Data processing addendum.

This page is informational only and is not itself a signed contract. If you need enforceable Article 28 style terms, request a signed DPA before going live.

1. Roles

• Customer: usually the controller for delivery, driver, and recipient data.
• Trackely: usually the processor for that operational data.

2. Scope of processing

The DPA should describe the subject matter, duration, nature, purpose, types of personal data involved, and categories of data subjects.

3. Core processor commitments

• processing only on documented instructions unless required by law;
• ensuring authorised persons are under duties of confidentiality;
• implementing appropriate technical and organisational security measures;
• assisting the customer with data subject requests where required;
• assisting with incidents, breach reporting, DPIAs, and regulator consultation where applicable;
• supporting audits or information requests where required; and
• flowing down equivalent protections to sub-processors.

4. Security measures

The security schedule should reflect the deployed service and customer risk profile, including access control, encryption in transit, infrastructure protections, audit logging, and incident response processes.

5. Sub-processors

Trackely uses providers for hosting, databases, storage, communications, mapping, billing, and related operations.

6. International transfers

If personal data is transferred outside the UK or EEA, the parties should ensure that a lawful transfer mechanism applies.

7. End of contract

At the end of the contract, the DPA should state that Trackely will, at the controller's choice and subject to law, delete or return personal data.

8. Request a signed DPA

To request a signed DPA, email legal@trackely.co.uk from your company domain with your legal entity name, tenant or billing reference, signing contact, and any procurement requirements.