TALENTPAIR DATA PROCESSING AGREEMENT
Last Updated: December 6, 2021
* * * IF YOU DO NOT AGREE WITH THIS DATA PROCESSING AGREEMENT YOU MUST NOT ACCESS THE SERVICE. * * *
Talentpair is based in the United States and we process and store information in the United States.
Talentpair services are only available to residents of the United States.
Talentpair will process Your Data pursuant to the terms set forth herein and as required by the California Consumer Privacy Act of 2018 (“CCPA”) and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction (“Data Protection Legislation”). Any capitalized, undefined terms that are not defined herein shall have the meaning set forth in the Agreement.
Talentpair services are not available for residents outside of the United States, which includes residents of the European Union, pursuant to the terms set forth by European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation or regulation pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/679)).
For purposes of the DPA “Your Data” shall mean “Personal Data” as defined by the Data Protection Legislation. Additionally, “Controller,” “Processor,” “Data Subject,” “Processing,” “Sub-processor,” and “Appropriate Technical and Organizational Measures” shall also have the meanings specified in the Data Protection Legislation.
Data Protection Legislation Compliance
Processor and Controller. The parties agree that Talentpair and Client may be both a Processor and a Controller of Personal Data and accordingly agree to process Personal Data: (i) for legitimate business purposes, including for Client specifically only for considering Data Subjects’ employability within Your organization; (ii) as specified in the Agreement (iii) as permitted by Data Protection Legislation; and (iv) as otherwise permitted by a Candidate.
Appropriate Technical and Organizational Measures. Both parties agree to use Appropriate Technical and Organizational measures to ensure the proper treatment of Personal Data and the ability to accordingly respond to Data Subject requests pertaining to use of Personal Data. Specifically, and among other rights that may be available to Data Subjects, the parties agree that Data Subjects have a right to: consent withdrawal, access to and modification of Personal Data, object to processing of their Personal Data and erasure of their Personal Data. Talentpair shall implement and maintain appropriate technical and organizational measures to protect Data against unauthorized or unlawful processing, including protecting against loss, destruction, modification, or disclosure. These measures will be reasonable and appropriate with respect to the Data which Talentpair processes.
Data Subjects Request And Dispute Resolution
Both parties will comply with Data Subject requests as required by applicable Data Protection Legislation and any other applicable law. Clients agree to immediately forward each Data Subject request to email@example.com and promptly notify Talentpair of all Data Subject disputes and work in good faith to resolve any dispute to the Candidate’s satisfaction. You are not to resolve any dispute or conflict on our behalf.
Impact To The Service
You understand that a Data Subject’s request may impact their ability to serve as a Candidate. Any Candidate who exercises her or his rights under the Data Protection Legislation after You have viewed or accessed that Candidate’s profile may preclude that Candidate from participating through the Talentpair Service. Irrespective of the exercise of this right, such Candidates will continue to be counted as an Interview Request and Qualified Introduction.
Personal Data Breach
If either party becomes aware of a Personal Data Breach that causes destruction, loss, modification, disclosure, or access to it will immediately notify the other party. The party that was subject to the Personal Data Breach shall notify Data Subjects and appropriate parties as required by the Data Protection Legislative. The party subject to the Personal Data Breach shall conduct an investigation regarding the same and will use industry standard technology, methods and other related practices to mitigate the effects and to mitigate the effects of any Personal Data Breach and shall use industry standard measures to prevent any further breaches in the future.
Both parties shall, as reasonably requested and reasonable necessary or required by applicable law, allow the other party to conduct an audit or inspection during the term of the Agreement to confirm compliance with this DPA, which may include providing reasonable access to the premises, resources and personnel used by You in connection with the provision of the Service, specifically to verify the processing Data in accordance with that party’s obligations under the DPA and applicable Data Protection Legislation. Such audit shall consist solely of: (i) written information (such as security policies) and (ii) interviews with personnel as may be reasonably necessary to verify compliance. For clarity, no access to any part of a party’s IT system, data hosting service providers, sites, or centers, or infrastructure will be permitted.
The terms and conditions of this DPA shall prevail over any additional or conflicting terms in the Agreement with respect to the treatment of Personal Data. Unless otherwise modified herein, the remaining terms of the Agreement shall remain in full force and effect. In the event of a conflict between the terms of this DPA and another Agreement provision the terms of this DPA shall control with respect to the treatment of Personal Data.