Legal

Data Processing
Addendum (DPA)

For Career Center customers and other organizations processing personal data through BeauCV on behalf of their users. Pre-signed copy available on request.

Version · 2026.05 Request signed PDF →

1. Scope

Applies to organizations using BeauCV Career Center, where BeauCV processes personal data on the organization's behalf.

This Addendum forms part of the BeauCV Terms of Service ("Agreement") between EURL ZENATI (RCS Paris 981 830 227, 60 rue François Ier, 75008 Paris) and Customer, and applies to the extent that BeauCV processes Customer Personal Data on Customer's behalf in connection with the Coach plan or any other organizational tier.

2. Roles of the parties

Customer acts as Controller. BeauCV acts as Processor. Where applicable to a specific sub-processing relationship, the appropriate Module of the EU Standard Contractual Clauses applies and is incorporated by reference.

Customer warrants that its processing instructions and the personal data it provides comply with applicable law and that it has obtained all necessary legal bases and consents. Each party's total liability arising out of or related to this Addendum is subject to the limitations and exclusions of liability set out in the Agreement.

3. Processing instructions

BeauCV will process Customer Personal Data only on documented instructions from Customer, including those set out in the Agreement. BeauCV will notify Customer if, in its opinion, an instruction violates applicable data-protection laws.

4. Security measures

BeauCV implements and maintains appropriate technical and organizational measures, including encryption in transit (TLS 1.3) and at rest (AES-256), role-based access control, audit logging, hardware-key MFA for production access, annual penetration testing, and SOC 2 Type II certification.

5. Sub-processors

Customer authorizes BeauCV to use the sub-processors listed in our Privacy Policy §4. BeauCV will give 30 days notice via email before adding or replacing a sub-processor. Customer may object on reasonable data-protection grounds, in which case the parties will work in good faith to resolve.

6. International transfers

Hosting and the database are located in the European Union (Scaleway, fr-par region, Paris, France); no non-EU hosting region is offered. For any onward transfer by a sub-processor from the EEA, UK or Switzerland to a third country lacking an adequacy decision, the parties incorporate the relevant EU SCCs (Module 2: Controller-to-Processor) and the UK IDTA addendum.

7. Assistance with data-subject rights

BeauCV provides Customer with the tools to respond to data-subject requests (access, deletion, portability, rectification) directly through the admin dashboard. Where additional assistance is needed, BeauCV will provide reasonable cooperation.

8. Breach notification

BeauCV will notify Customer without undue delay, and in any event within 48 hours, after becoming aware of a Personal Data Breach affecting Customer Personal Data, providing the information reasonably required for Customer to comply with its own notification obligations.

9. Audits

Customer is entitled to audit BeauCV's compliance with this Addendum no more than once per year, on 30 days written notice, with reasonable cooperation. Customer may rely on the most recent SOC 2 Type II report in lieu of an on-site audit.

10. Term and termination

This Addendum remains in effect for the duration of the Agreement. Upon termination, BeauCV will, at Customer's choice, delete or return all Customer Personal Data within 30 days, except where retention is required by law.