Data Processing Addendum
This Data Processing Addendum ("DPA") is incorporated into and forms part of the Service Agreement ("Agreement") between Eduvocation Ltd (trading as MyNewTerm), a company registered in England and Wales under with company registration number 9678975 with its registered office at Suite 10, Enterprise House, Wrest Park, Silsoe, Bedfordshire, MK45 4HR, United Kingdom (“MyNewTerm”) and you, the customer (“you”, “your” or the “Customer”). It sets out the terms governing the processing of personal data in connection with the services provided under the Agreement. This DPA applies to the extent that MyNewTerm processes personal data on behalf of the Customer and ensures compliance with applicable data protection laws.
1 In order to use the Service, you will be required to provide your information and information of Users (such as identification or contact details) as part of the registration process. You agree that any such information you give to MyNewTerm will be kept accurate, correct and up to date.
2 MyNewTerm may use Customer Data on an aggregated, anonymised, non-identifiable basis (e.g. to produce market trends data, and other market analysis). Where MyNewTerm uses data in accordance with clauses 8.1 and 8.2 it shall do so as a data controller. For all other purposes concerning the provision of the Services, MyNewTerm shall be acting as a data processor on behalf of the Customer.
3 Both parties will comply with all applicable requirements of Data Protection Laws. This Clause 1 is in addition to, and does not relieve, remove, or replace, a party's obligations or rights under Data Protection Laws.
4 Without prejudice to the generality of Clause 1.3, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of personal data, including special category personal data, to MyNewTerm for the duration and purposes of this Agreement.
5 In relation to the Customer Data and/or Candidate Personal Data, Schedule 1 sets out the scope, nature, and purpose of processing by MyNewTerm, the duration of the processing and the types of personal data and categories of data subject.
6 Without prejudice to the generality of Clause 1.3, MyNewTerm shall, in relation to Customer Data and Candidate Personal Data:
6.1 process that Customer Data and/or Candidate Personal Data only on the documented instructions of the Customer, which shall be to process the Customer Data and/or Candidate Personal Data for the purposes set out in Schedule 1, unless MyNewTerm is required by Data Protection Laws to otherwise process that Customer Data and/or Candidate Personal Data (Purpose);
6.2 implement appropriate technical and organisational measures, including by maintaining measures equivalent to those set out in Schedule 1 and those prescribed by Article 32 of UK GDPR, to protect against unauthorised or unlawful processing of Customer Data and/or Candidate Personal Data and against accidental loss or destruction of, or damage to, Customer Data and/or Candidate Personal Data having regard to the state of technological development and the cost of implementing any measures;
6.3 ensure that any personnel engaged and authorised to process Customer Data and/or Candidate Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality and are appropriately trained in handling personal data in accordance with Data Protection Laws and will only process the Customer Data and/or Candidate Personal Data in a manner permitted by this Agreement;
6.4 assist the Customer insofar as this is possible (considering the nature of the processing and the information available to it) in responding to any request from a data subject and in ensuring each party’s compliance with its respective obligations under Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. MyNewTerm shall promptly inform the Customer of any data subject access request or complaint received, which relates to any processing undertaken by MyNewTerm under this Agreement;
6.5 notify the Customer without undue delay but in any event within 24 hours of becoming aware of a personal data breach involving the Customer Data and/or Candidate Personal Data;
6.6 at the written direction of the Customer, securely delete or return Customer Data or Candidate Personal Data, as the case may be, and copies thereof to the Customer on termination of this Agreement unless MyNewTerm is required by Data Protection Laws to continue to process that Customer Data or Candidate Personal Data, as the case may be. In such circumstances MyNewTerm shall notify the Customer of the purposes of such processing and what Data Protection Laws it is relying on. Any such processing shall be carried out in accordance with the requirements set out in this Clause 8. For the purposes of this sub-Clause 8.6.6, Customer Data or Candidate Personal Data, as the case may be, shall be considered deleted where it is put beyond further use by the party processing such Customer Data or Candidate Personal Data, as the case may be; and
6.7 maintain records to demonstrate its compliance with this Clause 8.
7 The Customer hereby provides its prior, general authorisation for MyNewTerm to appoint sub-processors to process the Customer Data provided that MyNewTerm:
7.1 shall ensure that the terms on which it appoints such sub-processors comply with Data Protection Laws, and are consistent with the obligations imposed on MyNewTerm in this Clause 1;
7.2 shall remain responsible for the acts and omission of any such sub-processor as if they were the acts and omissions of MyNewTerm; and
7.3 shall inform the Customer of any intended changes concerning the addition or replacement of the sub-processors, thereby giving the Customer the opportunity to reasonably object to such changes.
8 Each party shall indemnify the other against all costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the indemnified party arising out of or in connection with third party claims relating to a breach of Data Protection Laws by the indemnifying party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it.
9 MyNewTerm is not responsible for assisting you with (or advising you on) your own compliance with applicable laws or regulations including Data Protection Laws.
10 Upon termination of this Agreement, or otherwise upon your written notice, MyNewTerm shall cease to retain the Customer Data that the Customer no longer requires under this Agreement and, at your option, either return the Customer Data to you (but only provided that all outstanding and undisputed Fees have been paid) or destroy the Customer Data. MyNewTerm will provide Customer Data in an industry standard format upon your request to enable you to transfer it to a new system.
