Data Processing Agreement (DPA)

Effective Date: February 1, 2026

This Data Processing Agreement (“DPA”) forms part of the service relationship between WRKFORC [Legal Company Name] (“WRKFORC”, “Processor”) and its clients (“Client”, “Controller”) who engage WRKFORC for Employer of Record (EOR), PEO, Payroll Outsourcing, Employment Outsourcing, Work Permit, and Recruitment services.

This DPA governs how personal data is processed on behalf of the Client in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

 

1. Roles of the Parties

For the purposes of this DPA:

  • The Client is the Data Controller

  • WRKFORC is the Data Processor when processing employee data on behalf of the Client

In EOR services, WRKFORC may act as both Controller and Employer where required by law.

 

2. Nature and Purpose of Processing

WRKFORC processes personal data strictly for:

  • Payroll administration and salary processing

  • Social insurance and tax coordination

  • Employment record management

  • Work permit and immigration processing

  • HR documentation and reporting

  • Compliance with labor and regulatory requirements

 

3. Types of Personal Data Processed

WRKFORC may process:

  • Identification documents (ID, passport)

  • Contact details

  • Employment contracts and job information

  • Salary, payroll, tax, and social insurance records

  • Immigration and visa documentation

  • Attendance and leave records

 

4. Processor Obligations

WRKFORC agrees to:

  • Process data only based on Client instructions

  • Ensure confidentiality of all processed data

  • Implement appropriate technical and organizational security measures

  • Restrict access to authorized personnel only

  • Assist the Client in fulfilling data subject rights requests

  • Notify the Client promptly in case of a data breach

 

5. Sub-Processors

WRKFORC may engage trusted sub-processors (such as hosting providers, payroll systems, or banking partners) necessary for service delivery.

All sub-processors are bound by strict data protection and confidentiality obligations.

 

6. International Data Access

Due to WRKFORC’s multi-country operations, data may be securely accessed by authorized teams across locations strictly for service delivery, under controlled access and GDPR-aligned safeguards.

 

7. Data Retention and Deletion

Upon termination of services, WRKFORC will, upon Client request:

  • Return relevant data, or

  • Securely delete data unless retention is required by law

 

8. Data Subject Rights Assistance

WRKFORC will assist the Client in responding to requests from employees or individuals regarding:

  • Access to data

  • Correction of data

  • Deletion requests

  • Processing objections

 

9. Security Measures

WRKFORC maintains:

  • Encrypted systems and storage

  • Secure HR and payroll platforms

  • Access controls and monitoring

  • Confidentiality agreements with staff

  • Regular data backups

 

10. Governing Law

This DPA is governed by applicable data protection laws and the laws governing the service agreement between WRKFORC and the Client.

 

11. Contact

For any DPA or data protection matters:

privacy@lightgray-dolphin-216309.hostingersite.com
www.lightgray-dolphin-216309.hostingersite.com

Scroll to Top