CleanDNS, Inc Privacy Policy

CleanDNS, Inc. Privacy Policy

V2.1  – 23 July, 2024

This privacy policy will explain how our organization uses the personal data we collect from you when you use our website and generally the data we process as a Service Provider for the CleanDNS, Inc. (“CleanDNS”) Platform and Services.

 

What PII do we collect?

 

CleanDNS as Controller

In certain circumstances, CleanDNS is considered the controller of the PII processed by us. Ordinarily this is in connection with the processing of the data of our own employees and contractors, or in the processing of the contact information of our clients and vendors. In general we will therefore process the following PII :

  • Employer organization information (company name, address, domain, etc)
  • Employee/Agent data (name, email, phone number, position and/or other contact details)
  • Domain Name System data (IP address etc.)
    • Registration Data Directory Services (‘RDDS’) data
    • NOTE: We ordinarily do not process PII in whois data. Where publicly available whois data inadvertently includes, PII or is included under the terms of access, CleanDNS continues to Restricted our intake to non PII elements i.e to registrar, timestamps, nameservers, reseller [if applicable])
    • Screenshots of publicly resolving content of a domain or URL reported for abuse which may or may not contain personal information

 

CleanDNS as Processor

In the provision of our services, CleanDNS is ordinarily considered a processor for our clients. In such instances the relevant client will continue to be the Controller and we will process data under the terms of our agreements with those clients (Controller Instructions).

Such data ordinarily includes the following :

  • Screenshots of a publicly resolving domain or URL reported for abuse which may or may not contain personal information.
  • Non-Public Whois data (limited to only those clients who specifically provide such data to us in the provision of our Services to them)
    • Name
    • Address
    • Phone Number
    • Email
    • Fax Number

Sensitive Personal Information

“Sensitive Personal Information” refers to personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying sex life of the individual. CleanDNS does not ordinarily or knowingly require or collect Sensitive Personal information. As such, we will not knowingly use or disclose such information with third parties without your explicit consent.

How do we collect your data?

1) Directly from you

We collect data and process data when you:

  • Register for an account online or place an order for any of our products or services.
  • Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
  • Use or view our website via your browser’s cookies.
  • Submit an abuse report on a domain to us.
  • Other content that you voluntarily disclose online (on discussion boards, in messages and chat areas) From our Clients (in the provision of CleanDNS Platform and Services)

2) Indirectly

CleanDNS may also receive your PII data indirectly from the following sources:

  • RDDS (Registration Data Directory Services) records
  • Abuse reports
  • From a Registrar, Registry or other DNS Infrastructure provider

How will we use your data?

1.  Website Users Information

‍‍If you submit Personal Information to us through the Website, then we may use it to carry out analytics, understand trends and usage of materials, as well as monitoring, operating, maintaining, and providing you the features and functionality of the Website, including, when applicable, sending you information.

Personal Information or other content that you voluntarily disclose online (on any discussion boards, in messages and chat areas) may become publicly available and can be collected and used by others, including CleanDNS, without any additional permission. We may use your email address to send commercial, marketing, or other messages regarding the Website or our Services without additional consent.

We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.

2. CleanDNS Reporting Forms

If you submit Personal Information to us through the Website, then we may use it to :

  • Create your account (where applicable), process your orders;
  • manage your account; and
  • To process abuse reports and communicate the report status to you.

3. CleanDNS Platform & Services

CleanDNS may use data relating to you, where a domain name (or similar online identifier) registered by you has been flagged for an abusive use, as defined by there terms of service of your relevant registrar, or registry operator or other similar entity.  Our processing of this data will be, at all times, under the instructions of the Controller.

4. Other Uses of Data

CleanDNS also collects your data so that we can:

  • Create your account (where applicable), process your orders, and manage your account.
  • Email you with special offers on other products and services we think you might like, which are reasonably connected to the services you have obtained, or in line your preferences on the site
  • To process abuse reports and communicate the report status to you.
  • If you agree, CleanDNS will share your data with our partner companies so that they may offer you their products and services.
  • When CleanDNS processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
  • When CleanDNS processes your abuse report, it may send your data to, and also use the resulting information from, clients for the purpose of reviewing the abuse report in order to decide on an action.

