This Data Processing Addendum (“DPA”) forms part of the Terms and Conditions and Privacy Policy governing the use of dstribute Software Solutions Inc services (collectively, the “Agreement”). This DPA applies to the extent dstribute Software Solutions Inc processes Personal Data on behalf of a customer in the course of providing services.
This DPA is designed to comply with applicable data protection and privacy laws in the United States, Canada, and, where applicable, the European Economic Area (EEA), United Kingdom, and Switzerland.
In the event of a conflict between this DPA and the Terms and Conditions or Privacy Policy, this DPA shall control with respect to data protection matters.
1. Definitions
For purposes of this DPA:
- “Controller,” “Processor,” “Business,” “Service Provider,” “Consumer,” “Personal Data,” “Personal Information,” “Processing,” and “Data Subject” have the meanings assigned under applicable privacy laws, including but not limited to GDPR, CCPA/CPRA, and Canadian privacy statutes.
- “Customer Data” means all Personal Data submitted to or collected by dstribute Software Solutions Inc on behalf of a Customer through use of the Services.
- “Candidate Data” means Personal Data relating to job candidates collected through job distribution, postings, or related recruiting workflows.
- “Services” means dstribute Software Solutions Inc job distribution, compliance, and related recruiting technology services.
2. Roles of the Parties
- Customers act as the Controller or Business with respect to Customer Data and Candidate Data.
- dstribute Software Solutions Inc acts as a Processor or Service Provider, processing Personal Data solely on documented instructions from the Customer and for the purpose of providing the Services.
dstribute Software Solutions Inc does not sell, rent, or trade Personal Data and does not share Personal Data with third parties for advertising or marketing purposes.
3. Scope and Purpose of Processing
dstribute Software Solutions Inc processes Personal Data solely to:
- Distribute job postings on behalf of Customers
- Collect Candidate Data generated from job postings
- Deliver Candidate Data directly to the Customer’s applicant tracking system (ATS) or via secure electronic delivery
- Maintain temporary records required to provide, support, and audit the Services
- Comply with applicable legal and regulatory obligations
All Candidate Data collected through the Services is owned and controlled by the Customer that procured the data.
4. Categories of Data Subjects and Personal Data
Data Subjects
- Job candidates
- Customer users and administrators
Categories of Personal Data
- Identifiers (name, email address, phone number)
- Employment and application-related information
- Resume and work history data
- Location data (city, state, country)
- Any additional information voluntarily submitted by candidates
dstribute Software Solutions Inc does not intentionally collect sensitive personal data unless provided by the candidate as part of the application process and instructed by the Customer.
5. Data Ownership and Control
- All Candidate Data is the exclusive property of the Customer.
- dstribute Software Solutions Inc acts only as a data processor and has no independent rights to use Customer Data beyond providing the Services.
- Candidate Data is made accessible only to the Customer that originated the job posting and collected the data.
6. Data Retention and Deletion
dstribute Software Solutions Inc retains Personal Data only for as long as necessary to:
- Provide the Services
- Fulfill contractual obligations
- Comply with legal and regulatory requirements
Upon termination of Services or upon Customer request, dstribute Software Solutions Inc will delete or return Customer Data within a commercially reasonable timeframe, unless retention is required by law.
7. Confidentiality
dstribute Software Solutions Inc ensures that all personnel authorized to process Personal Data:
- Are bound by confidentiality obligations
- Receive appropriate privacy and security training
- Access Personal Data only as necessary to perform their job functions
8. Security Measures
dstribute Software Solutions Inc implements appropriate technical and organizational measures designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction, including:
- Access controls and authentication
- Secure data transmission methods
- Infrastructure and application security monitoring
- Regular review of security practices
9. Subprocessors
dstribute Software Solutions Inc may engage subprocessors to support delivery of the Services (for example, hosting or infrastructure providers).
dstribute Software Solutions Inc ensures that:
- Subprocessors are subject to written agreements imposing data protection obligations consistent with this DPA
- Subprocessors process Personal Data solely to support the Services
A current list of subprocessors will be made available upon request.
10. Assistance with Data Subject Requests
dstribute Software Solutions Inc will reasonably assist Customers in responding to requests from Data Subjects, including:
- Access
- Correction
- Deletion
- Restriction or objection to processing
- Data portability, where applicable
Customers remain responsible for validating and responding to such requests.
11. United States Privacy Compliance
dstribute Software Solutions Inc complies with applicable U.S. state privacy laws, including but not limited to:
- California Consumer Privacy Act and California Privacy Rights Act
- Virginia Consumer Data Protection Act
- Colorado Privacy Act
- Connecticut Data Privacy Act
- Utah Consumer Privacy Act
- Other applicable state privacy statutes
dstribute Software Solutions Inc acts as a Service Provider or Processor and does not sell or share Personal Data as defined under these laws.
12. Canada Privacy Compliance
dstribute Software Solutions Inc complies with applicable Canadian privacy laws, including:
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Applicable provincial privacy legislation
Personal Information is processed only for identified purposes and with appropriate safeguards.
13. European and International Data Transfers
Where Personal Data from the EEA, United Kingdom, or Switzerland is processed:
- dstribute Software Solutions Inc processes such data in accordance with GDPR principles
- Appropriate safeguards are implemented for cross-border transfers, including standard contractual clauses where required
- Processing is limited and incidental to Customer operations
14. Data Breach Notification
dstribute Software Solutions Inc will notify Customers without undue delay upon becoming aware of a confirmed Personal Data breach affecting Customer Data and will provide reasonable assistance in breach investigation and notification obligations.
15. Audits and Compliance
Upon reasonable notice, dstribute Software Solutions Inc will make available information necessary to demonstrate compliance with this DPA, subject to confidentiality and security restrictions.
16. Liability
Each party’s liability under this DPA is subject to the limitations of liability set forth in the Agreement.
17. Term and Termination
This DPA remains in effect for the duration of Personal Data processing under the Agreement and survives termination as necessary to fulfill its purpose.
18. Governing Law
This DPA is governed by the governing law specified in the Agreement, without regard to conflict of law principles.
19. Contact Information
Questions regarding this DPA or data protection practices may be directed to:
dstribute Software Solutions Inc
Privacy and Compliance Team
20. Reference Documents
This DPA should be read in conjunction with:
- dstribute Software Solutions Inc Privacy Policy (United States)
- dstribute Software Solutions Inc Disclaimer
- dstribute Software Solutions Inc Terms and Conditions
By using the Services, the Customer acknowledges and agrees to this Data Processing Addendum.
