Privacy statement

Treating your data with great care, according to the highest standards

Last updated: 08/10/2025

1. Who We Are

Guzco ("we", "us", "our") is a fraud detection service provider with its registered office at Keizersgracht 264, Amsterdam, Netherlands. We are registered with the Dutch Chamber of Commerce under number 97424854.

Contact details:

We provide fraud detection and prevention services to e-commerce platforms and online retailers (our "Clients") to help them identify and prevent fraudulent transactions, protecting both businesses and legitimate customers.

2. Our Role in Data Protection

We process personal data as a data processor on behalf of our Clients who remain the data controllers of your information. In some cases, we may also act as a joint controller with our Clients. The platform or merchant where you made your purchase is primarily responsible for your data and has its own privacy policy.

We process your data solely for the purpose of fraud detection and risk assessment as instructed by our Clients.

3. What Personal Data We Process

When you place an order with one of our Client platforms, we may receive and analyze the following data:

Transaction Data

  • Order details (items, amounts, currency, date and time)

  • Payment method information (type of payment, not full card numbers)

  • Transaction status and history

Account Information

  • Email address

  • Account creation date

  • Purchase history with the platform

Technical Data

  • IP address

  • Device information (type, operating system, browser)

  • Device fingerprint (technical identifiers)

  • Geolocation data (derived from IP address)

Behavioral Data

  • Time spent on website

  • Pages visited during the session

  • Mouse movements and typing patterns (anonymized)

  • Shopping cart activity

We do NOT collect:

  • Full payment card numbers

  • Banking credentials or passwords

  • Government-issued ID numbers (BSN, passport numbers)

  • Special category data (health, religion, ethnicity, etc.)

4. Why We Process Your Data (Legal Basis)

We process your personal data based on our legitimate interest under Article 6(1)(f) GDPR. Our legitimate interests are:

  • Preventing fraud and financial crime - Protecting our Clients and their customers from fraudulent transactions, identity theft, and financial losses

  • Ensuring platform security - Detecting and preventing abuse of online platforms

  • Protecting other users - Preventing fraudsters from harming other customers and businesses

We have conducted a Legitimate Interest Assessment (LIA) and determined that these interests are not overridden by your rights and freedoms. You have the right to object to this processing (see Section 10).

In some cases, processing may also be necessary for:

  • Performance of a contract (Article 6(1)(b)) - To enable the platform to complete your order safely

  • Legal obligations (Article 6(1)(c)) - Compliance with anti-money laundering regulations

5. How We Use Your Data

We use your personal data exclusively for the following purposes:

Fraud Risk Scoring

We analyze transaction patterns and behavioral signals to generate a fraud risk score for each order. This score indicates the likelihood that a transaction is fraudulent.

Pattern Detection

We identify suspicious patterns across multiple transactions to detect organized fraud attempts, account takeovers, and payment fraud.

Decision Support

We provide risk assessments to our Clients to help them make informed decisions about whether to approve, review, or decline transactions.

6. Automated Decision-Making

We use automated processing, including algorithms and machine learning, to analyze your data and generate fraud risk scores.

How It Works

Our fraud detection system automatically evaluates each transaction using:

  • Statistical models that compare your transaction to known fraud patterns

  • Machine learning algorithms trained on historical fraud data

  • Rules-based checks for suspicious indicators

Guzco's role in fraud monitoring

Guzco does NOT make final decisions based on your data We provide:

  • Risk assessments - A fraud risk score indicating the likelihood of fraudulent activity

  • Recommendations - Suggested follow-up actions for the merchant to consider

  • Risk insights - Information about specific risk factors detected

The merchant or platform always makes the final decision about whether to:

  • Approve your transaction

  • Request additional verification

  • Decline the transaction

  • Take other actions

Our risk scores and recommendations are advisory tools to help merchants make informed decisions.

Your Rights

Because we only provide risk assessments and the merchant makes the final decision:

  • Request explanation - You can ask the merchant why your transaction was flagged or declined

  • Contest decisions - Challenge any decision made by the merchant based on our assessment

  • Request human review - Ask the merchant to have a person review the automated risk score

If you believe our risk assessment was incorrect, you can contact the merchant or reach out to us directly at info@guzco.com to discuss the assessment.

7. Data Sharing and Recipients

We do NOT sell your personal data to third parties.

We may share your data with:

Our Clients

The platform or merchant where you made your purchase receives our fraud risk assessment to inform their decision-making.

Service Providers

We use carefully selected service providers who process data on our behalf:

  • Cloud hosting providers (servers located in EU)

  • IT security and infrastructure providers

All service providers are bound by data processing agreements and GDPR requirements.

Legal Obligations

We may disclose data when required by law:

  • Law enforcement authorities (with valid legal requests)

  • Regulatory bodies

  • Courts and legal proceedings

Data Pooling for Fraud Prevention

We do NOT participate in shared fraud databases or industry networks. We only analyze data from the specific platform you are using.

8. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:

  • European Commission adequacy decisions

  • Standard Contractual Clauses (SCCs)

  • Other approved safeguards under GDPR

9. Data Retention

We retain your personal data only as long as necessary for fraud prevention purposes:

  • Active fraud risk data: 12 months after transaction

  • Fraud incident records: Up to 5 years (for high-risk or confirmed fraud cases)

  • Aggregated/anonymized data: Indefinitely for model training and improvement

After these periods, data is securely deleted or anonymized so it can no longer identify you.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Article 17)

Request deletion of your data in certain circumstances (note: fraud prevention may justify retention).

Right to Restriction (Article 18)

Request that we limit how we use your data while a dispute is resolved.

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests (such as preventing fraud).

Right to Lodge a Complaint

If you believe we have violated your rights, you can file a complaint with:

Autoriteit Persoonsgegevens (Dutch DPA)

Or with the supervisory authority in your EU country of residence.

11. How to Exercise Your Rights

To exercise these rights:

  1. Contact the platform where you made your purchase (they are the primary data controller)

  2. Contact us directly at info@guzco.com with:

    • Your full name and email address

    • The platform where the transaction occurred

    • Approximate date of transaction

    • Description of your request

We will respond within one month of receiving your request (may be extended by two months for complex requests).

12. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption - Data encrypted in transit (TLS) and at rest

  • Access controls - Strict role-based access limitations

  • Monitoring - Continuous security monitoring and logging

  • Regular audits - Security assessments and penetration testing

  • Staff training - Data protection training for all employees

  • Incident response - Procedures for detecting and responding to data breaches

Trust Centre

For complete transparency about our security and compliance practices, we maintain a publicly accessible Trust Centre where you can review:

  • Security certifications and compliance status

  • Infrastructure and data protection measures

  • Privacy and security policies

  • Audit reports and attestations

  • Service availability and reliability information

Visit our Trust Centre
Our Trust Centre is regularly updated to reflect our current security posture and compliance status.

13. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

14. Changes to This Privacy Statement

We may update this privacy statement from time to time. We will notify you of material changes by:

  • Posting the updated statement with a new "Last updated" date

  • Notifying our Clients who can inform their users

  • Displaying a prominent notice on our website (if applicable)

GUZCO

info@guzco.ai

Keizersgacht 264
1015DT Amsterdam

Pages

Login

Resources

Products

Certifications

© 2025 Guzco AI. All rights reserved.