This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Majoop B.V. (“Majoop” or “Processor”) and the customer entity using the Majoop platform as a controller of personal data (“Controller”).
This DPA applies automatically where, in connection with the services, Majoop processes personal data on behalf of the Controller.
Majoop B.V.
Papendorpseweg 95
3528BJ Utrecht
Netherlands
CoC: 99156601
The employer or recruiter organization using the Majoop platform that determines the purposes and means of the relevant processing of personal data.
This DPA applies to personal data processed by Majoop on behalf of the Controller in connection with the services provided through the platform.
The subject matter of the processing is the provision of the standard platform services made available by Majoop under the Terms of Service.
This DPA remains in effect for as long as Majoop processes personal data on behalf of the Controller.
Majoop provides a standardized software platform that supports recruitment-related workflows.
The nature and purpose of the processing are limited to what is necessary to provide the standard functionality of the platform as used and configured by the Controller.
Processing activities may include:
Majoop may also use aggregated and anonymized data derived from platform usage to improve, maintain and develop the platform. Such analysis does not identify individual data subjects.
Majoop does not provide custom processing services or implement customer‑specific processing instructions outside the standard functionality of the platform.
Depending on how the Controller uses the services, personal data processed by Majoop may include:
CV or resume files may be uploaded and stored in their original format as part of recruitment workflows carried out through the platform.
Controllers are responsible for ensuring that candidate information uploaded or shared through the platform has been obtained and processed in accordance with applicable data protection laws.
Depending on how the Controller uses the services, data subjects may include:
Controllers may assign multiple user accounts and roles within their organization. Individual users are typically identified through their unique email address and corresponding user account within the platform.
Majoop shall process personal data only:
Majoop shall:
The Controller grants Majoop general written authorization to engage subprocessors for the provision of the services.
Majoop shall ensure that any subprocessor is bound by written obligations that provide a level of data protection substantially equivalent to those set out in this DPA.
Majoop remains responsible for the performance of its subprocessors in accordance with applicable data protection law.
Where personal data processed under this DPA is transferred or processed outside the European Economic Area (EEA), Majoop will ensure that appropriate safeguards are implemented in accordance with applicable data protection laws.
Majoop shall implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access.
In assessing the appropriate level of security, account shall be taken in particular of the risks presented by the processing, the nature of the personal data, and the state of the art of available security practices.
Security measures may include safeguards relating to system architecture, infrastructure security, access controls, and operational procedures designed to maintain the confidentiality, integrity and availability of personal data.
Where relevant, Majoop may adopt or align its security practices with recognized industry standards or security frameworks. The specific security measures implemented may evolve over time as the platform, technology and regulatory requirements develop.
The Controller is responsible for handling requests from data subjects exercising their rights under applicable data protection laws.
Candidates or other data subjects interacting with the Controller typically address such requests directly to the relevant employer or recruiter acting as Controller.
Where individuals have their own user account on the Majoop platform, they may access or delete their personal data directly through the functionality of the platform.
Taking into account the nature of the processing and the information available to Majoop, Majoop will provide reasonable assistance to the Controller where necessary to support the Controller in fulfilling its legal obligations regarding data subject rights.
In the event that Majoop becomes aware of a personal data breach affecting personal data processed under this DPA, Majoop shall notify the Controller without undue delay.
Majoop shall provide available information reasonably necessary for the Controller to understand the nature and potential impact of the breach in relation to the services.
Nothing in this DPA prevents Majoop from fulfilling its own legal obligations under applicable data protection laws, including any obligation to notify competent supervisory authorities where required.
To the extent required by applicable data protection law, Majoop shall make available information reasonably necessary to demonstrate compliance with this DPA.
Except where required by mandatory law, the Controller shall not have a right to conduct on‑site audits or inspections of Majoop’s systems or facilities.
Upon termination of the services, personal data processed on behalf of the Controller will remain available within the Controller’s account for as long as the account remains active.
The Controller is responsible for managing and deleting data within its account through the functionality of the platform.
If the Controller deletes its account, personal data associated with that account will be removed from the platform, except where retention is required by applicable law.
If an account remains inactive for a prolonged period, Majoop may delete account data and related information after approximately one (1) year of inactivity.
The Controller is solely responsible for determining the purposes and means of the processing of personal data carried out through its use of the platform.
The Controller is responsible for ensuring that its use of the platform, including the collection, entry, sharing, and management of personal data within the platform, complies with applicable data protection laws.
Majoop provides standardized software infrastructure that enables the Controller to manage recruitment workflows. Majoop does not determine the content of personal data uploaded by the Controller, the lawfulness of the Controller’s processing activities, or the decisions made by the Controller in relation to candidates or other individuals.
Nothing in this DPA shall be interpreted as making Majoop responsible for how the Controller chooses to use the platform or for the Controller’s compliance with its own legal obligations as data controller.
The liability of the parties arising out of or in connection with this DPA shall be subject to the limitations and exclusions of liability set out in the Terms of Service, to the extent permitted by applicable law.
Majoop may update this DPA where necessary to reflect changes in the services, legal requirements or data protection practices.
The latest version will be made available through the platform or on the website and shall become effective as stated in the updated version.