Data Processing Agreement SMART PATROL

Effective date: June 01, 2025

This Data Processing Agreement forms part of the contract for services as defined in paragraph 2.1. of the Terms of Use between

the “Customer” as referred to in article 1.3. of the Terms of Use and EVOSMART SOLUTIONS LTD (hereinafter - “Provider”) together referred to as the “Parties” WHEREAS

(A) The Customer acts as a Data Controller as determined by General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 

(B) The Customer wishes to subcontract certain services, which imply the processing of personal data, to the Provider acting as a Data Processor as determined by the GDPR

(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the GDPR

(D) The Parties wish to lay down their rights and obligations.

1. TERMINOLOGY

1.1. DPA - this Data Processing Agreement concluded between the Provider and the Customer.

1.2. GDPR - General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

1.3. Regulation (EU) 2018/1725 - Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data

1.4. CCPA - the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. seq, and its implementing regulations, as may be amended from time to time. 

1.5. Personnel - Customer’s employees, service providers or independent contractors (including Security officers) whose Personnel Profiles are created by the Customer and linked to the Customer’s account. 

1.6. Security officer- an employee or an independent contractor working for the Customer, whose main duty is to guard certain Facilities. 

1.7. Client - a person whose belongings are guarded under respective agreements with the Customer.

1.8. Potential Client - a person who is interested in a Customer’s services and who may potentially enter a contract with the Customer.

1.9. Facility - a Client’s belonging which is under the Customer’s guard.

1.10. Admin - a Customer’s Personnel exercising management powers on behalf of the Customer and having special Profiles (Admin Profiles) on the App allowing them to manage Clients’ and potential Clients’ data, to manage Personnel Profiles and communicate with Security officers through the App.

1.11. App - a mobile application and/or a web-interface that allows businesses providing security guardian activity :

  1. to manage and track compliance of Customer’s Personnel;
  2. to receive notifications (urgent signals) from Security officers;
  3. to store various data concerning Personnel, employees who may potentially be hired in future, Clients or potential Clients;
  4. to exercise other activities specified in the App.

1.12. Terms used in this DPA shall be defined in the same way as they are defined in the Terms of Use

Where this DPA uses the terms defined in the GDPR, those terms shall have the same meaning as in that Regulation.

This DPA shall be read and interpreted in the light of the provisions of the GDPR.

This DPA shall not be interpreted in a way that runs counter to the rights and obligations provided for in the GDPR or in a way that prejudices the fundamental rights or freedoms of the data subjects.

1.13. Concerning the difference in terminology used in the GDPR and the CCPA in cases when CCPA shall apply to this DPA the following terms shall be interpreted in the following way according to the CCPA: "Personal Data" shall mean "Personal Information"; “Data Subject” shall mean “Consumer”; "Controller" shall mean "Business"; "Processor" shall mean "Service Provider"; and Sub-processor shall refer to the concept of a Service Provider engaged by Connecteam to Process Personal Information. 

2. PURPOSE AND SCOPE 

2.1. The purpose of this Data Processing Agreement (hereinafter – DPA) is to ensure compliance with Article 28(3) and (4) of the GDPR.

2.2. The Customer acting as a Data Controller and the Provider acting as a Data Processor have agreed to this DPA in order to ensure compliance with Article 28(3) and (4) of GDPR and/or Article 29 (3) and (4) Regulation (EU) 2018/1725.

2.3. This DPA applies to the processing of personal data as specified in Annex II below.

2.4. Annexes I to IV are an integral part of the this DPA.

3. INVARIABILITY OF THE CLAUSES. HIERARCHY

3.1. The Parties undertake not to modify the DPA, except for adding information to the Annexes or updating information in them.

3.2. This does not prevent the Parties from including the standard contractual clauses laid down in this DPA in a broader contract, or from adding other clauses or additional safeguards provided that they do not directly or indirectly contradict  the DPA or detract from the fundamental rights or freedoms of data subjects.

3.3. In the event of a contradiction between this DPA and the provisions of related agreements between the Parties existing at the time when this DPA is entered into thereafter, this DPA shall prevail.

3.4. The Provider may amend any information provided in Annexes I-IV if such amendment does not violate any provision of the GDPR, CCPA (if applicable) or other data protection laws applicable to this DPA. 

