1. Introduction and Controller Identity
The Pistolo Brand Defense Center ("Site," "we," "us," or "our") is operated as a brand protection and intellectual property enforcement resource for the Pistolo.com digital ecosystem. In connection with the operation of this Site, we collect and process certain personal data from users who access the Site, submit violation reports, or contact our enforcement departments. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have with respect to your personal data.
We are committed to processing personal data in a manner that is transparent, lawful, and consistent with the principles of data minimization and purpose limitation established by the GDPR. We collect only the personal data that is necessary for the specific purposes described in this policy and retain it only for as long as necessary to fulfill those purposes or as required by applicable law.
2. Data We Collect and Legal Basis
We collect personal data through the following channels and on the following legal bases:
| Data Category | Examples | Collection Method | Legal Basis (GDPR) |
|---|---|---|---|
| Contact Information | Name, email address, phone number, organization | Violation report form, direct email contact | Art. 6(1)(b) — Contract performance; Art. 6(1)(f) — Legitimate interests |
| Violation Report Data | Infringing URLs, IP addresses, WHOIS data, evidence files | Violation report form | Art. 6(1)(f) — Legitimate interests (brand protection) |
| Technical Data | IP address, browser type, operating system, referrer URL | Server logs (automatic) | Art. 6(1)(f) — Legitimate interests (security and fraud prevention) |
| Communication Records | Email correspondence, case notes | Direct communication | Art. 6(1)(f) — Legitimate interests (enforcement record-keeping) |
3. How We Use Personal Data
Personal data collected through this Site is used exclusively for the following purposes, consistent with the legal bases identified above:
- Processing and investigating violation reports: Contact information and report data submitted through the Reporting Center is used to investigate reported violations, initiate enforcement actions, and communicate case updates to the reporter.
- Conducting enforcement proceedings: In the context of formal legal proceedings (UDRP, DMCA, litigation), personal data may be included in enforcement documentation submitted to registrars, hosting providers, courts, and arbitration bodies.
- Responding to inquiries: Contact information provided in direct communications is used to respond to the inquiry and to route the matter to the appropriate enforcement department.
- Security and fraud prevention: Technical data collected via server logs is used to detect and prevent unauthorized access, scraping, and other abusive behavior targeting the Site.
- Legal compliance: Personal data may be retained and disclosed as required by applicable law, including in response to valid legal process from law enforcement authorities.
We do not use personal data collected through this Site for marketing, advertising, or any commercial purpose unrelated to brand protection enforcement. We do not sell, rent, or otherwise commercially exploit personal data.
4. Data Sharing and Disclosure
We share personal data only in the following circumstances and only to the extent necessary for the stated purpose:
- Legal counsel: Personal data relevant to enforcement proceedings is shared with our external legal counsel under appropriate confidentiality obligations.
- Enforcement bodies: In the context of UDRP proceedings, DMCA notices, and similar enforcement actions, personal data may be disclosed to registrars, hosting providers, arbitration bodies, and courts as required by the applicable procedural rules.
- Law enforcement: We may disclose personal data to law enforcement authorities in response to a valid legal request, court order, or subpoena, or where we have a good-faith belief that disclosure is necessary to prevent imminent harm, fraud, or illegal activity.
- Threat intelligence sharing: Technical indicators (IP addresses, domain names, phishing kit hashes) may be shared with relevant Information Sharing and Analysis Centers (ISACs) and threat intelligence platforms, in anonymized or pseudonymized form where possible.
We do not transfer personal data to third parties for commercial purposes. All third-party processors engaged by us are subject to data processing agreements that require them to process personal data only on our instructions and in compliance with applicable data protection law.
5. International Data Transfers
Given the global nature of brand protection enforcement, personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other mechanisms recognized under applicable data protection law. You may request information about the specific safeguards applicable to any international transfer of your personal data by contacting legal@pistolo-support.site.
6. Data Retention
We retain personal data for the minimum period necessary to fulfill the purposes for which it was collected, subject to any longer retention period required by applicable law or legitimate enforcement interests. Specifically:
- Violation report data is retained for a minimum of 7 years from the date of submission to support potential future enforcement proceedings and to maintain an accurate enforcement record.
- Communication records are retained for 3 years from the date of the last communication, unless the matter is subject to ongoing enforcement proceedings, in which case records are retained for the duration of those proceedings plus 7 years.
- Server log data is retained for 90 days for security monitoring purposes and then deleted or anonymized.
7. Your Rights Under GDPR
If you are located in the EEA, you have the following rights with respect to your personal data, subject to applicable exceptions and limitations:
Right of Access
You have the right to request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification
You have the right to request correction of inaccurate personal data and completion of incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, subject to our legitimate enforcement interests and legal obligations.
Right to Object
You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Portability
You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format.
Right to Complain
You have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights have been violated.
To exercise any of these rights, contact legal@pistolo-support.site. We will respond to all valid requests within 30 days. Note that certain rights may be limited where processing is necessary for the establishment, exercise, or defense of legal claims.
8. Security Measures
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include TLS 1.3 encryption for all data in transit, access controls limiting data access to authorized personnel on a need-to-know basis, regular security assessments of our infrastructure, and incident response procedures for data breach scenarios. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by the GDPR.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or enforcement activities. Material changes will be indicated by a revised "Last Revised" date at the top of this policy. We encourage you to review this policy periodically. Your continued use of the Site following the posting of changes constitutes your acknowledgment of the revised policy.
10. Contact
For all privacy-related inquiries, data subject rights requests, or questions about this Privacy Policy, contact our Data Protection Officer at legal@pistolo-support.site. For urgent security or abuse matters, contact abuse@pistolo-support.site.