Log in

Get Hejj free

Get Hejj free

Data processing agreement

data processing agreement

This Data Processing Agreement (“DPA”) forms an integral part of the agreement (the “Agreement”) entered into between Hejj BV, with registered office at [insert address], Belgium, registered with the Crossroads Bank for Enterprises under number [insert number] (“Hejj” or the “Processor”), and the customer as defined in the Agreement (the “Customer” or the “Controller”).

Hejj provides the Hejj SaaS platform (the “Platform”) for performance management, including functionality for continuous feedback, check-ins, and reviews. In the course of providing the Services under the Agreement, Hejj may process personal data on behalf of the Customer. This DPA governs the conditions under which such processing occurs.

  1. dEFINITIONS

1.1. The capitalized terms used in this DPA shall have the meaning set out below or, where not defined herein, the meaning attributed to them in the GDPR.

1.2. “Data Protection Legislation” means all applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1.3. Terms such as “Personal Data”, “Processing”, “Data Subject”, “Controller”, “Processor”, and “Personal Data Breach” shall have the meanings set forth in the GDPR.

  1. roles of the parties

2.1. The Customer acts as Controller for the Customer Personal Data it submits to the Platform, and Hejj acts as Processor on behalf of the Customer in processing such data.

2.2. In addition, Hejj shall act as a Controller in its own right with respect to Personal Data of the Customer’s representatives (e.g., contact details), processed for purposes such as contract administration, customer relationship management, and business development.

2.3. Hejj processes such business contact data in accordance with its Privacy Policy and in compliance with applicable Data Protection Legislation.

  1. SUBJECT MATTER AND DURATION

3.1. This DPA governs the Processing of Personal Data by Hejj on behalf of the Customer in the course of delivering the Services as defined in the Agreement.

3.2. This DPA shall apply for the duration of the Agreement and for as long as Hejj processes Personal Data on behalf of the Customer.

  1. name and purpose of processing

4.1. The nature of the Processing consists of the collection, storage, structuring, consultation, and use of Customer Personal Data within the Platform.

4.2. The purpose of the Processing is to allow the Customer and its authorized users to manage employee performance through check-ins, reviews, feedback and related HR features provided via the Platform.

4.3. The categories of Data Subjects include employees, managers, and contractors of the Customer.

4.4. The categories of Personal Data may include names, email addresses, function titles, performance-related data, feedback content, and any other information the Customer or its users input into the Platform.

  1. obligations of the controller

5.1. The Customer shall ensure that it has a valid legal basis to process and share the Customer Personal Data with Hejj. The Customer shall provide relevant information and, where required, obtain consent from Data Subjects.

5.2. The Customer is solely responsible for the accuracy, quality, and lawfulness of the Customer Personal Data.

5.3. The Customer shall ensure that Data Subjects are informed about the Processing of their data in accordance with applicable Data Protection Legislation.

  1. oBLIGATIONS OF THE PROCESSOR

6.1. Hejj shall process Customer Personal Data only on documented instructions from the Customer, including as set out in this DPA and the Agreement.

6.2. Hejj shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

6.3. Hejj shall ensure that persons authorized to process the Customer Personal Data are subject to confidentiality obligations.

6.4. Hejj shall assist the Customer, insofar as reasonably possible, in responding to requests from Data Subjects exercising their rights under the GDPR.

6.5. Hejj shall provide reasonable assistance to the Customer in conducting data protection impact assessments and prior consultations with supervisory authorities where required.

6.6. Hejj shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data.

6.7. Upon termination of the Agreement, Hejj shall delete or return Customer Personal Data upon written request, unless storage is required by law.

  1. SUB-PROCESSING

7.1. The Customer acknowledges that Hejj may engage sub-processors to support the provision of the Services.

7.2. Hejj shall enter into a written agreement with sub-processors ensuring they are subject to equivalent obligations with respect to the protection of Customer Personal Data.

7.3. Hejj remains fully liable to the Customer for the performance of its sub-processors.

7.4. A list of current sub-processors is available upon request. Hejj shall inform the Customer of any intended changes concerning sub-processors to enable the Customer to object.

  1. iNTERNATIONAL TRANSFERS

8.1. If the Processing of Customer Personal Data involves a transfer outside the EEA, Hejj shall ensure such transfer complies with the requirements of the GDPR, including the implementation of appropriate safeguards such as Standard Contractual Clauses.

  1. AUDITS

9.1. Upon reasonable request, Hejj shall make available to the Customer all information necessary to demonstrate compliance with this DPA.

9.2. The Customer may appoint an independent auditor, subject to Hejj’s approval, to conduct audits not more than once every two years, provided such audits: - Occur during business hours with reasonable notice - Do not interfere with Hejj’s operations - Are subject to confidentiality and data security commitments - Are at the Customer’s sole cost

  1. lIABILITY

10.1. The liability of each party under this DPA shall be subject to the limitations and exclusions of liability set out in the Agreement.

  1. governing law and jurisdiction

11.1. This DPA shall be governed by and construed in accordance with Belgian law.

11.2. Any disputes arising from or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of Ghent, Belgium, unless otherwise agreed in the Agreement.

  1. MISCELLANEOUS

12.1. If any provision of this DPA is held invalid or unenforceable, the remainder shall remain in full force and effect.

12.2. This DPA may be amended by Hejj from time to time. The current version is made available to the Customer and governs the Processing as of the effective date.

Contact

For any questions regarding this Privacy Statement, please contact:
privacy@hejj.io

Hejj.io BV - 17/01/2026