Last Updated: 07/16/2025
This Data Processing Addendum ("DPA") supplements and is incorporated into any agreement between Netradyne and a person or entity ("Customer") governing Customer's use of Netradyne's Products and Services, whether such use is (i) pursuant to a direct agreement with Netradyne, (ii) through a reseller, or (iii) under any other terms of service or agreement permitting such use (collectively, the "Agreement"). Where Customer accesses the Products and Services through a reseller, Customer's acceptance of this DPA may be through electronic means, product activation, or continued use of the Products and Services. This DPA is an agreement between Customer (together with all its Affiliates using the Products and Services under the Agreement) and Netradyne (each a "Party" and collectively "Parties").
In this Addendum, the following terms will have the meanings set out below:
1.1. “Customer Personal Data” means any Personal Data subject to Data Protection Laws contained in Customer Data that the Customer provides or has made available to Netradyne and is Processed by Netradyne on Customer’s behalf pursuant to the Agreement.
1.2. “Data Protection Laws” means, as applicable, (i) the EU General Data Protection Regulation (EU 2016/679) (the “EU GDPR”), its incorporation into the laws of England and Wales, Scotland, and Northern Ireland by virtue of the UK European Union (Withdrawal) Act 2018 (the “UK GDPR”); (ii) the Swiss Federal Act on Data Protection (“FADP”); (iii) United States federal and/or state data protection or privacy statutes, including but not limited to the California Consumer Privacy Act of 2018 as amended by The California Privacy Rights Act of 2020 (together with its implementing regulations, the “CPRA”); (iv) the Belgian Data Protection Act of 30 July 2018 (the "BDPA") and/or (v) any other applicable national legislation in the European Economic Area or United Kingdom which supplements the EU GDPR or UK GDPR (as applicable), and/or the applicable data privacy, and/or applicable data protection laws in any country; in each case, as may be amended, superseded or replaced from time to time.
1.3. “Controller” means the entity that determines the means and purposes of processing Personal Data.
1.4. “Data Subject” means the individual who is the subject of Personal Data.
1.5. “EU SCCs” means the Standard Contractual Clauses annexed to the EU Commission’s Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
1.6. “Personal Data” means “personal data”, “personal information” or “personally identifiable information” or any analogous term under Data Protection Laws, as these terms are defined under Data Protection Laws.
1.7. “Personal Data Breach” means any security breach that Data Protection Laws would require (i) Netradyne to report to Customer or (ii) Customer to report to a Supervisory Authority or affected individuals, or to maintain a record of, that involves Personal Data subject to this Addendum.
1.8. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
1.9. “Processor” means an entity that processes Personal Data on behalf of a Controller.
1.10. “Supervisory Authority” means a government or regulatory authority responsible for administering, overseeing compliance with, and/or enforcing Data Protection Laws.
1.11. Capitalized terms not otherwise defined herein will have the meaning given to them in the Agreement.
This DPA applies where and only to the extent that Netradyne Processes Customer Personal Data on behalf of the Customer as a Processor (or sub-processor) and, with respect to CPRA, as a “service provider” or “contractor” in the course of providing the Products and Services under the Agreement.
In the event and to the extent of any conflict between the terms of the Agreement and this DPA, the terms of this DPA will prevail. In the event and to the extent of any conflict between the terms of this DPA and the SCCs or the UK Addendum, the SCCs or the UK Addendum (as applicable) will prevail to the extent of such conflict. Except as expressly amended herein, the terms of the Agreement remain in full force and effect.
3.1. Role of the Parties
As between the parties, Netradyne acts as a Processor (or sub-processor, service provider, or contractor) of the Customer Personal Data.
3.2. Customer Instructions
3.2.1. Netradyne will Process Customer Personal Data as specifically set forth in the Agreement, this DPA, and/or Customer’s documented instructions, or as otherwise required by applicable law to which Netradyne is subject (the “Customer Instructions”). If Netradyne is required by applicable law to Process Customer Personal Data other than in accordance with the Customer Instructions, Netradyne will to the extent permitted by applicable law inform the Customer of that legal requirement before such Processing, unless that law prohibits such information on important grounds of public interest.
3.2.2. Netradyne will promptly notify the Customer if, in Netradyne’s opinion, Customer Instructions violate applicable law or if Netradyne determines that it can no longer meet its obligations under the applicable law. Netradyne shall be entitled to suspend performance of such Customer Instruction.
