Home Data Protection Amendment

Data protection amendment

In line with General Data Protection Regulation, the below mentioned obligations are drafted which will be applicable on both the parties


For the purposes of the clauses:

  • GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
  • The data processor shall mean the entity who processes data on behalf of the controller.
  • The data controller shall mean the entity that determines the purposes, conditions and means of the processing of personal data.
  • Clauses shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements
  • Data Protection Legislation means the GDPR for as long as it is directly applicable in the European Union and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in India, and then any successor legislation.
  • Data Subject means a data subject as defined by the Data Protection Legislation.
  • Personal Data means personal data as defined by the Data Protection Legislation.
  • Clients means the recruiters, consultants etc. engaging with NaukriGulf.com for availing recruitment services.
  • Client Data means any Personal Data Processed by a Processor on behalf of the Client pursuant to or in connection with the Principal Agreement;
  • Data Protection Laws means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
  • EEA means the European Economic Area;
  • Personal Data Breach means A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • Services means the services and other activities to be supplied to or carried out by or on behalf of Partner/ Third party for Company Group Members pursuant to the Principal Agreement;
  • Sub processor means any subsequent processor engaged by the data processor or by any other sub processor of the data processor who agrees to receive from the data processor or from any other sub processor of the data processor’s personal data exclusively intended for processing activities to be carried out on behalf of the data controller after the transfer in accordance with his instructions, the terms of the Clauses.
  • Supervisory Authority Means an independent public authority which is established by an EU Member State pursuant to the GDPR.
  • Agreement means the written or electronic agreement between Client and NaukriGulf.com for the provision of the Services to Client.

Scope of this Data Protection Amendment (DPA): This DPA applies where and only to the extent that: (i) NaukriGulf.com processes Personal Data on behalf of clients (recruiters) in the course of providing Services to the clients pursuant to the Agreement; and (ii) the Agreement between NaukriGulf.com and the clients expressly incorporates this DPA by reference.

Roles and scope of processing

  1. Role of the Parties: As between NaukriGulf.com and the client, Client is the Data Controller of Client Data and NaukriGulf.com shall process Client Data only as a Data Processor acting on behalf of the Client.
  2. Client’s Processing of Client Data: Client agrees that (i) it will comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Client Data and any processing instructions it issues to NaukriGulf.com; and (ii) it has provided notice and obtained (or will obtain) all consents and rights necessary for NaukriGulf.com to process Client Data pursuant to the Agreement and this DPA.
  3. NaukriGulf.com’s Processing of Client Data: As a Data Processor, NaukriGulf.com will process Client Data only for the purpose of providing the Services and in accordance with Client’s documented lawful instructions as set forth in the Agreement and this DPA. The parties agree that the Client’s complete and final instructions with regard to the nature and purposes of the processing are set out in this DPA. Processing outside the scope of these instructions (if any) will require prior written agreement between Client and NaukriGulf.com on additional instructions for processing.

Details of Data Processing:

  1. Subject matter: The subject matter of the data processing under this Amendment is the Client Data.
  2. Duration: As between NaukriGulf.com and Client, the duration of the data processing under this DPA is the term of the Agreement.
  3. Purpose: The purpose of the data processing under this DPA is the provision of the Services to the Client.
  4. Nature of the processing: Recruitment solutions, storage and analysis of Client data (job applications, related documents, etc.) such other services, as described in the Terms of use and  Privacy Policy .
  5. Types of Client Data: The types of Client Data are determined by Client in its sole discretion and may include but are not limited to: identification and contact data (name, address, title, job title, contact details, username); device data; employment details (employer, job title, geographic location, area of responsibility); job applications and related documents; and IT information (IP addresses, usage data, cookies data, device specific information, connection data, location data).
  6. Categories of data subjects: The categories of data subjects whose personal data may be transferred in connection with the Services are determined and controlled by Client in its sole discretion and may include but are not limited to: employees or contact persons of Clients and its prospects, customers, business partners and third parties (who are natural persons); Client’s end users (such as job applicants, recruits).
  7. Obligations of the data controller

    The data controller warrants and undertakes that:

    1. The personal data have been collected, processed and transferred in accordance with the laws applicable to the data controller.
    2. It has used reasonable efforts to determine that the data processor is able to satisfy its legal obligations under these clauses.
    3. It will provide the data processor, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data controller is established.
    4. It is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Client Data when in transit to and from the Services and taking any appropriate steps to securely encrypt or backup any Client Data uploaded to the Services.
    5. Obligations of the data processor

      The data processor warrants and undertakes that:

      1. It will have in place reasonable technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.
      2. It will have in place procedures so that anyone it authorises to have access to the personal data, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data processor, including a sub processor, shall be obligated to process the personal data only on instructions from the data processor. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data.
      3. It will process the personal data for purposes described in the privacy policy and terms and conditions.
      4. It will identify to the data controller a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data controller, the data subject and the authority concerning all such enquiries within a reasonable time.
      5. Following expiration of the Agreement, It shall delete or return to Customer all Client Data in its possession in accordance with the terms of the Agreement and save to the extent NaukriGulf.com is required by applicable law to retain some or all of the Client Data.
      6. Data breach:
        Upon becoming aware of a Data Breach, it will notify Client without undue delay and will provide information relating to the Data Breach as it becomes known or as is reasonably requested by client. It will also take reasonable steps to mitigate and, where possible, to remedy the effects of, any Data Breach.
      7. Sub processors:
        Client agrees that in order to provide the Services set forth in the Agreement, NaukriGulf.com may engage sub processors to process Client Data. NaukriGulf.com will restrict the Sub processors access to Customer Data only to what is necessary for assistance in providing or maintaining the Services, and will prohibit the Sub processor from accessing Customer Data for any other purpose. NaukriGulf.com will enter into a written agreement with the Sub processor imposing data protection terms that requires the Sub processor to protect the Client Data to the standard required by Data Protection Laws. NaukriGulf.com will remain responsible for its compliance with the obligations of this amendment and for any acts or omissions of the Sub processor that cause NaukriGulf.com to breach any of its obligations under this DPA.
      8. Law applicable to the clauses

        These clauses shall be governed by the law of the country in which the data controller is established.

        Resolution of disputes with data subjects or the authority

        1. In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
        2. The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.
        3. Each party shall abide by a decision of a competent court of NaukriGulf.com’s country of establishment or of the authority which is final and against which no further appeal is possible.
        4. Description of the Transfer
          The details of the transfer of the personal data are specified in Privacy policy and terms and conditions.