Lets Talk
  • ISO 27001 Aligned
  • ISO 9001 Certified
  • GDPR Compliant

Data Processing Agreement (DPA)

Between
International Strategic Hiring Choices (ISHC)
  • Registered Office: Dhaka, Bangladesh
  • Email: support@int-shc.org

Client Organization (“Controller” or “Processor”, as applicable)

1. Purpose and Scope

This Data Processing Agreement (“Agreement”) sets out the rights and obligations of both parties in relation to the processing of personal data under applicable data protection laws, including but not limited to the EU GDPR, UK GDPR, California CCPA, and Bangladesh Digital Security and Privacy Guidelines.
It applies when ISHC processes personal data on behalf of the Client in connection with HR, staffing, payroll, and business process outsourcing services.

2. Roles and Responsibilities

  • ISHC as Controller: When collecting, analyzing, or storing personal or business data for ISHC’s own operational, HR, or marketing use.
  • ISHC as Processor: When processing client or candidate data solely for providing contracted services under the Client’s instructions.

Both parties commit to maintain full compliance with relevant privacy laws.

3. Categories of Data Processed

Employee and candidate information (name, contact details, employment history, qualifications)
  • Employee and candidate information (name, contact details, employment history, qualifications)

International Strategic Hiring Choices (ISHC)

  • Payroll and financial data
  • Identification data (passport, NID, visa, ID cards)
  • Employers’ staffing or project requirements, including sensitive role information
  • Communication records and audit log
Special categories (e.g., health, biometric, or union data) are processed only when strictly necessary and under explicit consent.

4. Data Storage and Transfers

  • All primary data is securely hosted on local servers in Bangladesh.
  • Cross-border transfers may occur, including transfers from the EU or UK to Bangladesh.
ISHC ensures adequate protection via:
  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Transfer Impact Assessments (TIAs) when applicable
  • Encryption and controlled access during transmission and storage

5. Security Measures

ISHC maintains a comprehensive data-security framework that includes:
  • AES-256 encryption at rest and in transit
  • Multi-factor authentication and role-based access control
  • Firewalls and continuous intrusion-detection systems
  • Employee confidentiality and security training
  • Regular internal audits and vulnerability assessments
These measures are reviewed annually and updated to reflect evolving threats.

6. Sub-Processors

  • ISHC may engage vetted sub-processors such as Google Workspace, Zoho, HubSpot, Wati, AWS, and other infrastructure providers.
  • Each sub-processor operates under written agreements imposing equivalent data-protection obligations.
  • Clients may request a current list of sub-processors at any time.
  • If a Client opts out, ISHC can deliver services entirely through its own secured in-house system, without third-party integrations.

7. Data Retention and Deletion

ISHC retains client-related personal data only for the duration of the service contract. Upon termination or written instruction:
  • All identifiable data is deleted or anonymized immediately,
  • System backups containing data fragments are purged during the next scheduled security audit.
ISHC provides deletion certificates upon request.

8. Data Breach Notification

In the event of a suspected or confirmed data breach, ISHC will:
  • Investigate and contain the incident immediately.
  • Notify affected clients within 72 hours of awareness.
  • Provide full details of the nature, scope, and impact of the breach.
  • Recommend mitigation steps and document corrective actions.
All breaches are handled with care, caution, and transparency under ISHC’s internal Data Incident Protocol.

9. Data Subject Rights

ISHC assists clients in fulfilling data-subject requests including:
  • Access, rectification, or erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability requests
  • Objection or withdrawal of consent
All responses occur within legally mandated timeframes.

10. Confidentiality

All ISHC personnel are bound by confidentiality clauses. Access to client data is strictly limited to authorized personnel under the principle of least privilege.

11. Liability and Indemnity

Each party is responsible for its own compliance and will indemnify the other for damages arising from its respective breaches of this Agreement or applicable data-protection law

12. Term and Termination

This Agreement remains effective throughout the service engagement. Upon termination, ISHC shall delete or return all personal data in a secure format unless retention is required by law.

13. Audits and Inspections

Clients may request a summary of ISHC’s audit findings or, with prior notice, conduct an independent audit subject to confidentiality and reasonable scheduling.

14. Governing Law and Jurisdiction

This Agreement shall be governed by the laws of Bangladesh. Where applicable, GDPR and UK data-protection standards apply concurrently. Any dispute shall be resolved in Dhaka Metropolitan Court unless otherwise mutually agreed.

15. Contact Information

For all data-protection inquiries:
  • support@int-shc.org
  • rafiq.hrdirector@int-shc.org