Choose your language below to download the Data Processing Agreement for Road Visibility services and/ or Carbon Visibility and, only for Customers located outside of the European Economic Area, the Standard Contractual Clauses (Module 4: Transfer Processor to Controller).
In case your company uses Road Visibility and/ or Carbon Visibility services on our platform, the below Data Processing Agreement (DPA) is required to govern the processing of personal data within the mentioned services.
Recently Transporeon has put more and more focus on visibility with its Road Visibility and/ or Carbon Visibility products. Listening closely to the demands of our customers, new features have been added with the Visibility Control Center being a centerpiece. While previously it was not possible for customers to granularly select and instruct Transporeon on how to process their GPS data, this is the new reality. Usually, drivers do not have any direct interaction with the platform and as a result Transporeon does not collect any drivers’ personal data from data subjects directly, but always through the channels as agreed and determined with carriers, e.g. API connection. Thus, carriers organize the GPS location tracking of their fleet internally and choose to make use of Road Visibility to achieve their already defined business purposes (the “why”).
By allowing our customers to select with whom they want to share visibility data (the “how”), Transporeon is bound by the instructions of its data sharing customers in the mentioned Visibility Control Center embedded in Road Visibility. It allows to e.g. specify that partner A and partner B (usually being a shipper) will receive visibility data from the customer/data provider (usually being a carrier), while excluding partner C from it. In addition to the flexibility of the said data sharing concept, data processing by Transporeon further displays characteristics that are attributable to data controllers. Customers decide to make use of Road Visibility and instruct Transporeon to process GPS data for this purpose, thus Transporeon is acting as data processor. The same is applicable for Carbon Visibility where carbon emissions generated by transportation activities are tracked and calculated in detail. This involves gathering data on fuel usage, distance traveled, and other factors that contribute to carbon emissions which are analyzed and reported to relevant stakeholders in accordance with instructions from our customers.
While the requirement of a DPA is always based on the actual situation, the change within the workflow as described above led to a new assessment (which is also required by Regulation (EU) 2016/679, the General Data Protection Regulation, “GDPR”). Hence, this document is necessary now.
We always strive to adopt the best practices on the market, that is why our DPA constitutes standardized and pre-approved language. Those so-called model data protection clauses (the “SCCs”) were published by the European Commission for this purpose. They provide a coherent and balanced approach for the relationship between controllers and processors throughout the EEA.
For comparison, customers can also find the SCCs on the official website of the European Union here.
When using the SCCs, parties can ensure that their contractual obligations in all respects fulfill the requirements of Article 28 (3) and (4) GDPR.
Unfortunately, that is not possible. Upon usage of the mentioned services, our DPA is incorporated in the contract by reference and cannot be replaced by individual templates. If rejected, customers may not use the mentioned services in the first place. However, own templates should not be necessary either way, since Transporeon uses European standards (please see above).
The content of the SCCs cannot be changed and has to be implemented by the parties in the version adopted by the European Commission (see below in various languages). The only changes allowed are for selecting options in some cases that have been already selected in the below Data Processing Agreement.