Data processing
Data Processing Commitment
Summary of controller-processor responsibilities in line with GDPR Article 28 principles and enterprise processing discipline.
1. Processing roles
Depending on engagement model, customer entities act as data controllers for their operational datasets while eCoC Infrastructure acts as processor for defined service scopes.
Role allocation is finalized in signed commercial agreements and implementation documents.
2. Sub-processor transparency
Where sub-processors are required for service delivery, use is governed by contractual obligations, confidentiality requirements and appropriate safeguards.
Customers can request updated sub-processor information through formal communication channels.
3. Technical safeguards summary
Processing environments are managed with risk-based safeguards supporting confidentiality, integrity and availability principles.
- Role-scoped access control and authentication boundaries
- Operational logging and auditability controls
- Data protection in transit and at rest
- Change management and release discipline
4. Confidentiality obligations
Personnel and authorized parties handling customer-related information are bound by confidentiality duties and need-to-know access principles.
5. Data deletion policy
At the end of applicable retention and contractual periods, data is deleted or anonymized according to agreed procedures and legal obligations.
Deletion evidence and process confirmation may be provided according to contract terms.
This page provides a public DPA-style summary. Binding data processing terms are defined in executed contractual documents.
Related pages
Review privacy, security and legal usage terms together.
Public privacy framework for contact and communication flows.
Policy-level security controls for access, traceability and operational safeguards.
Public service scope and legal conditions for this marketing layer.