Section I – General Provisions

Art. 1. These GTC constitute the basis for Bravo Next’s provision of Services to the Customer.

Art. 2. The GTC specify the principles and technical conditions for entering into the Agreement, whose subject matter is the Customer’s access and use of the logistical planning and transport management services named “Bravo”, usually through the website available on the Internet under the domain name bravo-next.com (the “Website”).

Art. 3. The term “Agreement” shall be understood within the meaning indicated below in the GTC.

Art. 4. The Customer is obliged to get acquainted with the content of and adhere to the GTC and the addendums thereto - integral part to the GTC. Customer’s acknowledgement and acceptance of the aforementioned provisions shall be indicated through the declaration (check box) submitted/actively marked during the registration of the Customer’s Account in Bravo.

Art. 5. For the purposes of the GTC as well as the performance of Bravo Next Services, the following definitions are established:

• “Account” means the profile of the Customer created by Bravo Next Services’ system that includes the identification data provided by the Customer. The Account has a unique login (username) and password. Bravo Next reserves the right to provide a demo/test Account, respectively temporary access to an Account for the purposes of testing part or all of the functionalities and/or Services in Bravo under conditions different from those for regular Accounts, as after a certain period of time (14 calendar days, unless otherwise specified in Bravo), the temporary access, respectively the demo/test Account, may become a standard Account, provided that the Customer activates a relevant Subscription, pays for the same and/or fulfils other conditions at the sole discretion of Bravo Next.
• “Data Protection Legislation” means the EU General Data Protection Regulation 2016/679 ("GDPR") and other EU and national provisions on the protection of privacy in the country in which the Controller or Processor is established (such as the Bulgarian Personal Data Protection Act), as amended, replaced, or superseded from time to time, including laws implementing or supplementing the GDPR. Terms defined in art. 4 of GDPR shall be understood in accordance with the GDPR definition.
• “Bravo” (or the “Platform”) means an automized system striving to facilitate the Customer’s logistical planning and transport management processes in a way of allowing the Customer to input variety of criteria, e.g., expenses (such as wages, fuel cost, parts / consumables (e.g., tyres), etc.), routes (included elements (such as stop points, locations, marks, etc,) and excluded elements (such as toll roads, ferries, tunnels, difficult / U-turns, countries, etc.)), transportation vehicles (by type, composition elements (trailers, trucks, etc.), weight, etc.), drivers’ specifications (such as long/short-haul, working hours/days, etc.), dependent on Customer’s choice and limited by Bravo’s available at the time of use functionalities, in order to derive suggestions for proposed transportation routes and related logistical optimizations, made available as SaaS (Software as a service) solution, usually provided through the Website. All aforementioned details are indicative, in no way restrictive and are subject to changes, replacement, removal, in total or in part, at all times.
• “Bravo Next Services” (or the “Services”) shall refer to services provided by Bravo Next as a prepaid or postpaid service to the Customer under the present GTC.
• “Provision of (Bravo Next) Services” means Bravo Next’s provision of Bravo Next Services without simultaneous presence of both parties (from a distance), through Bravo’s available functionalities, including processing, digital compression and/or storage of data.
• “Customer” means a natural or legal person that is a merchant (including a sole entrepreneur within the meaning of the Bulgarian Commerce Аct), that uses Bravo Next Services provided by Bravo Next for its own commercial purposes and has an active Account in Bravo. The Services are not targeted to and may not be used by consumers within the meaning of the Bulgarian Consumer Protection Act.
• “Confidential Information” means any provision of the Agreement, any information in oral or written form disclosed by either Party, before and/or after execution of this Agreement, relating to discussions between the Parties as to the provision of services, or to any details as to the business of either Party whether marked as confidential or identified as confidential in any other way, including, but not limited to, network access codes, trade secrets, processes, techniques, software (including source codes and object codes), computer records, hardware configuration, designs, plans, developments, inventions, software, drawings, product information, business and marketing plans and projections, details of agreements or arrangements with third parties and clients and client lists. For the avoidance of doubt, Personal data is governed by the Data Processing Appendix and does not fall under the confidential information as defined in these GTC.
• “User” means individuals who have been authorized by Customer to log in and use the Services on Customer’s behalf.
• “Technical Specification” means the collection of specifications / technical requirements about Bravo Next’s systems necessary for the utilization of the said system for the purposes of the Services’ usage/provision. The Technical Specification constitutes an appendix to the GTC and is available at bravo-next.com.
• “Content” means any data entry, including, but not limited to, names, wages, routes, licence plates, other specifications, messages, texts, executable code, any multimedia, audio, video clips, numerals, symbols, animations, graphics, photographs, avatars and/or other materials in digital electronic form, provided by Customer, via Bravo and/or by use of the Services, as well as any content that Customer transfers in another way to Bravo Next.

