DNS Publishing LLC Data Processing Overview

This Data Processing Agreement (herein referred to as the "DPA") forms part of the overall Terms and Conditions of Use (the "Terms"). It is made and entered into by and between DNS Publishing LLC, a Wyoming limited liability company, on behalf of itself and its subsidiaries, (herein referred to as "DNS Publishing", "we", "our", "ourselves"), and the Client (herein referred to as "Customer", "Client", "you", "your", "yourself"). This DPA applies to the processing of Customer Personal Data by DNS Publishing in its capacity as a Data Processor on behalf of the Client (Data Controller) when providing the Services, or as a Data Controller for data it collects directly from users of its Site.

Agreement Definitions

• "The Services" means any services DNS Publishing may provide to you, collectively or separately, including its Number Intelligence Services such as number lookup, LRN, CNAM, spam score information, API access, and other related services available through Verirouteintel.com, messageproviderlookup.com, whosentthattextmessage.com, and stopsendingspam.com.
• "Data Controller" primarily refers to the Client when providing data to DNS Publishing for processing as part of the Services. DNS Publishing may also act as a Data Controller for data it collects directly from users for account management and service provision.
• A "Data Processor" primarily refers to DNS Publishing when processing data on behalf of the Client as part of the Services.
• "Directive" means the EU Data Protection Directive 95/46/EC (as amended or superseded).
• "General Data Protection Regulation" ("GDPR") refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016...

Compliance and Use

The Client and DNS Publishing shall comply with their respective Data Protection Requirements, including, to the extent applicable, the GDPR as well as other applicable Privacy Laws. Client intends to use the Services and, in the course of doing so, will upload or otherwise provide DNS Publishing with Customer Personal Data as required by the nature of the Service provided to the Client.

Processing

The Client shall have sole responsibility for the lawfulness, accuracy, quality, and secure collection of Customer Personal Data it provides to DNS Publishing. DNS Publishing shall not access, use or process Customer Personal Data on behalf of Client except as necessary to deliver the Services (e.g., performing lookups on submitted phone numbers, managing user accounts), provide technical support related to the Services, and for maintenance and improvement of the Services (e.g., using query data in an anonymized and aggregated form to improve service quality), unless otherwise directed by Client in writing or as required by applicable law. The Client, as Data Controller for the data it submits, determines the nature and purpose of such Customer Personal Data and the categories of Data Subjects.

Data Access, Modification and Deletion

During the course of using the Services, when Customer Personal Data is processed by DNS Publishing, you may access, modify, or request deletion of certain data by logging into your account dashboard on the Site, where such features are available. Modification and deletion requests for data not manageable via the dashboard may also be submitted by contacting DNS Publishing at regulatory@kbdsystems.com. Upon termination or expiry of the Services and upon written request by the Client, DNS Publishing will delete or return (at Client's option, where feasible) Customer Personal Data in its possession or control related to that Client's account, subject to applicable data retention periods as outlined in our Privacy Policy or as required by law. This requirement shall not apply to the extent that DNS Publishing is required by applicable law to retain some or all of the Customer Personal Data, or for data retained in backup archives (which are protected from DSRs until restored, at which point DSRs can be applied, or are overwritten in due course).

Cooperation and Data Subjects' Rights

DNS Publishing shall provide reasonable and timely assistance to Client (at Client's expense, if such assistance requires significant effort beyond standard service provision) in accordance with this DPA and the Services, to enable Client to respond to a request from a Data Subject to exercise any of its rights under the GDPR or other applicable Privacy Laws (including rights of access, correction, objection, erasure, restriction of processing, and data portability, as applicable); and any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the processing of the Customer Personal Data by DNS Publishing on behalf of the Client. In the event that any such request, correspondence, enquiry or complaint is made directly to DNS Publishing regarding data for which Client is the Data Controller, DNS Publishing shall, to the extent permitted by law, promptly inform the Client providing details of the same, unless otherwise prohibited (e.g., by a legal order).

