Data Processing

Data Processing

04/07/2026

04/07/2026

1. Purpose

This Agreement governs the processing of personal data by Hier on behalf of the Controller in connection with the use of the Hier platform.


2. Roles of the Parties

  • The Controller (business user) determines the purposes and means of processing candidate data

  • Hier acts as a Data Processor, processing personal data on behalf of the Controller


3. Nature and Purpose of Processing

Hier processes personal data to:

  • Provide recruitment and hiring functionality

  • Store and display candidate profiles and CVs

  • Enable communication between candidates and businesses

  • Support application tracking and onboarding


4. Categories of Data Subjects

  • Job applicants (candidates)

  • Business users (recruiters/employees of the Controller)


5. Types of Personal Data

Personal data processed may include:

  • Name, email, phone number

  • CVs and employment history

  • Profile data and preferences

  • Messages and communications

  • Application and hiring data

  • Uploaded documents (including onboarding materials where applicable)


6. Processor Obligations (Hier)

Hier shall:

  • Process personal data only on documented instructions from the Controller

  • Ensure all personnel are subject to confidentiality obligations

  • Implement appropriate technical and organisational security measures

  • Assist the Controller in responding to data subject requests

  • Notify the Controller of any personal data breach without undue delay

  • Not sell or share personal data for unrelated purposes


7. Sub-processors

Hier may use trusted third-party providers to deliver the service, including:

  • Cloud storage and hosting providers

  • Payment processors such as Stripe

Hier will ensure:

  • Sub-processors are bound by appropriate data protection obligations

  • Adequate safeguards are in place


8. International Transfers

Where data is transferred outside the UK:

  • Appropriate safeguards (e.g. Standard Contractual Clauses) will be used


9. Security Measures

Hier implements appropriate safeguards, including:

  • Secure authentication (JWT-based systems)

  • Access controls and role-based permissions

  • Encryption in transit where applicable

  • Monitoring for unauthorised access


10. Data Subject Rights

Hier will assist the Controller in responding to:

  • Access requests

  • Rectification requests

  • Erasure requests

  • Objections to processing


11. Data Retention & Deletion

Upon termination of services:

  • Personal data will be deleted or anonymised unless retention is required by law

  • Controllers may request deletion of data at any time


12. Audit Rights

The Controller may request reasonable information to verify compliance with this Agreement.


13. Liability

Each party is responsible for its own compliance with applicable data protection laws.


14. Governing Law

This Agreement is governed by the laws of England and Wales.


15. Contact

Hello@hierapp.co.uk

1. Purpose

This Agreement governs the processing of personal data by Hier on behalf of the Controller in connection with the use of the Hier platform.


2. Roles of the Parties

  • The Controller (business user) determines the purposes and means of processing candidate data

  • Hier acts as a Data Processor, processing personal data on behalf of the Controller


3. Nature and Purpose of Processing

Hier processes personal data to:

  • Provide recruitment and hiring functionality

  • Store and display candidate profiles and CVs

  • Enable communication between candidates and businesses

  • Support application tracking and onboarding


4. Categories of Data Subjects

  • Job applicants (candidates)

  • Business users (recruiters/employees of the Controller)


5. Types of Personal Data

Personal data processed may include:

  • Name, email, phone number

  • CVs and employment history

  • Profile data and preferences

  • Messages and communications

  • Application and hiring data

  • Uploaded documents (including onboarding materials where applicable)


6. Processor Obligations (Hier)

Hier shall:

  • Process personal data only on documented instructions from the Controller

  • Ensure all personnel are subject to confidentiality obligations

  • Implement appropriate technical and organisational security measures

  • Assist the Controller in responding to data subject requests

  • Notify the Controller of any personal data breach without undue delay

  • Not sell or share personal data for unrelated purposes


7. Sub-processors

Hier may use trusted third-party providers to deliver the service, including:

  • Cloud storage and hosting providers

  • Payment processors such as Stripe

Hier will ensure:

  • Sub-processors are bound by appropriate data protection obligations

  • Adequate safeguards are in place


8. International Transfers

Where data is transferred outside the UK:

  • Appropriate safeguards (e.g. Standard Contractual Clauses) will be used


9. Security Measures

Hier implements appropriate safeguards, including:

  • Secure authentication (JWT-based systems)

  • Access controls and role-based permissions

  • Encryption in transit where applicable

  • Monitoring for unauthorised access


10. Data Subject Rights

Hier will assist the Controller in responding to:

  • Access requests

  • Rectification requests

  • Erasure requests

  • Objections to processing


11. Data Retention & Deletion

Upon termination of services:

  • Personal data will be deleted or anonymised unless retention is required by law

  • Controllers may request deletion of data at any time


12. Audit Rights

The Controller may request reasonable information to verify compliance with this Agreement.


13. Liability

Each party is responsible for its own compliance with applicable data protection laws.


14. Governing Law

This Agreement is governed by the laws of England and Wales.


15. Contact

Hello@hierapp.co.uk