Skip to main content
InfraNet HR

Privacy & Data

Data Processing Addendum

Effective Date: May 30, 2026

This Data Processing Addendum ("DPA") is an agreement between InfraNet HR ("InfraNet," "we," "our," or "us") and the customer organization ("Customer," "Controller," or "you") regarding the processing of personal data through the InfraNet platform. InfraNet maintains policies and standards designed to support secure, reliable, and responsible use of the platform. Learn about platform responsibilities, user expectations, and compliance commitments.

1. Purpose

The purpose of this DPA is to establish the responsibilities of each party regarding the processing of personal data and to define the safeguards applied to information processed through the Services.

2. Roles of the Parties

Customer

The Customer acts as the Data Controller and determines:

  • What data is collected
  • Why data is collected
  • How data is used
  • Who may access data
  • How long data should be retained

InfraNet

InfraNet acts as the Data Processor and processes personal data solely for the purpose of providing the Services. InfraNet does not determine the purposes for which Customer data is collected or processed.

3. Categories of Data

Information processed through the platform may include:

  • Employee information
  • Applicant information
  • Contact information
  • Workplace incident records
  • Leave administration records
  • Accommodation documentation
  • Investigation records
  • Compliance documentation
  • User account information

The specific categories of information processed are determined by the Customer.

4. Processing Activities

InfraNet may process personal data to:

  • Provide platform functionality
  • Store and organize records
  • Authenticate users
  • Generate reports
  • Maintain system security
  • Support customer requests
  • Perform backup and recovery activities
  • Improve reliability and performance

InfraNet will process personal data only as necessary to provide the Services and fulfill contractual obligations.

5. Customer Instructions

InfraNet will process personal data only in accordance with:

  • Customer instructions
  • Applicable agreements
  • Applicable law

The Customer is responsible for ensuring that instructions are lawful and that appropriate authority exists to provide personal data to InfraNet.

6. Confidentiality

InfraNet personnel with access to Customer data are subject to confidentiality obligations and are expected to protect information from unauthorized disclosure. Access to Customer data is limited to individuals who require access to perform authorized duties.

7. Security Measures

InfraNet implements reasonable technical and organizational safeguards designed to protect personal data. Examples may include:

  • Encryption in transit
  • Access controls
  • Authentication safeguards
  • Role-based permissions
  • Monitoring and logging
  • Backup and recovery procedures

Security measures may evolve as technology and business requirements change.

8. Subprocessors

InfraNet may engage third-party service providers ("Subprocessors") to support the delivery of Services. Examples may include providers responsible for:

  • Hosting
  • Infrastructure
  • Data storage
  • Authentication
  • Payment processing
  • Communication services

A current list of subprocessors will be maintained separately and made available to Customers. See our Subprocessor List. InfraNet remains responsible for the performance of its subprocessors as required by applicable agreements.

9. Data Subject Requests

To the extent reasonably possible, InfraNet will assist Customers in responding to requests involving:

  • Access
  • Correction
  • Deletion
  • Restriction
  • Portability

Customers remain responsible for responding to such requests.

10. Security Incidents

If InfraNet becomes aware of a confirmed security incident affecting Customer data, InfraNet will:

  • Contain and remediate the issue
  • Investigate the nature and scope of the incident
  • Assess potential impact
  • Notify affected Customers when appropriate and required by law
  • Implement corrective measures as necessary

Notification timing may depend on the nature of the incident and applicable legal requirements.

11. Data Retention and Deletion

Upon termination of Services, Customer data will be retained and deleted in accordance with InfraNet's Data Retention Policy unless otherwise required by law or contractual obligation. Customers are encouraged to export necessary information prior to account closure.

12. International Transfers

Customer data may be processed and stored in locations where InfraNet or its service providers operate. InfraNet will take reasonable measures to protect personal data regardless of processing location.

13. Audits and Information Requests

Upon reasonable request, InfraNet may provide information regarding its security practices and controls to support Customer due diligence efforts. Nothing in this section requires InfraNet to disclose confidential security information, proprietary information, or information that could compromise platform security.

14. Limitation

This DPA supplements, but does not replace, the Terms of Service, Privacy Policy, or other agreements between the parties. If a conflict exists, the applicable written agreement between the parties shall control.

15. Contact

Questions regarding this Data Processing Addendum may be directed to:

InfraNet HR
Email: privacy@infranet-hr.com
Springfield, Missouri, United States

Last Updated: May 30, 2026