Menu

Privacy policy

Data Processing Agreement – GDPR (SaaS)

 

General Provisions

This document describes the terms and conditions applicable to the processing of personal data by TRAXXEO in connection with the SaaS Services.

This document is published as data processing terms and forms an integral part of the contractual terms applicable to the SaaS Services, as defined in the contract, the purchase order, or the general terms and conditions agreed upon between TRAXXEO and the customer (the “Customer Agreement”).

This document must be interpreted in conjunction with the Customer Agreement and may not be interpreted in isolation or extend TRAXXEO’s obligations beyond those expressly provided for in the Customer Agreement and applicable data protection law.

In the event of any conflict between this document and the Customer Agreement, the Customer Agreement shall prevail, unless applicable data protection law expressly mandates a different hierarchy.

 

1. Scope

1.1

This document applies to any processing of personal data carried out in connection with TRAXXEO’s provision of its SaaS Services, including, in particular, vehicle and object tracking data as well as associated mobile applications.

1.2

In the event of a conflict or inconsistency between this document and any other agreement entered into between TRAXXEO and the Customer regarding the provision of the SaaS Services, the provisions of this document shall apply within the limits and according to the interpretation set forth in the General Provisions.

 

2. Definitions

2.1

“Applicable Data Protection Law” means Regulation (EU) 2016/679 of April 27, 2016 (GDPR), as well as any other applicable law or regulation regarding data protection or privacy.

2.2

“Customer” means TRAXXEO’s client entity.

2.3

The terms “Personal Data,” “Data Subject,” “Data Controller,” “Data Processor,” “Data Protection Officer,” “Data Protection Impact Assessment,” and “Supervisory Authority” have the meanings given to them by the GDPR.

2.4

“Standard Contractual Clauses” means the standard contractual clauses adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021, as subsequently amended, supplemented, or replaced.

2.5

“Personal Data” means any information relating to a Data Subject processed by TRAXXEO on behalf of the Customer in connection with the SaaS Services.

2.6

“Special categories of personal data” means the data referred to in Articles 9 and 10 of the GDPR.

2.7

“Third-Party Processor” means any subprocessor engaged by TRAXXEO in connection with the performance of the SaaS Services.

 

3. Roles and Purposes of Processing

3.1

The Customer is and remains the Data Controller. The Customer assumes all related legal obligations, including determining the legal basis for processing, informing Data Subjects, and, where applicable, obtaining the necessary consents.

3.2

TRAXXEO acts exclusively as a Processor, or where applicable as a Subprocessor, and processes personal data solely on behalf of the Client and in accordance with the Client’s documented instructions.

3.3

TRAXXEO processes personal data solely:

  • to provide the SaaS Services;
  • to comply with the Client’s written instructions;
  • to meet its legal obligations.

4. Categories of Data and Data Subjects

4.1

The SaaS Services may involve the processing of identification data, contact data, professional data, geolocation data, operational performance data, and service usage data.

4.2

Data subjects include, in particular, the Customer’s employees, subcontractors, partners, customers, and end users.

4.3

Unless otherwise expressly agreed in writing in advance, the SaaS Services are not intended for the processing of special categories of personal data.

 

5. Client Instructions

TRAXXEO processes personal data in accordance with the Client’s written instructions.
TRAXXEO shall promptly notify the Client if, in its reasonable judgment, an instruction is likely to violate applicable law.

 

6. Rights of Data Subjects

TRAXXEO provides the necessary technical means to enable the Customer to respond to requests from Data Subjects to exercise their rights.
Any specific assistance exceeding the standard features of the SaaS Services may be subject to reasonable fees to be borne by the Client.

 

7. Data Location and Transfers

7.1

Personal data processed in connection with the SaaS Services is hosted and processed exclusively within the European Union.

7.2

TRAXXEO undertakes to ensure that personal data and all associated processing, including that performed by third-party processors, remain permanently located within the European Union.

7.3

The Customer shall be notified of any substantial changes regarding third-party processors. Under no circumstances shall any such change result in the processing of or access to personal data outside the European Union.

 

8. Sub-processors

8.1

TRAXXEO may use third-party processors to perform the SaaS Services, provided that such processors are established and operate exclusively within the European Union.

8.2

TRAXXEO remains fully responsible for ensuring that its third-party subcontractors comply with the obligations set forth in this document and under applicable law.

 

9. Security and Confidentiality

9.1

TRAXXEO attaches essential and strategic importance to the security of its SaaS Services and implements appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and resilience of the personal data processed.

9.2

Details of security measures, technical architecture, and protection mechanisms constitute strictly confidential information, the disclosure of which could compromise the overall security of the SaaS Services.

9.3

Access to personal data is strictly limited to authorized individuals, who are subject to an appropriate confidentiality obligation.

 

10. Audit Rights and Cooperation

10.1

The Customer may verify TRAXXEO’s compliance with its obligations under this document on an exceptional basis and no more than once every twelve (12) months, unless required by mandatory law or upon a formal request from a competent supervisory authority.

10.2

Any cooperation regarding audits shall be conducted under conditions that ensure the security, confidentiality, and continuity of the SaaS Services.

10.3

Any audit request must be made in writing by the Customer, stating the reasons for the request.

TRAXXEO retains full control over the terms and conditions of the audit, including in particular:

  • the appointment of the auditor (internal or third-party),
  • the definition of the scope, methodology, and schedule,
  • the determination of the information to be made available.

10.4

Under no circumstances may audits:

  • include penetration tests or vulnerability analyses,
  • provide access to production environments,
  • result in the disclosure of sensitive security information.

10.5

When TRAXXEO engages a third-party auditor, such auditor is selected and appointed exclusively by TRAXXEO and is subject to a heightened confidentiality obligation.

10.6

All costs related to the audit are fully borne by the Client, including reasonable internal expenses incurred by TRAXXEO.

 

11. Incidents and Data Breaches

TRAXXEO shall notify any personal data breach as soon as possible and no later than twenty-four (24) hours after it is identified.

 

12. Termination of SaaS Services

Upon termination of the SaaS Services, TRAXXEO shall return or delete personal data in accordance with applicable law, unless otherwise required by law.

 

13. Legally Required Disclosures

Any request for disclosure from a competent authority shall be notified to the Customer as soon as possible, unless prohibited by law.

 

14. Data Protection Officer

TRAXXEO has appointed a Data Protection Officer, who can be reached at:
dpo@traxxeo.com.