers’ digital assets?

In the context of providing solutions to its customers, Veracity tracks all activity carried out in relation to the customer’s digital assets and the corresponding visitors to those assets, including mouse movement, interaction with page elements and navigation throughout the site, browser and device / technical usage data.

By default, without any further action, Veracity does not collect any data regarding a particular user or device (including IP address) except to perform cybersecurity solutions (see below), per applicable privacy laws, e.g. UK General Data Protection Regulation (GDPR).

  1. What’s the precise purpose of why we’re collecting the data?

The Veracity platform collects data to provide, maintain, protect and improve cybersecurity solutions for its customers: detecting and blocking unwanted bot activity, preventing data theft, fraud and any activity which will disrupt the safe running of a customer’s operations.

  1. Where is the data stored (i.e. UK or EEA, or elsewhere)?

All UK & EU data is stored solely in the UK on the Amazon Web Services (AWS) cloud. AWS UK datacentres are UK Gov validated; please click here for more information. This data storage practice is in compliance with the Data Adequacy agreements established between the United Kingdom and the European Union. Consequently, it adheres to the General Data Protection Regulation (GDPR) guidelines.

All data is stored on encrypted drives at rest, and encrypted using TLS during communication, conforming to current security best practices.

  1. How long is the data kept?

The Veracity platform keeps such data collected from providing Cybersecurity solutions for as long as it takes to perform such solutions and no longer than 24 months.

  1. Does the Veracity platform use cookies to track users?

Veracity in performing cybersecurity solutions: It does not use cookies at all or set any cookies. Instead, Veracity uses browser LocalStorage. This enables Veracity to uniquely track a visitor’s or bot’s technical user information on a web domain, for example, and prevents tracking across multiple web domains.

  1. Where does Veracity fit with Cookie Consent software?

Customers will have software on their website that allows users to decide what cookies to accept. Veracity does not utilise cookies as part of its solutions. However, given Veracity provides cybersecurity solutions, such solutions are considered, under GDPR, as legitimate interest because bots can cause significant harm, including data breaches, service disruption, and financial loss, and as such is not eligible for such consent software solutions.

  1. Common data due-diligence questions, answered
  1. Will the project involve the collection, storage, and/or other use of personal data?
  2. Our system is not designed to capture personal data of this nature. However, in the event that such data is inadvertently collected, it is imminently destroyed in a non-recoverable manner. Any such data that is obtained by the system is not retained for more than two hours within our sandboxed system. Please note that ‘sandboxed’ refers to a secure environment where there is no external access to the data; only our internal automated systems may access this data. This ensures the highest level of data security and privacy.
  3. Will the project involve the processing of special category data?
  4. In line with our previous statement, 7a, should any special category data be inadvertently captured, it will not be retained. It will be promptly and irreversibly erased from our system. This is part of our stringent data privacy and security measures.
  5. Does the project involve the systematic and extensive profiling of individuals?
  6. Our system does not profile individuals. Instead, it focuses on profiling technical usage data. Technical usage patterns allow Veracity to provide cybersecurity solutions successfully.
  7. Remind me, what purposes are you doing this for?
  8. Veracity uses machine-learning solutions to detect and block bots, which can be used to steal data, commit fraud, and disrupt a company's operations. The objective of analysing such technical usage is to ascertain whether the observed technical usage patterns align with known usage patterns of bots or humans. This approach enables us to deliver robust and efficient solutions.
  9. Do you intend to use this data for a different purpose other than for which it will be initially collected?
  10. Per all applicable privacy laws, we are only able to use data for the purposes outlined, not for any other purposes. Veracity is registered, for this reason, with the Information Commissioner’s Office (ICO).
  11. Do you profile vulnerable persons, including children under 16, for target marketing or to provide online marketing services?
  12. No, Veracity does not profile any individuals per se, or, provide such marketing targeting; it provides solutions to detect and block malicious bots, which can be used to steal data, commit fraud, and disrupt a company's operations.
  1. What does our customer need to explain, within their privacy policy, when using Veracity Solutions?

Customers of Veracity Cybersecurity Solutions are responsible for ensuring transparency in their data collection and usage practices for cybersecurity purposes and for complying with all applicable privacy laws.

Here are some guidelines to help understand how to cover this topic, though this is not legal advice and is a summary:

You must outline the use and collection of device and technical information collected, i.e. IP addresses, browser type, operating system, technical usage data and that you use third parties to provide (purpose limitation) cybersecurity solutions.

You do not need to reference the Veracity platform or Beaconsoft Limited in your Privacy statements. Your internal register of Data Processors should include Beaconsoft Limited. If you choose to publish your list of Data Processors, Beaconsoft Limited should be included.

Provide applicable user rights and control.

If you need assistance, please contact support here, or talk to your Veracity contact to arrange a help call.