Disclosure

Disclosure of Data (as Controller)

Where CleanDNS is acting as Controller, notwithstanding any legal or related obligations as noted below in ‘General Disclosure’, we may disclose data in the context of carrying out the obligations of our various contracts:

  • In our role as employer to carry out any obligations, or provide any benefits as may be agreed under our contracts;
  • in the carrying out of any obligations with our contractors as per the terms of our agreements; or
  • Disclosure of CleanDNS Sinkhole data. As noted, CleanDNS does maintain a sinkhole infrastructure that collects data on web and DNS traffic relating to domains redirected to that sinkhole, as result of a connected assessed and actioned DNS Abuse (or other online harm as may be applicable). Although the vast majority of sinkhole data is considered to be non-PII, however, PII such as may be included in such webtraffic (e.g. IP addresses, cookie information) shall also be collected. For the avoidance of doubt, Sinkhole data (including PII were applicable) may disclosed to third parties (e.g. law enforcement, security researchers, academia, anti-abuse service providers or similar entities). This data shall however only be disclosed for the purpose of investigation, mitigation and disruption of online harms, or for other lawful purposes, consistent with applicable law.

Disclosure of Data (as Processor)

Where CleanDNS is acting as Processor, notwithstanding any legal or related obligations as noted in below in ‘General Disclosure’ we shall only disclose data as per the instructions of the Controller.

General Disclosure

We may also disclose Personal Information and/or non-personally-identifiable information if required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or respond to a court order, subpoena, or search warrant. CleanDNS reserves the right to disclose Personal Information and/or non-personally-identifiable information that CleanDNS believes, in good faith, is appropriate or necessary to take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our Website, and to protect the rights, property, or personal safety of CleanDNS, our users or others.

Third-Party Links

‍The Website may contain links to other sites. We are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Website and to read the privacy statements of every website that collects your personal information. This Privacy Policy applies only to information collected by the Website and CleanDNS directly.

Analytics

We may share non-personally-identifiable information (such as anonymous user usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to assist us in understanding the usage patterns for certain content, services, advertisements, promotions, and/or functionality on the Website.

How do we store your data?

CleanDNS, Inc securely stores your data at data centers around the world certified to at least a SOC2 standard. All data is encrypted when at-rest or in-transit.

CleanDNS will keep your account data until you close your account. Once you close your account, we will delete your data by removing records from relevant databases. CleanDNS may retain data relating to you for a reasonable period in reasonable contemplation of legal proceedings, or to ensure we are able to fulfil any legal obligations on us.

Where retained, such data will be securely archived, and only processed for these limited purposes.

CleanDNS, Inc will ordinarily keep your abuse report data for a minimum of a three year period. Once this time period has expired, we will delete your personal data by removing records from relevant databases.

Marketing

Where you have opted in to marketing, CleanDNS may send you information about products and services of ours that we think you might like, as well as those of our partner companies.

If you have agreed to receive marketing, you may always opt out at a later date. NOTE: CleanDNS shall never market to data provided to us in our capacity as processor.

You have the right at any time to stop CleanDNS from contacting you for marketing purposes or giving your data to other members of the CleanDNS.

If you no longer wish to be contacted for marketing purposes, please message privacy@cleandns.email with the subject UNSUBSCRIBE; Alternatively click the Unsubscribe button on any marketing email that you may have received from us.

Exercising Your Data Protection Rights

CleanDNS as Processor

Where CleanDNS processes your personal data as a processor (see above), we are not the appropriate party to whom you should raise requests or inquiries regarding your Data Subject Rights.

In the first instance, please contact the relevant data controller (usually the registry operator or your registrar). For more information you should seek out the relevant Controller’s Privacy Policy.

Where we are in receipt of a Data Subject Request, and we are not the controller,  CleanDNS will make all reasonable efforts to provide a notification to the correct controller on your behalf, however we cannot guarantee a response to your request. CleanDNS, shall provide all reasonable assistance to the relevant controller, where requested by them, in answering relevant data subject requests made of them.

All queries relating to outstanding data subject requests, should be directed to the relevant controller only.

CleanDNS as Controller

Access to PII

Where, by applicable legislation, you have the right to obtain from us a confirmation as to whether or not Personal Information concerning you is processed by us. If there is no applicable legislation, we will nonetheless and in good faith review your request. In addition, where such processing is confirmed, and you request it, we will arrange access to the Personal Information along with the following information where applicable:

  • the categories of Personal Information collected and processed
  • the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, in particular recipients in third countries (outside of the European Economic Area (“EEA”), the State of California in the United States of America or international organizations)
  • the period for which the Personal Information will be stored or, if not possible to be determined, the criteria used to determine that period
  • the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority where applicable
  • where Personal Information was not collected directly from you, any available information as to its source; an
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and in other relevant legislation, as well as the significance and the envisaged consequences of such processing for the data subject.

