Rauster Data Processing Addendum (DPA)

Effective Date: 6/24/25

This Data Processing Addendum (“DPA”) is incorporated into the Rauster Terms of Service and applies where Rauster processes personal data on behalf of Clients in connection with recruiting services.

1. Definitions
– “Data Controller” means the Client.
– “Data Processor” means Rauster.
– “Personal Data” means any information relating to an identified or identifiable natural person.

2. Scope of Processing
Rauster shall only process personal data for the purpose of providing services under the Terms of Service and in accordance with documented Client instructions.

3. Subprocessors
Rauster may use subprocessors to deliver its services. A list is available upon request.

4. Security Measures
Rauster maintains appropriate technical and organizational safeguards to protect personal data from unauthorized access, disclosure, or destruction.

5. Data Subject Rights
Rauster shall assist Clients in responding to data subject requests as required by law.

6. Transfers
Rauster may transfer personal data outside the EEA/UK in accordance with applicable safeguards.

7. Data Retention and Deletion
Upon termination of services, Rauster shall delete or return personal data, unless otherwise required by law.

8. Audits
Rauster shall provide relevant information to demonstrate compliance and allow for audits, subject to confidentiality obligations.

9. Liability
The liability provisions of the Terms of Service apply to this DPA.