Data Processing Addendum (DPA)
This page summarizes our standard DPA. For a countersigned copy tailored to your SOW, contact our Privacy team.
Roles & Responsibilities
- Tecronix acts as a Processor (or Service Provider) when processing Client Personal Data under the SOW.
- Client acts as Controller (or Business) and determines the purposes and means of processing.
- Where Tecronix determines purposes and means for its own data, it acts as Controller for that data.
Technical & Organizational Measures (TOMs)
- Access Controls: least-privilege, MFA where supported, JML processes.
- Data Protection: encryption in transit and at rest (where supported), segmentation, secure disposal.
- Operations: SOPs/runbooks, QA sampling (AQL), change control, incident response with severity targets.
- Monitoring: logging with alerting, vulnerability management, vendor risk review.
- Continuity: backups where applicable, recovery procedures aligned to system criticality.
Sub-Processors
- Tecronix maintains a registry of authorized sub-processors used in delivery.
- Client is notified of material changes as set out in the Agreement.
- See the live registry on the Sub-Processors page (CSV available).
International Transfers
- Standard Contractual Clauses (SCCs) or UK IDTA/UK Addendum as applicable.
- Transfer risk assessments for high-risk scenarios.
- Regional data handling aligned to SOW and client preferences where feasible.
Data Subject Requests & Cooperation
- Tecronix shall assist Client in responding to requests to exercise rights (access, deletion, etc.).
- Requests received directly by Tecronix will be forwarded to the Client unless otherwise required by law.
- Security incidents will be handled per Incident Response with prompt notification consistent with law and contract.
Need a countersigned DPA?
Email our Privacy team with your SOW and vendor forms.
