Legal Resources at PeopleForce
Last updated: June 01, 2025
Welcome to the PeopleForce Platform. This Data Processing Agreement (hereinafter the “Agreement”) is entered into by and between:
The relevant PeopleForce contracting entity, as specified in the main agreement (Terms of Service), with which the Customer has entered into a service relationship and to which payment is made for the subscription (hereinafter referred to as “PeopleForce”, “We” or “Processor”),
and
You (hereinafter referred to as “Data Controller”, “You” or “Customer”),
— jointly referred to as the “Parties”.
In this Agreement, “PeopleForce” means the specific entity of the PeopleForce group that has entered into the Terms of Service with the Customer. This may include, but is not limited to:
The entity acting as Data Processor under this DPA shall always be the same entity as defined in the Customer’s Terms of Service agreement, and receiving payment for the subscription.
This DPA forms an integral part of the Terms of Service and sets out the roles and responsibilities of the Parties in accordance with applicable Data Protection Legislation, with respect to the processing of personal data on the PeopleForce Platform.
IT IS AGREED AS FOLLOWS:
a. “DPA” means this Data Processing Agreement and all schedules (if any);
b. “Data Controller Personal Data” means Personal Data Processed by Data Processor on behalf of Data Controller pursuant to or in connection with the Service Agreement and this Agreement, indicated in Annex 1 to this DPA;
c. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
d. “Data Protection Laws” means the GDPR and, to the extent applicable, the data protection or privacy laws of any country, in particular the British Data Protection Act of 2018;
e. “EEA” means the European Economic Area;
f. “GDPR” means EU General Data Protection Regulation 2016/679
g. “Data Transfer” means:
-a transfer of Data Controller Personal Data from the Data Controller to the Data Processor; or
-an onward transfer of Data Controller Personal Data to a Subprocessor, or between two Subrocessors;
h. “Principal Agreement” means the Terms of Services referred to in point (A) above;
i. “Services” means the services provided by the Data Processor to the Data Controller in accordance with the Principal Agreement;
j. “Subprocessor” means any person appointed by or on behalf of the Data Processor to process Personal Data on behalf of the Data Controller in connection with this DPA.
k. Other terms, including without limitation: “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning ascribed to them in the GDPR, and their cognate terms shall be construed accordingly.
a. the initiation of an audit by the supervisory authority dealing with the protection of Personal Data in connection with entrusting the Processor with the processing of Personal Data, as well as any administrative decisions issued with respect to the Processor in connection with the above;
b. initiated or pending administrative, court or preparatory proceedings related to entrusting the Processor with Personal Data processing, as well as to any decisions, orders or judgments issued against the Processor in connection with the above;
c. any incidents concerning the Personal Data entrusted for processing by the Processor, including the accidental or unauthorized access to the Personal Data entrusted, cases of change, loss, damage or destruction of the entrusted Personal Data.
a. promptly (but in no case later than within 3 days of receiving such request) notify Data Controller if it receives a request from a Data Subject under any Data Protection Legislation in respect of Personal Data; and
b. ensure that it does not respond to that request except on the documented instructions of Data Controller or as required by applicable Data Protection Legislation to which the Processor is subject, in which case the Processor shall to the extent permitted by applicable laws inform Data Controller of that legal requirement before the sending a response to the request.
Annex 1
The scope of the data entrusted
Categories of data subjects whose data is entrusted | Categories of data | Data processing activities | The duration of processing |
---|---|---|---|
Data of the Data Controller’s Employees, volunteers, agents, temporary and casual workers, candidates, shareholders, relatives, guardians and associates of the data subject, experts, advisers, consultants and other professional experts. | All personal data that the Data Controller and any user to whom the Data Controller has granted access to the PeopleForce Platform uploaded to the systems of the Processor, including, specifically but not limited to: - contact and address data, such as: First and last name of the user. Email address. Postal address. Phone number. Postal code. Address of the place of residence or work. Country/region. Additional contact information (e.g. Skype, Telegram, etc.). Other information for communication and addressing. - data contained in candidates' application documents, including cvs, questionnaires, tests, interview results, such as: CVs of the candidates. Questionnaires filled in by the candidates. Results of tests passed by the candidates. Results of interviews. - goals, KPIs, performance, results of periodic assessment, evaluation sheets, reviews, - results of workplace satisfaction and engagement surveys - data provided in applications, requests, complaints, suggestions, such as: Employee goals. KPIs (key performance indicators). Performance indicators. Results of periodic evaluation. Evaluation sheets. Feedback. Results of surveys on job satisfaction and employee engagement. Data provided in applications, inquiries, complaints, proposals. - data on attendance, absences, leaves - data on the establishment and termination of the employment relationship, - payroll data and other work-related benefits, such as: Attendance. Absences. Leaves of absence. Data on the creation and termination of labour relations. Data on salary payments - any other data concerning employment or related to services provided to the Data Controller, entered into the Peopleforce Platform - data resulting from the compilation of the aforementioned data. | All operations that can be performed on personal data whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. | For the duration of the Principle Agreement. |