Data Processing Addendum
DPA summary for customer procurement
This page summarizes the baseline data processing commitments for Vespasian commercial customers.
Roles
- Customer: controller for customer personal data processed through service use.
- Vespasian: processor acting on customer instructions to deliver contracted services.
Processing purpose
Data is processed only to provide the security assessment, migration workflow, compliance reporting, and support functions described in the service scope.
Subprocessors and transfers
- Subprocessors are used only where needed for hosted infrastructure and service delivery.
- Cross-border transfers follow contractual safeguards in the executed customer agreement.
Security obligations
Vespasian maintains technical and organizational measures appropriate to risk, including access controls, encryption, and operational monitoring controls.
Data subject requests and deletion
Customers can submit deletion and data subject request support inquiries through the support channel defined in contract materials.