3.2.3. Customer shall ensure that Customer Instructions, do not put Netradyne in breach of any applicable laws or regulations.
4.1. Netradyne shall ensure that its employees, agents, contractors and other personnel who have access to Personal Data: (a) only do so to the extent strictly necessary to provide the Services; and (b) are bound by suitable binding confidentiality obligations which are no less protective than set out in the Agreement.
5.1. Netradyne will implement and maintain appropriate technical and organizational security measures designed to safeguard Customer Personal Data. Netradyne shall implement measures contained in in Schedule II. Netradyne may modify such measures from time to time, provided that the modifications shall not materially diminish the overall security of the Customer Personal Data.
6.1. Customer hereby provides a general authorisation to Netradyne affiliates, as well as to other third parties listed in Schedule 3, to be sub-processors (each a “Sub-processor”). Netradyne may disclose Customer Personal Data to its Sub-processors for the purposes of providing the Products and Services, provided that Netradyne’s Sub-processors commit to binding data protection obligations that are no less onerous than those set out in this DPA.
6.2. Customer shall be entitled to object to any change of Sub-processors as notified by Netradyne from time to time within thirty (30) calendar days of such notification. Where Customer fails to object to such change within such period of time, Customer shall be deemed to have consented to such change. Where a materially important reason for such objection exists and is provided in writing to Netradyne, and failing an amicable resolution of this matter by the parties (each Party acting reasonably and in good faith), Customer may terminate the applicable Order Form(s) in relation only to the impacted features or functionalities of the Products and Services.
6.3. Netradyne will remain responsible for the acts or omissions of Sub-processors to the same extent required by Data Protection Laws as if the acts or omissions were performed by Netradyne and shall be permitted to re-perform or to procure the re-performance of any obligations. Customer acknowledges and accepts that such re-performance shall diminish any claim that Customer has against Netradyne in respect of any Sub-processor liability.
7.1. Netradyne shall notify and assist Customer if it receives requests from Data Subjects to exercise their rights (Data Subject Requests), provided Netradyne can reasonably identify from the information provided by the Data Subjects that such request relates to the Customer or Customer Personal Data. Netradyne shall not respond to any such request unless required by applicable law. Netradyne may require the Customer to bear the actual costs incurred as a result of the assistance provided in accordance with this Section based on the then currently applicable service rates of Netradyne.
7.2. For avoidance of doubt, Customer is responsible as Controller for responding to Data Subject Requests. Netradyne’s Products and Services include technical and organizational measures that have been designed to assist Customer in responding to Data Subject Requests.
Netradyne shall:
(a) unless legally prohibited from doing so, promptly notify Customer without undue delay (and in any event within 72 hours) of any request for information from or complaint by a supervisory authority, regulator, law enforcement agency or credit reporting agency, in relation to Personal Data that Netradyne Processes in connection with the Agreement; and
(b) if requested by Customer, discuss and cooperate in the preparation of any response to such request;
(c) not respond to such request without Customer’s prior written consent, unless legally compelled to do so.
Unless legally prohibited from doing so, Netradyne shall first notify Customer before making any notification or disclosure to a third party relating to a Personal Data Breach and obtain Customer’s prior written consent.
9.1. Netradyne will notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data. For the avoidance of any doubt, a Personal Data Breach shall not include (i) acts or omissions which are not directly attributable to Netradyne or its sub-processors; or (ii) any access to or Processing of Customer Personal Data that is consistent with Customer Instructions. At Customer’s request, Netradyne will provide reasonable assistance and co-operation to assist Customer in fulfilling any applicable notification obligations under applicable Data Protection Laws with respect to the Personal Data Breach. Netradyne’s notification of, or response to, a Personal Data Breach shall not be construed as an acknowledgement by Netradyne or, if relevant, its Sub-processors of any fault or liability with respect to the performance of Products and Services. Netradyne may require the Customer to bear the actual costs incurred as a result of the assistance provided in accordance with this Section based on the then currently applicable service rates of Netradyne.
10.1. At Customer’s request, Netradyne will provide reasonable assistance to Customer with any data protection impact assessments and prior consultations with Supervising Authorities required by Data Protection Laws, in each case solely in relation to Netradyne’s Processing of Customer Personal Data under the Agreement and taking into account the nature of the Processing and information available to Netradyne. Netradyne reserves the right to charge a reasonable fee for such requested assistance, to the extent permitted by applicable law.