Section II – Scope

Art. 6. The GTC cover the Provision of Bravo Next Services to the Customer and Customer’s access and use of Bravo, usually through the Website.

Art. 7. The access defined above is provided with the use of an Account assigned to the Customer (operating via its Users).

Art. 8. The Customer is not entitled to make the Account access data in the form of login (username) and password available to third parties unless otherwise agreed. The Customer shall ensure that account information, including passwords, other logon information and all activity related to the Customer’s use of the Services, are kept and treated as Confidential Information under this Agreement. If Account information is made available to third parties, or the Customer becomes aware of anything else that may jeopardize the security and integrity of the Services, the Customer shall immediately change such account information and notify Bravo Next.

Art. 9. Unless otherwise agreed, the Customer is required to actively use the Account at least once during a period of 6 (six) consecutive months. In the case Bravo Next identifies a lack of Account’s activity for a period longer than 6 consecutive months, the Account can be removed or suspended by Bravo Next without prior notification.

Art. 10. The Customer is not allowed to transfer Account’s possession or share its usage to/with another entity without Bravo Next’s prior consent.

Section III – Conditions for Entering Into, Account Approval and Termination of the Agreement

Art. 11. Access to and use of Bravo require an agreement to be in place between the parties.

Art. 12. The Agreement as specified above is entered into by the Customer’s registration of the Account in the Services and subsequent approval of said Account by Bravo Next. At any point prior to the approval, Bravo Next is entitled to stop/refuse the conclusion of the Agreement. For the purposes of Account approval and/or control over the Services, the Customer shall provide any and all information (including documents – both official (public) and private) requested by Bravo Next and related to the identity of the Customer, its legal representatives, Users, employees, third party contractors (when applicable) and others, their legal and/or financial status, proof of eligibility (merchant status, certificate of incorporation, specimen signature, etc.), bank accounts, credit records and/or other requested information at Bravo Next’s discretion. For further verification, Bravo Next may also require, without being obliged to do so, at any point, the Customer to sign and send to Bravo Next’s registered office a physical (hard) and/or digital copy of these GTC. In case the Customer is required by Bravo Next to sign a digital copy of these GTC, the Customer shall sign via utilization of one of the following signing options:

• a qualified electronic signature (QES) under art. 13, para. 3 of the Bulgarian Electronic Document and Electronic Certification Services Act and art. 3, item 12 of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014; or
• an electronic signature DocuSign eSignature, available via the DocuSign online platform for sharing and signing documents electronically (ref. https://www.docusign.com/products/electronic-signature). The Parties agree that electronic signatures affixed through DocuSign eSignature will have the equivalent legal effect of handwritten signatures in accordance with art. 13, para. 4 of the Bulgarian Electronic Document and Electronic Certification Services Act.

Art. 13. For avoidance of any doubt, approval of the Customer’s Account depends entirely on Bravo Next’s own discretion and corporate policies. Bravo Next is not obliged to provide any statement or reason for not approving Customer’s Account.

Art. 14. Through the registration of the Account by the Customer certain contact information is being provided. Bravo Next is entitled to send to the Customer’s registered address, e-mail address or via telephone number indicated during the registration, all information (incl. notifications) connected with the Agreement or the performance thereof, as well as with the functioning of the Services. Until provision of the new contact information in a proper manner, the contact information presented during the registration / prior provision of contact information shall be regarded as applicable for contact / notification / exchange of information with/to the Customer.

