Data Processing Addendum
Last Updated: May 21, 2026
This Data Processing Addendum (DPA) summary describes baseline data-processing terms commonly used in Opertus client engagements involving operational systems, infrastructure, and delivery records. Final obligations are governed by executed contracts.
Roles and Scope
- Client acts as Data Controller
- Opertus Systems acts as Data Processor for defined services
- Processing is limited to documented instructions, agreed scope, governance requirements, and deployment boundaries
Processing Purpose
Personal data is processed only to deliver contracted services, maintain security, provide support, preserve operational continuity, and satisfy legal obligations.
Security Safeguards
Opertus applies reasonable technical and organizational controls, including access restrictions, least privilege, authentication controls, encrypted transport, accountability records, and monitoring procedures appropriate to risk.
Personnel and Confidentiality
Access is limited to authorized personnel with confidentiality obligations and role-appropriate permissions.
Subprocessors
Where subprocessors are used, Opertus applies vendor diligence, infrastructure dependency review, and contractual controls aligned with processing obligations.
Data Subject Requests
Opertus provides reasonable assistance for controller response to access, correction, deletion, and related data subject requests where contractually required.
Security Incidents and Notification
For confirmed incidents impacting client data, Opertus targets notification within seventy-two (72) hours unless a different contractual or legal timeframe applies.
Data Return and Deletion
At engagement end, data return or deletion is handled according to contract terms, legal retention duties, and operational feasibility.
Audits and Evidence
Where required by agreement, Opertus may provide reasonable security documentation and attestations appropriate to engagement scope and risk.
Engagement Inquiry
For operational AI, infrastructure, governance, or technical systems advisory, use the engagement inquiry channel.