11.1. Upon written request and at no additional cost to Customer, Netradyne shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor”), access to documentation evidencing Netradyne’s compliance with its obligations under this DPA in the form of reports of relevant audits or certifications, such as ISO 27001 or completed industry standard questionnaires (collectively, “Reports”). Such Reports will be Netradyne’s Confidential Information under the confidentiality provisions of the Agreement. Customer agrees that the Reports will be used to satisfy any audit or inspection request by or on behalf of Customer in relation to Data Protection Laws, this DPA, and/or Agreement.
11.2. Where the Auditor is a third-party, the Auditor may be required to execute a separate confidentiality agreement with Netradyne prior to any review of Reports or an audit of Netradyne. Netradyne may object in writing to such Auditor, if in Netradyne’s reasonable opinion, the Auditor is not suitably qualified or is a competitor of Netradyne. Any such objection by Netradyne will require Customer to either appoint another Auditor or conduct the audit itself. Any expenses incurred by an Auditor in connection with any review of Reports or an audit shall be borne exclusively by the Auditor.
11.3. If a Report is not available, Customer may request, upon 30 days’ prior written notice and up to once per calendar year, to perform a review at its own expense, with a scope, dates, duration, auditor and any security and/or confidentiality controls to be mutually agreed, of relevant Netradyne policies and procedures governing Netradyne’s handling of Customer Personal Data in connection with the Products, for purposes of verifying Netradyne’s compliance with this DPA. This review will be conducted in a manner that does not compromise Netradyne’s confidentiality obligations to Netradyne’s other customers. The parties acknowledge and agree that Netradyne’s policies and procedures and all findings of the Customer’s review are Netradyne’s Confidential Information under the confidentiality provisions of the Agreement.
11.4. To the extent required by Data Protection Laws, Customer has the right, upon written notice to Netradyne, to take reasonable and appropriate steps to stop and remediate any use of Customer Personal Data that is in violation of the Agreement.
12.1. Netradyne may transfer Customer Personal Data to any country or territory, as reasonably necessary for providing the Products and Services, consistent with this DPA. To the extent such transfer involves Customer Personal Data that is protected by the Data Protection Laws applicable to the European Union, the United Kingdom, and/or Switzerland, Netradyne and Customer agree to abide by and Process Customer Personal Data in compliance with the transfer mechanisms specified below.
12.1.1. To the extent that Netradyne is a recipient of Customer Personal Data – in capacity of data processor - protected by EU GDPR ("EU Data") in a country outside of the European Economic Area (EEA) that is not recognized by Data Protection Laws as providing an adequate level of protection for Personal Data, Customer (as "data exporter") and Netradyne (as "data importer") agree to abide by and process EU Data in compliance with the EU SCCs, which shall be deemed incorporated into and form part of this DPA as follows:
12.1.2. To the extent that Netradyne is a recipient of Customer Personal Data protected by Swiss DPA ("Swiss Data") in a country outside of Switzerland that is not recognized by Data Protection Laws as providing an adequate level of protection for Personal Data, Customer (as "data exporter") and Netradyne (as "data importer") agree to abide by and process Swiss Data in compliance with the EU SCCs, which shall be deemed incorporated into and form part of this DPA in accordance with Section 12.1.1 above and the modifications in Section below.
12.1.3. To the extent that Netradyne is a recipient of Customer Personal Data protected by UK Data Protection Laws ("UK Data") in a country outside of the UK that is not recognized by the UK as providing an adequate level of protection for Personal Data, Customer (as "data exporter") and Netradyne (as "data importer") agree to abide by and process UK Data in compliance with the EU SCCs as implemented in accordance with Section 12.1.1 above and the modifications in Section below. To the extent that and for so long as the EU SCCs as implemented in accordance with this DPA cannot be used to lawfully transfer Customer Personal Data in accordance with UK Data Protection Laws to Netradyne, the UK SCCs shall be deemed incorporated into and form part of this DPA and shall apply to transfers governed by the UK GDPR. For the purposes of the UK SCCs, the relevant annexes, appendices or tables shall be deemed populated with the information set out in Schedules 1 and 2 of this DPA.
