Overview
NAVEX maintains comprehensive security and privacy commitments for all Customer Data processed within the Services. These commitments are detailed in our Data Processing Addendum (“DPA”) and our Data Security Addendum (“DSA”).
Because our Services are delivered through a multi-tenant SaaS model shared across all customers, we cannot modify our security or privacy program to accommodate individual customer requirements. As a result, NAVEX does not customize its contract templates. Consequently, NAVEX is committed to safeguarding all Customer Data equally and in line with the most stringent data protection and security standards, including the GDPR and SOC 2.
Please visit our Data Privacy Resource Center for more information on our privacy and security program.
Data Transfer Mechanisms for EU and UK Personal Data
NAVEX relies on the EU Standard Contractual Clauses alongside the United Kingdom International Data Transfer Addendum (collectively, the “SCCs”) as its appropriate data transfer mechanism for EU and UK personal data. Our interpretation is that the SCCs may apply differently to each NAVEX entity. Where applicable, the SCCs are incorporated as part of NAVEX’s standard DPA as detailed below.
NAVEX is also certified under the EU-US Data Privacy Framework, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework which Customers may rely on as an adequate transfer mechanism.
How to Execute the DPA and DSA
Please complete, sign, and submit the desired document via the e-signature process detailed in the applicable link below. The addendum, by its terms, will be incorporated into your existing agreement with NAVEX.