Roles Under GDPR
Controller and processor analysis depends on the surface and deployment model.
- VeridataOps generally acts as controller for website, marketing, account, billing, and support-contact data it collects directly.
- VeridataOps generally acts as processor for hosted tenant data processed on a customer's behalf within the SaaS service.
- Customers generally act as controllers for the source, destination, and operational data they choose to connect, collect, review, or export through the product.
Lawful Bases
Controller-side processing uses a bounded set of lawful bases.
- Contract performance for account and service delivery.
- Legitimate interests for service security, product support, abuse prevention, and customer communications.
- Legal obligation where retention, accounting, or compliance rules apply.
- Consent where a specific optional activity requires it.
Rights And Requests
Rights routing depends on whether VeridataOps is controller or processor.
- Controller-side requests can be handled through the published privacy contact path.
- Processor-side requests may need to route through the customer controller first.
- Identity verification and scope confirmation may be required before action is taken.
Next Step
Use the live public surface as the review artifact.
When a customer or reviewer needs product-safe wording, point them at these URLs on veridataops.com and then attach deployment-specific evidence separately.