Last Updated: 04/122025
1. Scope & Compliance
General Defense Corp (“we,” “us,” or “our“) operates https://generaldefense.com/ in compliance with:
- U.S. Federal Laws:
- CCPA (California Consumer Privacy Act)
- COPPA (Children’s Online Privacy Protection Act)
- ITAR (International Traffic in Arms Regulations, 22 CFR §§ 120-130)
- EAR (Export Administration Regulations, 15 CFR §§ 730-774)
- State Laws:
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- International Considerations:
- GDPR (for EU/UK users, where applicable)
This policy applies to all website visitors, clients, and partners.
2. Data Collection: What We Gather
A. Personal Data (Provided by You)
- Contact Details: Name, email, phone, company affiliation.
- Regulatory Data: Export licenses, government contracts, or BATFE documentation.
- Communications: Emails, form submissions, or service inquiries.
B. Automated Data (Collected via Technology)
- Device/Usage Data: IP address, browser type, pages visited (via cookies and analytics tools like Google Analytics 4).
- Security Logs: Failed login attempts, IP blacklists (for fraud prevention).
3. Legal Bases for Processing
We process data under the following U.S. legal frameworks:
| Purpose | Legal Basis |
|---|---|
| Contract Fulfillment | ITAR §120.5(b): Required for export/defense transactions. |
| Legal Compliance | EAR §732.6: Mandatory screening for sanctioned entities. |
| Legitimate Interests | CCPA §1798.140: Fraud prevention, network security, and service improvements. |
4. How We Use Your Data
- Core Operations:
- Process defense-related inquiries and contracts.
- Verify identities per ITAR/EAR requirements.
- Security & Compliance:
- Monitor unauthorized access (per NIST SP 800-171).
- Disclose data to U.S. authorities if legally compelled (e.g., FISA §702).
- Analytics:
- Anonymized usage data to improve website performance.
5. Data Sharing & Third Parties
We may share data with:
- U.S. Government Agencies:
- Department of State (DDTC), Department of Commerce (BIS), or BATFE as required by law.
- Service Providers:
- ITAR-compliant logistics firms, cloud hosts (e.g., AWS GovCloud), or legal advisors under strict NDAs.
- Legal Obligations:
- In response to subpoenas, court orders, or FISA requests.
We do not sell personal data (CCPA §1798.140(t)).
6. Your Rights (U.S. & International)
A. U.S. Users
- CCPA Rights: Request access, deletion, or opt-out of data sharing (email privacy@generaldefense.com).
- ITAR/EAR Challenges: Contest erroneous denials via DTCC Case Portal.
B. EU/UK Users (GDPR)
- Right to Erasure: Request deletion unless retained for ITAR compliance.
- Data Portability: Receive records in machine-readable format.
7. Data Security Measures
- Encryption: TLS 1.2+ for all data transmissions.
- Access Controls: Role-based permissions (per NIST SP 800-53).
- Audits: Annual third-party security assessments.
8. Cookies & Tracking Technologies
| Cookie Type | Purpose | How to Opt Out |
|---|---|---|
| Essential | Contact forms, login sessions | Disable in browser settings |
| Analytics (GA4) | Anonymized traffic analysis | Google Opt-Out |
| Security | IP blacklisting, brute-force protection | Required for site functionality |
9. Policy Updates & Contact
- Updates: Posted on this page with a 30-day advance notice for material changes.
- Contact:
- Email: legal@generaldefense.com
- Postal: [Physical address, if required for legal notices]
Annex: Legal References
FISA §702: Obligations for national security disclosures.
ITAR (22 CFR §120.6): Recordkeeping requirements for defense articles.
CCPA §1798.150: Private right of action for data breaches.