Applicant Tracking Software offers a compliance feature that provides Users with a number of controls and security features that can be used to assist with their organizational obligations under the EU General Data Protection Regulation 2016/679 (“GDPR”) (“Data Protection Laws”). If you are creating an account for the first time and desire to be GDPR compliant, our Data Processing Agreement is as follows:
For purposes of this Data Processing Agreement (the “Agreement”), the company or organization name associated with the Account being created is the “Company” and Applicant Tracking Software is the “Data Processor” (as the term is defined in the Data Protection Laws). Each party will comply with all applicable Data Protection Laws and regulations in the performance of its obligations set out under this Agreement, including GDPR, in each case including all other successor legislation and regulation thereto.
Processing of Company User Personal Data
Applicant Tracking Software processes personal data (as the term is defined in the Data Protection Laws) from Users which it collects as a Data Controller (as the term is defined in the Data Protection Laws) in the course of providing the Services to the Company. Where data is processed by Applicant Tracking Software as a Data Controller, such processing is carried out in accordance with this Agreement.
Processing of Company Candidate Personal Data
Applicant Tracking Software will act strictly in accordance with the Company’s lawful and reasonable instructions (which may be received via your use of the Services as defined in the Terms of Service) unless applicable law requires otherwise, in which case Applicant Tracking Software shall inform the Company of that legal requirement before processing (unless that law prohibits such information on important grounds of public interest). Applicant Tracking Software shall inform the Company if it becomes aware of an instruction by the Company that, in Applicant Tracking Software’s opinion, infringes upon the Data Protection Laws.
Applicant Tracking Software will ensure that its personnel that are authorized to process the personal data in connection with the provision of the Services, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Applicant Tracking Software will implement appropriate technical and organizational security measures to protect the personal data in accordance with Data Protection Laws.
Data Subject Rights
Taking into account the nature of the Processing, Applicant Tracking Software shall assist the Company by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Company obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under Data Protection Laws. Applicant Tracking Software will enable or assist the Company to access, rectify, erase, restrict and transmit the personal data processed by Applicant Tracking Software.
You hereby give Applicant Tracking Software a general consent to engage subprocessors to process your personal data, the personal data of the company or organization name associated with the Account, and the personal data of Candidates. Applicant Tracking Software shall make details of its subprocessors available to you upon request. Where Applicant Tracking Software intends to add a new subprocessor it shall make details of such new subprocessor available on the Website at least 30 days (“Subprocessor Notice Period”) before transferring any personal data to a new subprocessor. The Company shall notify Applicant Tracking Software during the subprocessor Notice Period if it objects to the new subprocessor. If the Company does not object to the subprocessor during the subprocessor Notice Period, the Company shall be deemed to have accepted the subprocessor. If the Company has raised a reasonable objection to the new subprocessor, and the parties have failed to agree on a solution within the subprocessor Notice Period time, the Company shall have the right to terminate the Contract (including the Services and all Storage Services). During the subprocessor Notice Period, Applicant Tracking Software shall not transfer any personal data to the subprocessor.
Applicant Tracking Software shall enter into appropriate written agreements with all of its subprocessors on terms substantially similar to this agreement, including without limitation the Company’s right to conduct audits at the subprocessor, or ensure that the subprocessor will conduct audits using external auditors at least once per year. Applicant Tracking Software shall remain fully liable to the Company for the performance or non-performance of the subprocessor’s obligations.
Where the Company elects to engage one or more of our Marketplace Partners, the parties agree that such Partner is data processor of the Company, supplying its products and services directly to the Company. Marketplace Partners are not subprocessors of Applicant Tracking Software.
Where the Company uses a Marketplace Partner’s services the Company hereby acknowledges and agrees that personal data may be passed between Applicant Tracking Software and the Marketplace Partner. It is the Company’s express instruction that Applicant Tracking Software so provide such personal data to the Marketplace Partner.
Where Applicant Tracking Software receives personal data from one or more Marketplace Partners in respect of which Applicant Tracking Software reasonably believes that the Company is the Data Controller, the Company hereby instructs Applicant Tracking Software to process such personal data on the Company’s behalf.
We will make all information necessary to demonstrate compliance with the obligations set out in this Agreement available to the Company upon request, and allow for and contribute evidence for audits conducted by or on behalf of the Company or ensure that Applicant Tracking Software and/or any subprocessor is compliant with Data Protection Law.
Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that (a) disclosure is required by law or (b) the relevant information is already in the public domain.