R

Data Processing Agreement (DPA)

Last Updated: November 11, 2025

GDPR & Data Protection Compliance

This Data Processing Agreement (DPA) is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Definitions

Controller:
The entity that determines the purposes and means of processing Personal Data (Customer).
Processor:
RealVigil, which processes Personal Data on behalf of the Controller.
Personal Data:
Any information relating to an identified or identifiable natural person.

2. Scope and Applicability

This DPA applies to all processing of Personal Data by RealVigil on behalf of the Customer in connection with the RealVigil services, as defined in our Terms of Service.

3. Data Processing

3.1 Processing Instructions

RealVigil will process Personal Data only on documented instructions from the Controller, unless required by law.

3.2 Types of Personal Data

  • User identification and contact information
  • Clinical trial participant identifiers (de-identified where applicable)
  • Deviation reports and associated metadata
  • Audit logs and system usage data

4. Security Measures

RealVigil implements appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response and breach notification procedures

5. Sub-Processors

RealVigil may engage sub-processors to assist in providing services. We maintain a current list of sub-processors and will notify customers of any changes. Current sub-processors include cloud infrastructure providers and monitoring services.

6. Data Subject Rights

RealVigil will assist the Controller in responding to data subject requests, including access, rectification, erasure, restriction, portability, and objection rights.

7. Data Breach Notification

In the event of a personal data breach, RealVigil will notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach.

8. Data Deletion

Upon termination of services, RealVigil will delete or return all Personal Data to the Controller, unless required by law to retain copies.

9. Audits and Compliance

RealVigil will make available to the Controller information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by the Controller or an auditor mandated by the Controller.

10. Contact for DPA Execution

To execute a DPA with RealVigil, please contact: dpa@realvigil.com

← Back to Home