The purpose of this GDPR Compliance Policy is to ensure that ScoutDNS, when acting as a processor or sub-processor, complies with the General Data Protection Regulation (GDPR). We outline below the specific measures we take to protect personal data and respect the rights of data subjects.
This policy applies to all personal data processed by ScoutDNS on behalf of our customers (the data controllers). It also governs any internal business operations where personal data may be involved.
ScoutDNS: Responsible for ensuring GDPR compliance for any personal data we process.
Data Protection Officer (DPO): A designated individual who oversees and advises on our GDPR compliance efforts.
Employees: All ScoutDNS employees must comply with this policy and receive regular training on GDPR requirements.
Purpose and Instructions: We process personal data solely for purposes defined by our customers in their capacity as data controllers and only in accordance with their instructions.
Technical & Organizational Measures: We maintain appropriate security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Accuracy & Updates: We make reasonable efforts to ensure that personal data is accurate and up-to-date.
Data Subject Rights: We assist data controllers in providing data subjects with the right to access, correct, and delete their personal data upon request.
Breach Notification: We promptly notify affected customers of any data breach involving their personal data.
Data Retention & Disposal: Upon termination or expiration of a contract, we either return or securely delete personal data in accordance with the customer’s instructions.
Selection & Due Diligence: ScoutDNS may act as a sub-processor, or use sub-processors, to handle personal data on behalf of our customers. We only engage sub-processors who offer sufficient guarantees of their ability to meet GDPR requirements.
Data Processing Agreements: We enter into GDPR-compliant data processing agreements with all sub-processors and ensure they adhere to this policy and applicable regulations.
| Sub-Processor | Purpose | Location | Types of Data Processed |
|---|---|---|---|
| Zoho (Subscriptions, Billing, Desk, CRM) | Account management, subscription/billing workflow, support ticketing, CRM | USA / EU / India | Customer contact information, subscription details, support ticket metadata |
| Stripe | Credit card & ACH payment processing | USA | Billing contact info, payment/payment method data (processed directly by Stripe) |
| Microsoft (Office 365 / Exchange) | Business email and internal communication | USA / Global | Email correspondence, customer-submitted information |
| Google Analytics | Website analytics and performance insights | USA / Global | Pseudonymized/aggregated site usage data, IP address, device metadata |
| Kinsta | Website hosting, DNS for site, and form submissions | USA / EU | IP address, form submission data, basic site telemetry |
| Vultr (IaaS Provider) | Infrastructure hosting for ScoutDNS platform components | USA / Global | IP addresses, DNS query metadata, device usernames (roaming clients), operational logs |
| Calendly | Meeting scheduling and calendar coordination | USA | Contact information (name, email), meeting details submitted by the customer |
Each Sub-Processor receives only the minimum personal data required for its function. ScoutDNS does not authorize Sub-Processors to use customer data for their own purposes.
ScoutDNS maintains written data-processing agreements and performs due diligence on all Sub-Processors to ensure adequate security and GDPR alignment.
ScoutDNS may add or replace Sub-Processors as needed to support the Services. Customers may request notifications of changes by contacting us.
Hosting Locations: We host EU and UK personal data in data centers located within the European Union and the United Kingdom, respectively. We retain personal data only as long as necessary to fulfill our legal obligations or those of our customers as data controllers.
Short-Term Transfers to Approved Countries: Under certain circumstances, we may transfer data on a short-term basis to countries or jurisdictions that are recognized under an adequacy decision by the European Commission or the UK government. Where no adequacy decision exists, we implement appropriate safeguards (such as Standard Contractual Clauses or Binding Corporate Rules) to ensure compliance with GDPR obligations.
Rights Requests: Data subjects can exercise their rights (access, correction, deletion) by contacting the data controller.
Controller Assistance: We promptly assist data controllers in addressing data subject requests, including providing necessary documentation or data in a timely manner.
Direct Contact: If a data subject experiences issues working through their controller, they may contact ScoutDNS directly for assistance.
Procedures & Detection: ScoutDNS has implemented procedures to detect, report, and investigate any personal data breaches.
Notification: We notify our customers (the data controllers) of any personal data breach without undue delay and provide relevant details to help them fulfill their own breach notification obligations.
Investigation & Prevention: We cooperate fully with our customers to determine the root cause of a breach and implement corrective measures to reduce future risks.
ScoutDNS provides regular GDPR training to all employees. We ensure employees are aware of their responsibilities under both this policy and the GDPR, and we hold them accountable for following best practices and security protocols.
This GDPR Compliance Policy is reviewed regularly and updated as needed to remain effective and compliant with GDPR requirements. For any questions about this policy or ScoutDNS’s GDPR practices, please contact our Data Protection Officer through our mailing address or by using our contact us form.