Data Protection & Privacy Protocols

1. Data Collection Objectives

The primary objective of data collection on this portal is the identification and neutralization of intellectual property threats. We collect data through two primary channels: automated monitoring of public digital infrastructure and voluntary submissions via our Reporting Center. The data collected is strictly limited to what is necessary for forensic analysis, threat attribution, and brand enforcement. We do not collect personal information for marketing purposes or third-party monetization.

2. Information Collected via Reporting

When you submit a report via the Incident Intake form, we may collect technical evidence such as URLs, IP addresses, email headers, and code snippets. If you choose to provide a reporter email address, it is used solely for follow-up communications regarding the specific incident. This information is stored in a secure, encrypted environment and is accessible only to authorized security researchers within the Division. We employ strict access controls and audit logging to ensure the integrity of this data.

3. Automated Monitoring Data

Our automated systems scan public DNS records, WHOIS databases, and web content to identify potential brand misuse. This process involves the collection of publicly available technical data. While this data may occasionally include information associated with individuals (such as WHOIS contact details), it is processed under the legal basis of "legitimate interest" for the purpose of protecting our intellectual property and preventing fraud. We do not perform invasive tracking or profiling of legitimate users.

4. Data Retention & Security

Forensic data and incident reports are retained for as long as necessary to complete the neutralization process and maintain a historical record of enforcement actions for legal purposes. Once a threat is neutralized and the relevant legal milestones are reached, data is either anonymized or securely deleted in accordance with our internal data retention policies. We implement industry-standard security measures, including TLS encryption for data in transit and AES-256 encryption for data at rest, to protect against unauthorized access or disclosure.

5. Information Sharing

The Division may share technical threat intelligence with trusted security partners, domain registrars, and law enforcement agencies when necessary to facilitate the takedown of malicious infrastructure. In such cases, we strive to share only the minimum amount of data required for the enforcement action. We do not sell or lease any data collected through this portal to third parties. Any sharing of data is conducted in compliance with applicable data protection regulations, such as the GDPR and CCPA, where relevant.

6. Your Rights & Contact Information

Depending on your jurisdiction, you may have certain rights regarding your data, including the right to access, rectify, or request the deletion of any personal information we may hold. Given the nature of our security operations, some requests may be limited if they interfere with ongoing legal enforcement or threat neutralization. For any inquiries regarding our data protection practices or to exercise your rights, please contact our Compliance Department at compliance@golisimo-support.site.