Data Protection Agreement
Last updated on: 15.04.2024
This Data Protection Agreement ("DPA") is concluded between:
PLAYFUL SOFTWARE SRL, a limited liability company headquartered in Bucharest, 10 Glicinelor Street, registered at the Trade Register under no. J40/2950/2016, Tax Registration Code 35728130 (here in after “Jobful”) and the Company that you represent (the “Client”).
This DPA is concluded whereas Jobful provides Services to the Client, in relation to the website https://wyndhampartnercareers.com (the “Website”), in accordance with the Services purchased by the Client and in accordance with the Website’s Terms of Service (“The Agreement”).
This DPA sets out the terms that apply when providing the Services, Jobful processes Personal Data. The purpose of the DPA is to ensure such processing is conducted in accordance with applicable laws and with due respect for the rights and freedoms of individuals whose Personal Data are processed.
This DPA is considered accepted by the Client when you tick the box “I accept the Terms of service”, as such option will be available on the Website. Considering that you will accept the DPA on behalf of a Company, you represent and warrant that you have full authority to bind that the company to these terms.
This DPA may be updated from time to time. The updated version of this DPA will be posted on the Website and will be notified to the Client by email or through the Client’s user account. whereas the Client continue to use the Website and/or the Services after the above-mentioned notification, the updated DPA will be considered accepted by the Client.
- Definitions
1.1. For the purposes of this DPA:
- a) “EEA" means the European Economic Area, which constitutes the member states of the European Union, the United Kingdom, Norway, Iceland and Liechtenstein.
- b) “EU Data Protection Legislation” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (as amended, replaced or superseded) ("GDPR");
- c) “Controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;
- d) “Processor” means an entity which processes Personal Data on behalf of the Controller; and
- e) “Personal Data” means any information relating to an identified or identifiable natural person;
- f) “Personal Data Breach” means a breach of security of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data;
- g) "Services” means any services provided by Jobful to the Client pursuant to the Agreement;
- h) “Sub-processor” means any Processor engaged by Jobful or any member of its group of companies that processes Personal Data pursuant to the Agreement. Sub-processors may include third parties or any member of Jobful’s group of companies.
- Processing.
2.1 Role of the Parties. Jobful will process Personal Data under the Agreement as Processor acting on behalf of the Client.
2.2. Purpose Limitation. Jobful will process Personal Data only for the purpose of providing the Services and in accordance with Client’s lawful instructions.
2.3. Compliance.
2.3.1. Client, as Controller, shall be responsible for ensuring that:
- a) it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection, including EU Data Protection Legislation; and
- b) it has, and will continue to have, the right to transfer, or provide access to, the Personal Data to Jobful for processing in accordance with the terms of the Agreement and this DPA.
2.3.2 Jobful, as Processor, shall be responsible for ensuring that:
- a) will comply with its processor obligations under EU Data Protection Legislation and will process Personal Data in accordance with Customer’s instructions.
2.3.3. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between the parties by way of written amendment to the Agreement.
- Sub-processing.
3.1 Use of Sub-Processors. Client generally authorizes the engagement of sub-processors. Information about Sub-processors is available at https://wyndhampartnercareers.com/subprocessors, (as may be updated by Jobful time to time). Jobful will prior inform the Client if another sub-processor will be engaged.
3.2. Requirements for Sub-Processors Engagement. When engaging any Sub-processor, Jobful will ensure via a written agreement that: a) the Sub-processor only accesses and uses Personal Data to the extent required to perform the obligations subcontracted to it; b) the Sub-processor will have similar obligation as the Jobful’s obligations under this DPA.
3.3. Jobful shall remain liable for all obligations subcontracted to, and all acts and omissions of, the Sub-processor.
- Security.
4.1. Security Measures by Jobful. Jobful will implement and maintain appropriate technical and organizational security measures to protect against Personal Data Breaches and to preserve the security and confidentiality of Personal Data processed by Jobful on behalf of Client (“Security Measures”). The Security Measures are subject to technical progress and development. Jobful may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Client.
4.2 Security Measures by Client. Client is responsible for using and configuring the Services in a manner which enables him to comply with Data Protection Laws, including implementing appropriate technical and organizational measures.
