Last updated: [add date]

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions between the Customer (“Data Controller”) and Xolo Go OÜ – Póti Tamás (“Data Processor”).

1. Subject of the Agreement

The Data Processor provides job-listing, hosting, and content management services that may involve processing personal data on behalf of the Controller.

2. Scope of Data Processing

Personal data may include:

• Contact information

• Employer/employee profile data

• Application materials (CVs, portfolios)

• Analytics and technical data

Processing activities include storage, transmission, organisation, and deletion.

3. Compliance with GDPR & UK GDPR

Both parties agree to comply with:

• EU GDPR

• UK GDPR

• ePrivacy Directive

• Relevant UK and EU laws

4. Confidentiality

Employees and subcontractors of the Processor are bound by strict confidentiality obligations.

5. Security Measures

The Processor shall implement appropriate technical and organisational measures, including:

• Encrypted communication

• Access controls

• Secure hosting infrastructure

• Data minimisation

6. Sub-processors

The Processor may engage sub-processors such as:

• Hosting providers

• Email service providers

• Analytics providers
  All sub-processors must comply with GDPR.

7. Data Subject Rights

The Processor will assist the Controller in:

• Responding to access requests

• Correcting or deleting data

• Handling objections or consent withdrawals

8. Data Breaches

The Processor shall notify the Controller without undue delay in case of any data breach involving personal data.

9. Termination

Upon termination of the service, all processed personal data will be:

• Returned to the Controller, or

• Securely deleted