GABE HRIS Data Processing Agreement (DPA)

Last Updated: March 2026
Gabe Technologies LLC | www.gabehris.com
Privacy Contact: [email protected]

1. Roles of the Parties

For the purposes of applicable data protection laws:

• The Customer is the data controller for Customer Data processed in GABE HRIS.
• Gabe Technologies LLC acts as the data processor on behalf of the Customer.

The Customer determines the purposes and means of processing personal data. Gabe Technologies processes personal data only in accordance with the Customer’s documented instructions and the applicable service agreement.

2. Scope of Processing

GABE HRIS processes personal data for the purpose of providing HR management, workforce administration, compliance reporting, and related platform services.

Personal data processed may include information relating to:

• Employees
• Contractors
• Job applicants
• HR administrators
• Authorized users of the platform

Types of personal data processed may include:

• Names and contact information
• Employment information
• Payroll and compensation information
• Work history and job details
• Timekeeping and attendance records
• Compliance and workforce reporting data

3. Processing Instructions

Gabe Technologies processes personal data only:

• To provide the GABE HRIS services
• According to Customer configuration and instructions
• As necessary to maintain platform security and reliability
• To comply with applicable legal obligations

4. Confidentiality

Gabe Technologies ensures that all personnel authorized to process personal data are subject to appropriate confidentiality obligations.

5. Security Measures

Gabe Technologies implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction.

Security controls may include:

• Encryption in transit
• Access controls and authentication mechanisms
• System monitoring and logging
• Network security protections
• Secure infrastructure hosting

6. Subprocessors

Gabe Technologies may use subprocessors to provide infrastructure and operational services necessary to deliver the platform.

Subprocessors may include providers of:

• Cloud infrastructure
• Data storage
• Security monitoring
• Email delivery
• Customer support tools

All subprocessors are required to maintain appropriate data protection safeguards consistent with this agreement.

7. Assistance With Data Subject Rights

To the extent legally required, Gabe Technologies will provide reasonable assistance to the Customer in responding to requests from individuals exercising their data protection rights, including requests for access, correction, or deletion of personal data.

8. Personal Data Breach Notification

Gabe Technologies will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Data processed under this agreement.

9. Data Retention and Deletion

Customer Data will be retained for the duration of the Customer’s subscription unless otherwise instructed by the Customer.

Upon termination of services, Customer Data will be deleted or returned in accordance with the service agreement, subject to applicable legal obligations.

10. International Data Transfers

Where personal data is transferred across international borders, Gabe Technologies will implement appropriate safeguards consistent with applicable data protection laws.

11. Audit Rights

Customers may request reasonable information demonstrating compliance with this Data Processing Agreement. Such requests must be reasonable in scope and frequency and must not compromise platform security or confidentiality obligations to other customers.

12. Updates

This Data Processing Agreement may be updated from time to time to reflect changes in applicable law or platform operations. Updated versions will be posted on this page.