PROTECTING PERSONAL DATA

When you use the UseVerb platform (Platform), you and us collect and use information about people. This can be your own personal information, or that of persons that visit your profile, or individuals or others’ information that appears on your profile or company pages. European laws and regulations exist that protect that information (EU Data Protection Laws).

This Data Processing Addendum (DPA) applies to you when you use your UseVerb account and it is subject to the EU Data Protection Laws.

This DPA forms part of the terms you accepted in the UseVerb Member Agreement but in the event of a conflict between the Member Agreement and the DPA, the terms of the DPA will take preference.

Words used but not defined in this DPA have the meaning given in the UseVerb Member Agreement. The EU Data Protection Laws include Regulation (EU) 2016/679 (EU GDPR) and the EU GDPR as it forms part of UK law (UK GDPR).

RESPECTIVE RESPONSIBILITIES

We (you and us) have responsibilities under this DPA depending on whether either of us are classified as a controller or processor of personal data under the EU Data Protection Laws.

Don’t worry, we will explain below what that means to you and to us! Either of us can be a controller or processor:

When we talk about either of us acting as a controller, it means that the processor determines what the personal data is used for and how it is used;
When we refer to UseVerb as a processor, it refers to us as handling or processing personal data on your behalf as the controller.

Controller

Party

Processor

You will act as the controller of personal data contained in your UseVerb Account.

This includes any content uploaded into your Account/profile by you or any visitors to your Account/profile, or created by you or anyone else in your Account/profile.

“Account Data”

You

We may be a controller of Account Data in any of the following circumstances:

Scanning the content of Account Data to act in terms of our rights under the heading of Prohibited content in the UseVerb Member Agreement
We may provide analytical services which you have agreed to which requires access to your Account Data, or make use of cookies to track data in terms of the UseVerb Cookie Policy
We may analyze visitor’s interaction with Accounts to deliver tips to optimize use of the Platform

“Controller Services” (see below)

UseVerb

We can process Account Data on your behalf and act as a processor:

By facilitating you posting content to your Account/profile
In collecting personal data generated when a person visits or interacts with your Account/profile by completing an online form or other form of communication
By allowing you to make use of our online services and functionality that permits us to process your data in any manner in order for us to provide the services under the terms referenced in our Member Agreement

“Permitted Purpose”

CONTROLLER SERVICES

When either of us are acting as the controller we have the responsibilities in regard to the Controller Services as set out below.

Obligation under EU Data Protections Laws	UseVerb	You
Must be for a legal basis	We have a legitimate interest in providing the Controller Services as a part of our services we provide to you as our customer	You identify a legal basis for the processing you do by accepting the terms of our services and allowing us to carry out the Controller Services
Data Subjects (i.e. individuals’ information)	The UseVerb Privacy Policy states how we process personal data for the purposes of providing Controller Services	You must provide notice to Data Subjects about your role in allowing UseVerb to process their data and to carry out the Controller Services and any other processing that you undertake
Comply with Data Subject rights requests	We remain responsible to address any questions raised by visitors to your Account/profile in regard to their rights in regard to personal data stored while carrying out the Controller Services If you receive any such a request from a visitor to your Account/profile, or from a competent regulatory body you are to immediately inform us and we will deal with the request under this DPA We will provide you with reasonable assistance in order to address any issue under this DPA	You are responsible for addressing Data Subjects’ rights requests where you are providing the Controller Services Where you have received a request you may not answer on our behalf but as soon as reasonably notify us of the request and provide us with any reasonable assistance we request to be able to respond to the request and meet our obligations under the EU Data Protection Laws
Keep Account Data secure	We implement an industry standard level of security to ensure that our Platform is secured against risks presented by Controller Services, which includes limiting access to personal data stored on the Platform, under our control, transmitted or processed. We have security measures in place to guard that against accidental and unlawful destruction, disclosure, loss or alteration	You have sole responsibility for and control access to your Account/profile and must at all times ensure that you keep your password and access details secure and confidential and not do anything that may compromise the security of the personal data processed as part of the Controller Services
Notification in case of personal data breaches	We are responsible for compliance with our obligations under the EU Data Protection Laws in relation to the Controller Services	You are responsible for compliance with your obligations under the EU Data Protection Laws in relation to the Controller Services

PROCESSOR SERVICES

You will comply with your obligations when acting as a controller under the EU Data Protection Laws in respect to all Account Data and we will follow your instructions and comply with our obligations under the EU Data Protection Laws when acting as a processor in relation to the Processor Services in the following:

we will only process Account Data in line with the terms in the UseVerb Member Agreement.
we will make sure that any party we authorize to process Account Data will keep it confidential.
we will implement appropriate industry standard organizational measures designed to protect Account Data from accidental or unlawful loss or destruction, alteration, unauthorized disclosure or access thereto.
if we become aware of a confirmed personal data breach in respect to Account Data that requires notification to you we will notify you without undue delay.
you consent and agree that we may engage third parties (Subprocessors) to process Account Data for any Permitted Purpose provided that:

we maintain an up-to-date list of Subprocessors which will be updated from time to time;
you may object to the use of a Subprocessor, and if this is not possible you may terminate the services with UseVerb;
we will ensure that equivalent arrangement are in palace with the Subprocessors as is required by the EU Data Protection Laws;
we remain responsible for any breach of the DPA caused by a Subprocessor;
we agree to provide you with reasonable assistance (at your cost) to enable you to prepare a data protection impact assessment and to respond to any sata subject or regulator request;
upon cancellation of your account and subject to other laws, we will delete Account Data in our possession and control; and
at your request we will provide security certification or other documentation to verify our compliance with the DPA in respect to our Processor Services.