4.3. Personal Data Breaches. Jobful shall notify Client without undue delay upon Jobful or any Sub-processor becoming aware of a Personal Data Breach affecting Personal Data, providing Client with sufficient information necessary to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the applicable law. Jobful shall cooperate with Client and shall provide reasonable assistance in order to remedy or mitigate the effects of the Security Incident.
- Audit Rights.
5.1. Jobful shall make available at the Client’s request, all information required to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by Client or an auditor mandated by Client in relation to the processing of the Personal Data.
- Data Transfers.
6.1. Jobful will not transfer Personal Data outside the EU.
- Deletion/return of Personal Data.
7.1. Upon expiration or termination of the Agreement, Jobful shall at Client’s election, delete or return to Client all Personal Data in its possession (including copies), except to the extent Jobful is required by applicable law to retain some or all of the Personal Data (in which case Jobful will archive the data and implement reasonable measures to prevent the Personal Data from any further processing). The terms of this DPA will continue to apply to such Personal Data.
- Cooperation.
8.1 Data Protection Requests. If Jobful receives any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement, including requests from individuals seeking to exercise their rights under EU Data Protection Law, Jobful will promptly redirect the request to the Client. Jobful will not respond to such communication directly without Client's prior authorization, unless legally compelled to do so. If Jobful is required to respond to such a request, Jobful will promptly notify Client and provide Client with a copy of the request, unless legally prohibited from doing so.
8.2. Customer Requests. Jobful will reasonably cooperate with Client, at Client's expense, to permit Client to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement to the extent that Client is unable to access the relevant Personal Data in their use of the Services.
8.3. DPIAs and Prior Consultations. To the extent required by EU Data Protection Law, Jobful will, upon reasonable notice and at Client's expense, provide reasonably requested information regarding the Services to enable Customer to carry out data protection impact assessments (“DPIAs”) and/or prior consultations with data protection authorities.
8.4 Legal Disclosure Requests. If Jobful receives a legally binding request for the disclosure of Personal Data which is subject to this DPA, such request will be dealt with in accordance with the Agreement.
- Liability
9.1. Jobful shall be liable for the damage caused by processing only where it has not complied with obligations of the Regulation specifically directed to Processors or where it has acted outside or contrary to lawful instructions of the controller (the Client). Jobful shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage (including force majeure events) and/or if Jobful respected all the Security Measures, as they are stipulated by this DPA. In the situation that Jobful is liable, in accordance with the provisions of this clause and if any prejudice is caused to the Client, Jobful liability shall be limited to the price paid by the Client for the Services provided by Jobful in relation with the personal data processing for the month when the Personal Data Breach occurred.
9.2. Client shall be liable for the damage caused by processing which infringes the Regulation. Client shall be liable for any breach of its obligations under this DPA and for any prejudice caused to Jobful and shall repair the entire prejudice.
- Miscellaneous
10.1. Jurisdiction and governing law. Parties hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity. This DPA is governed by the laws of the country or territory stipulated for this purpose in the Agreement.
10.2. In the event of inconsistencies between the provisions of this DAP and the Agreement (except where explicitly agreed otherwise), the provisions of this Addendum shall prevail.
10.3. In case you have any questions, you can contact Jobful via email: team@jobful.io
ANNEX 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
- Subject matter and duration of the Processing of Personal Data
The subject matter of the data processing is the provision of the Services. The processing will be carried out for the duration of the Agreement.
- The nature and purpose of the Processing of Personal Data
Jobful shall process the Personal Data within the purpose of providing the Services, under the Agreement.
In this respect, Jobful is allowed to perform any processing activities of Personal Data, as needed for the provision of the Services.
- Categories of Personal Data to be processed
Jobful is allowed to process any types of Personal Data made available by the Client under the Website or that might be communicated to Jobful in other ways.
- The categories of Data Subject to whom the Personal Data relates
Personal Data may concern the following categories of Data Subjects: the Client’s employees and/or contractors, the Client’s candidates for the job openings, other categories of data subjects, as the case may be.
- The Parties rights and obligations
The obligations and rights of parties are set out in the Agreement and the DPA.