12.1.4. In relation to transfers of UK Data or Swiss Data, the EU SCCs as implemented under Section 12.1.1 above will apply with the following modifications (as modified from time to time in accordance with the UK Information Commissioner's Office or Swiss Federal Data Protection lnformation Commissioner's guidance):
12.1.4.1. references to "Regulation (EU) 2016/679" shall be interpreted as references to UK Data Protection Laws or the Swiss DPA (as applicable);
12.1.4.2. references to specific Articles of "Regulation (EU) 2016/679" shall be replaced with the equivalent article or section of UK Data Protection Laws or the Swiss DPA (as applicable);
12.1.4.3. references to "EU", "Union", "Member State" and "Member State law" shall be replaced with references to the "UK" or "Switzerland", or "UK law" or "Swiss law" (as applicable);
12.1.4.4. the term "member state" shall not be interpreted in such a way as to exclude data subjects in the UK or Switzerland from the possibility of suing for their rights in their place of habitual residence (i.e., the UK or Switzerland);
12.1.4.5. Clause 13(a) of the EU SCCs and Part C of Annex I are not used, and the "competent supervisory authority" is the United Kingdom Information Commissioner or Swiss Federal Data Protection Information Commissioner (as applicable);
12.1.4.6. references to the "competent supervisory authority" and "competent courts" shall be replaced with references to the "Information Commissioner" and the "courts of England and Wales" or the "Swiss Federal Data Protection Information Commissioner" and "applicable courts of Switzerland" (as applicable);
12.1.4.7. in Clause 17, the EU SCCs shall be governed by the laws of England and Wales or Switzerland (as applicable); and
12.1.4.8. with respect to transfers to which UK Data Protection Laws apply, Clause 18 shall be amended to state "Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceeding against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts", and with respect to transfers to which the Swiss DPA applies, Clause 18(b) shall state that disputes shall be resolved before the applicable courts of Switzerland.
12.2. Netradyne may transfer Customer Personal Data to a Sub-processor outside the European Union, Switzerland or the United Kingdom, provided that Netradyne will implement measures to ensure lawful data transfer. These measures may require Netradyne to (a) ensure that the third-party execute Standard Contractual Clauses; or (b) adopt any other alternative lawful data transfer mechanism (as recognised under Data Protection Laws).
12.3. To the extent the transfer mechanisms relied on for transfer of personal data cannot be relied on to lawfully transfer Personal Data from one jurisdiction to the other under applicable Data Protection Laws, the Parties will promptly meet to discuss and agree an alternative transfer mechanism or alternative supplementary measures to enable lawful transfer of data, as soon as reasonably possible.
13.1. Customer agrees that data retention and deletion policies shall be subject to the terms and conditions set forth in the Agreement. Upon receiving customer request to delete Customer Personal Data, Netradyne shall promptly delete or return all Personal Data to Customer upon request. Unless Customer notifies Netradyne otherwise, on termination of the Agreement, Netradyne shall delete all Personal Data within 30 days. Notwithstanding the foregoing, Netradyne may retain Personal Data solely to the extent required otherwise by Data Protection Law.
13.2. To the extent permitted by applicable Data Protection Laws, Netradyne may deidentify or anonymize Customer Personal Data for subsequent retention and use subject to Netradyne’s public commitment to maintain and use the information in deidentified or anonymized form and not to attempt to reidentify such information. For avoidance of doubt and to the extent permitted by applicable Data Protection Laws, such deidentification or anonymization of Customer Personal Data shall be deemed to fulfil Netradyne’s data deletion obligations under the Agreement, this DPA and applicable Data Protection Laws.
14.1. Any claims brought under this DPA (including under the Standard Contractual Clauses) shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations of liability set forth in the Agreement.
15.1. To the extent that Customer Personal Data relates to California residents, Netradyne will not retain, use, sell, share, or otherwise disclose Customer Personal Data (including for any commercial purpose or other purpose outside of the direct business relationship between the parties) other than as allowed by law or as needed to provide and support the Products and Services, as set forth in the Agreement.
15.2. To the extent that Customer Personal Data relates to California residents, Netradyne will comply with applicable restrictions under the CPRA on combining such Customer Personal Data that Netradyne receives from, or on behalf of, Customer with Personal Data that Netradyne receives from, or on behalf of, another person or persons, or that Netradyne collects from any interaction between it and a Data Subject.
