Introduction and purpose

This agreement explains how Evolve AI Labs Pty Ltd (the Processor) handles personal data on behalf of its customers (the Controller). It ensures compliance with data protection laws such as GDPR and protects the privacy and security of personal data.

Legal framework

This agreement follows the General Data Protection Regulation (GDPR) and other relevant data protection laws. It complements existing agreements between the Controller and the Processor to ensure lawful and secure data processing.

Scope of agreement

This agreement applies to all personal data processing activities performed by Evolve AI Labs for the Controller. It defines the roles, responsibilities, and obligations of both parties regarding personal data.

Parties to the agreement

Data controller

The Controller is the customer using Evolve AI Labs’ AI driven recruitment solutions. The Controller determines the purposes and methods of processing personal data.

Data processor

Evolve AI Labs Pty Ltd

Industry: Technology (SaaS) and Professional Services

Business address: Evolve AI Labs, 100 Barangaroo Avenue, Sydney, NSW 2000, Australia

Contact email: admin@evolveailabs.com

GDPR representative

The Directors of Evolve AI Labs act as the primary representatives for data protection compliance.

Processing details

Nature and purpose

Evolve AI Labs processes personal data to deliver AI powered recruitment services, including:

• Automating job descriptions

• Summarising candidate profiles

• Generating interview questions

• Providing recruitment related reports

Duration of processing

Personal data is processed for the duration of the customer agreement or as required by law.

Categories of data

• Candidate information, including CVs, resumes, and interview transcripts

• Contact details, including names, email addresses, and phone numbers

• Enriched data obtained from third party APIs

• Confidential business information related to recruitment

Categories of data subjects

• Job candidates

• Customer employees or representatives involved in recruitment

Processor obligations

Processing instructions

Evolve AI Labs processes personal data only in accordance with the Controller’s documented instructions, including those provided through its services.

Confidentiality

All employees, contractors, and partners with access to personal data are bound by confidentiality agreements and receive data protection training.

Security measures

Evolve AI Labs implements strong security measures, including:

• Data encryption in transit using HTTPS and JWT

• Access controls restricting data access to authorised personnel

• Multi factor authentication for critical systems

• Expiring tokens for third party integrations

Subprocessors

Evolve AI Labs uses vetted subprocessors such as Azure and OpenAI. Data processing agreements with all subprocessors ensure compliance with applicable laws.

Data subject rights

Assistance with requests

Evolve AI Labs assists the Controller in responding to data subject requests, including access, correction, and deletion of personal data.

Response timeframes

Requests are handled promptly and within 30 days, unless otherwise required by law.

Documentation

Records of all data subject requests and the actions taken are maintained for accountability purposes.

Data breach provisions

Notification

In the event of a data breach, Evolve AI Labs will notify the Controller without undue delay and provide details regarding the breach, its impact, and mitigation measures.

Cooperation

Evolve AI Labs will cooperate fully with the Controller to investigate, contain, and resolve any data breaches.

Documentation

All data breaches are documented, including their nature, impact, and resolution, to ensure transparency and compliance.

International transfers

Transfer mechanisms

Evolve AI Labs ensures that all international data transfers comply with GDPR and other applicable laws. Data is encrypted during transfer using secure mechanisms such as HTTPS and expiring tokens.

Safeguards

When transferring data to subprocessors outside the EU, appropriate safeguards including Standard Contractual Clauses (SCCs) are implemented.

Compliance records

Records of all international transfers and safeguards are maintained for audit purposes.

Audit and compliance

Controller audit rights

The Controller may request information or conduct audits to verify Evolve AI Labs’ compliance with this agreement.

Compliance documentation

Evolve AI Labs provides relevant documentation, including security certifications such as ISO 27001, to demonstrate compliance with data protection obligations.

Information requests

Upon request, Evolve AI Labs provides the necessary information to support compliance with applicable laws.

Termination provisions

Data return or deletion

Upon termination of the agreement, Evolve AI Labs will return or securely delete all personal data in accordance with the Controller’s instructions, unless retention is required by law.

Transition assistance

Evolve AI Labs will assist with transferring personal data back to the Controller or to a designated third party to ensure a smooth transition.

Continuing obligations

Confidentiality and data protection obligations remain in effect after termination of the agreement.

General provisions

Liability and indemnification

Evolve AI Labs is liable for breaches resulting from its negligence or failure to comply with applicable laws. Both parties agree to indemnify each other for damages arising from non compliance.

Amendments

This agreement may be amended by mutual written consent to reflect changes in laws or business practices.

Governing law

This agreement is governed by the laws of New South Wales, Australia. Any disputes will be resolved in the courts of New South Wales, Australia.

By adhering to this agreement, Evolve AI Labs ensures responsible, secure, and lawful processing of personal data, providing customers with confidence and peace of mind.