Skip to Content

Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the agreement between iGlobal Services ("iGlobal", "Processor", "we", "us") and the client or partner ("Controller") and governs the processing of Personal Data in connection with iGlobal’s services. This DPA applies where iGlobal processes Personal Data on behalf of the Controller under applicable data protection laws.

1. Definitions


For purposes of this DPA:

• “Personal Data” means any information relating to an identified or identifiable individual.

• “Processing” means any operation performed on Personal Data.

• “Controller” means the entity that determines the purposes and means of processing Personal Data.

• “Processor” means the entity that processes Personal Data on behalf of the Controller.

• “Applicable Data Protection Laws” includes GDPR, UK GDPR, CCPA/CPRA (where applicable), and other relevant privacy laws. 

2. Scope of Processing

iGlobal processes Personal Data solely for the purpose of providing agreed services, which may include:

• Consulting and advisory services

• Staffing, recruiting, and candidate management

• Training and educational services

• AI-assisted automation and analytics

• Offshore and global service delivery

• Operational and administrative support


Processing activities are limited to documented instructions from the Controller unless otherwise required by law. 

3. Nature & Purpose of Processing


a) Nature of Processing

• Collection

• Storage

• Access

• Organization

• Analysis

• Transmission

• Deletion or anonymization


b) Purpose of Processing

• Service delivery

• Operational support

• Compliance with contractual obligations

• Improvement of service quality 

4. Categories of Data Subjects


Personal Data may relate to:

• Client personnel

• Candidates and job applicants

• Contractors and vendors

• End users interacting with iGlobal systems 

5. Types of Personal Data


Depending on the engagement, Personal Data may include:

• Identifying information (name, contact details)

• Professional and employment information

• Resume and career data

• Communications

• System usage and technical data


Sensitive data is processed only when explicitly required and with appropriate safeguards. 

6. Processor Obligations


iGlobal agrees to:

1. Process Personal Data only on documented instructions from the Controller

2. Ensure confidentiality obligations for all personnel and contractors

3. Implement appropriate technical and organizational security measures

4. Assist the Controller with data subject rights requests where applicable

5. Notify the Controller of a Personal Data breach without undue delay

6. Delete or return Personal Data upon termination of services, unless legally required to retain it 

7. Confidentiality

All persons authorized to process Personal Data are bound by confidentiality obligations, either by contract or law. 

8. Security Measures


 iGlobal maintains reasonable and appropriate safeguards, including:

• Role-based access controls

• Secure infrastructure

• Access monitoring

• Confidentiality agreements

• Vendor security requirements


Details are outlined in iGlobal’s Security & Compliance Statement.

9. Subprocessors


 iGlobal may engage subprocessors (including cloud providers, CRM platforms, analytics tools, and offshore teams) to support service delivery.


iGlobal ensures that:

• Subprocessors are bound by equivalent data protection obligations

• Data access is limited to operational necessity


A list of subprocessors may be provided upon reasonable request.


10. International Data Transfers

 Personal Data may be processed outside the Controller’s jurisdiction, including in the United States and other countries where iGlobal operates.


iGlobal implements appropriate safeguards to ensure lawful international data transfers in accordance with Applicable Data Protection Laws.


11. Data Subject Rights


 Where applicable, iGlobal will reasonably assist the Controller in responding to requests related to:

• Access

• Correction

• Deletion

• Restriction

• Objection

• Data portability


12. Audits & Compliance


 Upon reasonable notice, the Controller may:

• Request information necessary to demonstrate compliance

• Review iGlobal’s security and data protection practices


Audits must be limited in scope, frequency, and disruption.

 

13. Personal Data Breach Notification


 In the event of a Personal Data breach, iGlobal will:

• Promptly investigate and mitigate the incident

• Notify the Controller without undue delay

• Provide information reasonably required to meet legal obligations


14. Termination & Data Deletion


 Upon termination of services:

• Personal Data will be deleted or returned, at the Controller’s option

• Retention may occur only where legally required


15. Liability & Governing Law

 This DPA is subject to the limitation of liability and governing law provisions set forth in the main agreement or Terms of Service.


Unless otherwise agreed, this DPA is governed by the laws of the State of Texas, United States.

16. Order of Precedence


In the event of a conflict:

1. This DPA

2. The primary service agreement or Terms of Service

3. Other related documents

17. Contact Information


For data protection inquiries:


iGlobal Services

Email: privacy@iglobal.services

Website: https://www.iglobal.services