The amendments come into force next day after the expiration of 20 (twenty) days from the date when the Provider has sent a notification about the amendments to the Customer’s electronic address known to the Provider. If the Customer does not agree with the amendments, the one shall stop using the App and delete its Account during the 20-days period. If the Customer does not terminate the one’s Account, the Customer is considered to consent on all the amendments.

4. OBLIGATIONS OF THE PROCESSOR 

4.1. The details of the processing operations, in particular the categories of personal data and the purposes of processing for which the personal data is processed on behalf of the controller, are specified in Annex II.

4.2. The Provider shall process personal data only on documented instructions from the Customer, unless required to do so by Union or Member State law to which the Provider is subject. In this case, the Provider shall inform the Customer of that legal requirement before processing, unless the law prohibits this on important grounds of public interest. Subsequent instructions may also be given by the Customer throughout the duration of the processing of personal data. These instructions shall always be documented.

4.3. The instructions are considered documented if they are provided by the Customer to the Provider electronically in one of the following ways:

  1. to the Provider’s electronic address inbox@smartpatrolapp.com; or
  2. by using online tools provided on the App (e.g. by placing data on the App, creating Personnel or Admins Profiles etc.) which allow the Provider to collect, record, structure, store, adapt, alter, retrieve, use, share etc. personal data of data subjects. 

4.4. The Provider shall immediately inform the Customer if, in the Provider’s opinion, instructions given by the Customer infringe GDPR or Regulation (EU) 2018/1725 or the applicable Union or Member State data protection provisions.

4.5. The Provider shall process the personal data only for the specific purpose(s) of the processing, as set out in Annex II, unless it receives further instructions from the Customer.

4.6. Processing by the Provider shall only take place for the duration specified in Annex II.

5. SECURITY OF PROCESSING

5.1. The Provider shall at least implement the technical and organisational measures specified in Annex III to ensure the security of the personal data. This includes protecting the data against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to the data (personal data breach). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing and the risks involved for the data subjects.

5.2. The Provider shall grant access to the personal data undergoing processing to members of its personnel (its employees, subcontractors etc.) only to the extent strictly necessary for implementing, managing and monitoring of the contract. The Provider shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

6. SENSITIVE AND OTHER SPECIAL TYPES OF DATA

6.1. The contract for services as defined in paragraph 2.1. of the Terms of Use concluded between the Parties is not intended for the processing personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (“sensitive data”). 

6.2. If the Customer wishes to use the App to process sensitive data, it must first obtain the Provider’s explicit prior written consent and enter into any additional agreements as required by the Provider. 

6.3. If the the Customer fails to ask for the Provider’s prior written consent about sensitive data, the Provider is considered as being unaware of processing such data. The Provider has no obligation to check the scope and types of data provided to the one by the Customer.

6.4. If the Provider consents on processing sensitive data, the Provider shall apply specific restrictions and/or additional safeguards.

7. DOCUMENTATION AND COMPLIANCE

7.1. The Parties shall be able to demonstrate compliance with this DPA.

7.2. The Provider shall deal promptly and adequately with inquiries from the Customer about the processing of data in accordance with this DPA. 

7.3. Upon Customer’s 14 days prior written request at reasonable intervals (no more than once every 24 months), and subject to strict confidentiality undertakings by Customer, Processor shall make available to the Customer information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome of the audit and/or the inspections, shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Processor’s prior written approval. 

The Customer may choose to conduct the audit by itself or mandate an independent auditor. 

7.4. Upon Provider’s first request, the Customer shall return all records or documentation in Customer's possession or control provided by the Provider in the context of the audit and/or the inspection. 

7.5. The Parties shall make the information referred to in this DPA, including the results of any audits, available to the competent supervisory authority/ies on their request.

8. USE OF SUB-PROCESSORS

8.1. The Provider has the Customer’s general authorisation for the engagement of sub-processors from an agreed list. The Provider shall inform the Customer of any intended changes of that list in a way specified in paragraph 3.4. of this DPA. The Customer may object to the changes in a way specified in paragraph 3.4. of this DPA, failing which the Costomer is considered to agree with the changes.

8.2. Where the Provider engages a sub-processor for carrying out specific processing activities (on behalf of the Customer), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with this DPA. The Provider shall ensure that the sub-processor complies with the obligations to which the Provider is subject pursuant to this DPA and to the GDPR.