INTERNATIONAL TRANSFER OF DATA

We will follow the EU Data Protection Laws when transferring personal data cross-border to another country. You agree that when there is a transfer of personal data from the European Economic Area or the United Kingdom from you to us, the attached Data Transfer Addendum (DTA) forms part of and is incorporated into this DPA.

Personality wins Jobs, not cover letters - try UseVerb.

DATA TRANSFER ADDENDUM

This Data Transfer Addendum (DTA) applies to you under the DPA when your Account is subject to the EU Data Protection Laws, and the UseVerb Member Agreement. If there is conflict between the DPA, UseVerb Member Agreement and the DTA, the DTA will take preference.

DEFINITIONS AND INTERPRETATION

Words used but not defined in this DTA have the meaning given in the DPA and the UseVerb Member Agreement.

The following definitions also apply:

“Appropriate Safeguards” mean the standard of protection over the personal data and of the Data Subjects rights which is regulated by the UK GDPR when you are making a Restricted Transfer relying on standard data protection clauses under article 46(2) of the UK GDPR. These may include standard data protection clauses.

“EU SCCs” means the Controller to Controller SCCs or the Controller to Processor SCCs, as applicable.

“Controller to Controller SCCs” means module one of the contractual clauses annexed to the EC’s Implementing Decision 2021/914 of 4 June 2021 where:

for the purposes of Clause 17, Irish law will govern;
in Clause 18(b), disputes will be resolved by the courts of Ireland; and
Annex I shall be completed as set out in this DTA and Annex II shall be completed as set out in the Linktree Security Measures.

“Controller to Processor SCCs” means module two of the contractual clauses annexed to the EC’s Implementing Decision 2021/914 of 4 June 2021 where:

in Clause 9, Option 1 will apply, and the time period for prior notice of Subprocessor changes shall be as set out in Clause 4 of the DPA;
in Clause 17, Option 1 will apply, and Irish law will govern;
in Clause 18(b), disputes shall be resolved before the courts of Ireland; and
Annex I shall be completed as set out in Clause 3 of this DTA and Annex II shall be completed as set out in the Linktree Security Measures.

“Restricted Transfer” means:

where the EU GDPR applies, a transfer of personal data from the EEA to a country outside of the EEA which is not subject to an adequacy determination by the EC; and
where the UK GDPR applies, a transfer of personal data from the UK to any other country which is not based on adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018.

“UK Addendum” means the “International Data Transfer Addendum to the EU Commission Standard Contractual Clauses” issued by the Information Commissioner’s Office under s.119A(1) of the UK Data Protection Act 2018. Tables 1 to 3 in Part 1 of the UK Addendum shall be deemed completed with the relevant information from the EU SCCs, completed as set out in Clause 3 of this DTA, and the option “Importer” shall be deemed checked in Table 4.

ANNEX I TO THE SCCs

Parties

Data Exporter	Details	Data Importer
You (your nominated details used upon Account opening and registration)	Name, address, contact details	US (UseVerb our contact details)
Sending personal information or data to UseVerb in accordance with the terms of the UseVerb Member Agreement	Trigger actions	Receiving personal information or data from you in accordance with the terms of the UseVerb Member Agreement
Controller	Role of each party	Controller for Controller Services Processor for Processor Services

Description of Transfer

Data Subjects whose personal information is being transferred	UseVerb users
Categories of personal information transferred	Name, surname, account email address, user name, URL link to account and other social media accounts, contact numbers User account information: marketing preferences, passwords held in protected form, payment methods, billing address and payment methods User profile information: Any photo(s), video(s), bio, link names or descriptors, links to social media sites or websites, embedded data, driver’s licenses, passports, curriculum vitae, government approval documents, education certificates, letters of reference, government identifiers, health identifiers Device data: IP addresses, language used, browser type, time zone settings, tracked data, device identifiers, diagnostic data, app data as uploaded by Member
Frequency of transfer of personal information	Ongoing based on your use of services
Nature of processing	In line with UseVerb terms to allow members to job search, upload and share associated media, and communicate using the UseVerb tools
Purpose of data transfer and further processing	In line with UseVerb terms
Period for which any personal information will be retained	In line with UseVerb terms and applicable laws and regulations
On-transfers to Subprocessors specify the subject matter, nature and duration of the processing	When we engage service providers to act as processors (Subprocessors) we will comply with EU SCCs. Subject matter, nature and duration of the processing activities performed by the Subprocessors will not exceed that carried out by UseVerb in line with this annex

OUR SUBPROCESSORS

UseVerb makes use of the following third party service providers (Subprocessors for this purpose):

Amazon Web Services	Google	Stripe	Apple Pay
OpenAI	Zerobounce	Bouncer	Google Pay

Verb Pty Ltd ABN 81 145 485 034

Last update: 8 June 2023