DPA (Data Processing Addendum) & DSA (Data Security Addendum)

Skip to content.

Secondary navigation

NAVEX One® GRC Platform
NAVEX One® GRC Platform
- NAVEX One® GRC Platform
  Where governance, risk and compliance problems find their solutions.
  - NAVEX One
  - All NAVEX products
- Enhance Employee Compliance
  Bridge compliance requirements with a healthy workplace culture.
- Manage Third Party Risk
  Anticipate and analyze ongoing third-party, reputational and IT risks.
- Automate Risk & Compliance
  Improve risk visibility to drive better decision-making and performance. 
- Integrate GRC Data Intelligence
  Consolidate data and find more meaningful insights for your risk and compliance program.
  - GRC Dashboards & Reporting
  - GRC Benchmarking
How We Help
How We Help
- By Regulation
  Unpack complex regulations to understand how they affect you.
- By Industry
  Stay ahead of relevant developments with industry-specific insights.
- By Role
  Make your job easier with purpose-driven resources and guidance.
- By Challenge
  Identify and overcome common compliance challenges with confidence.
- View All Solutions
Resources
Resources
- Resource Center
  Take your pick of our expert GRC knowledge to enrich your journey.
- See all Resources
About
About
- About NAVEX
  Learn why 13,000+ organizations trust us to help manage their GRC challenges.
Why NAVEX?
Contact us
Get Pricing
Get Your Demo

Overview

NAVEX maintains comprehensive security and privacy commitments for all Customer Data processed within the Services provided to its customers. These commitments are detailed in our Data Processing Addendum (“DPA”) and our Data Security Addendum (“DSA”).

Due to the Services being provided on a multi-tenant SaaS based model across the entirety of our customer base, we are unable to modify our security and privacy program to allow us to treat one customer or its Customer Data differently from other customers. For this reason, NAVEX is unable to adapt its contract templates to individual customer requirements. Because NAVEX is unable to apply protections differently, NAVEX protects and is committed to protecting all Customer Data in line with the most stringent data protection and security standards, including the GDPR and SOC 2.

Please visit our Data Privacy Resource Center for more information on our privacy and security program.

Data Transfer Mechanism for EU and UK Personal Data

NAVEX relies on the EU Standard Contractual Clauses alongside the United Kingdom International Data Transfer Addendum (collectively, the “SCCs”) as its appropriate data transfer mechanism for EU and UK personal data. Our interpretation is that the SCCs may apply differently to each NAVEX entity. Where applicable, the SCCs are incorporated as part of NAVEX’s standard DPA as detailed below.

How to Execute the DPA and DSA

Please complete, sign, and submit the desired document via the e-signature process detailed in the applicable link below. The addendum, by its terms, will be incorporated into your existing agreement with NAVEX.

DATA PROCESSING ADDENDUMS

NAVEX Global, Inc. Customer DPA

For Customers contracted directly with our US- based entity, NAVEX Global, Inc., it is our interpretation the SCCs apply regardless of your hosting location. The SCCs are incorporated into this DPA.

DPA Available here

EU Hosted Customers contracted with NAVEX European entities DPA

For those EU-hosted customers contracted with our European entities, NAVEX Global UK Limited, GCS Compliance Services Europe Unlimited Company, or WhistleB Whistleblowing Centre AB, it is our interpretation that the New Controller to Processor SCCs do not apply due to the United Kingdom’s adequacy decision. We have appropriate New Processor to Processor SCCs in place to care for the transfers taking place via our affiliates and sub-processors. Regardless, we are here to support our customers with their compliance efforts and are willing to enter into those Controller to Processor SCCs at your discretion (see below for stand-alone sets of SCCs for execution).

DPA Available here

Stand Alone SCCs

Many customers have an existing DPA with NAVEX and prefer to supplement their current addendum with the new SCCs only, including the UK Addendum and a Switzerland Addendum.

SCCs Available here

DATA SECURITY ADDENDUM

All Customers - DSA

Our stringent security requirements are applied across the entirety of our customer base.

DSA Available here

Questions? Please contact our dedicated Privacy Team by emailing privacy@navex.com.