Logo

Data processing agreement

1. Introduction
This Data Processing Agreement ("Agreement") forms part of the Terms of Service between Ribin Tech OÜ ("Processor") and the business customer ("Controller"). This Agreement ensures compliance with the EU General Data Protection Regulation (GDPR) when Processor processes personal data on behalf of the Controller.

2. Definitions

  • Controller: The business entity that determines the purposes and means of processing personal data.
  • Processor: Ribin Tech OÜ, acting on behalf of the Controller.
  • Personal Data: Any data relating to an identified or identifiable natural person.
  • Subprocessors: Third-party entities engaged by the Processor to process data.

3. Subject Matter
This Agreement governs the processing of personal data related to job applicants and users of the Controller’s services within the Stelloa platform.

4. Nature and Purpose of Processing
The Processor shall process personal data solely for:

  • Job matching and recruitment facilitation.
  • Providing, maintaining, and improving the platform.
  • Complying with legal obligations.

5. Categories of Data Subjects

  • Job applicants registered on the platform.
  • Business representatives using the platform.

6. Types of Personal Data Processed

  • Name, email, phone number.
  • Work experience, education, and skills.
  • Technical data such as IP addresses.

7. Obligations of the Processor
The Processor shall:

  • Process data only on the Controller’s documented instructions.
  • Implement appropriate technical and organizational security measures.
  • Ensure confidentiality by limiting data access to authorized personnel only.
  • Assist the Controller in responding to data subject rights requests.

8. Subprocessors
The Controller authorizes the use of the following subprocessors:

  • Microsoft Azure (Sweden) – Server hosting.
  • MySQL – Database management.
  • LinkedIn – User account creation, plus analytics and marketing services.
  • Google Workspace – Communication, calls, and customer support.

The Processor shall inform the Controller of any intended changes concerning subprocessors.

9. Data Transfers
Data will be processed within the European Economic Area (EEA). If data is transferred outside the EEA, the Processor shall ensure appropriate safeguards (e.g., Standard Contractual Clauses).

10. Security Measures
The Processor shall implement appropriate technical and organisational security measures.

11. Data Breach Notification
The Processor shall notify the Controller without undue delay in the event of a personal data breach.

12. Data Retention
The Processor shall retain personal data as necessary for the performance of services. The Controller may request deletion of personal data at any time.

13. Liability and Indemnification
The Processor shall be liable for breaches of this Agreement only to the extent required by law.

14. Term and Termination
This Agreement remains valid as long as the Processor processes data on behalf of the Controller. It terminates automatically upon the cessation of data processing activities.

15. Governing Law and Jurisdiction
This Agreement is governed by the laws of Denmark. Disputes shall be resolved in the courts of Denmark.

16. Contact Information
For any inquiries regarding this DPA, please contact:
Email: privacy@stelloa.com
Address: Ribin Tech OÜ, Ahtri 12, 10151 Tallinn, Harju maakond, Estonia

Last Updated: 11 March 2025