D.P.A

Last updated on Mar 27, 2026

This Data Processing Agreement (“Agreement”) forms part of the Terms of Service between:

Customer (the “Controller”)
and
Vigil.at (the “Processor”)

This Agreement governs the processing of personal data by Vigil.at on behalf of the Customer in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Definitions

For the purposes of this Agreement:

  • Controller: the entity that determines the purposes and means of processing personal data
  • Processor: Vigil.at, which processes data on behalf of the Controller
  • Personal Data: any information relating to an identified or identifiable individual
  • Processing: any operation performed on personal data
  • Sub-processor: any third party engaged by Vigil.at to process personal data

2. Scope of Processing

Vigil.at processes personal data solely to provide its security management platform, including:

  • guard management
  • scheduling
  • attendance tracking
  • incident reporting
  • client management
  • operational analytics

Processing is limited to what is necessary to deliver the service.

3. Categories of Data Subjects

The personal data processed may include:

  • security guards
  • employees of the Customer
  • clients of the Customer
  • authorized users of the platform

4. Types of Personal Data

Depending on usage, data may include:

  • names and contact details
  • job roles and assignments
  • attendance and timesheet data
  • incident reports
  • operational activity logs
  • account credentials (encrypted)

5. Obligations of the Processor (Vigil.at)

Vigil.at agrees to:

  • process personal data only on documented instructions from the Customer
  • ensure confidentiality of personnel accessing data
  • implement appropriate technical and organizational security measures
  • assist the Customer in fulfilling GDPR obligations
  • notify the Customer of any personal data breach without undue delay
  • ensure that sub-processors comply with equivalent data protection obligations

6. Obligations of the Controller (Customer)

The Customer agrees to:

  • comply with applicable data protection laws
  • ensure lawful basis for processing personal data
  • provide clear instructions to Vigil.at
  • ensure that data subjects are informed about data processing

7. Sub-processors

Vigil.at may engage third-party sub-processors to provide the service, including:

  • cloud hosting providers
  • payment processors (e.g. Stripe, PayPal)
  • communication services (e.g. email, SMS providers)
  • analytics and infrastructure providers

Vigil.at ensures that all sub-processors are bound by data protection obligations consistent with this Agreement.

8. Data Transfers

Personal data may be processed in countries outside the European Economic Area (EEA).

Where such transfers occur, Vigil.at ensures appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • secure processing environments
  • contractual protections

9. Security Measures

Vigil.at implements appropriate security measures, including:

  • encryption in transit (SSL/TLS)
  • access control and authentication systems
  • role-based permissions
  • secure cloud infrastructure
  • regular monitoring and updates

10. Data Breach Notification

In the event of a personal data breach, Vigil.at will:

  • notify the Customer without undue delay
  • provide relevant details about the breach
  • assist in mitigation and compliance obligations

11. Data Subject Rights

Vigil.at will assist the Customer, where reasonably possible, in responding to requests from data subjects, including:

  • access
  • rectification
  • erasure
  • restriction
  • data portability

12. Data Retention and Deletion

Upon termination of the service:

  • personal data will be deleted or returned to the Customer upon request
  • retention may occur only where required by law

13. Audits

The Customer may request reasonable information to verify compliance with this Agreement.

Formal audits may be conducted where legally required, subject to reasonable notice and confidentiality obligations.

14. Liability

Each party’s liability under this Agreement is subject to the limitations set out in the Terms of Service, unless otherwise required by law.

15. Governing Law

This Agreement shall be governed by applicable data protection laws, including the GDPR.

16. Contact

For any questions regarding this Agreement or data processing practices, please contact:

📧 support@vigil.at