YourMauka DATA PROCESSING AGREEMENT
* * * IF YOU DO NOT AGREE WITH THIS DATA PROCESSING AGREEMENT YOU MUST NOT ACCESS THE SERVICE. * * *
YourMauka will process Your Data pursuant to the terms set forth herein and as required by the California Consumer Privacy Act of 2018 (“CCPA”), European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation or regulation pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/679)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction (“Data Protection Legislation”). Any capitalized, undefined terms that are not defined herein shall have the meaning set forth in the Agreement. For purposes of the DPA “Your Data” shall mean “Personal Data” as defined by the Data Protection Legislation. Additionally, “Controller,”
“Processor,” “Data Subject,” “Processing,” “Sub-processor,” and “Appropriate Technical and Organizational Measures” shall also have the meanings specified in the Data Protection Legislation.
DATA PROTECTION LEGISLATION COMPLIANCE
Processor and Controller. The parties agree that YourMauka and Client may be both a Processor and a Controller of Personal
Data and accordingly agree to process Personal Data: (i) for legitimate business purposes, including for Client specifically only for considering Data Subjects’ employability within Your organization; (ii) as specified in the Agreement (iii) as permitted by Data Protection Legislation; and (iv) as otherwise permitted by a Candidate.
Appropriate Technical and Organizational Measures. Both parties agree to use Appropriate Technical and Organizational measures to ensure the proper treatment of Personal Data and the ability to accordingly respond to Data Subject requests pertaining to use of Personal Data. Specifically, and among other rights that may be available to Data Subjects, the parties agree that Data Subjects have a right to: consent withdrawal, access to and modification of Personal Data, object to processing of their Personal Data and erasure of their Personal Data. YourMauka shall implement and maintain appropriate technical and organizational measures to protect Data against unauthorized or unlawful processing, including protecting against loss, destruction, modification, or disclosure. These measures will be reasonable and appropriate with respect to the Data which YourMauka processes.
DATA SUBJECTS REQUEST AND DISPUTE RESOLUTION
Both parties will comply with Data Subject requests as required by applicable Data Protection Legislation and any other applicable law. Clients agree to immediately forward each Data Subject request to Our Data Protection Officer at info@YourMauka.com and promptly notify YourMauka of all Data Subject disputes and work in good faith to resolve any dispute to the Candidate’s satisfaction. You are not to resolve any dispute or conflict on our behalf.
IMPACT TO THE SERVICE
You understand that a Data Subject’s request may impact their ability to serve as a Candidate. Any Candidate who exercises her or his rights under the Data Protection Legislation after You have viewed or accessed that Candidate’s profile may preclude that Candidate from participating through the YourMauka Service. Irrespective of the exercise of this right, such Candidates will continue to be counted as an Interview Request and Qualified Introduction.
PERSONAL DATA BREACH
If either party becomes aware of a Personal Data Breach that causes destruction, loss, modification, disclosure, or access to it will immediately notify the other party. The party that was subject to the Personal Data Breach shall notify Data Subjects and appropriate parties as required by the Data Protection Legislative. The party subject to the Personal Data Breach shall conduct an investigation regarding the same and will use industry standard technology, methods and other related practices to mitigate the effects and to mitigate the effects of any Personal Data Breach and shall use industry standard measures to prevent any further breaches in the future.
In the event either party engages a third-party Sub-processor to assist with the performance of its duties under this DPA that party shall ensure that the Sub-processor complies with applicable laws, rules, and regulations, and maintains no less stringent requirements than those of this DPA. A current list of material third party Sub-processors with respect to YourMauka’s provision of the Service can be found here: https://YourMauka.com/sub-processors (the “Sub-Processor List Page”). In the event of any anticipated or intended change to YourMauka’s third-party Sub-processors, YourMauka will update the Sub-processor List Page accordingly, pursuant to the terms and conditions set forth on the Sub-Processor List Page.
Both parties shall, as reasonably requested and reasonable necessary or required by applicable law, allow the other party to conduct an audit or inspection during the term of the Agreement to confirm compliance with this DPA, which may include providing reasonable access to the premises, resources and personnel used by You in connection with the provision of the Service, specifically to verify the processing Data in accordance with that party’s obligations under the DPA and applicable Data Protection Legislation. Such audit shall consist solely of: (i) written information (such as security policies) and (ii) interviews with personnel as may be reasonably necessary to verify compliance. For clarity, no access to any part of a party’s IT system, data hosting service providers, sites, or centers, or infrastructure will be permitted.
The terms and conditions of this DPA shall prevail over any additional or conflicting terms in the Agreement with respect to the treatment of Personal Data. Unless otherwise modified herein, the remaining terms of the Agreement shall remain in full force and effect. In the event of a conflict between the terms of this DPA and another Agreement provision the terms of this DPA shall control with respect to the treatment of Personal Data.