Standard Data Processing Agreement (DPA)

You are the data controller. RoleMapper is the data processor. We will only process personal data in line with the terms of our signed contract with you and as necessary to provide our services 

• Purpose: To support your use of RoleMapper’s platform and services. 
• Nature: Storage, access, transfer and processing of data through the RoleMapper platform. 
• Duration: For the term of our agreement with you. 
• Types of data: Contact details (e.g. names, email addresses), role data, job-related data. 
• Data subjects: Employees, contractors, job applicants or other individuals whose data you input or manage using our services. 

We will: 

• Keep personal data confidential and secure 

• Only act on your documented instructions 

• Ensure staff who access the data are subject to confidentiality 

• Implement appropriate technical and organisational security measures 

• Help you fulfil your obligations under UK GDPR, including responding to data subject rights and conducting data protection impact assessments (DPIAs) 

• Notify you without undue delay if we become aware of a personal data breach 

• Assist with audits or inspections, where reasonable 

We use trusted sub-processors to deliver parts of our service. Our current list of sub-processors is available here. 

We ensure all sub-processors are bound by equivalent data protection obligations. You will be notified of any changes, and you may object to a new sub-processor on reasonable grounds. 

If we transfer personal data outside the UK, we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Government. 

At the end of our contract, or at your request, we will delete or return all personal data unless we are required by law to retain it. 

This Agreement is governed by the laws of England and Wales. Any disputes will be resolved in the courts of England and Wales.