Data Processing Terms
1. Scope
1.1 These Data Processing Terms (“DataProcessing Terms“) shall apply to the processing of personal data relatedto the Services Contract by Paul's Job or its Subprocessors. These DataProcessing Terms shall supplement the Paul's Job End User License Terms (“Terms”)as per Clause 12.2 of the Terms.
1.2 Under these Data Processing Terms Paul's Jobprovides the following data processing services to Controller (“DataProcessing”): Storing andprocessing of personal data for candidate and employee management, execution ofregistration processes, and sending of messages to candidates and employees.Messages are sent by Paul's Job on behalf of Customer. Further details are setout in the Services Contract.
1.3 In the course of the Data Processing Paul'sJob may process the following personal data:
Professional Background: Resume/CV, cover letter/motivation letter, professional experience, educational background, skills and qualifications, professional preferences, professional certificates, school certificates, letters of recommendation, further education/training, professional social network profiles (e.g., LinkedIn)
Additional Personal Details: Hobbies, driver's license, criminal record certificate, information on disability status, religious affiliation, trade union membership
Account Information: Date and time of registration
Technical Data: Access and activity logs (domain name of the website, web browser used, operating system used, IP address of the requesting computer, timestamp of access to the software), error logs (domain name of the website, web browser and version, operating system, IP address, timestamp of error occurrence, error message/specification)
Candidates: Job applicants, interested
parties
Further details are set out in the Services Contract.
2. GeneralRights and Obligations
2.1 The Data Processing shall be conducted by Paul'sJob on behalf of Customer. Customer shall be responsible for compliance withapplicable data protection laws.
2.2 Paul's Job may process personal data only inaccordance with Customer’s instructions and the terms of this Agreement, unlessrequired otherwise by the laws of the European Union or its Member States towhich Paul's Job is subject.
2.3 Verbal instructions are permissible only inurgent cases and must be immediately confirmed by Customer at least in textform.
2.4 Paul's Job shall process personal dataexclusively within the territory of a Member State of the European Union or acontracting state of these DataProcessing Terms on the European Economic Area. Any transfer of personaldata to a third country shall require Customer’s prior written consent andshall only occur if the conditions of Chapter V of the EU General DataProtection Regulation of the European Union (“GDPR”) are met.
2.5 Paul's Job shall regularly audit its internalprocesses and data protection security mechanisms for compliance withapplicable data protection laws, including the GDPR.
2.6 If required by applicable law, Paul's Job shalldesignate a data protection officer. Paul's Job shall provide Customer with thecontact details of its data protection officer to facilitate directcommunication.
2.7 Paul's Job shall within its capabilities assistCustomer in fulfilling Customer’s obligations under Chapter III GDPR and Art.32 through 36 GDPR. The costs thereof shall be borne by Customer.
2.8 Paul's Job may only delegate the Data Processingto such employees who are bound by confidentiality obligations or who are underan appropriate statutory duty of confidentiality. Persons subordinated to Paul'sJob, having access to personal data of Customer, shall process such dataexclusively in accordance with Customer’s instructions, unless they are legallyobliged to process such data.
2.9 Uponcompletion of the Data Processing and upon termination of the Services Contractin its entirety at the latest, Paul's Job shall, at the choice of the Customer,and as far as Paul's Job is not bound by statutory retention duties, eitherreturn all personal data as well as all documents, data and copies obtained inconnection with these Data Processing Terms to Customer, or upon the priorwritten consent of Customer, delete or destroy such personal data, documents,data and copies.
3. InformationObligations
3.1 Paul's Job shall immediately notify Customer if,in its opinion, an instruction of Customer infringes any data protection laws. Paul'sJob may suspend the execution of such instruction until it is confirmed ormodified in writing by Customer.
3.2 Paul's Job shall immediately notify Customer of(A) any personal data breach, (B) any requests from data subjects exercisingtheir data subject right; and (C) any inquiries or investigations byinvestigating and supervisory authorities, in each case, where relating to theData Processing.
4. Technicaland Organizational Measures
4.1 Paul's Job shall implement technical andorganizational measures for the protection of personal data appropriate tocomply with the requirements of the GDPR, in particular measures ensuringconfidentiality, integrity, availability and resilience of the systems andservices used for the Data Processing (eachindividually “TOM“, jointly “TOMs“).
4.2 Theparticular TOMs implemented by Paul's Job are further described in Attachment1 hereto.
4.3 Paul's Job may update or replace any of theimplemented technical and organizational measures at any time with alternativemeasures that provide a comparable level of protection.
5. Subprocessors
5.1 Paul's Job shall be entitled to engagesubprocessors for the Data Processing (“Subprocessors”) only withCustomer’s prior written consent. Customer shall not withhold its consentunless on important grounds of data protection law.
The Processor shall be liable for anydamages resulting from its non-compliance with GDPR or this Agreement,includingdirect and indirect damages arising from data breaches. The Processor shallindemnify the Controller for all costs, fines, and claims incurred due to theProcessor’s negligence or misconduct.
5.2 Customer hereby consents to the engagement ofSubprocessors by Paul's Job as follows:
5.3 Clauses Error! Reference source not found. and Error! Reference source not found. shall apply mutatismutandis to the replacement of Subprocessor by Paul'sJob and to the further subcontracting of the DataProcessing to another third party by Subprocessor.
6. ComplianceVerification
6.1 Paul's Job shall allowCustomer or an external auditor commissioned by Customer to verify Paul'sJob’s compliance with these Data Processing Terms (including the implementation of the TOMspursuant to Clause Error!Reference source not found.). Paul's Job may demonstrate compliancewith these Data Processing Terms by providing suitable evidence.
6.2 If compliance with these Data Processing Terms cannot be demonstrated through the means described in Clause Error!Reference source not found., Customer mayconduct on-site inspections at Paul's Job’spremises, subject to the following conditions: (A) Inspections may only beconducted once per calendar year with at least 14 business days’ prior writtennotice; (B) inspections shall be conducted during normal business hours withoutdisrupting Paul's Job’s business; (C) inspectionsshall only be performed by independent external auditors; (D) auditors shallnot access Paul's Job’s trade secrets or confidential information or any datanot subject to these DataProcessing Terms; (E) Paul's Job may object to an auditor for reasonable cause, such asif the auditor is a competitor of Paul's Job; and (F)Customer shall bear the costs of any inspections and any associated supportprovided by Paul's Job.