Skrıptȷobs
Compliance
Last Updated:March 26, 2026

Data Processing Addendum

Clear, transparent terms regarding how Skriptjobs processes data on behalf of our customers.

1. Introduction & Definitions

This Data Processing Addendum ("DPA") forms part of the Master Service Agreement or Terms of Use ("Agreement") between Skriptjobs ("Processor") and the Customer ("Controller"). it applies where Skriptjobs processes Personal Data on behalf of the Customer in the course of providing its services.
  • Controller: The natural or legal person who determines the purposes and means of processing personal data (the Customer).
  • Processor: Skriptjobs, which processes personal data on behalf of the Controller.
  • GDPR: The General Data Protection Regulation (EU) 2016/679.
  • Personal Data: Any information relating to an identified or identifiable natural person.

2. Subject Matter & Duration

The subject matter of the processing is the provision of premium hiring and candidate matching services. The duration of the processing corresponds to the term of the Agreement plus the period until all personal data has been deleted or returned by Skriptjobs.

3. Obligations of the Processor

Skriptjobs commits to the following:
  • Processing Instructions: Skriptjobs shall process personal data only on documented instructions from the Controller.
  • Confidentiality: Skriptjobs ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Security: Skriptjobs shall implement technical and organizational measures to ensure a level of security appropriate to the risk.
  • Data Subject Rights: Skriptjobs shall assist the Controller by appropriate technical and organizational measures for the fulfillment of the Controller’s obligation to respond to requests for exercising the data subject's rights.

4. Data Subjects & Data Categories

4.1 Data Subjects

  • Candidates and Job Seekers
  • Employees and contractors of the Controller (Recruiters, Hiring Managers)
  • External referees or contacts provided by candidates

4.2 Data Categories

  • Identification data (Name, Date of Birth, Gender)
  • Contact data (Email, Phone, Address)
  • Professional data (CVs, Education, Career History, Skills)
  • User activity data (Platform interactions, assessments, logs)

5. Sub-processing

The Controller authorizes Skriptjobs to engage the subprocessors listed on our Subprocessors page. Skriptjobs remains fully liable for the performance of the subprocessor’s obligations.
View Subprocessors List

6. Security Incident Notification

Skriptjobs shall notify the Controller without undue delay after becoming aware of a personal data breach. Such notification shall at least describe the nature of the breach, the categories of data affected, and the measures taken to address it.

7. Audit Rights

Skriptjobs shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

8. Technical & Organizational Measures (TOMs)

Skriptjobs implements comprehensive security controls, including:
  • Access Control: 2FA, role-based permissions, and strict password policies.
  • Transmission Control: SSL/TLS 1.3 encryption for all data in transit.
  • Input Control: Detailed logging of data entry and modifications.
  • Availability Control: Redundant infrastructure (GCP/Firebase) and regular automated backups.
  • Separation Control: Logical separation of data belonging to different customers.

Appendix 1: Details of Processing

Nature and Purpose: Providing a platform for hiring, talent matching, and candidate communication. Categories of data and subjects are as defined in Section 4.

Appendix 2: Specific Security Measures

Skriptjobs uses enterprise-grade cloud infrastructure (Google Cloud & Firebase) which maintains numerous security certifications including ISO 27001, SOC 2, and SOC 3. All platform code undergoes regular security review.