The DPA forms part of your agreement with Veracly. Where you are the controller and we are the processor, this document sets out the contractual terms required by GDPR and other applicable data protection laws.
- 01
Parties and roles
Customer is the controller; RR Sols Pty Ltd (Veracly) is the processor. Roles can shift for specific processing activities — set out per activity.
- 02
Subject matter and duration
What personal data is processed, the categories of data subjects, and how long processing lasts.
- 03
Scope and instructions
Veracly processes only on documented instructions from the customer. Out-of-scope processing is prohibited.
- 04
Subprocessors
List of authorized subprocessors, notification rights, and the customer's right to object.
- 05
Technical and organizational measures
Encryption, access controls, audit logging, incident response, and personnel training. Detailed Annex II to follow.
- 06
Data subject rights
How Veracly assists customers in responding to access, deletion, and other rights requests.
- 07
Personal data breaches
Notification timing, content of notification, and the cooperation Veracly will provide.
- 08
International data transfers
Standard Contractual Clauses, transfer impact assessments, and supplementary measures where required.
- 09
Audits and inspections
Customer's audit rights, frequency, and reasonable cost-recovery.
- 10
Termination and data return
What happens to personal data on termination — return, deletion, and certification of deletion.