HomeAbout UsPriceTalk to Expert
HomePriceAbout UsContact Us
Logo
Talk to Expert

Data Processing Agreement (DPA)

Legal

Last updated / June 22, 2025

1. Scope and Priority

This Data Processing Agreement ("DPA") is an integral part of the contractual relationship between the Customer and BeskarStaff AI under the applicable Terms of Use, Service Agreements and/or Order Forms (collectively the "Agreement"). It sets forth the conditions under which BeskarStaff AI processes personal data on behalf of the Customer in connection with the Services.

The DPA may be updated by BeskarStaff AI from time to time. Material changes will be communicated to the Customer through appropriate channels (e.g. email or in-app notifications) or published on the website. In case of conflict between DPA and main Agreement, the provisions of this DPA shall take precedence regarding the processing of personal data.

The DPA remains in effect as long as BeskarStaff AI processes personal Customer data under the Agreement. Capitalized terms not defined in this DPA have the meaning given to them in the Agreement or applicable data protection law.

2. Definitions

"Customer Data / Customer Personal Data": All personal data received by BeskarStaff AI from Customers or processed on behalf of the Customer during use of the Services.

"Processing": Any operation or set of operations performed on personal data, e.g. collection, storage, access, use or deletion.

"revDSG / FADP": Revised Swiss Federal Act on Data Protection of 25.09.2020 including implementing ordinance.

"Data Subject": Any natural person whose personal data is processed.

"Sub-processor": Any third party engaged by BeskarStaff AI for processing personal data.

3. Processing of Personal Customer Data

3.1 Roles and Responsibilities

The Customer acts as Controller under revDSG; BeskarStaff AI acts as Processor. The Customer is responsible for the lawfulness of data collection and transmission as well as determining the purpose and legal basis of processing.

3.2 Instructions and Processing Scope

BeskarStaff AI processes personal Customer data exclusively according to documented instructions from the Customer (DPA + Service Agreement). Additional instructions must be agreed in writing and may require adjustments to scope, schedule or price.

3.3 Permissible Processing

Data is processed exclusively for the provision of contractually agreed Services. Processing beyond this purpose (including disclosure to third parties) occurs only if legally required or contractually expressly permitted.

Note: Only publicly available information is processed (name, professional profile, photos on platforms like LinkedIn). Sensitive data (e.g. gender, ethnic origin, religion) is not processed or inferred. Conclusions about such characteristics are solely the Customer's responsibility.

3.4 Support for Data Subject Rights

BeskarStaff AI supports the Customer with Data Subject requests (access, rectification, deletion). The Customer remains responsible for processing; support by BeskarStaff AI is provided upon written request. Costs for complex or frequent requests may be charged separately.

3.5 Sub-processors

Sub-processors may only be engaged with Customer consent. All Sub-processors are contractually obligated to maintain comparable data protection standards. Customers will be informed of changes and may object within a reasonable period. BeskarStaff AI remains responsible for Sub-processors' compliance.

3.6 Technical and Organizational Measures (TOMs)

BeskarStaff AI implements appropriate measures to protect Customer data: encryption, access restriction, system monitoring, backup and audit logs.

3.7 Cross-Border Data Transfers

Customer data may only be transferred outside Switzerland to countries with adequate data protection levels (EU/EEA, countries with adequacy decisions) or using standard contractual clauses recognized by Switzerland (SCC 2021/914). BeskarStaff AI ensures compliance with Articles 16-18 revDSG.

3.8 Deletion or Return after Contract End

Upon termination of Services, BeskarStaff AI will, upon written Customer request, return or securely delete all personal data unless subject to statutory retention requirements. If no return is requested within 30 days, BeskarStaff AI will delete the data according to internal policies.

3.9 Data Breach

BeskarStaff AI maintains internal procedures for detecting and responding to data breaches. In case of incidents, BeskarStaff AI will inform the Customer immediately, including nature of the incident, affected data and remedial measures. Support for legal notification obligations to authorities or data subjects will be provided.

3.10 Legally Required Disclosures

BeskarStaff AI will inform the Customer immediately of any official or judicial orders unless legally prohibited. Support in responding to such requests will be provided.

3.11 Service Analytics

BeskarStaff AI may analyze aggregated, non-identifiable data regarding Service performance and usage. Customer data will not be identifiable.

3.12 Accountability

BeskarStaff AI maintains records of processing activities pursuant to Art. 12 revDSG. Proof of compliance with data protection obligations will be provided upon request.

Annex 1 – Processing Details

Data Exporter: Customer
Data Importer: BeskarStaff AI, Switzerland

Data Subjects: Candidates and professionals with publicly available profiles (LinkedIn etc.)
Data Categories: Name, profession, experience, education, skills, public contact info, profile links, profile pictures
Purpose: Recruitment and talent matching services
Duration: As long as Customer uses the Services
Sub-processors: Only with equivalent data protection obligations
Supervisory Authority: Federal Data Protection and Information Commissioner (FDPIC)

Authorized Purposes: Candidate identification and potentially initial contact

Annex 2 – Technical and Organizational Measures

  • Hosting in Swiss data centers with physical security measures
  • Encryption at rest (AES-256) and in transit (TLS)
  • Access rights on need-to-know basis, MFA for administrators
  • Regular security scans, penetration tests, patch management
  • Daily backups, disaster recovery and contingency plans
  • Deletion or secure destruction after contract end
  • System monitoring, backup and audit logs

Contact

General inquiries: support@beskarstaff.com
Privacy: privacy@beskarstaff.com
Security: security@beskarstaff.com

Jurisdiction: Zug, Switzerland.