Data Processing & GDPR
Because Verellix handles operational records, decisions, escalations, and company evidence, data protection has to be part of the product architecture rather than a footer afterthought. Replace placeholders with your legal entity details before production use.
Controller and processor roles
Depending on the workflow, the customer may act as controller for company data while Verellix acts as processor. Some account, billing, security, and product data may be controlled by Verellix.
Processing instructions
Company data should be processed according to the customer’s instructions, platform functionality, legal requirements, and agreed operational safeguards.
Sub-processors
Hosting, email, payment, analytics, monitoring, and support providers may act as sub-processors. Production deployment should maintain a current sub-processor list.
Security measures
Appropriate measures should include access control, encryption in transit, least privilege, audit logs, backups, retention controls, and incident response processes.
Data subject rights
Verellix should support reasonable assistance for data access, correction, erasure, export, restriction, objection, and supervisory authority requests.
International transfers
Any transfer outside the EEA should rely on appropriate safeguards such as adequacy decisions, SCCs, or equivalent legal mechanisms.