Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, company name, and job title
• Account Information: Username, password (hashed), and account preferences
• Billing Information: Payment details, billing address, and transaction history
• Communication Data: Records of our communications with you, including support requests and feedback
• Usage Data: Information about how you use our platform, including features accessed and time spent

1.2 Technical Data

• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Server logs, access times, pages viewed, and error reports
• GNSS Data: Signal quality metrics, interference detection results, and location data (anonymized)
• Performance Data: System performance metrics and diagnostic information

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Service Provision

• Provide and maintain our GNSS interference detection services
• Process and analyze GNSS signal data to detect jamming and spoofing
• Generate compliance reports for NIS2/EASA requirements
• Provide customer support and technical assistance

2.2 Business Operations

• Process payments and manage billing
• Send important service updates and notifications
• Improve our platform and develop new features
• Conduct analytics and performance monitoring

2.3 Legal Compliance

• Comply with applicable laws and regulations, including GDPR
• Respond to legal requests and court orders
• Protect our rights and prevent fraud

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary for the performance of our service agreement with you
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our services and preventing fraud
• Consent (Article 6(1)(a)): Where you have given clear consent for specific processing activities
• Legal Obligation (Article 6(1)(c)): Processing required to comply with legal obligations

4. Data Sharing and Disclosure

We may share your personal information in the following circumstances:

4.1 Service Providers

We may share data with trusted third-party service providers who assist us in operating our platform, including:

• Cloud infrastructure providers (with appropriate data protection agreements)
• Payment processors for billing purposes
• Analytics and monitoring services
• Customer support tools

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Legal proceedings where disclosure is necessary

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data is encrypted in transit and at rest using industry-standard encryption protocols
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Regular security assessments and penetration testing
• Data Minimization: We only collect and retain data necessary for our services
• Staff Training: Regular privacy and security training for all employees

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our services (in anonymized form)

Typically, we retain account data for the duration of your subscription plus 3 years for legal compliance. GNSS signal data is retained for 12 months unless required for longer periods by applicable regulations.

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@gnss-shield.eu. We will respond to your request within 30 days.

8. International Data Transfers

As an EU-based company, we primarily process data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules or other appropriate safeguards

9. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized content and features
• Ensure platform security and prevent fraud

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect platform functionality.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our platform

Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: