Applicant Tracking Software offers a compliance feature that provides Users with a number of controls and security features that can be used to assist with their organizational obligations under the EU General Data Protection Regulation 2016/679 (“GDPR”) (“Data Protection Laws”).
For purposes of this Data Processing Agreement (as amended from time to time, the “Agreement”), the company or organization name associated with the Account being created is the “Company” and Applicant Tracking Software is the “Data Processor” (as the term is defined in the Data Protection Laws). Each party will comply with all applicable Data Protection Laws and regulations in the performance of its obligations set out under this Agreement, including GDPR, in each case including all other successor legislation and regulation thereto.
1. Data Processing
1.1 Processing of Company User Personal Data
Applicant Tracking Software processes personal data (as the term is defined in the Data Protection Laws) from User data subjects which it collects as a Data Controller (as the term is defined in the Data Protection Laws) in the course of providing the Services to the Company. Where data is processed by Applicant Tracking Software as a Data Controller, such processing is carried out in accordance with this Agreement.
1.3 Processor Personnel
Applicant Tracking Software will ensure that its personnel that are authorized to process the personal data in connection with the provision of the Services, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2. Security
Applicant Tracking Software will implement appropriate technical and organizational security measures to protect the personal data in accordance with Data Protection Laws.
5. Transfers of Personal Data Outside the EEA
The Standard Contractual Clauses (as defined in Annex 1) will apply to Company Data that is transferred outside the EEA, either directly or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR). The Standard Contractual Clauses will not apply to Company Data that is not transferred, either directly or via onward transfer, outside the EEA. Notwithstanding the foregoing, the Standard Contractual Clauses (or obligations the same as those under the Standard Contractual Clauses) will not apply if the Data Processor has adopted Binding Corporate Rules for Processors or an alternative recognized compliance standard for the lawful transfer of personal data (as defined in the GDPR) outside the EEA.
6. Audit Rights
We will make all information necessary to demonstrate compliance with the obligations set out in this Agreement available to the Company upon request, and allow for and contribute evidence for audits conducted by or on behalf of the Company or ensure that Applicant Tracking Software and/or any subprocessor is compliant with Data Protection Law.
7. Confidentiality
Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that (a) disclosure is required by law or (b) the relevant information is already in the public domain.
Annex 1
Standard Contractual Clauses (Processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection the entity identified as “Company” in the DPA (the “data exporter”) and Applicant Tracking Software PO Box 697, Bartonsville, PA 18321 (the “data importer”) each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 9
Governing law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.