Data Processing Addendum
Last updated: 2026-04-15
This DPA governs the processing of personal data by FORLYZE LTD, a company registered in England and Wales ('Intrvio', Processor) on behalf of the Customer (Controller) under the Master Services Agreement. It is incorporated by reference into that agreement.
1. Roles
Customer is the Controller (or Joint Controller with its end users). Intrvio is the Processor. Intrvio may engage Sub-processors subject to the provisions below.
2. Scope & duration
Intrvio processes personal data solely to provide the services described in the MSA, for the term of the MSA plus any retention windows agreed in writing.
3. Data categories & subjects
Subjects: candidates, employer users, employer admins. Categories: identity data, interview responses (audio/transcript/AI analysis), proctoring signals, usage logs, consent records.
4. Security measures
TLS 1.2+ in transit, AES-256 at rest for candidate artefacts, role-based access control, audit logging, principle of least privilege, background checks for staff with production access.
5. Sub-processors
Current sub-processors are maintained at /subprocessors and linked from the Trust Center. Customer receives 30 days notice of new sub-processors.
6. International transfers
Where transfers outside the EEA/Türkiye occur, they rely on Standard Contractual Clauses (EU 2021/914), and for KVKK-scoped data on explicit consent plus additional safeguards.
7. Data subject requests
Intrvio assists Customer in responding to data subject requests within 30 days, including access, rectification, deletion, and portability.
8. Breach notification
Intrvio notifies Customer of any personal data breach without undue delay and within 72 hours of becoming aware, with sufficient detail to enable Customer's regulator notifications.
9. Deletion & return
On termination, Intrvio deletes or returns personal data within 30 days unless applicable law requires retention.
10. Audit
Customer may audit Intrvio's compliance once per 12 months at Customer's cost, subject to reasonable security and confidentiality restrictions. Current security documentation and available third-party reports can support this obligation.
Template downloads
DPA, IDTA, and KVKK SCC template downloads require company administrator authentication.
To execute a signed DPA countersigned by Intrvio, email hello@intrvio.com.