15.3. To the extent that Customer Personal Data relates to California residents, Netradyne will comply with the CPRA and, taking into consideration Netradyne’s role in the Processing, provide the level of protection for the relevant Customer Personal Data required by the CPRA.
16.1. If a new Data Protection Law becomes effective and is applicable to Netradyne, Netradyne and Customer will take all reasonable steps required by such Data Protection Law to ensure the parties’ ability to comply with its obligations under applicable law and ensure Netradyne’s compliance with all Data Protection Laws applicable to Netradyne.
17.1. Except as otherwise required by the Standard Contractual Clauses or applicable Data Protection Laws, this DPA and any dispute or claim arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of laws principles. For the avoidance of doubt, where the Standard Contractual Clauses apply, they shall be governed by the laws and subject to the jurisdiction specified therein.
Description of the processing / transfer
Item
Details
Data Exporter
Customer is the Data Exporter
Data Importer
Netradyne, Inc.
9171 Towne Centre Drive, Suite 110
San Diego, CA 92122
Contact details:
privacy@netradyne.com
dpo@netradyne.com
legal@netradyne.com
Description of the transfer / processing
Item
Details
Data Subjects:
Employees or independent contractors of Customer, service providers of Customer, including those driving vehicles (“Drivers”). Members of the public or passers-by.
Categories of Personal Data:
Personal data processed includes:
Special Categories of Personal Data:
Not applicable
Nature, purpose and frequency of Processing:
Netradyne will Process Customer Personal Data for as long as is necessary to provide the Products and Services to the Customer in accordance with, and as otherwise permitted by, the Agreement, and for any disclosures compelled by law.
Duration:
As long as necessary for fulfilling the business purposes or as set forth in the Agreement and subject to section 13 of this DPA.
Approved Sub-Processors (if any):
As listed in Schedule 3
Approved Transfer Mechanism:
Standard Contractual Clauses: See Section 12 of the DPA
Competent Supervisory Authority:
Determined in accordance with Data Protection Laws.
Technical and Organisational Measures Including Technical and Organisational Measures to Ensure the Security of the Data
Netradyne shall develop, implement, and maintain reasonable physical, administrative, and technical controls to protect the confidentiality, availability, and integrity of the Services and Customer Personal Data (“Security Measures”). The Security Measures must, at a minimum, comply with Applicable Data Protection Laws. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the legally protected interests of natural persons, Netradyne shall implement the necessary technical and organizational measures (“Safety Measures”) to ensure a level of security appropriate to the risk when Processing Personal Data.
Netradyne will maintain Safety Measures consistent with industry-accepted best practices (including the International Organization for Standardization’s standards ISO 27001 and 27002). Netradyne’s information security program will include, at a minimum, the following safeguards and controls:
Item
Details
Measures of pseudonymization and encryption of personal data.
Netradyne employs cryptographic techniques to protect customer data.
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Netradyne implements strict access controls to restrict access to Customer information. Access controls include controlled use of administrative privileges, implementation of account and password management policies and multi-factor authentication (MFA) for servers and production systems.
Netradyne has implemented network security controls, vulnerability assessment, patch management and scheduled monitoring procedures to identify, assess, mitigate, and protect against security threats. Critical Severity patches are scheduled to be reviewed, evaluated, and deployed immediately or within 5 days. High severity patches are also reviewed and deployed immediately or within 30 days.
Medium and Low severity patches are reviewed as part of the internal audit process and generally deployed within 3-12 months depending on relevance and severity.
The deep packet inspection of the Netradyne firewall function enables blocking malicious traffic. They are monitored 24/7 for performance, security, and proper operation.
Data segregation. Netradyne has implemented measures to logically isolate customer data from Netradyne’s internal or third-party data.
Physical security. Netradyne has implemented physical security controls (access cards, CCTV surveillance and security guards) to monitor and control physical access to its facilities.
Netradyne conducts performance tests, regular device health monitoring and backup of data to ensure availability and resilience of its platforms and services.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
Netradyne stores all data on AWS cloud (Elastic Block Storage- EBS) which is configured to allow regular backup of data or restoration of data. Netradyne maintains a security incident response team (SIRT) to coordinate efforts needed for containing incidents and allowing restoration of data.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing.
