Data Processing Addendum

The subject matter of the processing is the provision of the workforce management platform and related support and operational services. Processing continues for the term of the agreement and any limited period reasonably required for secure deletion, return, backup cycling, legal compliance or agreed transition support.

Processing may include collection, storage, organisation, retrieval, consultation, use, transmission, restriction and deletion of personal data as necessary to provide the services, including account administration, authentication, timesheets, attendance records, location-supported events, job and site workflows, vehicle checks, defect reporting, reporting, support, maintenance and security.

The categories of personal data may include names, contact details, login/account data, employee or contractor profile information, attendance and timesheet data, GPS/location data, job and site data, vehicle and inspection records, support records and technical identifiers.

Categories of data subjects may include employees, contractors, temporary workers, administrators, managers, customer contacts and website or support enquirers where relevant to the services.

Fleetwide Digital Ltd will process personal data only on the documented instructions of the customer, unless required to do otherwise by applicable law. The agreement, product settings, user actions and documented support requests form the customer’s instructions for ordinary use of the services.

Fleetwide Digital Ltd will ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations.

Fleetwide Digital Ltd will implement appropriate technical and organisational measures designed to protect customer personal data, taking into account the nature of the processing and the risks presented. These measures may include access controls, authentication, role-based permissions, encryption in transit, audit logging, environment controls, backup procedures and reasonable security monitoring.

The customer authorises Fleetwide Digital Ltd to use sub-processors where reasonably necessary to provide the services, such as hosting, database, authentication, email delivery, analytics, infrastructure and support providers.

Fleetwide Digital Ltd will impose data protection obligations on sub-processors that are materially no less protective than those set out in this Addendum, to the extent applicable to the nature of the services provided by the sub-processor.

Where customer personal data is transferred internationally, Fleetwide Digital Ltd will use appropriate safeguards where required by law.

Taking into account the nature of the processing and the information available, Fleetwide Digital Ltd will provide reasonable assistance to help the customer respond to data subject requests, data protection impact assessments, regulator enquiries and personal data breach obligations, where legally required and reasonably requested.

Fleetwide Digital Ltd will notify the customer without undue delay after becoming aware of a confirmed personal data breach affecting customer personal data, and will provide information reasonably available to assist the customer in meeting its legal obligations.

Upon termination of the services and subject to the agreement, Fleetwide Digital Ltd will delete or return customer personal data in accordance with the customer’s instructions, except to the extent retention is required by law or reasonably necessary for security, backup rotation, dispute resolution or enforcement of legal rights.

Fleetwide Digital Ltd will make available information reasonably necessary to demonstrate compliance with this Addendum and will provide reasonable audit cooperation through proportionate measures such as security documentation, questionnaires or similar verification methods. Any in-depth audit must be reasonable, confidential, proportionate and not unduly disruptive to operations or the rights of other customers.