Data processing addendum

Overview

A Data Processing Addendum (“DPA”) is available to enterprise customers and hiring partners whose integration with Jobeezy involves Jobeezy acting as a data processor on their behalf. Our individual consumer users are covered by the Privacy Notice and Terms of Service — a separate DPA is not required.

What the DPA covers

• Roles of the parties (controller / processor) and the scope of processing.
• GDPR Article 28 processor obligations and UK GDPR equivalents.
• Confidentiality, security safeguards, and personnel training commitments.
• Current sub-processor list (hosting, email delivery, payments, analytics) with a 30-day change-notice commitment and a right to object.
• International data transfer mechanisms (EU Standard Contractual Clauses and the UK International Data Transfer Addendum) where applicable.
• Security-incident notification within 72 hours of confirmed breach.
• Audit rights (desk audit annually; on-site audit by reasonable request).
• Data return, deletion, and retention obligations at the end of the engagement.

How to request the DPA

Email legal@jobeezy.com from a verifiable company email. Please include the legal name of your organization, the integration or data flow you are covering, and your role. We will return a countersignable PDF within five business days.

Sub-processors

A current sub-processor list with categories (hosting, email, payments, analytics, observability) is maintained and sent with the DPA. We notify enterprise customers at least 30 days before adding a new sub-processor that has access to customer personal data.

Contact

legal@jobeezy.com. For security-incident reporting use security@jobeezy.com.