Data Processing Agreement (DPA)

Last Updated: 12/04/26

This Data Processing Agreement (“Agreement”) forms part of the agreement between:

Customer (Data Controller):
The school or organisation using VendorCheck Pro

and

VendorCheck Pro (Data Processor):
VendorCheck Pro

1. Purpose

This Agreement governs the processing of personal data by VendorCheck Pro on behalf of the Customer in connection with the use of the VendorCheck Pro platform.

2. Roles of the Parties

• The Customer acts as the Data Controller

• VendorCheck Pro acts as the Data Processor

The Customer determines:

• The purposes of processing

• The categories of data collected

• The retention periods

VendorCheck Pro processes data only in accordance with the Customer’s instructions.

3. Scope of Processing

VendorCheck Pro processes personal data solely to provide the service, including:

• Managing vendor compliance records

• Storing and processing documents

• Tracking expiry dates and compliance status

• Supporting approval workflows

• Generating reports and audit logs

  
  

4. Types of Personal Data

Personal data processed may include:

• Names and contact details (e.g. email addresses)

• Vendor-related personnel information (e.g. roles such as driver or contractor)

• Uploaded documents (e.g. licenses, certifications)

• System activity and audit logs

  
  

5. Categories of Data Subjects

• Customer users (administrators)

• Vendor users

• Individuals associated with vendors

6. Processor Obligations

VendorCheck Pro shall:

• Process personal data only on documented instructions from the Customer

• Ensure data is kept confidential

• Implement appropriate technical and organisational security measures

• Ensure personnel with access to data are subject to confidentiality obligations

• Not sell or share personal data for unrelated purposes

7. Security Measures

VendorCheck Pro implements appropriate safeguards, including:

• Encrypted data transmission (HTTPS/TLS)

• Secure cloud infrastructure

• Role-based access controls

• Logical data separation between organisations

• Activity logging and monitoring

8. Subprocessors

VendorCheck Pro may engage trusted third-party subprocessors to support service delivery (e.g. hosting, email services).

• Subprocessors are selected based on security and reliability standards

• VendorCheck Pro remains responsible for subprocessors’ compliance with this Agreement

A list of subprocessors is available upon request.

9. Data Subject Rights

VendorCheck Pro will assist the Customer in fulfilling data subject rights requests, including:

• Access

• Correction

• Deletion

• Restriction of processing

The Customer remains responsible for responding to such requests.

10. Data Breach Notification

In the event of a personal data breach:

• VendorCheck Pro will notify the Customer without undue delay

• Provide relevant information about the incident

• Take reasonable steps to mitigate and resolve the issue

11. Data Retention & Deletion

• Data is retained while the Customer maintains an active account

• Upon termination, data may be exported upon request

• Data will be securely deleted within 30 days, unless retention is required by law

12. International Data Transfers

Data may be processed using cloud infrastructure located in multiple regions.

VendorCheck Pro ensures appropriate safeguards are in place to protect data in accordance with applicable data protection laws.

13. Audit & Compliance

VendorCheck Pro will make available information necessary to demonstrate compliance with this Agreement.

Formal audits may be conducted by agreement where reasonably required.

14. Liability

Each party remains responsible for its own compliance with applicable data protection laws.

VendorCheck Pro’s liability is subject to the terms of the main service agreement.

15. Term

This Agreement remains in effect for the duration of the Customer’s use of VendorCheck Pro services.

16. Contact

For data protection enquiries:

VendorCheck Pro
Email: support@vendorcheckpro.com
Website: www.vendorcheckpro.com