Data Processing Addendum

Roles

The customer acts as controller for personal data uploaded to the platform. RISCK COMPLY acts as processor when operating the service on behalf of the customer.

Processing instructions

RISCK COMPLY processes customer data only to provide the contracted service, maintain security, support billing, deliver notifications and comply with lawful obligations.

Security measures

Measures include authenticated access, organization isolation, private document storage, audit trails, role-aware access, secure infrastructure configuration and operational monitoring.

Subprocessors

Approved subprocessors are listed on the Subprocessors page. Material changes should be communicated to enterprise customers according to the commercial agreement.

Deletion and return

Upon termination, customers may request export or deletion review according to the plan, legal retention duties and administrator controls.