Netradyne conducts internal audit of its security and privacy controls at least once a year. Periodic vulnerability scans and penetration testing by external reviewers are also conducted.
Measures for user identification and authorization.
Netradyne assigns a user-id to all the users. Access controls include controlled use of administrative privileges, implementation of account and password management policies and multi-factor authentication (MFA) for servers and production systems.
Passwords must meet password-complexity requirements outlined in Netradyne’s Password Policy.
Privileged-account abilities are granted to a limited number of Netradyne personnel who need this level of access to perform their job function.
Measures for ensuring physical security of locations at which personal data are processed.
Netradyne’s production and development datacenters are protected from environmental and security threats using technical, administrative, and physical security controls. For high availability, included are redundant uninterruptible power supplies, fire and smoke detection and suppression systems, redundant ventilation, and air conditioning, and more. All systems undergo frequent and regular preventative maintenance.
Netradyne’s corporate facilities are monitored by CCTV. A team of security guards are deployed at the entrance and throughout the facility. Access to the building is controlled by security key cards.
Measures for ensuring events logging.
Netradyne systems are centrally managed and monitored through the use of industry standard logging mechanisms.
Netradyne applications are configured to log details of the user sessions, and the actions users perform. It also records administration events such as operations with user accounts. Administration events, such as creation or deactivation of user account, lockout or expiration of an account, password changes, assigning or removing a user role, adding, or removing a user from a group, are also logged.
Measures for ensuring system configuration, including default configuration.
Netradyne has established a standard workstation configuration baseline in order to meet security objectives. Netradyne’s server systems are configured for performance, stability, scalability, and security. All server systems, including web, application, and database servers, are built to configuration standards. All SQL Server services are hardened by disabling all services that are not used by Netradyne application. The hardening process includes the following objectives:
Removing all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers.
Measures for internal IT and IT security governance and management.
Netradyne has a dedicated InfoSec team and has put in place IT security policy and procedures. This includes a formal change management process and acceptable use policy.
Measures for certification/assurance of processes and products.
Netradyne engages independent security auditors for periodic assessment of its security and privacy controls as part of its ISO 27001 and Privacy by Design certifications.
ISO 27001 - https://gmsintercert.com/verify/single-cert-verify.php?cRegName=ISMS2020025
Privacy by Design - https://msecb.com/certifications-granted
Measures for ensuring data minimization.
Different privacy modes and privacy configurations may be enabled to reduce the amount of data processed by Netradyne.
Most of the video footage recorded on the Driver.i device remains on the device and is overwritten once the device’s memory is full.
A video footage is uploaded to Netradyne cloud only if an Event is detected. On average less than 1% of the footage is uploaded to the cloud.
Depending on the Event type, only the relevant Event Footage (either external footage or in-cab footage) is uploaded to the cloud.
For all Events, the device uploads the Event Data to the cloud.
Measures for ensuring limited data retention.
The default data retention is a balance between ensuring data is retained for a sufficient time period to be useful to Data Exporter, and ensuring it is not kept beyond such useful time period. Data retention and deletion requirements are set out in the Agreement or the DPA.
Measures for ensuring accountability.
Netradyne maintains evidence of the steps taken to comply with the EU GDPR. Netradyne puts in place appropriate technical and organizational measures, such as: (i) adopting and implementing data protection policies (where proportionate), (ii) executing written contracts with service providers (iii) maintaining documentation of processing activities, (iv) implementing appropriate security measures, (v) recording and, where necessary, reporting personal data breaches, (vi) carrying out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ interests, and (vii) implementing logging and monitoring controls.
Measures for allowing data portability and ensuring erasure.
Netradyne allows data subjects to exercise their rights by reaching out to designated points of contact. The primary responsibility for responding to data subject requests rests with the customer. Netradyne will assist the customer in responding to data subject requests.
List of Approved Sub-processors
The controller has authorised the use of the following sub-processors:
Sub-processor
Purpose of Processing
Location
Netradyne Technology India Private Limited (“Netradyne India”)
Engineering and support
India
Amazon Web Services (AWS)
Data hosting
United States
Elancer IT Solutions Private Limited
Data labelling services
India
Gainsight, Inc.
Customer success platform
United States
Mixpanel, Inc.
User activity/experience (data analytics)
United States
VVDN Technologies
Device refurbishment
India