# JobE — Data Processing Addendum (Template) > Template only. Replace bracketed fields and review with counsel. ## 1. Parties - **Controller (Customer)**: [Customer legal name], [address] - **Processor (JobE)**: [JobE legal name], [address] ## 2. Definitions Terms used in this DPA have the meaning given in GDPR Article 4 (and analogous KVKK/CCPA terms where applicable). ## 3. Subject matter and duration JobE will process Customer Personal Data to provide the JobE services during the term of the applicable agreement and until deletion/return under Section 10. ## 4. Nature and purpose of processing - Provision of HR workflow software for organizational structure management, job evaluation workflows, and pay equity analytics. - Support, security, and fraud prevention. ## 5. Categories of data and data subjects ### Data subjects - Customer’s authorized users (HR users/admins) - Customer’s employees (pseudonymous pay equity census) ### Categories of data - Account data (email, authentication identifiers) - Organizational structure data (departments, positions) - **Job evaluation AI payload**: department name, position title, job description text (JD) - **Pay equity**: pseudonymous employee ID + compensation metrics (never sent to AI) ## 6. Processing instructions Processor will process data only on documented instructions from Controller, including with regard to transfers, unless required by law. ## 7. Confidentiality Processor ensures persons authorized to process data are bound by confidentiality obligations. ## 8. Security measures Processor implements appropriate technical and organizational measures, including: - Access control and least privilege - Encryption in transit - Logging/audit trail (where enabled) - Secure SDLC and vulnerability management ## 9. Subprocessors Processor may use subprocessors to provide the services. The current list is published at `/subprocessors`. ## 10. Return and deletion Upon termination, Processor will return or delete Customer Personal Data as agreed, subject to legal retention requirements and any audit obligations. ## 11. Audit and assistance Processor will provide reasonable assistance with: - DSAR requests (export/deletion) - Security incident response information - Compliance documentation needed for procurement ## 12. International transfers Where transfers occur, Processor will apply an appropriate transfer mechanism (e.g., SCCs) as applicable. ## 13. Annexes ### Annex I — Processing details To be completed by the parties. ### Annex II — Security measures To be completed by the parties.