8.3. At the Customer’s request, the Provider shall provide a copy of such a sub-processor agreement and any subsequent amendments to the Customer. To the extent necessary to protect business secret or other confidential information, including personal data, the Provider may redact the text of the agreement prior to sharing the copy.

8.4. The Provider shall remain fully responsible to the Customer for the performance of the sub-processor’s obligations in accordance with its contract with the Provider. The Provider shall notify the Customer of any failure by the sub-processor to fulfil its contractual obligations.

8.5. The Provider shall agree a third party beneficiary clause with the sub-processor whereby - in the event the Provider has factually disappeared, ceased to exist in law or has become insolvent - the Customer shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

9. INTERNATIONAL TRANSFERS

9.1. Any transfer of data to a third country or an international organisation by the Provider shall be done only on the basis of documented instructions from the Customer or in order to fulfil a specific requirement under Union or Member State law to which the Provider is subject and shall take place in compliance with Chapter V of the GDPR.

9.2. The Customer agrees that where the Provider engages a sub-processor in accordance with Chapter 7 of this DPA for carrying out specific processing activities (on behalf of the Customer) and those processing activities involve a transfer of personal data within the meaning of Chapter V of the GDPR, the Provider and the sub-processor can ensure compliance with Chapter V of the GDPR by using standard contractual clauses adopted by the Commission in accordance with of Article 46(2) of the GDPR, provided the conditions for the use of those standard contractual clauses are met.

10. ASSISTANCE TO THE CUSTOMER

10.1. The Provider shall promptly notify the Customer of any request it has received from the data subject. It shall not respond to the request itself, unless authorised to do so by the Customer.

10.2. The Provider shall assist the Customer in fulfilling its obligations to respond to data subjects’ requests to exercise their rights, taking into account the nature of the processing. In fulfilling its obligations in accordance with paragraphs 10.1 and 10.2, the Provider shall comply with the Customer's instructions.

10.3. In addition to the Provider’s obligation to assist the Customer pursuant to paragraph 10.2., the Provider shall furthermore on the special request of the Customer assist the Customer in ensuring compliance with the following obligations, taking into account the nature of the data processing and the information available to the Provider:

  1. the obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a ‘data protection impact assessment’) where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons;
  2. the obligation to consult the competent supervisory authority/ies prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the Customer to mitigate the risk;
  3. the obligation to ensure that personal data is accurate and up to date, by informing the Customer without delay if the Provider becomes aware that the personal data it is processing is inaccurate or has become outdated;
  4. the obligations in Article 32 of the GDPR.

10.4. The Parties shall set out in Annex III the appropriate technical and organisational measures by which the Provider is required to assist the Customer in the application of this Chapter of the DPA as well as the scope and the extent of the assistance required.

11. NOTIFICATION OF PERSONAL DATA BREACH

11.1. In the event of a personal data breach, the Provider shall cooperate with and assist the Customer on the Customer’s written request for the Customer to comply with its obligations under Articles 33 and 34 of the GDPR, taking into account the nature of processing and the information available to the Provider.

Data breach concerning data processed by the Customer

11.2. In the event of a personal data breach concerning data processed by the Customer, the Provider shall assist the Customer at the Customer’s prior written request:

  1. in notifying the personal data breach to the competent supervisory authority/ies, without undue delay after the Customer has become aware of it, where relevant/(unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons);
  2. in obtaining the following information which, pursuant to Article 33(3) of the GDPR, shall be stated in the Customer’s notification, and must at least include:  
  3. the nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  4. the likely consequences of the personal data breach; 
  5. the measures taken or proposed to be taken by the Customer to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

(c)      in complying, pursuant to Article 34 GDPR, with the obligation to communicate without undue delay the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.

Data breach concerning data processed by the Provider

11.3. In the event of a personal data breach concerning data processed by the Provider, the Provider shall notify the Customer without undue delay after the Provider having become aware of the breach. Such notification shall contain, at least:

(a) a description of the nature of the breach (including, where possible, the categories and approximate number of data subjects and data records concerned);

(b) the details of a contact point where more information concerning the personal data breach can be obtained;

(c) its likely consequences and the measures taken or proposed to be taken to address the breach, including to mitigate its possible adverse effects.

