Data Processing Addendum

Last updated: 1 May 2026

This Data Processing Addendum (“DPA”) is part of the agreement between DeProFront (“Processor”) and the customer (“Controller”) for the use of the DeProFront services.

1. Subject and duration

DeProFront processes personal data on behalf of the Controller for the purpose of providing the visitor management service. Processing continues for the duration of the agreement.

2. Types of data and categories of subjects

Visitor data (name, email, photo, host visited), employee data (name, work email, business unit), and audit metadata.

3. Sub-processors

DeProFront uses the sub-processors listed at /legal/sub-processors. We will notify Controllers in advance of any change.

4. International transfers

Personal data is processed within the European Economic Area. Where data must leave the EEA we rely on Standard Contractual Clauses and conduct a transfer impact assessment.

5. Security measures

We apply the technical and organisational measures described in the Security & GDPR page, including encryption in transit and at rest, MFA for platform owners, and a tamper-evident audit log.

6. Audit rights

DeProFront makes available all information necessary to demonstrate compliance with this DPA and allows for audits, including inspections, conducted by the Controller or a mandated auditor.