Where your Personal Information is transferred to a third country, you also have the right to be informed of the appropriate safeguards we have put in place pursuant to Article 46 of the GDPR relating to the transfer and other applicable legislation.

CleanDNS may provide, where requested, a copy of that data relating to you, which is being processed, subject to the restrictions as noted in Article 23 of the GDPR and per other applicable legislation.

 

Rectification

Should you believe we hold incorrect or inaccurate data relating to you, please provide us with all relevant details relating to this inaccuracy, so that we may make the necessary updates to your data, where appropriate to do so.

Deletion / Erasure

Where you, as the data subject, wish the erasure of your Personal Information, CleanDNS will fulfill your request should one of the following grounds apply:

  • the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed (e.g., the provision of our Services);
  • where processing is based solely upon your required consent, and you withdraw this consent on which the processing is based;
  • where you object to the processing, and where there are no overriding legitimate grounds for the processing;
  • where you can demonstrate that the Personal Information has been unlawfully processed;
  • where you provide notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
  • where CleanDNS is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR or applicable legislation.

Supplemental Erasure

Where CleanDNS has publicly disclosed your data and where you have made a valid request to erase your Personal Information, CleanDNS will, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any controllers which are processing that personal data, of your request for erasure, in accordance with applicable legislation.

Data Portability

CleanDNS where necessary under law, shall ensure the portability of all relevant categories of PII.

 

FOR EUROPEAN ECONOMIC AREA (EEA), SWISS & UNITED KINGDOM CITIZENS

 

CleanDNS is a US registered entity, and all our primary servers are located within the USA.

Transfer of data outside of the European Economic Area (“EEA”):

CleanDNS continues to comply with its commitments under the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles and/or the UK Extension to the EU-U.S. DPF (as applicable) as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles and/or the UK Extension to the EU-U.S. DPF, as appropriate.

Exercising your Data Subject Rights

CleanDNS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.  We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) as well as the UK Extension to the EU-U.S. DPF (UK-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) with regard to the processing of personal data received from the European Union, the UK or Switzerland, in reliance on the EU-U.S. DPF, the Swiss-US DPF or the UK-US DPF.  If there is any conflict between the terms in this privacy policy and these Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .  Where possible and appropriate, CleanDNS will also undertake to sign or append the applicable Standard Contractual Clauses with our vendors to further bolster our commitments to ensuring the security of your data. ‍

Access, correction or deletion

Note that you continue to have the right to access, correct, or delete your Personal Information processed by us, in accordance with applicable legislation. For assistance with accessing, correcting, or deleting your personal data, please contact us at privacy@cleandns.email Please be aware that deleting your Personal Information may result in termination of the Services you receive through us.

In compliance with the Data Privacy Frameworks, or their legal and regulatory equivalent, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals, or those persons resident in the United Kingdom, with inquiries or complaints regarding this Policy should first contact our Legal Department at privacy@cleandns.email, or by certified mail (return receipt requested) at: CleanDNS Inc., Attn: Legal Department, PO Box 364, 56 S Main Street, Suite 2, Yardley, Pennsylvania 19067.

Choice

You also have right to limit the use and disclosure of your personal data by CleanDNS, in accordance with applicable legislation, where such data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise this right to opt out, please either:

  • Use the provided link that we provide in any marketing communication to you to unsubscribe; or
  • Send an email to privacy@cleandns.email requesting your opt out; or
  • contact our Legal Department by certified mail (return receipt requested) at: CleanDNS Inc., Attn: Legal Department, PO Box 364, 56 S Main Street, Suite 2, Yardley, Pennsylvania 19067

Please note that when CleanDNS is processing your data as a controller, such processing is done in the context of the provision of a service to you, opting out of such processing may affect our ability to provide that agreed upon service to you.

Please note that, where CleanDNS is acting as a processor only, such requests should be made to the relevant controller. CleanDNS however will provide all relevant information, in such an instance, to enable you to make your request to the relevant controller.

CleanDNS does not ordinarily or knowingly process or receive Sensitive Personal Data in the provision of its services, however, any such processing would only be carried out with express consent. If you believe CleanDNS is processing Sensitive Personal Data relating to you, as a controller, and wish to opt-out, please send an email to privacy@cleandns.email with details as to such a request, so we may review, and carry out such a request where applicable and appropriate.

