Data Processing Agreement (DPA)
Last updated: June 25, 2025
1. Parties
This Data Processing Agreement ("Agreement") is entered into between:
Controller: The workshop that is a customer of MotoSpyder
Processor: Stream Shed AB, reg. no. 556788-5818, Spånga, Sweden (MotoSpyder)
2. Purpose
The purpose of this Agreement is to govern how personal data is processed by the Processor on behalf of the Controller in accordance with the General Data Protection Regulation (GDPR).
3. Purpose and Type of Processing
MotoSpyder processes personal data to provide digital tools to the workshop, including:
- Bookings
- Customer database
- Vehicle data
- Tire storage
- Service documentation and messaging
Processing is performed exclusively on behalf of and according to the Controller’s instructions.
4. Categories of Data Subjects
- End customers (vehicle owners)
- Workshop contact persons
5. Categories of Personal Data
- Name, address, email, phone number
- License plate, vehicle information
- Booking history, service records
- Images, notes, tire data
6. Security
MotoSpyder shall implement appropriate technical and organizational measures to ensure secure processing, including:
- Encryption in transit
- Access control and logging
- Access only by authorized personnel
7. Sub-processors
MotoSpyder may engage sub-processors to fulfill its obligations. A current list is available upon request. MotoSpyder ensures each sub-processor meets the same data protection obligations.
8. Location of Processing
Data is processed within the EU/EEA. If transfer outside the EU/EEA is required, approved mechanisms under GDPR will be used.
9. Incident Reporting
MotoSpyder shall promptly notify the Controller of any personal data breach.
10. Rights and Assistance
MotoSpyder shall assist the Controller in fulfilling its obligations under GDPR, such as handling data subject requests.
11. Processor Obligations
If an instruction is deemed to violate GDPR, MotoSpyder shall inform the Controller immediately.
12. Term
This Agreement remains in force as long as the Processor processes personal data on behalf of the Controller.
Upon termination, personal data shall be deleted or returned as agreed.
13. Governing Law
This Agreement is governed by the laws of Sweden.
