Data Processing Addendum

Overview

A Data Processing Addendum (DPA) is available for customers upon request and forms part of our customer contract. The DPA establishes the terms under which Navero processes personal data on behalf of our customers as a data processor.

What the DPA Covers

• Subprocessors: details of third-party service providers involved in data processing, including purpose and location.
• Security measures: technical and organisational measures applied to protect personal data.
• Data retention: policies governing how long personal data is retained and how it is deleted.
• Incident notification: timelines and procedures for notifying customers and regulators in the event of a data breach.
• Cross-border safeguards: contractual transfer mechanisms (such as EU Standard Contractual Clauses) applied where personal data is transferred internationally.
• AI usage transparency: description of how AI-assisted features are used in the platform and the role of human oversight in hiring decisions.

Contracting Framework

• Our DPA follows Controller–Processor terms aligned with UK GDPR and EU GDPR.
• EU Standard Contractual Clause modules are available where a transfer tool is needed.
• A Saudi SCC addendum is available for Saudi cross-border scenarios where applicable.

Request a Copy

To request a copy of our DPA or discuss your data processing requirements, please contact us at legal@navero.me.