Data Processing Agreement (DPA)
Tracking Guardian – Engineer M8
This Data Processing Agreement (“Agreement”) forms part of the service agreement between Engineer M8(“Processor”) and the customer (“Controller”) for the provision of the Tracking Guardian service.
1. Definitions
For the purposes of this Agreement:
-
Applicable Law means UK GDPR and the Data Protection Act 2018
-
Controller means the customer using Tracking Guardian
-
Processor means Engineer M8
-
Personal Data means any information relating to an identified or identifiable individual
-
Processing has the meaning given in UK GDPR
2. Scope of Processing
Engineer M8 processes data solely for the purpose of providing the Tracking Guardian service.
Processing activities may include:
-
Collecting device-generated location data
-
Storing and presenting tracking information
-
Providing access to tracking data via the portal
-
Supporting service reliability and fault investigation
Engineer M8 shall not process data for any other purpose without written instruction from the Controller.
3. Nature of the Data
Tracking Guardian processes operational tracking data, which may include:
-
Location coordinates
-
Timestamps
-
Device identifiers
-
Connectivity and status information
Tracking Guardian is designed to monitor assets and equipment, not individuals.
4. Roles and Responsibilities
4.1 Controller Responsibilities
The Controller:
-
Determines the purpose and lawful basis for processing
-
Is responsible for informing individuals where required
-
Ensures use of the service complies with employment and data protection law
4.2 Processor Responsibilities
Engineer M8:
-
Processes data only on documented instructions from the Controller
-
Does not sell or use data for marketing or profiling
-
Ensures personnel with access to data are subject to confidentiality obligations
5. Security Measures
Engineer M8 implements appropriate technical and organisational measures to protect data, including:
-
Encrypted data transmission
-
Secure authentication and access controls
-
Restricted internal access
-
Monitoring for unauthorised activity
These measures are designed to protect against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure.
6. Sub-Processing
Engineer M8 may use supporting service providers where necessary to deliver Tracking Guardian.
All sub-processors:
-
Are bound by data protection obligations equivalent to this Agreement
-
Are used solely to support service delivery
Engineer M8 remains responsible for the performance of its sub-processors.
7. Data Location
Data is stored within Engineer M8–managed systems and protected using appropriate security controls.
Where data is transferred or stored outside the UK, Engineer M8 ensures appropriate safeguards are in place in accordance with Applicable Law.
8. Data Subject Rights
Engineer M8 shall assist the Controller, where reasonably possible, in responding to requests from data subjects, including:
-
Access requests
-
Deletion requests
-
Rectification requests
Requests should be submitted via the WHMCS client area or in writing.
9. Data Breach Management
In the event of a personal data breach:
-
Engineer M8 will investigate promptly
-
The Controller will be notified without undue delay where required by law
-
Reasonable steps will be taken to mitigate impact
10. Data Retention and Deletion
Data is retained in line with the service plan and operational requirements.
Upon termination of the service or written request:
-
Live data processing will cease
-
Access to the portal will be removed
-
Data will be deleted or anonymised in accordance with legal obligations
11. Audits and Compliance
Engineer M8 shall make reasonable information available to demonstrate compliance with this Agreement.
Formal audits may be requested where required by law, subject to reasonable notice and scope.
12. Liability
Each party’s liability under this Agreement is subject to the limitations set out in the main service agreement.
Nothing in this Agreement limits liability where prohibited by law.
13. Governing Law
This Agreement is governed by the laws of England and Wales.
14. Order of Precedence
In the event of conflict between this Agreement and other service terms, this Agreement shall apply in respect of data protection matters.
