Legal
Data Processing Addendum
Last updated: June 8, 2026
This Data Processing Addendum (DPA) forms part of the Terms of Service between ExpoSQL AI Labs (“Spoon Hire”, “we”) and a company customer (“Controller”) and governs the processing of personal data we carry out on the Controller's behalf.
For most candidate data, Spoon Hire acts as an independent controller (we decide how the talent platform works); where we process a customer's own uploaded data (e.g. employee survey lists, imported pipelines) on their instructions, we act as a processor under this DPA.
1. Roles & scope
When processing data on the Controller's documented instructions — including via the platform and its features — we act as processor. This DPA covers that processing for the duration of the agreement.
2. Our obligations as processor
Process personal data only on the Controller's instructions and as needed to provide the service; ensure personnel are bound by confidentiality; implement appropriate technical and organisational security measures (see our Security page); and assist the Controller with data-subject requests and security incidents.
3. Sub-processors
The Controller authorises us to engage the sub-processors listed on our Sub-processors page (hosting, database, payments, email, AI). We impose data-protection terms on each and remain responsible for their performance. We'll give notice of material changes.
4. International transfers
Where personal data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) with our sub-processors.
5. Data-subject rights & deletion
We help the Controller respond to access, correction, deletion and portability requests. On termination, we delete or return personal data processed on the Controller's behalf, except where retention is required by law.
6. Breach notification
We notify the Controller without undue delay after becoming aware of a personal-data breach affecting their data, with the information needed to meet their own obligations.
7. Requesting a signed DPA
Enterprise customers who need a counter-signed DPA can request one at dpo@spoonhire.com.
See also: Sub-processors · Security · Privacy Policy. This page is a general template, not legal advice; we recommend review by qualified counsel before relying on it.