Section IV – Payment conditions

Art. 15. Against the Provision of Services, Bravo Next is entitled to a remuneration as stipulated hereunder.

Art. 16. In order to pay for the Provision of Services the Customer is required to make re-occurring monthly payments via selected and activated subscription plan (hereinafter referred to as “Subscription”) within the functionalities of Bravo. The Subscription is a specific prepaid or postpaid digital content, designed to address precise needs that can be used only in a limited way, i.e., in order to acquire only the limited range of the Services. The rates/prices of and the included Bravo Next Services in the different type of Subscription shall be provided within the Website and the respective functionalities. All provided prices of any Subscription are VAТ excluded and may be currency dependant. If not explicitly stipulated otherwise, all available types of Subscription are of the prepaid variety and necessitate allocation of respective payment by the Customer and its receipt by Bravo Next prior access to or rendering of the associated Services.

Art. 17. For avoidance of any doubt, no Subscription constitutes electronic money under the definition of point 1 of Article 2 of Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions.

Art. 18. At the time of each re-occurring payment for Subscription the purchase price paid by Customer – resident of Bulgaria for tax purposes, VAT shall be applied, and the purchase price shall be accordingly increased by 20 % in order to accommodate for incurrence of value-added tax.

Art. 19. Made Subscription payments are subject neither to exchange, nor return. Subscription might have an expiration date assigned to it, which depends on the respective purchased Subscription.

Art. 20. Bravo Next Services that are not included in activated Subscription require additional payments, respectively activation and payment of applicable Subscription that includes the necessary Bravo Next Services.

Art. 21. The Customer is obliged to maintain necessary credit balance in order to accommodate re-occurring payments towards any active Subscription. Lack of funds or failure to successfully charge Customer’s Account may result in immediate suspension and/or termination of the Account / Provision of Services.

Art. 22. Detailed information on Subscription rates/prices and included Services are published on the Website. The Customer is obliged to check the current applicable Subscription information, including rates/prices, before using the Services.

Art. 23. Bravo Next is entitled to change any Subscription and/or its rates/prices within the Services, at any time and without prior notice. The applicable Subscription / rates/prices shall be displayed on the Website, conditioned on the applicable functionality at a given time, e.g., within the Account page, in a respective price list section or in any other way ensuring relatively easy access to the information, without any obligation for Bravo Next to inform the Customer in any other way. The aforementioned changes shall not require the approval by the Customer for their effectiveness/applicability.

Art. 24. In case the Customer inputs Content into the Platform that is deemed by Bravo Next or other third party to be considered of an illegal, immoral or otherwise forbidden / not-allowed nature (including, but not limited to, infringing personal data, trademark use, other intellectual property rights, etc.), the Customer shall be charged additionally to cover any and all penalties, due compensations, damages, fees, expenses, etc. directly or indirectly caused, related or derived out of acts or omissions of the Customer, its Users, employees and others, in which case the Customer is obliged to pay the additional price immediately following Bravo Next’s notification.

Art. 25. The payments for Subscription shall be made by one of the following prepayment methods (provided that and as long as they are applicable and available on the Platform):

• (Bank) Card Payment Terms. If the Customer chooses to pay by (bank - credit/debit) card, then it is responsible for ensuring that the (bank) account associated with the (bank) card has a sufficient positive balance to cover all ordered payments for purchase. The Customer may not use (bank) cards that are not owned by and opened in the name of the Customer or its legal representative/s. Furthermore, any prepaid, virtual, one-time usage or other equivalent card/s shall not be deemed as a valid payment method/instrument. If, for any reason, the Customer has a negative balance on its account, or the bank card declines a charge, or the Customer uses prepaid, virtual, one-time usage or other equivalent card/s, then Bravo Next reserves the right to suspend/refuse Provision of Services. Payments via (bank) card shall be processed by external payment service provider via virtual POS terminal integration with Bravo or equivalent on-line payment technology (such as Stripe and/or others). The sale and subsequent activation of Subscription depend on the receipt and confirmation by Bravo Next of the entire owed amount as per the applicable price list / Subscription details. Each purchase may be confirmed by an invoice sent to the email address of the Customer provided in the Account information at the time of issuing.
• Bank Transfer Payment Terms. If the Customer chooses to pay by bank transfer (sending money from its bank account to Bravo Next’s bank account), the Customer shall provide proof of: 1) payment (document of bank order); 2) ownership of the bank account (the bank account must be owned by and opened in the name of the Customer). Prior to making any payments via bank transfer, the Customer must inform Bravo Next’s customer support team and be approved by Bravo Next for this payment method. The sale and subsequent activation of Subscription depend on the receipt and confirmation by Bravo Next of the entire owed amount as per the applicable price list / Subscription details. Each purchase may be confirmed by an invoice sent to the email address of the Customer provided in the Account information at the time of issuing.

