DRAFT TEMPLATE — review with qualified legal counsel before relying on it.
This notice summarises how Tevrix handles personal data under the EU General Data Protection Regulation (GDPR) and related law, in addition to the Privacy Policy.
1. Controller and processor roles
When a business uses Tevrix to manage its own customers, that business is the controller and Tevrix is the processor, acting only on documented instructions. For account, billing, and site data, Tevrix is the controller. Our Data Processing Agreement template sets out the processor terms in detail.
2. Data-subject rights
Individuals have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent. Where Tevrix acts as a processor, we assist the relevant controller in fulfilling these requests.
3. International transfers
Data is hosted in the EU by default. Where any transfer outside the EEA is necessary, we rely on an appropriate transfer mechanism such as an adequacy decision or standard contractual clauses, together with supplementary measures where needed.
4. Personal-data breaches
We maintain procedures to detect, investigate, and report personal-data breaches. Where Tevrix acts as a processor, we notify the affected controller without undue delay so it can meet its own notification obligations.
5. Contacting us about data protection
Data-protection enquiries can be sent to hello@tevrix.http.lv. You also have the right to lodge a complaint with your supervisory authority.