Data Processing Addendum

Effective: 30 June 2026

This addendum applies where Web3 Serv processes personal data on your behalf (for example, data you upload about your organization or candidates). It supplements our Privacy Policy.

1.Roles

For your account and the personal data you control, you are the controller and Web3 Serv is the processor; for our own operation of the platform, Web3 Serv is the controller. Each party complies with applicable data-protection law (PDPL, GDPR, and CCPA where relevant).

2.Scope & instructions

We process personal data only to provide the services and on your documented instructions, plus where law requires. We do not sell personal data.

3.Subprocessors

We use the third parties listed on our Subprocessors page, under data-protection terms. We will reflect additions or changes there.

4.Security

We apply technical and organizational measures appropriate to the risk — encryption in transit, access controls, default-deny rules, signed and expiring document URLs, and audit logging.

5.Data subject requests

We assist you in responding to access, correction, deletion, and portability requests. You can export or request deletion from your account (see Privacy).

6.Breach notification

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, with the information needed to meet your obligations.

7.International transfers

Primary data residency is the EU (Firestore eur3). Any transfer relies on an appropriate safeguard.

8.Return & deletion

On termination, we delete or return personal data we process for you, except where retention is required by law (see our Retention Schedule).