TalentShake HR Helpline Data Processing Agreement

Last updated: 18th April 2024

Please read this Data Processing Agreement carefully before using our services.

1. Definitions

In this Data Processing Agreement, the following terms shall have the following meanings:

  • Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • Data Subject: means an identified or identifiable natural person whose personal data is processed by the controller or the processor;
  • Personal Data: means any information relating to an identified or identifiable natural person;
  • Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Scope of the Agreement

This Data Processing Agreement applies to all personal data processed by TalentShake HR Helpline on behalf of the controller in connection with the use of TalentShake HR Helpline services.

3. Roles and Responsibilities

The controller is responsible for ensuring that the processing of personal data is carried out in accordance with applicable data protection laws. The processor shall process personal data only on documented instructions from the controller, unless required to do so by Union or Member State law to which the processor is subject.

4. Confidentiality

The processor shall ensure that any person authorized to process personal data has committed themselves to confidentiality or is under an appropriate statutory obligation of confidentiality.

5. Security Measures

The processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymization and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

6. Sub-processing

The processor may engage another processor (sub-processor) for the processing of personal data on behalf of the controller, provided that the processor informs the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.

7. Data Subject Rights

The processor shall, to the extent legally permitted, promptly notify the controller if it receives a request from a data subject to exercise their rights under applicable data protection laws. Taking into account the nature of the processing, the processor shall assist the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the controller's obligation to respond to a request from a data subject to exercise their rights under applicable data protection laws.

8. Data Breach Notification

The processor shall notify the controller without undue delay after becoming aware of a personal data breach, providing the controller with sufficient information to allow the controller to meet any obligations to report or inform data subjects of the personal data breach under applicable data protection laws.

9. Deletion or Return of Personal Data

Upon termination of the services, the processor shall, at the choice of the controller, delete or return all personal data to the controller and delete existing copies unless Union or Member State law requires storage of the personal data.

10. Audit Rights

The processor shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Data Processing Agreement and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. The processor shall immediately inform the controller if, in its opinion, an instruction infringes this Data Processing Agreement or data protection provisions of the EU or other Union or Member State data protection provisions.

11. Amendments

This Data Processing Agreement may be amended or updated from time to time to reflect changes in the law or updates to data processing practices. Any amendments will be posted on this page and, where appropriate, notified to you by email or through the service interface.

12. Governing Law

This Data Processing Agreement shall be governed by and construed in accordance with the laws of the jurisdiction in which the processor is established, unless otherwise agreed in a written agreement between the controller and the processor.

13. Contact Information

If you have any questions or concerns about our data processing practices, please contact us at the following email address: [email protected].