Roles
For customer content uploaded to the platform, you are the controller and Violet Solutions S.L. is the processor. This DPA forms part of your agreement with us.
Scope of processing
- Subject matter: provision of the Violet platform.
- Duration: the term of your subscription.
- Nature & purpose: hosting, processing and securing audit and finding data.
- Data subjects: your staff and the people referenced in your audit data.
Our obligations
- Process personal data only on your documented instructions.
- Ensure personnel are bound by confidentiality.
- Apply appropriate technical and organisational measures (see our Security page).
- Assist with data-subject requests and breach notification.
Sub-processors
We use a vetted list of EU-based sub-processors and remain responsible for their compliance. The current list is available on request, and we give notice of changes so you can object.
International transfers
Personal data is processed within the EU. Any exception would be covered by an adequacy decision or Standard Contractual Clauses.
Security & breach
We maintain the measures described on our Security page and will notify you without undue delay after becoming aware of a personal data breach affecting your data.
Return & deletion
On termination you may export your data; we then delete it on a defined schedule, save where retention is legally required.
Audits
We will make available the information needed to demonstrate compliance and allow for audits in line with the DPA.