Data Processing Addendum
Template notice. This document is a starting point provided for convenience and is not legal advice. Review and adapt it with qualified counsel before relying on it in production.
1. Roles of the parties
For Customer Data processed through the Services, the customer is the controller and Tessera (Veritech Supply LLC) is the processor. This Addendum forms part of the agreement between the parties.
2. Scope & instructions
Tessera processes personal data only on documented instructions from the customer, as necessary to provide the Services, and as required by applicable law.
3. Sub-processors
The customer authorizes Tessera to engage vetted sub-processors under written contracts imposing data-protection obligations no less protective than this Addendum. A current list is available on request, and we provide notice of material changes.
4. Security measures
Tessera implements technical and organizational measures appropriate to the risk, including encryption, access control, logging, and independent audits (SOC 2, ISO 27001/42001).
5. Personal data breach
Tessera will notify the customer without undue delay after becoming aware of a personal data breach affecting Customer Data and will provide information reasonably required to meet the customer's obligations.
6. International transfers
Where transfers occur, the parties rely on appropriate safeguards such as standard contractual clauses. Data-residency options are available for enterprise customers.
7. Return & deletion
On termination, Tessera will, at the customer's choice, return or delete Customer Data, subject to legal retention requirements applicable to sealed evidence records.
8. Audits
Tessera makes available information necessary to demonstrate compliance and allows for audits in line with the terms of the master agreement, including via third-party reports under NDA.
Contact
Questions about this document? Write to [email protected] or Veritech Supply LLC, Attn: Legal, via our contact page.