Last updated: 1 May 2026 — SkillVault Ltd
This Data Processing Agreement ("DPA") forms part of the Terms of Service between SkillVault Ltd ("Processor") and the subscribing organisation ("Controller").
The subscribing organisation is the Data Controller. SkillVault Ltd is the Data Processor. SkillVault processes personal data only on the documented instructions of the Controller, as described in the Terms of Service.
SkillVault processes employee names, job roles, training records, and certification data on behalf of the Controller for the purpose of providing the compliance tracking service.
Each organisation's data is stored in a completely isolated workspace. No data is shared between tenants. SkillVault staff access customer data only where necessary to provide support and only with the Controller's consent.
SkillVault implements appropriate technical and organisational measures including: TLS encryption in transit, encryption at rest, access controls, and regular security reviews.
SkillVault may engage sub-processors (including cloud infrastructure providers) to provide the service. All sub-processors are bound by equivalent data protection obligations.
SkillVault will assist the Controller in responding to data subject rights requests (access, rectification, erasure) within 30 days.
This DPA is designed to comply with Article 28 of the General Data Protection Regulation (GDPR). Controllers based in the EU/EEA may rely on this DPA as their Article 28 documentation.
Data protection enquiries: privacy@skillvault.io.