Data Processing Agreement (DPA)
Last updated: 21 January 2026
This public DPA is a baseline processor terms summary for Core HR. Enterprise customers may require a negotiated or signed version as part of contracting.
This DPA applies when CoreMethods processes personal data on behalf of a Customer under the Core HR Services.
1) Roles
Customer is the data controller. CoreMethods is the data processor (or service provider) for Customer Data.
2) Scope of processing
- Purpose: Provide the Services, support, and security operations.
- Data subjects: Customer employees, contractors, and authorised users.
- Data types: identity, work contact details, role, training records, audit logs.
3) Processing instructions
CoreMethods processes Customer Data only on documented instructions from the Customer, including this DPA and the Terms.
4) Security measures
CoreMethods maintains technical and organisational measures appropriate to the risk, including access controls and encryption in transit.
5) Personnel and confidentiality
CoreMethods will ensure that personnel with access to Customer Data are bound by confidentiality obligations and have access only where reasonably required to provide or support the Services.
6) Subprocessors
CoreMethods uses subprocessors listed on the Subprocessors page. Customer grants a general authorisation for these subprocessors.
7) Data transfers
For transfers outside Australia or a Customer’s region, we will use appropriate safeguards such as Standard Contractual Clauses (SCCs) where required.
8) Assistance
CoreMethods will assist Customers with data subject requests and regulatory inquiries where applicable.
9) Security incident notice
CoreMethods will notify the Customer without undue delay after becoming aware of a confirmed security incident affecting Customer Data, and will provide available information reasonably necessary for the Customer to understand the impact and support its own notification obligations.
10) Deletion and return
Upon termination, Customer may request deletion or export of Customer Data, subject to legal retention requirements.
11) Audits
Customers may request reasonable audit information or a third‑party audit report, subject to confidentiality.
12) Contact
Email: privacy@coremethods.com.au
Company: CoreMethods, Australia.