Art. 26. In the case of (bank) card payments or bank transfer payments, Bravo Next shall not be liable for any costs in connection with fees, commissions or other additional payments made by the Customer or his bank in connection with the transaction itself, and in the cases of currency exchange applied by the bank that issued the card/bank account to the Customer.

Art. 27. Bravo Next receives the respective monetary amounts of payments made after processing by the relevant provider of payment services and is not responsible for its actions/omissions.

Art. 28. Prices will be subject to additional annual adjustment equivalent to the increase in the labour cost index. No further notification of this change shall be needed for its effectiveness.

Section V – Termination

Art. 29. The Agreement is entered into for an unspecified, indefinite period of time.

Art. 30. Each party may terminate the Agreement upon two-month notice. Bravo Next does not return the equivalent of Subscription not utilized (partially or fully) by the Customer before the expiration of the notice, nor any payment related to Subscription’s purchase/activation.

Art. 31. Bravo Next may terminate the Agreement without prior notice in the following cases:

• If, at Bravo Next’s own discretion, continuation of the Provision of Services is not commercially justifiable (including in case of cost increase by suppliers towards Bravo Next) or in the event of an objective impossibility for Bravo Next to provide completely or partially the Services.
• In case of any identified (at Bravo Next’s own discretion) breach under these GTC or applicable legislation.
• If the Customer is suspected to have provided false or misleading information related to the identity of the Customer, its legal representatives, Users, employees, third party contractors (when applicable) and others, their legal and/or financial status, eligibility (merchant status, certificate of incorporation, specimen signature, etc.), bank accounts, credit records and/or other information provided to Bravo Next (including the Account information).
• If the Customer becomes insolvent or is unable to pay its debts as they fall due or goes into liquidation either voluntarily or as required by law.
• If the Customer’s Account has been inactive for 6 consecutive months.

Art. 32. Termination under the provided above will lead to loss of any unutilized Subscription with no right to compensation/replacement by Bravo Next.

Section VI – Obligations of the Customer

Art. 33. The Customer accepts and agrees that all use of Services is subject to the following:

• The Customer accepts and agrees that regardless of the relations between the Customer and any third parties the Customer shall be considered sole user of the Services.
• Customer shall ensure that before using the Services or any Content is made available / put in the Platform, all necessary rights, authorizations, licenses, consents, and permissions have been obtained or granted in accordance with applicable law.
• The Customer shall use the Services in accordance with the applicable law, and any user instructions and other policies and guidelines provided by Bravo Next and shall input Content into the Platform after required consents of data subjects whose personal data is the Content is lawfully provided / collected and in accordance with any and all Bravo Next policy/instruction.
• The Customer shall ensure that Users comply with this Agreement. In any case, Customer is entirely liable for User’s acts and omissions.
• The Customer shall keep complete and accurate records to permit an accurate assessment of the Customer’s use of the Services and compliance with the Agreement.

