Data Processing Agreement

1. Background

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Totalsoft IT Solutions Ltd ("Processor") and the garage/workshop business using our services ("Controller").

This DPA reflects the parties' agreement with respect to the processing of Personal Data under the General Data Protection Regulation (GDPR).

2. Subject Matter and Duration

The Processor will process Personal Data only for the purposes of providing the Garage Management System services as described in the Terms of Service. Processing will continue for the duration of the Subscription.

3. Processor Obligations

The Processor agrees to:

• Process Personal Data only on documented instructions from the Controller.
• Ensure that persons authorised to process the Personal Data have committed themselves to confidentiality.
• Take all measures required pursuant to Article 32 of the GDPR (Security of Processing).
• Assist the Controller in fulfilling the Controller's obligation to respond to requests for exercising data subject rights.
• Delete or return all Personal Data to the Controller after the end of the provision of services.

4. Sub-processors

The Controller agrees that the Processor may engage sub-processors to process Personal Data. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors.

5. Data Transfers

The Processor shall not transfer Personal Data outside the European Economic Area (EEA) unless appropriate safeguards are in place as required by GDPR.

6. Security and Audits

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits.

7. Breach Notification

The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach.