When a subcontractor has intervened, the processing manager must have the right to monitor and control the subcontractor`s activities in accordance with this privacy statement and data protection law, including the collection of information from the subcontractor on written request on the content of the contract and the performance of the data protection obligations contained in the subcontract , if necessary by having access to relevant contractual documents. b) “data exporter,” the person who transfers personal data; We only process this data for recruitment purposes. We found this data on [Linkedin] if we want to fill a vacancy at home. We store this data in our candidate tracking system , [which stores data in the US and is fully compliant with EU data protection laws], and we will not share it with others. A description of the likely consequences of the breach of personal data 2.2 ensures appropriate security and virus protection measures are in place to protect the hardware and software used in the processing of personal data in accordance with industry best practices; When the processor engages subprocessors, the processor enters into a contract with the subprocessor that imposes the same obligations on the subprocessor that applies to the processor in accordance with that data protection authority. If the subcontractor does not meet its data protection obligations, the subcontractor remains responsible for the performance of these subcontracting obligations to the person in charge of the processing. Please note: While Workable has advised lawyers on this guide and updating our own product functions, Workable is not a law firm. All the information in this manual is only general information. It is not designed to be legal advice or be the full and complete legal statement, nor intend to meet your specific requirements. Organizations should have independent advice on their own data protection rules.

5.4 The data processor must immediately notify the data processor if it is aware of any form of data breach, including unauthorized or illicit processing, loss, deterioration or destruction of personal data. (i) that, in the case of a subcontract in point 11, the processing activity is carried out by a subcontractor offering at least the same level of protection for personal data and the rights of the person concerned as the importer of data in accordance with the clauses; and “standard contractual clauses,” the clauses attached to Schedule 1 in accordance with the European Commission`s decision (C (2010)593) of 5 February 2010 on standard contractual clauses for the transfer of personal data to subcontractors in third countries that do not guarantee an adequate level of data protection. “third party,” any individual or corporation, a public authority, an agency or agency other than the person concerned, the person in charge of the processing, the subcontractor and persons who are entitled to process personal data under the direct authority of the person in charge of the processing or subcontractor; 2. The parties agree that the decision taken by the person concerned does not infringe on his or her physical or procedural rights of appeal, in accordance with other provisions of national or international law.