Art. 34. The Customer is obliged to abstain from abusing/misusing the Services, including but not limited to:

• Indicating false or misleading Account information / input Content in the Platform;
• Inputting Content without legal basis according to applicable legislation and/or not in compliance with the respective requirements;
• Allowing the Services to be used or using them for purposes that they were not intended to be used.
• Delivering by or to Bravo Next systems any data/information/Content that:
  • Causes interferences in the operation of or overloads the systems of Bravo Next or any third party that takes direct or indirect part in providing the Services, including but not limited to suppliers / subcontractors. The Customer is responsible for ensuring that the Content is (i) free from any viruses, Trojan horses, worms or other detrimental code, (ii) in the agreed format, and is (iii) unable to affect or jeopardize the Services delivered by Bravo Next or Bravo Next’s subcontractor’s infrastructure, system, network, services or other customers.
  • Infringes the rights and/or interests of Bravo Next, third parties, and commonly accepted social norms, as well as using the Services not in compliance with the commonly accepted legal norms applicable at the place of use, establishment or impact.
  • Advertises or promotes Customer’s or third party’s service/s that compete with the Services.
• Engaging in soliciting Bravo Next’s employees, suppliers, subcontractors, consultants, customers, etc.

Art. 35. Should the Customer be in breach with the provisions above, Bravo Next shall be entitled to refrain from providing the Services to the Customer, without having to terminate the Agreement, regardless of other rights to which Bravo Next is entitled.

Art. 36. As of the day of the termination of the Agreement between the parties, the Customer is obliged to stop using the Services.

Art. 37. Bravo Next has a right of control over the fulfilment of the Customer’s obligations under the Agreement and at its own discretion may suspend and/or remove the Account of the Customer.

Art. 38. The Customer is solely and entirely responsible for the Content input in the Platform.

Section VII – Maintenance works

Art. 39. Bravo Next reserves the right to conduct system-related maintenance works, which may cause difficulties or make it impossible for the Customer to use the Services. The dates for and expected durations of such maintenance works will be published on the Website or sent by e-mail before the beginning of said works.

Art. 40. In the special cases concerning the safety or stability of a system, Bravo Next has a right to temporarily stop or limit the Provision of Services, without prior notification and to conduct the maintenance works aiming at recovering the safety or stability of a system.

Art. 41. Difficulties or lack of possibility to use the Services because of the reasons indicated above shall not justify any claims against Bravo Next.

Section VIII – Privacy and personal data processing

Art. 42. Bravo Next ensures the confidentiality of the Services, unless any information is in the public domain as a matter of principle, or its disclosure is necessary for the correct Provision of Services. The information as referred to above may be revealed only in accordance with the applicable law.

Art. 43. Bravo Next takes the matters of protection and security of Personal Data seriously and will process such information in accordance with applicable Data Protection Legislation and the Agreement. In order to provide the Services, Bravo Next may process Personal Data about Users and others who access the Services. Bravo Next may disclose Personal Data to third parties as set out in the Agreement.

Art. 44. The way of dealing with Personal data, scope and responsibilities of Bravo Next in the processing of Personal Data are described in the Data Processing Appendix to these GTC, which constitutes a written agreement for entrusting the processing of personal data between Bravo Next and the Customer, i.e., a documented instructions in accordance with art. 28, par. 3 (a) of GDPR.

Art. 45. The security requirements regarding the processing of Personal Data by the Processor are set out in the Security Appendix to these GTC.

Art. 46. In order to facilitate the Services, contact details as part of the Account shall be provided for various purposes, e.g., accounting/financial, technical support/requirements, marketing, etc. The Customer is obliged to properly inform all individuals/Users who have been or will be listed in the Account or in the Content about the fact of providing their data within the Services and about their rights as data subjects.

Art. 47. The User/s, and persons who have been listed in the Account / Content, have the right to access and correct their personal data and request discontinuation of the processing.

Art. 48. The User/s, including persons who have been listed by the User/s in the Account / Content, consent to the processing of personal data for purposes related to the Provision of Services, including:

• about changes in the GTC, price lists / Subscription or privacy policy
• about changes directly related to the provision of services within the Services, including such as service updates, updates of technical conditions and documentation
• on the payment status for completed services (on invoice issuance and also the status of the payments), including rebate codes for Services
• processing of an educational nature / improvements related to the operation of the Services.

