Data Processing Agreement

Customers who need a formal data processing agreement (DPA) for GDPR-style vendor due diligence can request one from Supplira. This page explains how that works today.

Controller and processor roles

In typical use, your organization is the data controller for supplier assessment data and related personal data you place in Supplira. Supplira acts as a data processor for customer assessment and account data processed through the platform on your instructions.

For our own account, billing, and website operations, Supplira may act as a controller — as described in our Privacy Policy.

DPA available on request

A Data Processing Agreement is available for customers where required. Contact us with your organization name, use case, and any specific annexes or subprocessors lists you need addressed.

Request a DPA

What a DPA typically covers

• Subject matter and duration of processing
• Nature and purpose of processing (supplier risk assessments and related workflows)
• Types of personal data and categories of data subjects
• Subprocessors (see our Subprocessors page)
• Security measures (summarized on our Security page)
• Assistance with data subject requests and incident notification, as agreed

Related documents

• Terms of Service
• Privacy Policy
• Subprocessors
• Security

This page is not itself a binding DPA. A signed or agreed DPA document will be provided separately when available for your engagement.

Contact

DPA and privacy requests: [email protected]
General inquiries: [email protected]