GDPR & Data Processing Agreement
SponsorSafe HR provides GDPR-aligned processing safeguards and a standard DPA for customers.
Data Processing Agreement (DPA)
Our DPA sets out how SponsorSafe HR processes personal data on behalf of your organisation, including security controls, breach notifications, and subprocessors.
GDPR Commitments
- Data minimization and purpose limitation by design.
- Encrypted storage with access logging and immutable audit trails.
- Signed URL access to evidence files with short-lived expiry.
- Support for data subject access requests and deletion requests.
Controller & Processor Roles
Your organisation remains the data controller. SponsorSafe HR acts as the processor and processes data only under your instruction, as described in the DPA.
Data Residency & Retention
Data is stored in UK-based data centers. Retention periods follow your plan settings and legal requirements. Export and deletion tools are available in-app.