Effective Date: August 21, 2025
This Data Processing Agreement (“DPA”) forms part of the Terms of Service or other agreement (the “Agreement”) between:
- Customer (“Controller”), and
- HR Bible SRL (“Processor”), a company organized under the laws of Romania, registered at Int. Gheorghe Simionescu 19, Bucharest,
(each a “Party”, together the “Parties”).
1. Subject Matter
This DPA governs HR Bible’s processing of personal data on behalf of the Customer in connection with the Services (Slack and Microsoft Teams integrations, HR request management, and related SaaS functionality).
2. Roles of the Parties
- The Customer is the Data Controller.
- HR Bible is the Data Processor.
- Both Parties will comply with their obligations under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.
3. Categories of Data & Data Subjects
HR Bible may process the following categories of personal data on behalf of the Customer:
- Employee identification data: user ID, display name, email, workspace ID.
- HR request data: PTO dates, request type, approval/rejection status.
- Usage metadata: timestamps, request history, communication logs.
Data subjects include employees, contractors, or users authorized by the Customer to use the Services.
4. Purpose & Instructions
HR Bible processes personal data solely for:
- Delivering and maintaining the Services.
- Handling HR requests submitted via Slack/Teams.
- Providing support and technical assistance.
- Ensuring security, monitoring, and compliance.
Processor will act only on documented instructions from Customer, unless required by law.
5. Sub-Processors
Customer authorizes HR Bible to use sub-processors (e.g., hosting, analytics, customer support providers).
- HR Bible will maintain a public list of sub-processors at https://hr-bible.com/subprocessors.
- HR Bible will impose equivalent contractual obligations on all sub-processors.
- Customer will be notified in advance of any new sub-processors and may object on reasonable grounds.
6. International Transfers
If personal data is transferred outside the EEA/UK:
HR Bible will ensure adequate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), or rely on an adequacy decision.
7. Security Measures
HR Bible will implement appropriate technical and organizational measures, including:
- Encryption in transit and at rest.
- Access controls and authentication.
- Regular security testing and monitoring.
8. Data Subject Rights
HR Bible will assist the Customer in fulfilling data subject requests (access, correction, deletion, portability, restriction, objection) by providing necessary technical support.
9. Data Breach Notification
In case of a personal data breach affecting Customer data, HR Bible will:
- Notify Customer without undue delay (and in any case within 72 hours).
- Provide details on nature, scope, and remediation measures.
10. Data Retention & Deletion
Upon termination of Services, HR Bible will:
- Delete or return all personal data within 90 days, unless retention is required by law.
- Securely delete any remaining copies from backups.
11. Audit & Compliance
- Customer may request information to demonstrate compliance with this DPA.
- HR Bible will make audit reports or security certifications available.
- On-site audits may be conducted at Customer’s expense, with reasonable notice.
12. Liability
The Parties’ liability under this DPA is subject to the limitations of liability set out in the Agreement, except where prohibited by law.
13. Term & Termination
This DPA remains in force for as long as HR Bible processes personal data on behalf of the Customer under the Agreement.
14. Governing Law
This DPA will be governed by the same law and jurisdiction as the Agreement, unless otherwise required by data protection laws.
Signed:
For Customer (Controller):
Name: ___________________
Title: ___________________
Date: ___________________
For HR Bible SRL (Processor):
Name: Eugen Sfirlos
Title: Chief Executive Officer
Date: ___________________