1. Purpose and Roles

This page summarizes how Moil Enterprise Inc. processes personal data on behalf of business customers (for example, employers who process applicant data through the Services). For most such processing, the customer is the "controller" and Moil acts as a "processor". A signed DPA is available on request.

2. Scope and Instructions

We process customer personal data only to provide the Services and according to the customer's documented instructions, the Terms and Conditions, and applicable law.

3. Confidentiality and Security

Personnel authorized to process personal data are bound by confidentiality, and we maintain technical and organizational measures appropriate to the risk, including encryption in transit and access controls.

4. Subprocessors

We engage the subprocessors listed on our Subprocessors page to help deliver the Services, under contracts that impose data-protection obligations. We remain responsible for their performance.

5. Data Subject Requests

We assist the customer, taking into account the nature of processing, in responding to requests from individuals to exercise their rights under applicable privacy laws.

6. Personal Data Breaches

We will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data, and provide information reasonably needed to meet notification obligations.

7. Return and Deletion

On termination, and at the customer's choice, we will delete or return customer personal data, except where retention is required by law.

8. International Transfers

Where personal data is transferred across borders, we rely on appropriate safeguards such as the Standard Contractual Clauses where required.

9. Audits

On reasonable request and subject to confidentiality, we will make available information necessary to demonstrate compliance with these obligations.

10. Requesting a Signed DPA

To execute a DPA, email contacto@moilapp.com.