Data Processing Addendum
Last updated: [Pending legal review]
[Lead — Article 28 GDPR DPA. Pre-signed by Vextras. Customer countersigns. Counsel to draft.]
1. Definitions
[Counsel to draft — 1. Definitions.]
2. Scope & roles
[Counsel to draft — 2. Scope & roles.]
3. Processing details
[Counsel to draft — 3. Processing details.]
4. Security measures
[Counsel to draft — 4. Security measures.]
5. Subprocessors
[Counsel to draft — 5. Subprocessors.]
6. International transfers
[Counsel to draft — 6. International transfers.]
7. Data subject rights
[Counsel to draft — 7. Data subject rights.]
8. Breach notification
[Counsel to draft — 8. Breach notification.]
9. Audits
[Counsel to draft — 9. Audits.]
10. Return & deletion
[Counsel to draft — 10. Return & deletion.]
11. Liability
[Counsel to draft — 11. Liability.]
Annex A — Processing details
[Counsel to draft — Annex A — Processing details.]
Annex B — Technical & organizational measures
[Counsel to draft — Annex B — Technical & organizational measures.]
Annex C — Approved subprocessors
[Counsel to draft — Annex C — Approved subprocessors.]