Privacy & Data
Effective Date: May 30, 2026
This Data Processing Addendum (“DPA”) is an agreement between InfraNet HR (“InfraNet,” “we,” “our,” or “us”) and the customer organization (“Customer,” “Controller,” or “you”) regarding the processing of personal data through the InfraNet platform.
The purpose of this DPA is to establish the responsibilities of each party regarding the processing of personal data and to define the safeguards applied to information processed through the Services.
The Customer acts as the Data Controller and determines what data is collected, why it is collected, how it is used, who may access it, and how long it should be retained. InfraNet acts as the Data Processor and processes personal data solely for the purpose of providing the Services. InfraNet does not determine the purposes for which Customer data is collected or processed.
Information processed through the platform may include employee information, applicant information, contact information, workplace incident records, leave administration records, accommodation documentation, investigation records, compliance documentation, and user account information. The specific categories are determined by the Customer.
InfraNet may process personal data to provide platform functionality, store and organize records, authenticate users, generate reports, maintain system security, support customer requests, and perform backup and recovery activities. InfraNet will process personal data only as necessary to provide the Services.
InfraNet will process personal data only in accordance with customer instructions, applicable agreements, and applicable law. The Customer is responsible for ensuring that instructions are lawful and that appropriate authority exists to provide personal data to InfraNet.
InfraNet personnel with access to Customer data are subject to confidentiality obligations and are expected to protect information from unauthorized disclosure. Access to Customer data is limited to individuals who require access to perform authorized duties.
InfraNet implements reasonable technical and organizational safeguards including encryption in transit, access controls, authentication safeguards, role-based permissions, monitoring and logging, and backup and recovery procedures. Security measures may evolve as technology and business requirements change.
InfraNet may engage third-party service providers (“Subprocessors”) to support delivery of Services, including providers responsible for hosting, infrastructure, data storage, authentication, payment processing, and communication services. A current list of subprocessors is maintained separately. InfraNet remains responsible for its subprocessors’ performance as required by applicable agreements.
To the extent reasonably possible, InfraNet will assist Customers in responding to requests involving access, correction, deletion, restriction, or portability. Customers remain responsible for responding to such requests.
If InfraNet becomes aware of a confirmed security incident affecting Customer data, InfraNet will contain and remediate the issue, investigate the nature and scope of the incident, assess potential impact, notify affected Customers when appropriate and required by law, and implement corrective measures as necessary. Notification timing may depend on the nature of the incident and applicable legal requirements.
Upon termination of Services, Customer data will be retained and deleted in accordance with InfraNet’s Data Retention Policy unless otherwise required by law or contractual obligation. Customers are encouraged to export necessary information prior to account closure.
Customer data may be processed and stored in locations where InfraNet or its service providers operate. InfraNet will take reasonable measures to protect personal data regardless of processing location.
Upon reasonable request, InfraNet may provide information regarding its security practices and controls to support Customer due diligence efforts. Nothing in this section requires InfraNet to disclose confidential security information, proprietary information, or information that could compromise platform security.
This DPA supplements, but does not replace, the Terms of Service, Privacy Policy, or other agreements between the parties. If a conflict exists, the applicable written agreement between the parties shall control.
Questions regarding this Data Processing Addendum may be directed to:
InfraNet HR
Email: privacy@infranet-hr.com
Springfield, Missouri, United States
Last Updated: May 30, 2026