Data Protection & GDPR Compliance

This section explains how Provectus ensures compliance with the General Data Protection Regulation (GDPR) in relation to the Secure Contacts App, covering data access, processing responsibilities, and the safeguarding of personal information.

Secure Contacts App Overview

Provectus provides the Secure Contacts App, a mobile software solution (available on iOS and Android) designed in accordance with GDPR requirements. The app enables users and their organizations to securely manage and access contact data on their mobile devices.

Data Access and Processing

• Provectus does not have access to, nor does it control, any personal data processed through the Secure Contacts App.

• All personal data is processed exclusively on behalf of the user or their organization.

• Data processing occurs either locally on the end-user's device or via Microsoft services (e.g., Microsoft Graph API). These services are governed by the contractual and data protection framework between the customer’s organization and Microsoft.

• At no point does Provectus store, transmit, or otherwise process personal data.

Role Under GDPR

Provectus acts solely as the provider of the application software. It is neither a "controller" nor a "processor" within the meaning of Article 4 GDPR, as it is contractually and technically excluded from accessing, storing, processing, or transmitting personal data.

Given the absence of any data access or processing by Provectus, a data processing agreement pursuant to Article 28 GDPR is not required.