1. Introduction

Varigence, Inc. (“Varigence”) is committed to ensuring compliance with the General Data Protection Regulation (GDPR) as it pertains to the data processed, stored, or exchanged through its products and services. While Varigence primarily handles customer metadata (i.e., database schemas, transformation logic, and other structural data), it aligns with GDPR principles to safeguard any data it may encounter.
‍

2. Data Types Handled by Varigence

• Customer Metadata Only: Varigence does not process or store personal data in its normal business operations. Metadata retained pertains strictly to database structures, transformation workflows, and similar non-personal descriptive data.

• Retention Period: Customer metadata is only stored as long as necessary to resolve support cases, consulting engagements, or customer-defined project scopes.
  ‍

3. Role Under GDPR

• Not a Data Controller or Processor: As Varigence does not process personal data, it does not act as a Controller or Processor under GDPR.

• Exceptional Handling of Personal Data: If personal data is inadvertently received, Varigence follows strict handling and disposal procedures to ensure compliance with GDPR principles.
  ‍

4. Data Subject Rights and Requests

• Documented Procedures: In the unlikely event that a customer or individual submits a Data Subject Access Request (DSAR), Varigence has processes in place to respond accordingly.

• Timely Response: Any DSARs received will be assessed and, if applicable, addressed within GDPR-mandated timelines.
  ‍

5. Third-Party Services

• Microsoft 365 (Email, Dynamics 365, SharePoint): Varigence utilizes Microsoft 365 for collaboration and customer support, which may involve metadata transfers.

• Data Processing Agreements (DPA): Varigence relies on Microsoft’s standard Data Processing Agreements for any data exchanged through these platforms.
  ‍

6. Security Measures

• Technical & Organizational Safeguards:

• Access to stored metadata is strictly controlled on a need-to-know basis.

• Data is encrypted in transit (TLS 1.3) and at rest (secure cloud storage with encryption protocols).

• Any unintended receipt of personal data is immediately escalated and securely handled or deleted.

• Industry Best Practices: While Varigence does not hold specific GDPR certifications, it adheres to strong security practices, including role-based access control, endpoint security, and secure network configurations.
  ‍

7. Breach Notification Procedures

• Incident Response Policy: Varigence maintains a structured incident response plan to address any suspected security or data incidents.

• Regulatory Compliance: If a data breach involving personal data is identified, Varigence will notify relevant supervisory authorities and affected individuals as required by GDPR.
  ‍

8. Accountability and Governance

• Policy Reviews: GDPR compliance measures are reviewed annually to ensure continued adherence to regulatory requirements.

• Employee Training: All employees and contractors receive data security training that includes GDPR principles and handling procedures.
  ‍

9. Conclusion

Although Varigence does not process personal data in its routine business activities, it remains committed to upholding GDPR principles, including security, transparency, and lawful handling. In rare instances where personal data is received inadvertently, Varigence ensures its immediate secure handling and disposal in alignment with GDPR obligations.

‍

10. Contact Us
    Varigence Inc.
    PO Box 22447
    Philadelphia, PA 19110
    email: support@varigence.com