Data Processing Agreement (DPA)

Effective Date: August 21, 2025 

This Data Processing Agreement (“DPA”) forms part of the Terms of Service or other agreement (the “Agreement”) between:

  • Customer (“Controller”), and
  • HR Bible SRL (“Processor”), a company organized under the laws of Romania, registered at Int. Gheorghe Simionescu 19, Bucharest,

(each a “Party”, together the “Parties”).

1. Subject Matter

This DPA governs HR Bible’s processing of personal data on behalf of the Customer in connection with the Services (Slack and Microsoft Teams integrations, HR request management, and related SaaS functionality).

2. Roles of the Parties

  • The Customer is the Data Controller.
  • HR Bible is the Data Processor.
  • Both Parties will comply with their obligations under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.

3. Categories of Data & Data Subjects

HR Bible may process the following categories of personal data on behalf of the Customer:

  • Employee identification data: user ID, display name, email, workspace ID.
  • HR request data: PTO dates, request type, approval/rejection status.
  • Usage metadata: timestamps, request history, communication logs.

Data subjects include employees, contractors, or users authorized by the Customer to use the Services.

4. Purpose & Instructions

HR Bible processes personal data solely for:

  • Delivering and maintaining the Services.
  • Handling HR requests submitted via Slack/Teams.
  • Providing support and technical assistance.
  • Ensuring security, monitoring, and compliance.

Processor will act only on documented instructions from Customer, unless required by law.

5. Sub-Processors

Customer authorizes HR Bible to use sub-processors (e.g., hosting, analytics, customer support providers).

  • HR Bible will maintain a public list of sub-processors at https://hr-bible.com/subprocessors.
  • HR Bible will impose equivalent contractual obligations on all sub-processors.
  • Customer will be notified in advance of any new sub-processors and may object on reasonable grounds.

6. International Transfers

If personal data is transferred outside the EEA/UK:

HR Bible will ensure adequate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), or rely on an adequacy decision.

7. Security Measures

HR Bible will implement appropriate technical and organizational measures, including:

  • Encryption in transit and at rest.
  • Access controls and authentication.
  • Regular security testing and monitoring.

8. Data Subject Rights

HR Bible will assist the Customer in fulfilling data subject requests (access, correction, deletion, portability, restriction, objection) by providing necessary technical support.

9. Data Breach Notification

In case of a personal data breach affecting Customer data, HR Bible will:

  • Notify Customer without undue delay (and in any case within 72 hours).
  • Provide details on nature, scope, and remediation measures.

10. Data Retention & Deletion

Upon termination of Services, HR Bible will:

  • Delete or return all personal data within 90 days, unless retention is required by law.
  • Securely delete any remaining copies from backups.

11. Audit & Compliance

  • Customer may request information to demonstrate compliance with this DPA.
  • HR Bible will make audit reports or security certifications available.
  • On-site audits may be conducted at Customer’s expense, with reasonable notice.

12. Liability

The Parties’ liability under this DPA is subject to the limitations of liability set out in the Agreement, except where prohibited by law.

13. Term & Termination

This DPA remains in force for as long as HR Bible processes personal data on behalf of the Customer under the Agreement.

14. Governing Law

This DPA will be governed by the same law and jurisdiction as the Agreement, unless otherwise required by data protection laws.

Signed:

For Customer (Controller):
Name: ___________________
Title: ___________________
Date: ___________________

For HR Bible SRL (Processor):
Name: Eugen Sfirlos
Title: Chief Executive Officer
Date: ___________________