11.4. Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information that available and further information shall, as it becomes available, subsequently be provided without undue delay.

12. NON-COMPLIANCE WITH THE CLAUSES. TERMINATION. CCPA.

12.1. Without prejudice to any provisions of the GDPR, in the event that the Provider is in breach of its obligations under this DPA, the Customer may instruct the Provider to suspend the processing of personal data until the latter complies with this DPA or the contract is terminated. The Provider shall promptly inform the Customer in case it is unable to comply with this DPA, for whatever reason.

12.2. The Customer shall be entitled to terminate the DPA insofar as it concerns processing of personal data in accordance with this DPA if:

  1. the processing of personal data by the Provider has been  suspended by the Customer pursuant to paragraph 12.1. and if compliance with this DPA is not restored within a reasonable time and in any event within one month following suspension;
  2. the Provider is in substantial or persistent breach of this DPA or its obligations under the GDPR;
  3. the Provider fails to comply with a binding decision of a competent court or the competent supervisory authority/ies regarding its obligations pursuant to this DPA or to the GDPR.

12.3. The Provider shall be entitled to terminate the  DPA insofar as it concerns processing of personal data under this DPA where, after having informed the Customer that its instructions infringe applicable legal requirements in accordance with paragraph 4.2., the Customer insists on compliance with the instructions.

12.4. To terminate the DPA at the Customer’s request under paragraph 12.2. the Customer shall terminate the whole contract as defined in paragraph 2.1. of the Terms of Use. The only way to terminate it is to delete the Account in whole.

To terminate the DPA at the Provider’s request under paragraph 12.3. the Povider shall terminate the whole contract as defined in paragraph 2.1. of the Terms of Use. The only way to terminate it is to terminate the Account in whole in a way outlined in paragraph 5.4. of the Terms of Use.

12.5. Following termination of the contract, the Provider shall, at the choice of the Customer, delete all personal data processed on behalf of the Customer and certify to the Customer that it has done so, or, return all the personal data to the Customer and delete existing copies unless Union or Member State law requires storage of the personal data. Until the data is deleted or returned, the Provider shall continue to ensure compliance with this DPA.

12.6. If CCPA applies to this Agreement, the Provider shall Process Personal Information in accordance with the provisions of the CCPA, and in a manner that provides the same level of privacy protection to Personal Information as required by the CCPA. 

The Provider acknowledges and confirms that it does not receive nor process any Personal Information as consideration for any services or other items that the Provider provides to the Customer under the contract as defined in paragraph 2.1. of the Terms of Use. The Provider agrees to refrain from selling and/or sharing any Personal Information processed hereunder without Customer’s prior written consent, nor taking any action that would cause any transfer of personal Information to or from the Provider under the the DPA to qualify as selling and/or sharing such personal Information. The Provider shall not have, derive, or exercise any rights or benefits regarding the personal Information, and shall not retain, use, or disclose any Personal Information (i) for any purpose other than the purposes identified in Annex II, and/or (ii) outside of the direct business relationship between the Parties. 

ANNEX I Information concerning the Provider

Name: EVOSMART SOLUTIONS LTD

ID number or the same: 60061026H

Postal Address: Strovolou 77 STROVOLOS CENTER, 4th floor, Office 401, Strovolos, Nicosia, Cyprus 2018

Email address inbox@evosmartsolution.com

Contact person’s name, position and contact details: Pavlo Yakymenko, Founder, inbox@evosmartsolution.com

Information concerning the Customer is formed automatically and stored by the Provider after the following acts are done:

  1. the User registers the Account on the App in the Customer’s name;
  2. the User provides the Provider with information on the Customer (its name, ID number or the same, postal address, email address, contact person’s data etc.) and/or provides the Provider with the Customer’s billing information when subscribing to a Service Plan.

ANNEX II: DESCRIPTION OF THE PROCESSING

This Annex indicates details concerning data processing by the Provider. The list of these details provided in this Annex is not exhaustive and depends on the Customer’s instructions. The Provider does not bear responsibility if the Customer instructs the Provider to process data in a way, scope etc. not specified in this Annex.

