Data Processing Agreement

Last updated: July 2026

Between:
Aegis Care Shield Ltd (“Processor”)
Office 5678, 58 Peregrine Road, Hainault, Essex, IG6 3SZ

And:
The Customer organisation named in the SafeRecruit account (“Controller”)

This Data Processing Agreement (“DPA”) forms part of the Terms of Service and takes effect on the date the Customer activates a SafeRecruit account.

1. Definitions

“UK GDPR” means the UK General Data Protection Regulation as retained in UK law by the European Union (Withdrawal) Act 2018, together with the Data Protection Act 2018.

“Personal Data”, “Processing”, “Data Subject”, “Data Controller”, “Data Processor”, and “Supervisory Authority” have the meanings given in UK GDPR.

“Sub-processor” means any third party appointed by the Processor to process Personal Data under this DPA.

2. Scope and Purpose of Processing

2.1 The Processor processes Personal Data on behalf of the Controller solely for the purpose of providing the SafeRecruit platform and associated services as described in the Terms of Service.

2.2 The categories of data subjects are: the Controller’s employees, workers, and contractors whose records are managed through SafeRecruit.

2.3 The categories of personal data processed include: names and contact details, employment information, identity documents, DBS certificate references and status, right to work records, professional qualifications and registrations, expiry dates for compliance documents, e-signatures, and any other data the Controller uploads to the platform.

2.4 Special category data processed may include: criminal conviction data (DBS records) and health information (where uploaded by the Controller).

2.5 Processing shall continue for the duration of the Terms of Service and for 90 days following termination, after which all Personal Data shall be deleted in accordance with clause 9.

3. Processor Obligations

The Processor shall:

4. Controller Obligations

The Controller shall:

5. Security

The Processor maintains the following technical and organisational measures:

The Processor will notify the Controller without undue delay, and in any event within 48 hours, upon becoming aware of a Personal Data breach affecting the Controller’s data.

6. Sub-processors

6.1 The Controller provides general written authorisation for the Processor to engage the following Sub-processors:

Sub-processorPurposeLocation
IonosServer hosting and data storageEU (Germany)
StripePayment processingUSA
BrevoTransactional email deliveryEU (France)
TwilioSMS notificationsUSA
SentryError monitoringEU (Germany)

6.2 The Processor shall ensure each Sub-processor is bound by data protection obligations no less protective than those in this DPA.

6.3 The Processor shall notify the Controller of any intended changes to Sub-processors by email at least 14 days in advance. The Controller may object on reasonable grounds within that period. If the parties cannot resolve the objection, either party may terminate with 30 days’ notice.

6.4 For Sub-processors located outside the UK or EU, the Processor relies on Standard Contractual Clauses or UK International Data Transfer Agreements as the transfer mechanism.

7. Data Subject Rights

The Processor shall, upon receiving a request relating to a data subject whose Personal Data is processed under this DPA: forward the request to the Controller without undue delay, provide reasonable technical assistance to enable the Controller to respond within the required timeframe, and not respond directly to the data subject without the Controller’s authorisation unless required by law.

8. Audit Rights

8.1 The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA.

8.2 The Controller may conduct an audit of the Processor’s data processing activities upon giving at least 30 days’ written notice. Audits shall be conducted during business hours, at the Controller’s cost, and shall not unreasonably disrupt the Processor’s operations. No more than one audit per calendar year unless there is specific cause for concern.

9. Deletion and Return of Data

9.1 On termination of the Terms of Service, the Controller has 90 days to export its data from the platform using the available export tools.

9.2 After the 90-day period, the Processor shall permanently and irreversibly delete all Personal Data belonging to the Controller, including all copies held by Sub-processors, unless retention is required by law.

9.3 The Processor shall provide written confirmation of deletion upon request.

10. Governing Law

This DPA is governed by the laws of England and Wales.

11. Order of Precedence

In the event of any conflict between this DPA and the Terms of Service, this DPA shall take precedence in respect of the processing of Personal Data.

Aegis Care Shield Ltd — Office 5678, 58 Peregrine Road, Hainault, Essex, IG6 3SZ — support@aegiscareshield.com