1. Roles
Verify acts as a data processor when handling personal data on behalf of customers, and as a data controller for data we collect directly (website, support, billing).
2. Data Processing Addendum (DPA)
Our standard DPA incorporates SCCs and the UK IDTA. Enterprise customers can request a counter-signed copy via legal@verify.example.
3. Sub-processors
A current list of approved sub-processors is maintained and provided on request, with advance notice of material changes.
4. Subject rights
We assist controllers in responding to subject access, rectification, erasure, restriction, portability, and objection requests within the response windows required by law.
5. Transfers
Where data is transferred outside the EEA/UK, we rely on SCCs, the UK IDTA, adequacy decisions, or equivalent mechanisms with documented transfer impact assessments.
6. Breach notification
We will notify affected customers without undue delay of any confirmed personal-data breach, in accordance with the DPA and applicable law.
7. DPO
Our Data Protection Officer can be contacted at privacy@verify.example.