Data Protection Addendum

Updated March 31, 2020

This is an addendum to the Terms of Service accessible at https://breezy.hr/terms. This Data Processing Agreement (DPA) between Breezy HR, Inc. (“Breezy HR”) and you, a client of Breezy HR (“You”, or “Your”) shall only apply to the extent that GDPR is applicable to the Services, and may be updated by Breezy HR from time to time.

1. Processing

1.1 As part of the Services, Breezy HR processes certain personal data as defined in the GDPR on Your behalf. The parties agree that You shall in this regard be considered the data controller and Breezy HR the data processor. For clarity, the meaning of data controller and data processor shall be as defined in the GDPR. 

1.2 The nature and purpose of the personal data processing by Breezy HR hereunder shall comprise the storage of Your personal data in the Breezy HR application (“Application”) as stated in the Agreement, and such further processing as reasonably required for You to use and operate, and for Breezy HR to support, the Application for the term of, and in accordance with, the Agreement.  The provision of Support to the You or Your support contacts as outlined in the Agreement may involve Breezy HR accessing Your personal data to the extent reasonably required to provide such support.

1.3 The categories of personal data generally included in the processing hereunder may, depending on the Your use of the Application, include users and/or applicants names, email addresses, address, phone number, job titles, CV, internal comments, as well as any other applicable recruitment data;


2. Obligations of the Data Controller

2.1 You, as data controller: 

2.1.1 confirm that You have processed and will continue to process the relevant personal data in accordance with the relevant provisions of the GDPR and the processing does not violate the GDPR;

2.1.2 will reasonably instruct Breezy HR throughout the duration of the Agreement to process the relevant personal data exclusively on Your behalf and in accordance with the GDPR;

2.1.3 will ensure that You are entitled to transfer the relevant personal data to Breezy HR so that Breezy HR may lawfully process the personal data in accordance with the Agreement on Your behalf;

2.1.4 shall take and maintain throughout the term of the Agreement appropriate technical and organizational measures against unauthorized or unlawful processing of the personal data or its accidental loss, destruction or damage, including, but not limited to ensuring that you keeps the Application up to date through timely requesting Breezy HR for updates and upgrades.


3. Obligations of the Data Processor

3.1 Breezy HR, as data processor shall:

3.1.1 process any of Your personal data only on Your instructions.  The Parties agree that the documented instructions are set out in the Agreement or may otherwise be agreed in connection with the performance of the Agreement, such as pursuant to any support requests raised by You;

3.1.2 ensure that any of its staff authorized to process Your personal data are bound by obligations of confidentiality;

3.1.3 implement appropriate technical and operational measures to ensure a level of security appropriate to the general risks involved in the Services reasonably known to it as required by Article 32 of the GDPR;

3.1.4 taking into account the nature of the processing, assist You by implementing appropriate technical and organizational measures, in so far as this is reasonably possible, for the fufillment of the Your obligation to respond to requests for exercising the data subject’s (as defined in the GDPR) rights laid down in Chapter III of the GDPR;

3.1.5 where such cannot be achieved by You directly through functionality included in the Application, each time reasonably assist You (each time subject to a reasonable cost-covering charge) in fulfilling Your obligations to respond to requests for exercising the data subject’s rights set out in Chapter III of the GDPR;

3.1.6 at Your reasonable request, provide to You a copy of all relevant personal data held by it in the format and on the media agreed, provided that a reasonable use policy shall apply (beyond which, Breezy HR shall be entitled to charge You its relevant professional services charges);

3.1.7 reasonably assist You in ensuring compliance with the obligations set out in Addendum and contained in Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Breezy HR;

3.1.8 comply with its obligations under Article 28(4) of the GDPR;

3.1.9 make available to You all information reasonably necessary and, at Your cost and subject to prior agreement on scope and timing, contribute to audits and inspections reasonably carried out by You or on Your behalf to demonstrate Breezy HR’s compliance with Article 28 of the GDPR and this Addendum; and

3.1.10 inform the You if, in Breezy HR’s opinion any instruction provided by You would infringe the GDPR.


4. Sub-processors

4.1 Breezy HR shall use the following sub-processors in the provision of the services:

  • any third party hosting infrastructure provider we may require in the performance of the Services (Breezy HR currently uses Amazon Web Services (www.aws.amazon.com);
  • any Client Relationship Management system provider we may require in the performance of the Services (Breezy HR currently uses Salesforce (www.salesforce.com) to manage its client accounts);
  • any processor offering security solutions (for some of its services,
  • any processor used in the parsing of resumes (Breezy HR currently uses Sovren (www.sovren.com);
  • any processor offering online payment processing services (Breezy HR currently uses (www.stripe.com);
  • any processor we may require in the provision of a client support ticketing or messaging relating to the Services (Breezy HR currently uses Intercom (www.intercom.com));
  • any processor that is required for the add on subscription for SMS and live video capabilities, as applicable (Breezy HR currently uses Twilio (https://www.twilio.com/)).
  • any processor used in converting documents into various formats. (Breezy HR currently uses CloudConvert(https://cloudconvert.com/)
  • any processor that is required for video assessment capabilities, as applicable (Breezy HR currently uses Ziggeo (https://ziggeo.com/)).
  • any processor used in data enrichment of candidate profiles (Breezy HR currently uses FullContact (https://www.fullcontact.com/);


4.2 Where Breezy HR intends to make changes to the use of any of its sub-processors, this Addendum shall be updated 30 days prior to the date of the appointment of the new processor. You shall be responsible for ensuring they regularly check this list for changes. Where You object to such a change (acting reasonably), You shall notify Breezy HR prior to the appointment date of the new processor. In such case, Breezy HR and You shall meet in good faith, and if no agreement can be found, You shall during a reasonable timeframe be entitled to terminate the Agreement on no less than 30 days’ written notice;

5. Data Breach and Data loss

5.1 Breezy HR will promptly inform You after becoming aware of a data breach which has effected your personal data. Breezy HR will investigate the data breach without undue delay, and will take measures to correct the breach including implementing additional technical and organizational measures. Breezy HR will keep You up to date on the progress of the investigation and corrections. Breezy HR will provide you with reasonable assistance in relation to any legal obligations that you are subject to in relation to the breach. 


5.2 Breezy HR will promptly inform You if it becomes aware that any of the relevant personal data are lost or destroyed or become damaged, corrupted or unusable. Where reasonably possible, and where caused by Breezy HR’s fault or negligence, Breezy HR will restore such personal data at its own expense;


6. Return or Destruction of Data

6.1 At Your option, on or shortly after expiry or earlier termination of the Agreement, Breezy HR shall either delete or return to You all of Your personal data, in accordance with its applicable standard policies, provided that Breezy HR shall be entitled to keep one (1) back up copy of the data for a period of up to twelve (12) months following termination;

7. Data Transfers

7.1 Where the Services comprise the transfer of Your personal data outside of the European Economic Area, in accordance with the requirements included in the GDPR, the parties agree on the use of the US/EU Privacy Shield as the transfer mechanism, in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the You to Breezy HR the data the personal data specified in Appendix 2 to the Clauses. For the avoidance of doubt, Breezy HR has the authority to enter into the Clauses on behalf of all data importer included in the Clauses.