1. Controller
The data controller for brand-protection.su is 78 OVER 37 LIMITED. Privacy contact: support@overload.su.
2. What we collect
Browsing this site. bunny.net's CDN logs request metadata — IP address, requested URL, response code, user agent, referrer and timestamp — for security and aggregate-traffic analysis. We treat that as a transient operational log and do not combine it with personally identifying information unless investigating abuse of the website itself. We do not run advertising trackers or third-party analytics on first visit.
Engaging the programme. When you contact us about the programme, sign a statement of work, or use the case-management facilities we provide as part of the engagement, we receive: business contact details for nominated stakeholders; the brand assets, executive names, regulated-industry constraints and known threat patterns you share with us during onboarding; case correspondence; and forensic evidence captured during the work itself.
3. Lawful basis
Where the GDPR or analogous regimes apply, we process personal data on the basis of: (a) contract — performance of the programme; (b) legitimate interests — operating, defending and improving the service and protecting the brands of our clients and the customers of those brands; (c) legal obligation — when required by law.
4. Evidence handling
Evidence is hashed and time-anchored at collection, stored in immutable archives, and accessible only to assigned investigators. We share evidence with abuse contacts at hosts, registrars, registries, browser safe-browsing partners, ad networks, marketplace IP-protection programmes, app-store review teams, mobile-operator abuse desks and (where relevant) payment processors and dispute providers, in the minimum quantity required to obtain action.
5. Sharing with third parties
We share information with: (a) infrastructure providers required to operate the service (CDN, email, Telegram, internal collaboration tools); (b) abuse contacts at the host, registrar, platform, marketplace, app store, ad network or payment processor whose action we are seeking — limited to the evidence necessary; (c) professional advisers (counsel, accountants, auditors) under written confidentiality; (d) law enforcement and regulators on lawful request. We do not sell personal data and do not transfer evidence to data brokers.
6. International transfers
Brand abuse is inherently cross-border. Transfers from the EEA or UK rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism, where applicable.
7. Retention
Programme correspondence and case files are retained for the duration of the programme plus a reasonable period after closeout for recurrence monitoring, audit and regulatory-response purposes (typically up to 36 months for retainer engagements; longer where required by UDRP/URS records, regulator obligations or insurance disclosure obligations). CDN access logs are retained for the period configured at our infrastructure provider, typically not exceeding 30 days for unaggregated records.
8. Your rights
Subject to local law, you may have rights of access, correction, deletion, portability, objection and restriction. To exercise any right, contact support@overload.su. Where evidence is held in connection with an active or recently closed engagement, deletion may be limited by our legal-interest basis and our duties to other affected parties.
9. Security
Role-based access control, hardware-backed multi-factor authentication for staff, encrypted-at-rest evidence archives, segregated environments per engagement. Independent penetration testing of our internal tooling on a regular cadence. Breach notification per applicable law.
10. Children
This is a B2B programme and is not directed to children. We do not knowingly collect personal data from children under 16 except where it appears in evidence relating to an engagement (for example, a screenshot of a phishing or counterfeit page that targeted a child).
11. Changes
Material changes to this policy will be posted to this page with a new "last updated" date. For active programmes we will notify the named programme contact when changes affect them.
12. Contact
78 OVER 37 LIMITED — privacy contact: support@overload.su — Telegram @OverSupBot.