Data Processing Agreement
Last updated: 11 June 2026
Wizume is operated from the United Kingdom. These policies are written to align with UK GDPR, EU GDPR, UK PECR, EU ePrivacy rules, and common US state privacy laws (including California). They are not a substitute for advice from a qualified lawyer for your specific situation.
1. Scope
This Data Processing Agreement ("DPA") applies when a business customer ("Customer") uses Wizume and we process personal data on Customer's instructions under UK GDPR Article 28 and/or EU GDPR Article 28.
2. Roles
Customer is the controller for resume and applicant data entered by users under Customer's account. Wizume is the processor for that data, except where we act as controller for our own account administration, billing, security, and consented product analytics.
3. Processor obligations
- Process personal data only on documented instructions from Customer.
- Ensure confidentiality of personnel with access.
- Implement appropriate technical and organisational security measures.
- Assist with data subject requests where feasible and required by law.
- Notify Customer without undue delay of personal data breaches affecting Customer data.
- Delete or return personal data on termination of services, subject to legal retention.
4. Subprocessors
Customer authorises use of subprocessors listed in our Privacy Policy. We maintain a notification process for material changes (30 days' notice).
5. International transfers
Where personal data is transferred outside the UK or EEA, we use UK International Data Transfer Agreements, EU Standard Contractual Clauses, or other valid transfer mechanisms.
6. Signed copy
For a countersigned DPA suitable for procurement, email legal@wizume.ai with your company details.