Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between DriveConnect and the Customer (in this case, driving instructors) regarding the processing of personal data of learner drivers in accordance with the requirements of Data Protection Laws.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Controller: The entity that determines the purposes and means of processing personal data (typically the driving instructor).
• Data Processor: The entity that processes data on behalf of the Data Controller (DriveConnect).
• Data Subject: The individual to whom the personal data relates (learner drivers).
• Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, etc.
• GDPR: The General Data Protection Regulation (EU) 2016/679.

3. Scope and Purpose

This DPA applies to the processing of Personal Data by DriveConnect on behalf of the Customer in connection with the services provided under the Terms and Conditions. DriveConnect processes data for the purpose of facilitating connections between learner drivers and instructors, managing lesson bookings, and synchronizing calendars.

4. Data Processing Obligations

DriveConnect shall:

• Process Personal Data only on documented instructions from the Customer
• Ensure that persons authorized to process Personal Data have committed to confidentiality
• Implement appropriate technical and organizational measures to ensure security of processing
• Assist the Customer in responding to requests from Data Subjects
• Assist the Customer in ensuring compliance with security obligations
• Delete or return all Personal Data to the Customer after the end of service provision
• Make available to the Customer all information necessary to demonstrate compliance

5. Sub-processors

DriveConnect uses several sub-processors to provide its services, including Clerk for authentication, Nylas for calendar synchronization, Supabase for data storage, AWS S3 for document storage, and Resend for email communication. The Customer hereby gives general written authorization for DriveConnect to engage these sub-processors, provided they offer at least the same level of data protection as outlined in this DPA.

6. International Transfers

If DriveConnect transfers Personal Data to a country outside the EU/EEA, it shall ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other suitable transfer mechanisms approved by the European Commission.

7. Data Breach Notification

DriveConnect shall notify the Customer without undue delay after becoming aware of a Personal Data breach. Such notification shall describe the nature of the breach, the categories and number of Data Subjects affected, the likely consequences, and the measures taken to mitigate potential adverse effects.

8. Audit Rights

DriveConnect shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

9. Term and Termination

This DPA shall remain in effect for as long as DriveConnect processes Personal Data on behalf of the Customer. Upon termination of the service, DriveConnect shall delete or return all Personal Data as requested by the Customer, unless retention is required by EU or Member State law.

10. Contact Information

For any questions regarding this DPA, please contact our Data Protection Officer at info@driveconnect.ie