Skip to content

Legal

GDPR

Last updated June 2026

This is template legal copy created for the Vadal website build. Replace it with counsel-reviewed text before launch.

Vadal is built to help organisations meet their obligations under the EU and UK General Data Protection Regulation. This page summarises our approach; a Data Processing Agreement (DPA) is available to customers.

1.Roles

For employee data processed in the platform, your organisation is the controller and Vadal is the processor, acting only on documented instructions.

2.Lawful basis & data minimisation

We help controllers collect only what's needed for engagement and experience use cases, and to define retention that fits their lawful basis.

3.Data subject rights

The platform provides tools to support access, rectification, erasure and portability requests so controllers can respond within statutory timeframes.

4.International transfers

Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, and offer data residency options.

5.Sub-processors

We maintain a current list of sub-processors and notify customers of changes in line with the DPA.

6.Security & breach notification

Technical and organisational measures protect personal data, and we operate a process to notify controllers of any personal data breach without undue delay.

7.Requesting a DPA

Customers can request Vadal's Data Processing Agreement by contacting privacy@vadal.ai. (Illustrative for this build — confirm final terms with counsel.)