Data Processing Agreement (DPA) for our clients

Between [Your Company Name] (“Processor”) and the Employer/Recruiter (“Controller”)

Last updated: [Insert Date]

This Data Processing Agreement (“Agreement”) forms part of the Terms of Business between [Your Company Name] and the Employer/Recruiter (“you”, “your”) using our jobs listing website (the “Service”). It governs how we process personal data on your behalf in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 
1. Definitions
“Controller” – the employer or recruitment agency posting jobs and receiving candidate data.
“Processor” – [Your Company Name], which processes personal data on behalf of the Controller.
“Personal Data” – any information relating to an identifiable individual.
“Processing” – any operation performed on personal data, including storage, transmission, or deletion.
“Sub‑processor” – a third party engaged by the Processor to support the Service.
 
2. Subject Matter and Purpose of Processing
We process personal data solely to:

Publish job listings
Facilitate job applications
Transmit candidate information to you
Provide employer account services
Support analytics, security, and platform functionality
We do not process personal data for any purpose other than delivering the Service.

 
3. Categories of Personal Data
We may process the following categories on your behalf:

Candidate names, contact details, CVs, employment history
Application details and communication records
Employer account information
Technical data (IP address, device information, usage logs)
We do not process special category data unless provided voluntarily by the candidate.

 
4. Duration of Processing
We process personal data:

For as long as your employer account is active
For as long as necessary to provide the Service
In accordance with our Data Retention Policy
Upon termination, data is deleted or returned as described in Section 10.

 
5. Controller Responsibilities
As the Controller, you agree to:

Ensure all personal data you collect or provide is lawful
Provide accurate job information and avoid discriminatory content
Use candidate data only for legitimate recruitment purposes
Comply with UK GDPR when storing, reviewing, or contacting candidates
Respond to data subject requests relating to your processing activities
You are responsible for your own retention, deletion, and compliance obligations.

 
6. Processor Responsibilities
We will:

Process personal data only on your documented instructions
Implement appropriate technical and organisational security measures
Ensure staff with access to data are bound by confidentiality
Assist you in responding to data subject rights requests
Notify you without undue delay of any personal data breach
Maintain records of processing activities as required by law
We will never:

Sell candidate data
Use candidate data for our own marketing
Share data with third parties except as permitted under this Agreement
 
7. Sub‑processors
We may use trusted third‑party service providers to support the Service (e.g., hosting, analytics, email delivery).

We will:

Ensure all sub‑processors are GDPR‑compliant
Enter into written agreements imposing equivalent data protection obligations
Remain fully responsible for their performance
You will be notified of any material changes to our sub‑processor list.

 
8. International Data Transfers
If personal data is transferred outside the UK, we will ensure:

Adequacy regulations apply, or
Standard Contractual Clauses (SCCs) or equivalent safeguards are in place
We will not transfer data internationally without appropriate protection.

 
9. Security Measures
We implement industry‑standard security controls, including:

Encrypted data storage and transmission
Access controls and authentication
Regular security testing and monitoring
Secure data deletion and backup procedures
Details may be provided upon request.

 
10. Return or Deletion of Data
Upon termination of your account or written request:

We will delete or anonymise personal data processed on your behalf
You may request a copy of candidate data before deletion
Certain data may be retained where legally required (e.g., financial records)
 
11. Data Breach Notification
If we become aware of a personal data breach affecting your data, we will:

Notify you without undue delay
Provide details of the breach, impact, and mitigation steps
Cooperate with your regulatory obligations
 
12. Audits and Compliance
You may request information necessary to demonstrate compliance with this Agreement. Formal audits may be conducted with reasonable notice and without disrupting service operations.

 
13. Changes to This Agreement
We may update this Agreement to reflect legal or operational changes. Continued use of the Service constitutes acceptance of the updated terms.

 
14. Contact Information
For data protection matters, contact:

Key Recruitment Ltd.
info@keyrecruitment.net 
Units 6 & 7 Cumberland Gate,
Cumberland Road,
Portsmouth, Hampshire,
PO5 1AG