1. Purpose: The purpose of this GDPR compliance policy is to ensure that ScoutDNS, our DNS Security solution that acts as a processor and sub-processor, complies with the General Data Protection Regulation (GDPR). This policy outlines the measures we have put in place to ensure the protection of personal data and the rights of data subjects.
2. Scope: This policy applies to all personal data processed by ScoutDNS on behalf of our customers, who are the data controllers. This includes data processed for our internal business operations that may contain personal data.
3. Responsibilities: ScoutDNS is responsible for ensuring GDPR compliance for personal data that we process. We have designated a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance, and all employees are required to comply with this policy.
4. Data Processing: ScoutDNS processes personal data only for the purposes specified by our customers, who are the data controllers, and in accordance with their instructions. We implement appropriate technical and organizational measures to ensure the security of personal data. We ensure that personal data is accurate and up-to-date, and provide data subjects with the right to access, correct, and delete their personal data. We also notify our customers of any data breaches that affect their personal data, and delete or return personal data to our customers when our contract with them ends.
5. Sub-Processors: ScoutDNS may at times be considered a sub-processor or may use sub-processors to process personal data on behalf of our customers. We only use sub-processors that provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements. We ensure that sub-processors comply with our GDPR compliance policy and have entered into a GDPR-compliant data processing agreement with them.
6. Data Transfers: ScoutDNS stores all EU log data in our European data centers and only stores personal data for the minimal time required to meet our legal obligations and the obligations of our customers, who are the data controllers. We may from time to time transfer personal data outside of the European Economic Area (EEA) in compliance with GDPR requirements, including ensuring that the third country has an adequate level of data protection or using appropriate safeguards such as standard contractual clauses or binding corporate rules.
7. Data Subject Rights: ScoutDNS provides data subjects with the right to access, correct, and delete their personal data. Data Subjects can exercise their rights by contacting our customer, who is the data controller. We provide our customer with any necessary assistance to fulfill data subject requests. Any Data Subjects who have a problem working with their controller may contact us directly for assistance.
8. Data Breaches” ScoutDNS has implemented procedures to detect, report, and investigate any personal data breaches. We notify our customers, who are the data controllers, of any personal data breaches without undue delay. We also cooperate with our customers to investigate the cause of the breach and implement measures to prevent future breaches.
9. Training and Awareness” ScoutDNS provides regular training to all employees on GDPR compliance. We also ensure that all employees are aware of their responsibilities under this policy and the GDPR.
10. Policy Review: This GDPR compliance policy will be reviewed regularly and updated as necessary to ensure that it remains effective and compliant with GDPR requirements. If you have any questions about this GDPR compliance policy or ScoutDNS’s compliance with the GDPR, please contact our Data Protection Officer. They can be reach through our mailing address or by using our contact us form.