We collect the following categories of personal data:

We use personal data for the following purposes:

We disclosepersonal data to the following categories of third parties:

We require third parties acting as our agents to process personaldata only for specified purposesand in accordance withcontractual safeguards consistent with the Data Privacy Framework Principles.

Where requiredby the Data Privacy Framework Principles, individuals have the right to:

Where we process sensitive personal data, we obtain opt-inconsent where required. To exercise these choices,individuals may contact us at support@cymru.com.

We use cookiesand similar trackingtechnologies to track activity on Team Cymru'sservices and store certain information. Tracking technologies used include beacons,tags, and scriptsto collect and track information, all of which help us analyzeand improve our service.

We retainpersonal data for as long as necessary to fulfil the purposes described in thispolicy, including:

Retention periodsare determined basedon the nature of the data, the purposes of processing, contractual requirements, and applicable legal obligations.

Personal data may be processed in the United States and other jurisdictions where Team Cymru or its service providers operate.

For personaldata received under the Data Privacy Framework, Team Cymru complieswith the DPF Principles for onwardtransfers. Where we transfer personal data to third-party agents, we:

TeamCymru remains responsible and liable under the DPF Principles for onwardtransfers to third-parties.

Team Cymru implements administrative, technical, and organizational measuresdesigned to protectpersonal data against unauthorized access,disclosure, alteration, and destruction. Thesemeasures are alignedwith ISO/IEC 27001and include encryption,access controls, monitoring, and incident response processes.

TeamCymru maintains ISO/IEC 27001-aligned controls, including encryption,multi-factor authentication (MFA), network segmentation, monitoring, incident response, and secure softwaredevelopment life cycle(SSDLC) processes. Team Cymru’s breach notification and response actions coincide with Team Cymru's ownIncident Response Policy, as well as applicable laws and customer agreements.In the event of a security incident involving personal data, Team Cymru willrespond and provide notifications, where required, in accordance withapplicable law and customer agreements.

TeamCymru shall maintain administrative, physical, and technical safeguards toensure the integrity, confidentiality, and security of client data. These safeguards shall be appropriate to the nature of the services and the volume of data processedand are specifically designed to prevent security incidents, protect againstreasonably foreseeable threats, as well as maintain compliance with relevantdata protection regulations.

In compliance with the EU-U.S.DPF and the UK Extensionto the EU-U.S. DPF, Team Cymru commitsto resolve DPF Principles-related complaints aboutour collection and use of your personal information.

Residents of California, Colorado, Connecticut, Virginia, and Utah mayhave the following rights, subject to applicable law:

Toexercise these rights, individuals may contact us at support@cymru.com

We will verify requestsand respond in accordance with applicable law. Individuals may designate an authorized agent tosubmit requests on their behalf where permitted.

Whererequired, individuals may appeal our decision by contacting us using the same details.

In compliance with the EU-U.S.Data Privacy Frameworkand the UK Extension, Team Cymru commitsto resolve complaints about our collection and use ofpersonal data.

Individualsmay contact us at support@cymru.com. We willrespond within 45 days.

Ifa complaint cannot be resolved directly, Team Cymru has designated JAMS as anindependent dispute resolution provider. This serviceis provided at no cost to the individual. More information is available at https://www.jamsadr.com

/contact.

TeamCymru is subject to the investigatory and enforcement powers of the U.S.Federal Trade Commission.

Undercertain conditions, individuals may invoke bindingarbitration as described in AnnexI of the Data Privacy Framework

OurService is not intended for, nor directly addresses anyone under the age of 16.We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardianand You are aware that Your child has provided Us with Personal Data,please contact Us. If We become aware that We have collected Personal Data fromanyone under the age of 16 withoutverification of parentalconsent, We take steps to permanently remove that information.

If We need to rely on consent as a legal basis for processing Your information and Your countryrequires consent from aparent, We may require Your parent's consent before We collect and use thatinformation.

California residentsunder 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see YourState Privacy Rights for more information.

Our Servicemay contain links to other websites that are not operated by Us. If You click on a third-party link, You will bedirected to that third party's site. We strongly advise You to review thePrivacy Policy of every site You visit.

We have no controlover and assume no responsibility for the content,privacy policies or practices of any third-party sites or services.

We may updateOur Privacy Policy from time to time.

You are advised to review this Privacy Policy periodically for any changes.Changes to this Privacy Policy are effectivewhen they are posted on this page.