ScoutDNS (“we,” “us,” or “our”) is committed to protecting the privacy and security of all personal data processed by our DNS security platform. We recognize that GDPR compliance is an ongoing responsibility and continually adapt our practices to align with evolving regulations. We do not sell or transfer detailed customer use or log data for any purpose to any party. This policy outlines the measures we have implemented to fulfill our obligations as a processor and sub-processor and to support our customers, who act as data controllers, in meeting their GDPR responsibilities.

1. Purpose

The purpose of this GDPR Compliance Policy is to ensure that ScoutDNS, when acting as a processor or sub-processor, complies with the General Data Protection Regulation (GDPR). We outline below the specific measures we take to protect personal data and respect the rights of data subjects.

2. Scope

This policy applies to all personal data processed by ScoutDNS on behalf of our customers (the data controllers). It also governs any internal business operations where personal data may be involved.

3. Responsibilities

• ScoutDNS: Responsible for ensuring GDPR compliance for any personal data we process.

• Data Protection Officer (DPO): A designated individual who oversees and advises on our GDPR compliance efforts.

• Employees: All ScoutDNS employees must comply with this policy and receive regular training on GDPR requirements.

4. Data Processing

• Purpose and Instructions: We process personal data solely for purposes defined by our customers in their capacity as data controllers and only in accordance with their instructions.

• Technical & Organizational Measures: We maintain appropriate security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

• Accuracy & Updates: We make reasonable efforts to ensure that personal data is accurate and up-to-date.

• Data Subject Rights: We assist data controllers in providing data subjects with the right to access, correct, and delete their personal data upon request.

• Breach Notification: We promptly notify affected customers of any data breach involving their personal data.

• Data Retention & Disposal: Upon termination or expiration of a contract, we either return or securely delete personal data in accordance with the customer’s instructions.

5. Sub-Processors

• Selection & Due Diligence: ScoutDNS may act as a sub-processor, or use sub-processors, to handle personal data on behalf of our customers. We only engage sub-processors who offer sufficient guarantees of their ability to meet GDPR requirements.

• Data Processing Agreements: We enter into GDPR-compliant data processing agreements with all sub-processors and ensure they adhere to this policy and applicable regulations.

6. Data Transfers

• Hosting Locations: We host EU and UK personal data in data centers located within the European Union and the United Kingdom, respectively. We retain personal data only as long as necessary to fulfill our legal obligations or those of our customers as data controllers.

• Short-Term Transfers to Approved Countries: Under certain circumstances, we may transfer data on a short-term basis to countries or jurisdictions that are recognized under an adequacy decision by the European Commission or the UK government. Where no adequacy decision exists, we implement appropriate safeguards (such as Standard Contractual Clauses or Binding Corporate Rules) to ensure compliance with GDPR obligations.

7. Data Subject Rights

• Rights Requests: Data subjects can exercise their rights (access, correction, deletion) by contacting the data controller.

• Controller Assistance: We promptly assist data controllers in addressing data subject requests, including providing necessary documentation or data in a timely manner.

• Direct Contact: If a data subject experiences issues working through their controller, they may contact ScoutDNS directly for assistance.

8. Data Breaches

• Procedures & Detection: ScoutDNS has implemented procedures to detect, report, and investigate any personal data breaches.

• Notification: We notify our customers (the data controllers) of any personal data breach without undue delay and provide relevant details to help them fulfill their own breach notification obligations.

• Investigation & Prevention: We cooperate fully with our customers to determine the root cause of a breach and implement corrective measures to reduce future risks.

9. Training and Awareness

ScoutDNS provides regular GDPR training to all employees. We ensure employees are aware of their responsibilities under both this policy and the GDPR, and we hold them accountable for following best practices and security protocols.

10. Policy Review

This GDPR Compliance Policy is reviewed regularly and updated as needed to remain effective and compliant with GDPR requirements. For any questions about this policy or ScoutDNS’s GDPR practices, please contact our Data Protection Officer through our mailing address or by using our contact us form.