SCHEDULE 1 DATA PROCESSING SCHEDULE
1. Parties' Role
With respect to the processing of Customer Data and Candidate Personal Data
- The Customer is the controller.
- MyNewTerm is the processor.
2. Particulars of processing
2.1 Scope
MyNewTerm provides a software as a service solution. Personal data is collected by MyNewTerm on behalf of the Customer and is processed so that MyNewTerm may provide the Services.
Candidate Personal Data is provided by job seekers who may delete their account and consequently their personal data at any time (Candidate Personal Data that has been shared with Customers through the completion of a job application will not be automatically deleted upon Candidate account deletion and Candidate requests in relation to such data need to be made directly with the relevant Customer). Customers receive Candidate Personal Data once they apply for a job and then use the Services to manage the recruitment process.
2.2 Nature
Storage of personal data.
Retrieving, collating, structuring, adapting and anonymising personal data.
Transfers of personal data via integrations and third party service providers.
Erasing or destroying personal data.
2.3 Purpose of processing
The provision of the Services which includes job advertisement, applicant tracking and the hiring of individuals in accordance with safer recruitment requirements.
2.4 Duration of the processing
Unless Candidate Personal Data is deleted by a candidate prior to their application for an advertised job role, or unless instructed differently by the Customer pursuant to clause 8.9, MyNew Term will process personal data for the term of this Agreement or for such period as MyNewTerm may be required to retain and process such data by law.
2.5 Types of personal data
- name and contact information, including email address and telephone number and job title;
- information to check and verify identity such as date of birth;
- gender;
- location data;
- government identifiers such as passport details;
- personal or professional interests;
- name and contact details;
- date of birth;
- national insurance number;
- health and/or other medical information including; disabilities, sex life or sexual orientation;
- information in connection with education (and the curriculum of the school);
- personal characteristics, such as:
- gender;
- nationality and ethnic group;
- religion
- first-language
- any special educational needs;
- any relevant protected characteristics.
- employees' employment history, qualifications and employment contractual information, such as:
- qualifications information;
- training & Continuing Professional Development (CPD) information; o professional bodies information;
- right to work information;
- criminal conviction information including results from Disclosure and Barring Service (DBS);
- name of past and current employers and periods of employment and unemployment;
- past and current employee position and/or role;
- past and current employment start dates;
- past and current salary / remuneration details (including national insurance and other financial details);
- references from previous employers or academic or character references; and
- any relevant protected characteristics; and
- such other data that the Customer or MyNewTerm collects as part of the Services.
2.6 Categories of data subject
Customer’s personnel.
Job applicants.
2.7 Types of personal data
MyNewTerm implements appropriate technological and organisational measures designed to protect your data including (without limitation) 256-bit Advanced Encryption Standard. MyNewTerm is Cyber Essentials and IASME Cyber Assurance Level 1 accredited.
SCHEDULE 2 - SUB PROCESSOR LIST
| Category | Sub-Processor | Purpose | Location |
|---|---|---|---|
| Infrastructure / Hosting | Evaris - Microsoft Azure | Cloud hosting, disaster recovery | UK |
| Amazon Web Services (AWS) | Cloud hosting, storage | Global | |
| IONOS | Cloud hosting | EU | |
| Visa - 3412 | 02/01/2016 | $842 | 01/01/2016 - 01/31/2016 |
| Customer Support & CRM | Google Workspace | Business operations, communication, document storage | Global |
| Tawk | Online live chat | Global | |
| Intercom | Customer support tools | Global | |
| Slack | Internal communications / support | US | |
| TextKernel | CV parsing and candidate data extraction | EU/Global | |
| Jira (Atlassian) | Issue tracking and internal ticketing | EU / US | |
| Trello (Atlassian) | Project management | US | |
| Email & Communication | SendGrid | Transactional emails | US |
| MailerLite | Marketing email campaigns | EU | |
| Twilio | SMS messaging, multi-factor authentication | US | |
| SMSWorks | SMS messaging | UK | |
| Reviews.io | Candidate review collection and display | UK | |
| EdTech Impact | Employer testimonials platform | UK | |
| Calendly | Meeting scheduling tool | US | |
| Buffer | Social media scheduling | US | |
| Vimeo | Video hosting and streaming | US | |
| Loom | Video hosting and streaming | US | |
| Analytics & Monitoring | Google Analytics | Website usage analytics | Global |
| Sentry | Application error monitoring | US | |
| GitLab | Source code management, issue tracking | US / EU | |
| Payments & Subscriptions | FreeAgent | Invoicing and payment processing | UK |
| DropboxSign | Contracts and digital signatures | US | |
| Chargebee | Subscription billing management | US / Global | |
| Data Storage / Backups | Google Drive | File storage and internal backups | Global |
| AWS S3 | Secure backup and data storage | Global | |
| Authentication / Identity | Yoti | Identify verification for candidates or users | UK / Global |
| SP Index | Online candidate searches for employers | UK / Global |
All sub-processors are bound by data processing agreements and appropriate safeguards, including Standard Contractual Clauses where required. This list is reviewed and updated regularly.
© MyNewTerm 2025
0
0
0
