Data Processing Addendum
General DPA information for client and service relationships where data is processed on behalf of clients.
This general Data Processing Addendum page describes baseline data processing concepts for relationships where ICM / GLC processes data on behalf of a client, collaborator, learner, organization, or regulated workflow. Specific terms may require a signed agreement.
Roles
Depending on the service, a client or participating organization may act as controller, business, covered entity, customer, school, research group, or similar role, and ICM / GLC may act as processor, service provider, vendor, contractor, records steward, platform operator, or similar role. Applicable jurisdiction-specific terminology and obligations are handled in the written agreement for the service relationship.
Processing
- Processing is limited to providing, securing, supporting, documenting, and improving contracted services.
- Subprocessors or infrastructure providers may be used where needed to operate services.
- Deletion, export, return, or restriction requests may be submitted through Support and handled subject to legal, security, backup, and contractual limits.
- Security measures are applied based on service scope, data sensitivity, and written agreement terms.
DPA requests may be routed through this site’s Contact or Support page before regulated, client-controlled, or contract-specific data-processing workflows begin.