DATA PROCESSING AGREEMENT
Last Updated: 01.03.2025
1. INTRODUCTION
This Data Processing Agreement ("DPA") is an addendum to the Next in Careers Terms and Conditions and Privacy Policy and is applicable where Next in Careers (Pty) Ltd ("Company," "We," "Us," or "Our") processes personal data on behalf of employers, job seekers, and other users. This agreement is intended to ensure compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
This DPA sets forth the obligations, responsibilities, and rights of the data controller (employers or job seekers) and the data processor (Next in Careers), particularly regarding the handling, processing, and storage of personal data.
By using Next in Careers' services, the employer ("Data Controller") agrees to the terms set forth in this DPA.
2. ROLES AND RESPONSIBILITIES
2.1 Data Controller Responsibilities
Employers and recruiters who utilize Next in Careers for hiring purposes act as the Data Controller and are responsible for ensuring that:
They collect and process personal data lawfully, fairly, and transparently.
They obtain the necessary consent from job applicants before sharing their data.
They comply with all applicable data protection laws, including GDPR, CCPA, and other relevant regulations.
2.2 Next in Careers as a Data Processor
Next in Careers acts as a Data Processor when it facilitates the recruitment process by collecting and managing candidate data. However, all candidate data is stored securely on JotForm, an external data storage provider. Next in Careers does not process, modify, or retain candidate data outside of JotForm’s infrastructure.
Next in Careers is responsible for:
Ensuring that JotForm adheres to international data protection laws.
Facilitating candidate data access requests in compliance with GDPR and CCPA.
Implementing technical and organizational measures to secure data against unauthorized access, loss, or breach.
3. DATA COLLECTION, PROCESSING, AND STORAGE
3.1 Candidate Data
All candidate resumes, job applications, and related information are securely stored on JotForm, which is responsible for maintaining data security and compliance with GDPR and other global standards. Next in Careers does not store candidate data directly.
3.2 Employer and Recruitment Data
Employers who post job listings or recruit candidates through Next in Careers must ensure that:
They handle candidate data responsibly and lawfully.
They only use candidate information for recruitment purposes.
They delete or anonymize personal data when it is no longer necessary.
4. DATA SECURITY MEASURES
Next in Careers implements the following security measures to protect user data:
Data Encryption: JotForm encrypts stored candidate data to prevent unauthorized access.
Access Controls: Restricted access is provided only to authorized personnel.
Regular Audits: Periodic assessments are conducted to maintain security compliance.
Incident Response Plan: In case of a data breach, immediate steps will be taken to mitigate risks and notify affected users.
Employers are responsible for implementing their own security measures when handling candidate data retrieved from Next in Careers.
5. DATA SUBJECT RIGHTS
Under GDPR and CCPA, candidates have the right to:
Request access to their personal data.
Request correction or deletion of inaccurate information.
Restrict or object to data processing.
Withdraw consent for data use.
Candidates can submit requests via info@nextincareers.com, and Next in Careers will coordinate with JotForm to process the request in compliance with applicable laws.
6. DATA BREACH NOTIFICATION
In the event of a data breach involving candidate information stored on JotForm:
Next in Careers will notify affected users as soon as reasonably possible.
Regulatory authorities will be informed where required under GDPR or CCPA guidelines.
Affected candidates will be advised on steps to protect their information.
JotForm, as the data storage provider, will also follow its own incident response procedures to secure compromised data.
7. DATA RETENTION POLICY
Candidate data stored on JotForm is retained according to JotForm’s policies. Next in Careers does not retain candidate data beyond the period required for recruitment purposes. Employers and recruiters must delete candidate data once it is no longer needed for hiring.
Users may request the deletion of their data by contacting info@nextincareers.com.
8. INTERNATIONAL DATA TRANSFERS
Next in Careers operates globally, and candidate data stored on JotForm may be processed in jurisdictions outside the user's country of residence. All international transfers comply with GDPR Standard Contractual Clauses (SCCs) and other legally required safeguards.
9. TERMINATION OF DATA PROCESSING AGREEMENT
This agreement remains in effect as long as Next in Careers provides recruitment services through JotForm. If Next in Careers ceases operations or migrates to a different data storage provider, affected users will be notified regarding the status of their data.
If an employer ceases using Next in Careers’ services, they must delete any candidate data they have accessed or stored. Failure to comply with data retention policies may result in legal consequences.
10. GOVERNING LAW AND DISPUTE RESOLUTION
This Data Processing Agreement shall be governed by and construed in accordance with the laws of South Africa. Any disputes arising from this DPA shall first be attempted to be resolved through negotiation and mediation. If unresolved, disputes shall be submitted to the competent courts in South Africa.
11. CONTACT INFORMATION
For inquiries regarding this Data Processing Agreement, please contact:
Email: info@nextincareers.com
Website: www.nextincareers.com
12. COPYRIGHT NOTICE
© 2024 Next in Careers (Pty) Ltd. All Rights Reserved.