GDPR & Data Processing

For your account data, Namence is the controller. For data you store on our infrastructure (your customers, your databases), Namence is the processor and you are the controller.

EU/UK residents have the right to access, rectify, erase, restrict, port and object to processing of their personal data, and to lodge a complaint with their supervisory authority. Submit requests to dpo@namence.com.

Our standard DPA incorporates the EU Standard Contractual Clauses (Module 2 — Controller-to-Processor) and the UK IDTA. Self-serve at dpo@namence.com — countersigned within 24 hours.

For transfers outside the EEA we rely on SCCs plus supplementary measures (encryption in transit and at rest, EU-only data residency on request).

The current subprocessor list is available in the customer dashboard. We notify customers at least 30 days before adding a new subprocessor.

Where Namence is the processor we will notify affected controllers without undue delay (and within 72 hours where feasible) of any confirmed personal-data breach.