GlobalComply
Start Free Trial

Data Processing Agreement

Last updated: December 23, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between GlobalComply (operated by Bochek Finance LLC) and the Customer. By using our Service, you agree to this DPA.

1. Definitions

  • "Customer Data" means all personal data that the Customer submits to the Service
  • "Data Controller" means the Customer
  • "Data Processor" means GlobalComply (Bochek Finance LLC)
  • "Personal Data" has the meaning given in the GDPR
  • "Sub-processor" means any third party engaged by GlobalComply to process Customer Data

2. Scope of Processing

GlobalComply processes Customer Data solely for the purpose of providing compliance screening and EDD report generation services as described in the Terms of Service. Processing activities include:

  • Analyzing invoices and shipping documents
  • Screening counterparties against sanctions databases
  • Generating compliance reports
  • Storing reports for audit trail purposes

3. Data Categories

Customer Data processed may include:

  • Business contact information (names, emails, phone numbers)
  • Company information (names, addresses, registration numbers)
  • Transaction details (amounts, goods descriptions, dates)
  • Shipping information (origins, destinations, carriers)

4. Processor Obligations

GlobalComply agrees to:

  • Process Customer Data only on documented instructions from the Customer
  • Ensure personnel authorized to process data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Customer in responding to data subject requests
  • Delete or return all Customer Data upon termination of services
  • Make available information necessary to demonstrate compliance with this DPA

5. Sub-processors

The Customer authorizes GlobalComply to engage the following categories of sub-processors:

  • Cloud Infrastructure: AWS (Amazon Web Services)
  • AI Processing: OpenAI, Anthropic (for document analysis)
  • Data Verification: ImportGenius, sanctions database providers

GlobalComply will notify the Customer of any intended changes to sub-processors, allowing reasonable time to object.

6. Security Measures

GlobalComply implements the following security measures:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls with role-based permissions
  • Regular security assessments and penetration testing
  • Incident response procedures
  • Employee security training

7. Data Breach Notification

In the event of a personal data breach affecting Customer Data, GlobalComply will notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, and measures taken or proposed to address the breach.

8. International Transfers

Customer Data may be transferred to and processed in the United States. GlobalComply ensures that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.

9. Audit Rights

GlobalComply will make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Customer or an independent auditor mandated by the Customer.

10. Contact

For questions about this DPA or to request a signed copy, contact:
Email: legal@globalcomply.io