Version: May 8, 2023
If you started a subscription before May 8, 2023, your use of the Bringg Services is governed by the terms of the DPA available here
This Data Processing Agreement (“DPA”) forms part of the Services Agreement by Bringg Delivery Technologies Ltd., and/or any of its Affiliates (“Bringg”) and the Customer entering into the Services Agreement for the subscription to the Services described in the Service Order (the “Customer”). Bringg and the Customer are collectively referred to as the “Parties”, and each a “Party”. All capitalized terms not defined in this DPA shall have the meanings set forth in the Services Agreement.
Unless otherwise expressly stated in the Service Order, this version of the DPA shall be effective and remain in force for the term of such Service Order. In the event of any conflict or inconsistency between the terms of this DPA
and the terms of the Service Order, the terms of the Service Order shall control. In the event of any conflict or inconsistency between the terms of this DPA and the terms of the online Terms of Service, the terms of this DPA
This DPA sets out the roles and obligations that apply when Bringg processes, transfers and gains access to Personal Data on behalf of Customer in the course of providing the Services, and when Bringg, its staff or a third party acting on behalf of Bringg receive access to Personal Data of individuals.
It is agreed that a copy of this DPA may be forwarded to the relevant Supervisory Authority, if required under Applicable Data Protection Legislation. Furthermore, the Parties agree that such authority has the right to conduct an audit of Bringg with respect to the subject matter of this DPA.
For the purposes of this DPA:
As between Bringg and Customer, Customer is the Controller of Personal Data for the purposes of the GDPR/UK GDPR/LGPD, and the Business for purposes of the CCPA with respect to the Personal Information that is provided to Bringg for processing under the Services Agreement and as described in Exhibit A; and Bringg shall process the Personal Data and/or Personal Information as a Processor and/or Service Provider, respectively, on behalf of Customer. Each Bringg and Customer may be referred to in this DPA interchangeably as “Processor” or “Bringg”, and as “Customer” or “Controller”.
The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data Breach and take necessary and reasonable action to remediate such violation. Additionally, Bringg shall, taking into account the nature of the Processing and the information available to Bringg, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its statutory obligations under the Applicable Data Protection Legislation. Each party will reasonably assist the other party to mitigate any potential damages in connection with this Section 11.
Processor will implement the technical and organizational security measures as stipulated in Exhibit B of this DPA and as further detailed at: https://www.bringg.com/trust-center/. The technical and organizational security measures are aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing.
This DPA shall become effective upon the effective date of the Services Agreement that expressly incorporates the terms of this DPA by reference. This DPA shall remain in full force until the Services Agreement terminates (the “Term“).In the event that the Processor is in breach of its obligations under this DPA, then the Controller may temporarily suspend the transfer of Personal Data to the Processor until the breach is repaired or the DPA is terminated.
Each Party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the applicable limitation of liability section of the Services Agreement, and any reference in such section to the liability of a party means the aggregate liability of that Party and all of its Affiliates under the Services Agreement and this DPA together. This DPA represents the complete agreement concerning the subject matter hereof. The Parties may amend this DPA, from time to time by mutual agreement of both Parties, and subject to compliance with any required obligations under Applicable Data Protection Legislation (i.e., to inform the applicable authority where required). This DPA shall be governed by and construed under the laws stipulated in the Services Agreement, without reference to principles and laws relating to the conflict of laws. The competent courts of the law stipulated in the Services Agreement shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this DPA. If Processor makes a material change to this DPA, which it may do from time to time, then Processor will post the updated DPA to its website. Controller is responsible for checking for any change to this DPA. Continued use of the Services after a change has been posted constitutes Controller’s acceptance of any new or modified DPA.
Details of Processing
This Exhibit A forms part of the DPA and describes the processing that Bringg will perform on behalf of the Customer.
Bringg Delivery Management Platform
Bringg on Salesforce®
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
In order to protect the confidentiality, integrity, and availability of the information and data shared with us by our users and customers and their end-users and customers (collectively “Users”, or “you”), Bringg Delivery Technologies Ltd. and its affiliates (“Bringg”, “us” or “we”) has implemented an information security program that includes technical, administrative/organizational, and physical controls.
Bringg utilizes advanced tools, security procedures and engineering practices to store in a secure fashion, and protect against accidental or unlawful destruction or loss, or unauthorized disclosure or access, all User confidential or sensitive information (“User Information”) that is collected by us as part of the operation of the services of our websites and mobile applications (the “Services”).
Bringg implements a cloud-based SaaS model, currently with the use of the cloud solutions offered by Amazon Web Services (“AWS”), Google Cloud Platform (“GCP”) and Heroku, Inc. (“Heroku”) for the Bringg on Salesforce® offering where we integrate with carriers through various Salesforce clouds. All User Information collected by us as part of the operation of the Services is stored and hosted on compute resources provided by AWS and/or GCP and/or Heroku, and controlled by us (the “Database”). By using AWS, GCP and Heroku, we are able to leverage the high performance, durability, scalability, availability and security of the AWS, GCP and Heroku infrastructures and procedures in the provision of our Services.
Our security procedures and practices are implemented in accordance with all applicable data protection laws, are appropriate to the nature of the information collected and are aligned with industry best practices for the management, use, transport, and storage of User Information.
Without limiting the foregoing, we ensure that the following systems and procedures are in place:
Bringg holds the following security-related certifications and attestations:
• SOC 2 Type II
• ISO 27001