In the context of their commercial relationship, the controller entrusts the processor with the processing of personal data. In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”), the Parties undertake to comply with their obligations regarding the protection of personal data.

Any handwritten or other changes to this Data Processing Agreement without the prior written approval of Dispo.work shall have no contractual value to Dispo.work. This agreement supplements the main contract. The main contract means the main subscription contract or any other subscription contract between the Customer and Dispo.work governing the Customer’s access to the Dispo.work software.

1.1 Description of treatments

The Processor is authorised to process on behalf of the controller the personal data necessary for the following purposes:

1.2 Nature of personal data processed

Dispo.work will process the Customer’s personal data on behalf of the Customer as a processor of the Customer’s data. The scope as well as the scope and nature of the processing of the customer’s personal data are for the sole purpose of managing the hiring process for internal and external recruitment of the customer, on behalf of the data controller or its customers.

The personal data processed may include, but is not limited to: First and last name, contact details (address, phone, email) professional information (experience, skills, CV), contract and mission data.

1.3 Duration of treatment

Personal data is processed for the duration of the contractual relationship between the parties, and will be deleted or returned to the controller at the end of this relationship, unless there is a legal retention obligation.

1.4 Obligations of the subcontractor

The Subcontractor undertakes to:

Dispo.work will assist the Customer in a reasonable manner in the impact assessments on data protection, prior consultations with the data protection authorities that the Customer is required to perform under the Data Protection Legislation, the processing of Data Subjects’ requests and any other obligation of assistance required by applicable law

1.5 Rights of data subjects

The Processor undertakes to help the controller to respond to requests to exercise the rights of data subjects (right of access, rectification, erasure, portability, limitation and opposition).

Exclusion of personal accounts. Each individual has the option to create a personal account in the Dispo.work software. With this personal account, the individual is able to coordinate different profiles and application processes for different companies. The collection and processing of personal data for the personal account of an individual is not carried out for the customer but only for the individual by Dispo.work. Therefore, the relationship between an individual and a personal account and Dispo.work is not governed by this Agreement.

Dispo.work only hires personnel who have undertaken to comply with data privacy obligations. Dispo.work will regularly train employees to whom it grants access to the Customer’s Personal Data in compliance with security and confidentiality laws.

Dispo.work declares that it has taken the necessary technical and organisational measures in accordance with Article 32 GDPR to ensure the security and protection of personal data against unauthorised or illegal processing and losses, destruction or accidental damage, and undertakes to continue to do so for the duration of this Agreement.

Dispo.work hosts personal data in the European Union.

1.6 Notification of Data Breaches

The processor shall notify the controller of any breach of personal data within a maximum period of 48 hours after becoming aware of it.

1.7 Subsequent Subcontracting

The processor may not engage another processor without the prior written consent of the controller. The processor undertakes to impose on its own subcontractors the same data protection obligations as those stipulated in this agreement.

1.8 Audit Fees

If the customer is the subject of an audit or investigation by a data protection supervisory authority, Dispo.work shall, where required, respond to any request for information, and/or agree to audit its premises and operations, including inspections by the customer and/or the data protection supervisory authority, in each case for the purpose of proving compliance with this Agreement, provided that: (v) the client warrants that all information obtained or generated in connection with a request for information, an audit or an inspection is strictly confidential (unless disclosed to a data protection supervisory authority or required by applicable law)