Timing

If you make a request, we have one month to respond to you. Should your request be specifically complex, or we are of the belief it may take longer than one month, we shall advise you of this, providing all required reasoning.

Onward Transfers

In the context of an onward transfer of data, as an EU-U.S. DPF, a UK-U.S. DPF and a Swiss-U.S. DPF registered organization, we have a responsibility for the processing of personal information received under the framework and any subsequent transfers to a third party acting as an agent on our behalf. We shall remain liable under the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and Swiss-U.S. Principles if our agent processes such personal information in a manner inconsistent with said Principles, unless the third party acting as an agent on our behalf can prove that it is not responsible for the event giving rise to the alleged damage.

Cooperation with the Data Protection Authorities

CleanDNS shall cooperate, in full, with the Data Protection Authorities (“DPAs”), as a recourse for individuals to whom the data we process relates.  These include the EU DPAs under the EU-U.S. DPF, the UK ICO and the GRA under the UK Extension to the EU-U.S. DPF, and/or the Swiss FDPIC under the Swiss-U.S. DPF in the investigation and resolution of complaints brought under the DPF Principles.

CleanDNS has procedures in place to allow for the verifying that the attestations and assertions we have made about our privacy practices are true. CleanDNS further accepts our obligations to remedy any problems arising out of failure to comply with the Data Privacy Framework Principles (EU, U.S. and Swiss) (“the Principles “)and consequences that such a failure would have for our company.

CleanDNS also commits to cooperation with the Data Protection Authorities (DPAs) in the investigation and resolution of complaints brought under the Principles; and will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.

 

Binding Arbitration & FTC Enforcement

In addition, it is possible, under certain limited conditions, for individuals to invoke binding arbitration before the Data Privacy Framework Panel to be created by the US Department of Commerce and the European Commission. Note that the US Federal Trade Commission has investigatory and enforcement authority over our compliance with this Policy.

 

Note regarding Website Use

Our website is hosted in the United States and is hosted within the United States. If you are accessing the Website from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Website, which is governed by U.S. law, this Privacy Policy, and our Website Terms of Use, you are transferring your personal information (as outlined above) to the United States and you consent to that transfer.

California Consumer Privacy Act (CPRA)

The California Consumer Privacy Act (CPRA) gives California residents certain rights over their personal information. These rights include the right to know what personal information is collected about them, the right to delete their personal information, and the right to opt out of the sale of their personal information.

We collect and use your personal information for a variety of purposes, including to provide you with our services, to improve our services, and to communicate with you. We may share your personal information with third parties, but we will only do so with your consent or as permitted by law.

You have the following rights under the CPRA:

  • The right to know what personal information is collected about you, the sources of that information, the purposes for which it is used, and the third parties to whom it is disclosed.
  • The right to access your personal information.
  • The right to delete your personal information.
  • The right to opt out of the sale of your personal information.

To exercise any of these rights, please contact us at privacy@cleandns.email .

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information , visit allaboutcookies.org.

 

How do we use cookies?

CleanDNS, Inc uses cookies in a range of ways to improve your experience on our website , including:

  • Keeping you signed in
  • Understanding how you use our website
  • Performance and error monitoring

 

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

Functionality – CleanDNS, Inc uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

NOTE FOR CLEANDNS USERS: Use of the CleanDNS Platform itself requires cookies, turning off of cookies may affect your system experience.

Advertising

CleanDNS, Inc uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. CleanDNS, Inc sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website .

Performance and Error Monitoring

CleanDNS, Inc uses these cookies so that we may monitor our sites’ performance and capture any errors you may experience.

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

The CleanDNS, Inc website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

CleanDNS, Inc keeps its privacy policy under regular review and places any updates on this web page.

How to contact us?

If you would like to exercise any of these rights, please contact us at our Data privacy Contact

email: privacy@cleandns.email

or write to us: Data Protection Contact, CleanDNS, Inc. PO Box 364, Yardley, Pennsylvania 19067, United States of America

 

 

How to contact the appropriate authority?

Although CleanDNS is a US based organization, should you wish to report a complaint or if you feel that CleanDNS, Inc has not addressed your concern in a satisfactory manner, you may contact the Irish Data Protection Commissioner, as our expected Lead European

Data Protection Commission,

21 Fitzwilliam Square South,

Dublin 2,

D02 RD28,

Ireland

http://www.dataprotection.ie

[contact-form-7 id="67"]

Contact Us