1. Categories of data subjects whose personal data is processed

The Provider on behalf of the Customer process data of the following data subjects (in particular, but not limited to):

  1. Customer’s Personnel 
  2. Customer’s Admins (if any)
  3. Customer’s Clients and Client’s Facilities that will be guarded by the Security Officers employed by the Customer
  4. Customer’s potential Clients (leads).

2. Categories of personal data processed

  1. Customer’s Personnel (in particular but not limited to):
  2. name;
  3. position (employee, subcontractor, etc.)
  4. email address
  5. telephone number;
  6. postal address;
  7. Personnel Profile identification data;
  8. information on Facilities guarded by the respective Security Officer(if any);
  9. information of previous accidents happened to the Security officer (if any).
  10. Customer’s Admins (if any):
  11. name;
  12. position (employee, subcontractor, etc.)
  13. email address
  14. telephone number;
  15. postal address;
  16. Admin’s Profile identification data.
  17. Customer’s Clients: 
  18. name;
  19. email address;
  20. telephone number;
  21. postal address;
  22. Facilities belonging or otherwise controlled by the Client: address, name (if any), previous accidents and their types (if any), Security officers responsible to guard the Facilities.
  23. the name name and the telephone number of a Client’s representative (if any)
  24. Customer’s potential Clients: 
  25. name;
  26. email address;
  27. telephone number;
  28. postal address.

3. Sensitive data processed (if applicable) and applied restrictions or safeguards 

Sensitive data is not processed under this DPA, unless the Customer empowers the Provider to process such data, about which the Customer shall expressly notify the Provider.

If the Customer empowers the Provider with the sensitive data, the Customer shall specify:

  1. which kinds of data is given to the Provider for processing; and
  2. for which purpose(s). 

In this case the Provider will use the following additional safeguards to process sensitive data:

  1.  strict purpose limitation - the data will be processed in strict compliance with the purpose specified by the Customer;
  2. access restrictions - access to sensitive data will be given:
  3. predominantly in encrypted and anonymized form;
  4. to the Provider’s employees having special Provider’s permission to access such data;
  5. to the Provider’s sub-processors having followed specialised training;
  6. keeping a record of access to the data;
  7. restrictions for onward transfers.

4. Nature of the processing: 

  1. collecting personal data, recording, structuring, storing, altering, retrieving, using, sharing personal data of data subjects specified in this Annex for the purposes and in a way determined by the Customer in its instructions. 
  2. rendering Personal Data fully anonymous, non-identifiable and non-personal in accordance with applicable standards recognized by Data Protection Laws and guidance issued thereunder;

5. Purpose(s) for which the personal data is processed on behalf of the Сustomer:

  1. Processing in accordance with Terms of Use, this DPA or other contracts executed by the Parties; 
  2. Processing for the Customer as a part of provision of the services on the App by the Provider; 
  3. Processing to comply with the Customer’s reasonable and documented instructions; 
  4. Processing as required under the laws applicable to the Provider, and/or as required by a court of competent jurisdiction or other competent governmental or semi-governmental authority, provided that the Provider shall inform the Customer of the legal requirement before processing, unless such law or order prohibit such information on important grounds of public interest; 
  5. Sharing Personal Data with third parties in accordance with the Customer’s instructions and/or pursuant to the Customer’s use of the Services (e.g., integrations between the Services and any services provided by third parties, as configured by or on behalf of the Customer to facilitate the sharing of Personal Data between the Services and such third party services).

6. Duration of the processing. Processing shall be conducted for the whole duration of the Agreement between the Parties as determined by paragraph 2.1. of the Terms of Use and 10 days after the termination of the agreement.

7. Processing by sub-processors. The nature and purposes of processing of personal data by sub-processors are identified in the data processing agreements concluded with the sub-processors. The main purpose of processing by each sub-processor is also identified in the Annex IV below.
ANNEX III TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

EXPLANATORY NOTE:

Evosmart Solutions LTD implements appropriate measures to ensure the app data is handled securely on all levels. The measures include the following: 

