Data Processing Agreement (DPA)

When Pinpointer processes personal data on behalf of a customer — for example personal data about employees, drivers, suppliers or counterparties — Pinpointer acts as data processor under GDPR Article 28.

The Data Processing Agreement (DPA) regulates the relationship between the parties and ensures that processing takes place in accordance with the requirements of the Data Protection Regulation. As a B2B customer of Pinpointer, the DPA is automatically included as part of the customer agreement.

Our DPA is based on the European Commission's Standard Contractual Clauses (SCC) and adapted to Pinpointer's services. It covers, among other things:

• Nature, purpose and duration of processing
• Categories of data subjects and personal data
• Pinpointer's obligations as data processor
• Technical and organisational security measures
• Use of sub-processors and chain processing
• International transfers and Schrems II compliance
• Support in case of security incidents and requests from data subjects
• Audit, review and inspection rights
• Return or deletion of personal data at the end of the agreement

Pinpointer's standard DPA is provided as part of the customer agreement at onboarding. Existing and prospective customers can request the DPA separately for review.

A complete list of Pinpointer's sub-processors is publicly available. We notify our customers of changes to the sub-processor list so they have the opportunity to object to specific sub-processors under the applicable DPA.