DATA PROCESSING AGREEMENT
* * * IF YOU DO NOT AGREE WITH THIS DATA PROCESSING AGREEMENT YOU MUST NOT ACCESS THE SERVICE. * * *
G2M Leaders will process Your Data pursuant to the terms set forth herein and as required by European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation or regulation pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/679)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction (“Data Protection Legislation”). Any capitalized, undefined terms that are not defined herein shall have the meaning set forth in the Agreement. For purposes of the DPA “Your Data” shall mean “Personal Data” as defined by the Data Protection Legislation. Additionally, “Controller,” “Processor,” “Data Subject,” “Processing,” “Sub-processor,” and “Appropriate Technical and Organizational Measures” shall also have the meanings specified in the Data Protection Legislation.
DATA PROTECTION LEGISLATION COMPLIANCE
Processor and Controller. The parties agree that G2M Leaders and Client may be both a Processor and a Controller of Personal Data and accordingly agree to process Personal Data: (i) for legitimate business purposes, including for Client specifically only for considering Data Subjects’ employability within Your organization; (ii) as specified in the Agreement (iii) as permitted by Data Protection Legislation; and (iv) as otherwise permitted by a Candidate.
Appropriate Technical and Organizational Measures. Both parties agree to use Appropriate Technical and Organizational measures to ensure the proper treatment of Personal Data and the ability to accordingly respond to Data Subject requests pertaining to use of Personal Data. Specifically, and among other rights that may be available to Data Subjects, the parties agree that Data Subjects have a right to: consent withdrawal, access to and modification of Personal Data, object to processing of their Personal Data and erasure of their Personal Data. G2M Leaders shall implement and maintain appropriate technical and organizational measures to protect Data against unauthorized or unlawful processing, including protecting against loss, destruction, modification, or disclosure. These measures will be reasonable and appropriate with respect to the Data which G2M Leaders processes.
DATA SUBJECTS REQUEST AND DISPUTE RESOLUTION
Both parties will comply with Data Subject requests as required by applicable Data Protection Legislation and any other applicable law. Clients agree to immediately forward each Data Subject request to Our Data Protection Officer at support@G2MLeaders.com and promptly notify G2M Leaders of all Data Subject disputes and work in good faith to resolve any dispute to the Candidate’s satisfaction. You are not to resolve any dispute or conflict on our behalf.
IMPACT TO THE SERVICE
You understand that a Data Subject’s request may impact their ability to serve as a Candidate. Any Candidate who exercises her or his rights under the Data Protection Legislation after You have viewed or accessed that Candidate’s profile may preclude that Candidate from participating through the G2M Leaders Service. Irrespective of the exercise of this right, such Candidates will continue to be counted as an Interview Request and Qualified Introduction.
PERSONAL DATA BREACH
If either party becomes aware of a Personal Data Breach that causes destruction, loss, modification, disclosure, or access to it will immediately notify the other party. The party that was subject to the Personal Data Breach shall notify Data Subjects and appropriate parties as required by the Data Protection Legislative. The party subject to the Personal Data Breach shall conduct an investigation regarding the same and will use industry standard technology, methods and other related practices to mitigate the effects and to mitigate the effects of any Personal Data Breach and shall use industry standard measures to prevent any further breaches in the future.
In the event either party engages a third-party Sub-processor to assist with the performance of its duties under this DPA that party shall ensure that the Sub-processor complies with applicable laws, rules, and regulations, and maintains no less stringent requirements than those of this DPA.
The terms and conditions of this DPA shall prevail over any additional or conflicting terms in the Agreement with respect to the treatment of Personal Data. Unless otherwise modified herein, the remaining terms of the Agreement shall remain in full force and effect. In the event of a conflict between the terms of this DPA and another Agreement provision the terms of this DPA shall control with respect to the treatment of Personal Data.