Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the agreement between Datazag and the customer and applies where Datazag processes personal data on behalf of the customer in the course of providing its services.

This DPA is intended to ensure compliance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”) and equivalent regulations in other jurisdictions.

The relationship between the Customer and Datazag in relation to the processing of personal data is defined by the following roles:

Depending on the customer’s use of the services, Datazag may process limited categories of personal data, which may include:

• Domain-associated email addresses
• Technical metadata related to domains and infrastructure
• Contact details provided for account administration
• Log and usage data related to API or platform access

Datazag does not intentionally process special category (sensitive) personal data.

Personal data is processed solely for the purpose of providing domain intelligence, phishing detection, enrichment, analytics, and related services as described in the applicable service documentation or agreement.

Datazag implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

Datazag may engage sub-processors to support service delivery (for example, cloud infrastructure providers). Datazag remains responsible for the performance of its sub-processors in accordance with this DPA.

A current list of sub-processors is available upon request.Contact Legal →

Datazag will provide reasonable assistance to customers in fulfilling requests from data subjects exercising their rights under applicable data protection laws, to the extent required and technically feasible.

Datazag will notify the customer without undue delay after becoming aware of a personal data breach affecting personal data processed on the customer’s behalf, and will provide reasonable information to assist the customer in meeting regulatory obligations.

Upon termination of the services, Datazag will, at the customer’s request, delete or return personal data in accordance with applicable law and contractual obligations, unless retention is required by law.

Where personal data is transferred internationally, Datazag ensures appropriate safeguards are in place in accordance with applicable data protection laws.

This DPA is subject to the governing law and dispute resolution provisions set out in the applicable service agreement between Datazag and the customer.