Service Protection and Connection Security (Cloudflare WAF)

To enhance the security of the services provided, Vercom S.A. (owner of EmailLabs) utilizes the support of Cloudflare, Inc. as a provider of security solutions, including WAF (Web Application Firewall) services.

Vercom S.A.'s Commitment to Data Protection in the Context of Cooperation with Cloudflare

Vercom S.A. attaches great importance to ensuring that all information – including, in particular, the content of communications sent via Vercom and personal data entrusted by Vercom's Clients for processing – remains confidential and is processed exclusively within the European Economic Area (EEA).

This also applies to services provided by Cloudflare. To this end, and considering the interests of Vercom's Clients, during negotiations of the terms of service with Cloudflare, Vercom S.A. ensured adequate contractual provisions guaranteeing, among others:

• Inclusion of the Data Localisation Suite (DLS) option for services: Thanks to DLS, information processed by Vercom within the scope of our services remains within the European Union.

• Inclusion of the EU Customer Metadata Boundary option for services: This ensures that metadata related to traffic processed by Cloudflare on behalf of Vercom's Clients will not be transferred outside the European Union.

Information Regarding the EU-U.S. Data Privacy Framework (DPF) and Cloudflare

We are aware that the mere fact of using a service provider located outside the European Economic Area (EEA) – Cloudflare, Inc., USA – may sometimes influence our Clients' decisions, regardless of the aforementioned safeguards.

In this regard, we inform you that on July 10, 2023, the European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision recognizes that the changes made by the United States to its laws ensure an adequate level of protection for personal data transferred from the EEA by private and public entities to organizations in the USA that have self-certified their compliance with the DPF principles.

Cloudflare, Inc. is an active participant in the DPF program and has committed to adhering to the DPF Principles with respect to personal data transferred from the European Union, the United Kingdom, and Switzerland. Cloudflare's participation in the DPF can be verified on the .

In accordance with the provisions of Regulation (EU) 2016/679 (GDPR), the transfer of personal data from the EEA to organizations in the USA that have acceded to the DPF and are on this list is possible without the need to obtain additional authorizations or apply legal instruments such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). In such a situation, conducting a Transfer Impact Assessment (TIA) is also no longer required.

Adherence to the DPF principles is mandatory and enforceable by the relevant U.S. authorities (in the case of Cloudflare, this is the Federal Trade Commission – FTC).

• You can learn more about the DPF program on its .

• The EU-U.S. DPF Principles can be found .

• Information about the DPF on the .

Option to Opt-Out of Processing by Cloudflare

Clients using Enterprise packages who do not wish for their data to be processed using Cloudflare services have the option to opt-out. In such cases, please contact us – we will prepare a dedicated solution.