Data Processing Addendum
This Data Processing Addendum forms part of the agreement between Mendzys Inc., operator of Rectru, and customers who use Rectru to process personal data on behalf of third parties.
1. Scope
This Data Processing Addendum applies where Mendzys Inc., as operator of Rectru, processes personal data on behalf of a customer in connection with the provision of the services.
2. Roles
The customer acts as the data controller for customer recruitment data processed through Rectru on the customer’s behalf. Mendzys Inc. acts as the data processor for that data, except where Mendzys Inc. acts as a controller for its own business operations.
3. Nature and purpose of processing
Processing may include account administration, candidate communication, interview workflows, recordings, text processing, AI-assisted evaluations, storage, support, maintenance, and security-related operations necessary to provide the Rectru service.
4. Categories of data subjects
- candidates;
- customer personnel and authorised users;
- customer contacts;
- other individuals whose data is submitted to Rectru by or on behalf of the customer.
5. Categories of personal data
- identity and contact information;
- candidate applications, CVs, and interview materials;
- recordings, transcripts, and evaluation outputs;
- usage, device, technical, and security data;
- other personal data submitted to the services by or on behalf of the customer.
6. Customer instructions
Mendzys Inc. will process personal data only on documented instructions from the customer, unless otherwise required by applicable law.
7. AI-assisted features and human review
Rectru provides AI-assisted features intended to support, not replace, human decision-making. Customers remain responsible for ensuring meaningful human review and for avoiding unlawful solely automated decisions where prohibited by law.
8. Confidentiality and security
Mendzys Inc. will ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations and will implement reasonable technical and organisational measures designed to protect personal data.
9. Subprocessors
Customers authorise Mendzys Inc. to engage subprocessors that support hosting, storage, communications, support, and related service functions, provided those subprocessors are bound by appropriate data protection obligations.
10. International transfers
Where personal data subject to GDPR or similar laws is transferred internationally, Mendzys Inc. will use appropriate safeguards such as Standard Contractual Clauses or equivalent lawful mechanisms where required.
11. Assistance
Taking into account the nature of the processing and information available, Mendzys Inc. will provide reasonable assistance to the customer with data subject requests, security obligations, DPIAs, and deletion or return obligations related to the services.
12. Retention, deletion, and return
Rectru applies a default retention approach of up to 30 days for certain data stored in Rectru-managed services and containers, unless a different period is configured, contractually agreed, or required by law.
Upon termination or expiry of the services, and subject to applicable legal, backup, security, dispute, or preservation requirements, Mendzys Inc. will delete or return personal data in accordance with the applicable agreement and law.
13. Contact
For DPA-related questions, please contact info@rectru.com.