Processing Role
Processor
Receiz processes Customer Personal Data under documented customer instructions.
Receiz / Legal / DPA
Back homeTrust baseline
Data Processing Addendum
Controller/processor terms for Customer Personal Data processed through Receiz services.
Processor termsTransfer safeguardsSubprocessor governance
Transfer Mechanisms
SCC / UK Addendum
Cross-border transfers use legally recognized mechanisms appropriate to jurisdiction and transfer path.
Audit Path
Evidence-Scoped
Due diligence support is provided through published routes and confidentiality-governed review workflow.
01
Scope and Role Allocation
This Data Processing Addendum applies when Customer Personal Data is processed through Receiz services under an executed order form, subscription, or API integration.
Customer acts as controller (or business) for Customer Personal Data. Receiz acts as processor (or service provider) and processes data only on documented customer instructions, including this DPA and the primary service agreement.
02
Processing Details (Annex Summary)
| Annex Item | Description |
|---|---|
| Subject matter | Provision and security of deterministic verification and settlement services. |
| Duration | For the term of the applicable commercial agreement, plus legally required retention periods. |
| Categories of personal data | Account identifiers, service metadata, support communications, and customer-submitted records. |
| Data subjects | Customer users, operators, and customer counterparties represented in customer workflows. |
| Processing operations | Hosting, storage, transmission, integrity verification, support, abuse prevention, and security monitoring. |
03
Security and Confidentiality
Receiz maintains technical and organizational measures proportionate to risk, including scoped authentication, transport protections, access controls, logging, and incident response processes.
Personnel with access to Customer Personal Data are bound by confidentiality obligations and role-appropriate access controls.
04
Subprocessors and International Transfers
Receiz may use subprocessors for hosting, storage, communications, and operational reliability. Current subprocessors are published at /legal/subprocessors.
Where personal data is transferred internationally and no adequacy decision applies, Receiz applies legally recognized transfer safeguards appropriate to the transfer path, including the EU Standard Contractual Clauses (2021/914), UK transfer addendum or IDTA mechanisms, and equivalent Swiss/EU-UK compatible safeguards where required.
05
Data Subject Requests and Security Incidents
Receiz provides reasonable assistance for Customer responses to verified data-subject requests where required by law.
Receiz notifies Customer without undue delay after confirming a security incident involving Customer Personal Data and provides available incident information needed for customer legal and regulatory obligations.
06
Deletion, Return, and Retention
At termination or on documented request, Receiz deletes or returns Customer Personal Data, unless retention is required by law, security integrity controls, dispute preservation obligations, or documented backup lifecycle controls.
07
Audit Cooperation and Evidence
Receiz supports reasonable customer due-diligence requests through published trust and governance materials and scoped evidence review under confidentiality controls.
Requests may be submitted under Privacy Review or Institution Review to support@receiz.com, with customer identity and requested control scope.