Data Protection Impact Assessment

Where required by Data Protection Requirements, DNS Publishing shall provide the Client with reasonable assistance and available information (at Client's expense for significant efforts) in support of a data protection impact assessment (DPIA) conducted by the Client, solely in relation to the processing of Customer Personal Data by DNS Publishing as a Data Processor for the Client under this DPA and the Services, and where the Client would not otherwise have access to the relevant information.

Confidentiality

DNS Publishing shall ensure that its personnel authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. These obligations shall survive the termination of their engagement with DNS Publishing.

Security

DNS Publishing implements and maintains appropriate technical and organizational security measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, as appropriate:

• Access controls to systems processing Customer Personal Data.
• Encryption of data in transit (e.g., SSL/TLS for Site and API access).
• Measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
• Procedures for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Security Incidents (Personal Data Breaches)

If DNS Publishing becomes aware of a confirmed Personal Data Breach impacting Customer Personal Data for which Client is the Data Controller and DNS Publishing is a Data Processor, DNS Publishing shall notify the Client without undue delay after becoming aware of the breach. Where possible, such notification shall include information available to DNS Publishing regarding the nature of the breach, the categories and approximate number of Data Subjects and Personal Data records concerned, and any measures taken or proposed to be taken by DNS Publishing to address the breach and mitigate its possible adverse effects. DNS Publishing shall provide reasonable cooperation to the Client in its investigation and remediation of such a Personal Data Breach. Client is solely responsible for complying with its own data breach notification obligations under applicable Data Protection Requirements.

The Client shall indemnify and hold harmless DNS Publishing against all losses, claims, damages, liabilities, fines, and expenses (including reasonable attorneys' fees) arising from any Personal Data Breach due to non-compliance by Client with its Data Protection Requirements or violation of this DPA by Client.

Other Obligations of the Client

The Client, as the Data Controller for the data it submits to the Services, warrants that it has all necessary rights, consents, and legal bases to collect, process, and transfer Customer Personal Data to DNS Publishing for processing in accordance with this Data Processing Agreement (DPA) and the Services. The Client shall comply with its protection, security, and other obligations with respect to Personal Data prescribed by Data Protection Requirements for Data Controllers, including but not limited to: establishing and maintaining a procedure for the exercising of the rights of the individuals whose Personal Data are processed by Client; processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; and ensuring compliance with the provisions of this DPA by its personnel or by any third-party accessing or using Personal Data on its behalf.

Audits and Inspections

Upon reasonable written request from Client (not more than once annually, unless a confirmed security incident necessitates more frequent review), DNS Publishing shall provide Client with information reasonably necessary to demonstrate compliance with its obligations under this DPA. If such information is insufficient, Client may request an audit, to be conducted at Client's expense by Client or an independent, qualified third-party auditor mutually agreed upon by the parties, during normal business hours and with reasonable advance notice to DNS Publishing, and subject to confidentiality obligations. Such audit shall be limited in scope to DNS Publishing's processing of Customer Personal Data on behalf of the Client and its compliance with this DPA. Client shall be responsible for any costs incurred by DNS Publishing in providing assistance for such audits. If DNS Publishing reasonably objects to an auditor selected by Client, Client must select an alternative auditor. If DNS Publishing declines to cooperate with a reasonable audit or inspection request under these terms, Client may have the right to terminate this DPA and the Services, subject to the terms of the main Agreement.

Agreement Summary

DNS Publishing takes precautions to safeguard data and abide by relevant privacy laws. Should you have specific concerns regarding this policy, we may be able to accommodate custom agreements and requirements subject to mutual agreement. Any customized Data Processing Agreements between DNS Publishing and the Client will supersede this agreement with respect to the subject matter of such custom agreement. This agreement may be updated from time to time to reflect changes in regulations, standards, or our services. We will provide notice of material changes as required by law or as set forth in the main Terms and Conditions.

If you require more details or have any questions concerning our Data Processing Agreement, please feel free to contact us at regulatory@kbdsystems.com.