Data Processing Agreement
This Data Processing Agreement ("DPA") is entered into between:
NIXZ RPA Solutions B.V. (“NIXZ”)
Stationsplein 45
3013 AK Rotterdam
legal@nixz.io
Chamber of Commerce Number: 81627661
And
The customer utilizing the services of NIXZ ("Customer").
Collectively referred to as the "Parties".
Background
NIXZ provides certain services to its customers (referred to as the "Service"). In the course of providing the Service, NIXZ may process personal data on behalf of its customers.
Agreement
By agreeing to the Terms & Conditions of NIXZ, the Customer acknowledges and agrees to the terms set forth in this Data Processing Agreement.
1. Data Processing
1.1. NIXZ shall process personal data on behalf of the Customer solely for the purpose of providing the Service, in accordance with the terms of the Agreement between the Parties.
1.2. NIXZ shall process personal data only on documented instructions from the Customer, unless required to do so by applicable law.
1.3. NIXZ shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in processing personal data.
1.4. Such measures may include encryption in transit and at rest where appropriate, access controls and authentication measures, least-privilege access principles, logging and monitoring, secure hosting environments, backup procedures, and internal confidentiality obligations.
1.5. The subject matter of the processing concerns the provision of recruitment, sourcing, automation, integration, communication, analytics, and related platform services by NIXZ.
1.6. NIXZ processes personal data for the purpose of providing, operating, supporting, maintaining, improving, and securing the Service, including synchronization, matching, communication, workflow automation, analytics, customer support, and integration functionality.
1.7. Data subjects may include Customer users, candidates, professionals, employees, contractors, representatives, website visitors, business contacts, and other individuals whose personal data is processed through the Service.
1.8. Personal data processed by NIXZ may include names, contact details, employment and recruitment-related information, communication data, technical and usage data, integration metadata, authentication data, and other personal data submitted to or processed through the Service by or on behalf of Customer.
1.9. NIXZ shall process personal data for the duration of the Agreement and for such additional period as necessary to comply with applicable law, resolve disputes, enforce agreements, maintain backup or security records, or fulfill legitimate operational requirements.
2. Data Subject Rights
2.1. NIXZ shall assist the Customer in responding to requests from data subjects exercising their rights under applicable data protection laws.
3. Data Security
3.1. NIXZ shall take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
4. Subprocessing
4.1. Customer acknowledges and agrees that NIXZ may engage subprocessors and third-party service providers necessary for the operation, hosting, support, analytics, payment processing, communication, sourcing, enrichment, and integration functionality of the Service.
4.2. NIXZ currently uses the following subprocessors:
• DigitalOcean (Infrastructure)
• TransIP (Infrastructure)
• CoffeeSprout (Infrastructure)
• Google (Analytics & Workspace)
• OpenAI (AI services)
• Zendesk (Customer support)
• Stripe (Payments)
• Moneybird (Accounting)
• Unipile (Integrations)
4.3. Customer also consents to subprocessing of data by Customer’s own connected systems and third-party providers integrated by or on behalf of Customer.
4.4. NIXZ shall ensure that subprocessors processing personal data on behalf of NIXZ are subject to data protection and confidentiality obligations appropriate to the nature of the processing activities.
4.5. NIXZ may also use third-party data providers and public data sources to collect or enrich professional profile information in connection with the Services. Depending on the nature of the processing activity and data flow, such providers may act as independent data controllers, processors, or subprocessors.
4.6. An up-to-date overview of material subprocessors may be updated by NIXZ from time to time to reflect operational, technical, or commercial changes.
5. Confidentiality
5.1. NIXZ shall ensure that any person it authorizes to process personal data on behalf of the Customer is subject to a duty of confidentiality.
6. Data Breach Notification
6.1. In the event of a data breach involving personal data processed by NIXZ on behalf of the Customer, NIXZ shall notify the Customer without undue delay after becoming aware of the breach.
6.2. NIXZ shall promptly notify the relevant data protection authority of the data breach in accordance with the requirements of applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR).6.3. NIXZ shall not be liable for damages caused by a data breach unless the data breach results from negligence or intentional misconduct by NIXZ. The limitations of clause 5 of the Terms and Conditions apply in the situation that liability on the part of NIXZ should arise.
7. Data Deletion
7.1. Upon termination or expiry of the Agreement, NIXZ shall, at the Customer's direction, either delete or return all personal data processed on behalf of the Customer, unless otherwise required by applicable law or regulations.
7.2. NIXZ may retain limited data where necessary to comply with legal obligations, resolve disputes, enforce agreements, maintain security records, or comply with backup retention policies.
8. International Data Transfers
8.1. Where personal data is transferred outside the European Economic Area (“EEA”), NIXZ shall implement appropriate safeguards in accordance with applicable data protection laws, which may include Standard Contractual Clauses approved by the European Commission.
8. Governing Law and Jurisdiction
8.1. This DPA shall be governed by and construed in accordance with the laws of The Netherlands. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of The Netherlands.
9. Miscellaneous
9.1. This DPA constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements and understandings, whether written or oral. This Data Processing Agreement is executed by the Parties as of the date of mutual agreement between NIXZ and the Customer.
For any inquiries or concerns regarding the Data Processing Agreement, please reach out to our Legal Officer at legal@nixz.io.
.svg){kind=logo}
