Data Processing Agreement (DPA)
Last updated: March 26, 2026
This DPA forms part of the Terms Of Service.
1. Roles
- Customer = Data Controller
- HUSA = Data Processor
2. Scope of Processing
HUSA processes:
- Candidate Data
- Assessment results
- Interview data
Processing purpose:
- Provide hiring and workforce decision support
3. Types of Personal Data
Personal data may include:
- Name, email, and phone number
- CV or work history
- Test results
- Behavioral or psychometric data
4. Data Subjects
- Job candidates
- Employees
- Customer users
5. Obligations of HUSA
HUSA shall:
- Process data only per Customer instruction
- Ensure confidentiality
- Implement appropriate security measures
- Assist with GDPR obligations, if applicable
6. Sub-processors
HUSA may use sub-processors, including:
- Google Cloud
- Paddle
A full and up-to-date list of sub-processors may be provided upon request. HUSA ensures they meet data protection standards.
7. International Data Transfer
Data may be processed outside the EU.
HUSA ensures safeguards such as:
- Standard Contractual Clauses (SCCs)
- Equivalent protection measures
8. Data Retention
Data is retained:
- As long as necessary for the service
- Or as instructed by the Customer
The Customer may request deletion.
9. Data Subject Rights
HUSA will support the Customer in handling:
- Access
- Correction
- Deletion
- Portability
10. Security Measures
HUSA implements:
- Encryption (in transit & at rest where applicable)
- Access control
- Monitoring and logging
11. Data Breach
HUSA will:
- Notify the Customer without undue delay
- Provide relevant information
12. Deletion & Return
Upon termination:
- Data will be deleted or returned
- Unless retention is required by law
13. Audit Rights
The Customer may request reasonable audit information.
14. Governing Law
This DPA is aligned with the main agreement or applicable GDPR rules.
