GDPR Compliance & Data Processing Addendum – VerifiSaaS

This Data Processing Addendum (“DPA”) forms part of the Terms and Conditions entered into between:

and the entity using VerifiSaaS services (“Customer”, “Controller”). This DPA applies to services provided through verifisaas.com and app.verifisaas.com.

1. Purpose and Scope

This DPA governs the processing of Personal Data by VerifiSaaS on behalf of the Customer. The Customer confirms that it acts as the Data Controller, and VerifiSaaS acts solely as a Data Processor strictly in accordance with documented instructions.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.

• Processing: Any operation performed on Personal Data.

• Data Subject: The individual to whom Personal Data relates.

• Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, or unauthorised disclosure.

3. Nature, Purpose & Duration

4. Categories of Data

The Customer may submit email addresses and associated business contact info. No special category data (health, financial, government IDs) should be submitted.

5. Processor Obligations

• Process data only under documented instructions
• Ensure personnel confidentiality
• Implement appropriate technical measures
• Assist with data subject rights
• Notify of breaches without undue delay

6. Security Measures

We maintain HTTPS encryption (TLS 1.2+), role-based access controls, multi-layer authentication, firewall protection, and infrastructure monitoring.

7. Subprocessors

We engage subprocessors for cloud infrastructure, hosting, and payments. All are contractually bound by confidentiality and security requirements.

8. International Transfers

Where data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs).