NAVEX maintains comprehensive security and privacy commitments for all Customer Data processed within the Services provided to its customers. These commitments are detailed in our Data Processing Addendum (“DPA”) and our Data Security Addendum (“DSA”).
Due to the Services being provided on a multi-tenant SaaS based model across the entirety of our customer base, we are unable to modify our security and privacy program to allow us to treat one customer or its Customer Data differently from other customers. For this reason, NAVEX is unable to adapt its contract templates to individual customer requirements. Because NAVEX is unable to apply protections differently, NAVEX protects and is committed to protecting all Customer Data in line with the most stringent data protection and security standards, including the GDPR and SOC 2.
Please visit our Data Privacy Resource Center for more information on our privacy and security program.
Data Transfer Mechanism for EU and UK Personal Data
NAVEX relies on the EU Standard Contractual Clauses alongside the United Kingdom International Data Transfer Addendum (collectively, the “SCCs”) as its appropriate data transfer mechanism for EU and UK personal data. Our interpretation is that the SCCs may apply differently to each NAVEX entity. Where applicable, the SCCs are incorporated as part of NAVEX’s standard DPA as detailed below.
How to Execute the DPA and DSA
Please complete, sign, and submit the desired document via the e-signature process detailed in the applicable link below. The addendum, by its terms, will be incorporated into your existing agreement with NAVEX.