Data Processing Addendum (DPA)

1. Purpose

This page provides a practical overview of Trackely's data processing terms for customers that need UK GDPR or EU GDPR contractual coverage. A full signed DPA can be requested for commercial contracts.

2. Roles

• Customer is typically the Controller for delivery and driver data.
• Trackely acts as Processor for data handled through the service.

3. Subject matter and duration

Processing covers customer account administration, route planning, dispatch, tracking, proof-of-delivery assets, and support operations for the subscription term and any agreed retention period.

4. Categories of data

• Business account details (tenant, users, billing contacts)
• Operational records (orders, routes, stops, delivery notes)
• Driver records (identity, assignment, optional location traces)
• Recipient or customer contact details required for delivery
• Proof-of-delivery artifacts (images and signatures where enabled)

5. Processor obligations summary

• Process personal data only on documented customer instructions
• Apply appropriate technical and organisational security controls
• Assist with data subject requests where commercially reasonable
• Support breach reporting obligations under applicable law
• Delete or return personal data at contract end, subject to lawful retention

6. Sub-processors

Trackely uses a limited set of infrastructure and communications providers, for example hosting, database, email, SMS, and billing. Customers should perform their own due diligence and maintain supplier records as part of their compliance program.

7. International transfers

Transfers, if any, are handled using appropriate transfer mechanisms in line with UK GDPR or EU GDPR requirements and commercial documentation.