  1. Attempts to access the shell environment of the servers/instances are continuously monitored, analyzed, and immediate action is taken in the unlikely event of an incident.
  2. Databases used for live data are configured to be accessible only by resources in the internal networks or local environments, with no possibility of access from the outside network.
  3. Backups of all app data are created by automated scripts and uploaded to secure locations with access control for data recovery.
  4. All software used in the project is kept up to date with the latest releases to ensure that known vulnerabilities can not be exploited.
  5. User passwords are hashed with a modern hashing algorithm, and user passwords are not stored in the database under any conditions.
  6. Dashboard access attempts are automatically monitored, and multiple consequent authentication attempts are blocked to prevent brute force attacks.
  7. The app utilizes a protective mechanism against cross-site request forgery attacks to prevent possible attacks that could be attempted with the use of malicious code on third-party websites.
  8. All errors within are logged and monitored, and appropriate measures are taken by the Provider to ensure that the consequences are minimized.
  9. Data between the app servers and the end users is transferred over the secure HTTPS protocol.
  10. All features are thoroughly tested before being deployed to the live environment using synthetic data.
  11. Evosmart Solutions LTD doesn’t use any on-site digital infrastructure. All infrastructure elements are provided by a cloud hosting platform with appropriate security measures implemented to ensure only authorized access to the resources.
  12. Evosmart Solutions LTD employees and contractors are trained to ensure proper procedures are maintained throughout the workflows on all levels.

Evosmart Solution LTD may transmit app data to subprocessors in cases when such transfer is necessary to perform essential app functions.

If the data is transmitted via an automated interface, a secure protocol is used to connect with a known domain and endpoint with no human interaction and perform the necessary operations. Endpoints are properly secured to exclude access by unauthorized scripts or actors. The connection is terminated upon the conclusion of data transfer, and no active session is kept alive longer than necessary.

If data is handled by human subcontractor(s), a proper technical and legal framework is established to ensure that the data is handled properly and within the scope that is necessary to support the application. 

ANNEX IV: LIST OF SUB-PROCESSORS

The controller has authorised the use of the following sub-processors:

1. Name: DigitalOcean, LLC

Address: 101 6th Ave New York, NY 10013

Contact details: privacy@digitalocean.comprivacy@digitalocean.com

Description of the processing: hosting service providing opportunities primarily to store data contained in the App

2. Name: Stripe Payments Company

Address: 354 Oyster Point Boulevard, South San Francisco, California, 94080

Contact details: privacy@stripe.com 

Description of the processing: payment services providing opportunities to make money transactions to pay for the use of the App, calculation of VAT due

3. Name: Idera, Inc.

Address: 4001 W. Parmer Lane, Suite 125, Austin, Texas 78727

Contact details: compliance@idera.com 

Description of the processing: check of the VAT status of potential Customers,.

4. Name: Sinch UK Ltd. 

(https://www.mailgun.com/)

Address: Sinch UK Ltd., Legal Department, Viking House, John Roberts Business Park, Pean Hill, Blean, Kent, CT5 3BJ England 

Contact details: legal@sinch.com

Description of the processing: Facilitates technical mail delivery

5. Name: Pusher Limited

(https://pusher.com/)

Address: MessageBird UK Limited, 3 More London Riverside, 4th Floor, London, United Kingdom, SE1 2AQ.

Contact details: support@pusher.com

Description of the processing: Facilitates real-time notifications in the web app

6. Name: Help Scout PBC

(https://www.helpscout.com/)

Address: 68 Harrison Ave #605 PMB 78505 Boston, MA 02111 USA

Contact details: privacy@helpscout.com

Description of the processing: Helpdesk management

7. Name: MAPBOX, INC.

(https://www.mapbox.com/)

Address: 1133 15th St NW, Suite 825 Washington, D.C. 20005, USA

Contact details: copyright@mapbox.com

Description of the processing: Map renderingin the web app

8. Name: Kloudend Inc

(https://ipapi.co)

Address: 1887 Whitney Mesa Dr #4080, Henderson, NV 89014, USA

Contact details: privacy@kloudend.com

Description of the processing: Helps determine user location based on IP address for initial timezone setting

9. Name: FOP (Private Entrepreneur) Yakymenko Pavlo Vitaliiovych

Address: Peremohy avenue 72, apartment 226, Kharkiv, Ukraine 61204

Contact: dev@smartpatrolapp.com

Description of the processing: Application development and tech support

10. Name: Google LLC 

Address: 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA

Contact: https://support.google.com/analytics?hl=en&sjid=9433197428979791959-EU#topic=14132937
Description of the processing: User behaviour analytics (Google Analytics), map rendering in mobile app (Google Cloud Platform / Maps API)