This Data Processing Agreement governs the processing of personal data by Narevio (Data Processor) on behalf of the organization using our platform (Data Controller).
Narevio processes beneficiary personal data, worker data, and referral data for the purpose of providing case management and referral tracking services.
Narevio agrees to process data only on documented instructions, ensure confidentiality, implement appropriate security measures, not engage sub-processors without consent, assist with data subject rights requests, and delete all data upon termination.
The organization agrees to ensure a lawful basis exists for processing beneficiary data under GDPR Article 9, obtain necessary authorizations from data subjects, and ensure data entered is accurate and necessary.
All data stored in EU (Ireland). Encryption in transit (TLS 1.2+) and at rest. Role-based access control. Row-level security at database level.
Supabase Inc. (database and authentication, EU/Ireland) and Vercel Inc. (application hosting, EU region). Narevio will notify the organization of any changes with at least 14 days notice.
In the event of a personal data breach, Narevio will notify the organization within 72 hours of becoming aware.
All personal data is stored and processed within the European Economic Area. No transfers to third countries are made.
Email: privacy@narevio.com