Art. 49. Any information related to the mentioned in above may be sent, depending on the need, via one of the available channels, by processing the contact data provided in the Account, i.e., traditional mail may be sent after processing physical addresses (registered office, mailing address, etc.), e-mail correspondence (including by an automated ticket service) – email addresses, phone calls, SMS, OTT messaging – phone numbers or by using an accessible chat service.

Art. 50. Bravo Next is not liable for any processing of Personal Data performed by any of the payment service providers – Stripe, banks and/or other parties.

Art. 51. Other relevant information about privacy is available in the privacy statement/policy of the Services.

Section IX – Confidentiality

Art. 52. The Customer shall not use or disclose to any person, neither during nor after the term of the Agreement, any Confidential Information, except for purposes consistent with the administration and performance of the Customer’s rights or obligations under this Agreement, or as required by statutory law or regulations.

Art. 53. The Customer shall treat as confidential, maintain, keep and protect Confidential Information concerning Bravo Next with a degree of care at least equivalent to the protection of its own Confidential Information.

Art. 54. Confidential Information shall not include information that is:

• already in the possession of the receiving Party without an obligation of confidentiality; or
• rightfully furnished to the receiving Party by a third party without a breach of any separate nondisclosure obligation; or
• already publicly available without breach of the Agreement.

Section X – Warranty disclaimer by Bravo Next

Art. 55. The Services are provided "as is". To the extent permitted by law, Bravo Next disclaims all warranties, either expressed or implied, statutory or otherwise, including without limitation warranties of functionality, fitness for a particular purpose or non-infringement.

Art. 56. Bravo Next does not warrant that the Services will be error-free, that the use of the Services will be uninterrupted or error-free, or that the Services do not contain any viruses. The Customer accepts and agrees that the routes, optimisations, renderings, results, etc. may not depict the reality, and that the Customer carries all risks related to the use of the Services.

Section XI – Liability

Art. 57. The Customer shall indemnify Bravo Next against all damages, claims, costs, losses and expenses because of a third party claiming that the use by the Customer of any derivate work created by the Customer by using the content of, or the Services constitutes an infringement of their Intellectual Property Rights. The Customer shall bear full responsibility for the type, content, quality and organization of the Customer service, including the Content inputted in the Platform and the Customer’s liability for breach of the Agreement shall not be limited unless any applicable law requires so.

Art. 58. Bravo Next shall not be liable for errors in the Provision of Services that result from failures or incorrect functioning of the systems, unless they are caused by circumstances attributable entirely and exclusively to a proven case of intentional misconduct or gross negligence. The Customer acknowledges that the Internet and the suppliers’ / subcontractors’ services are inherently insecure. Accordingly, the Customer agrees Bravo Next is not liable for any changes to, interception of, or loss of Customer data / Content while in transit via the Internet or the suppliers’ / subcontractors’ services.

Art. 59. Bravo Next shall not be liable for the lack of possibility to access the Services that results from incorrect registration/login attempt by the Customer/User.

Art. 60. In the case of damage or loss, Bravo Next has a right to claim compensation.

Art. 61. Bravo Next shall not be liable for indirect or consequential damages.

Art. 62. The above restrictions do not apply to damages caused by fraud, gross negligence or intentional misconduct.

Art. 63. Bravo Next’s total aggregate liability to the Customer will in no event exceed the fees paid (paid amounts for purchased Subscription) by Customer in the period of 12 consecutive months prior to the date the claim arose, excluding suppliers’ / subcontractors’ fees and taxes.

Section XII – Complaint Procedure

Art. 64. Complaints can be submitted due to the failure to provide or correctly provide the Services.

Art. 65. The complaint shall be submitted through electronic mail to the e-mail address: support@bravo-next.com. The Customer is obliged to provide in its complaint the data/information allowing for internal check.

Art. 66. The complaint can be filed within 7 days from the date of the event to which such complaint applies.

Art. 67. The complaint about the failure to provide or failure to correctly provide the Services must, in particular, include the subject matter of and the circumstances that justify such claim, as well as a precise description of the Customer’s claim.

Art. 68. Bravo Next shall consider the complaint within 14 days from the complaint submission date. If the complaint cannot be considered during the above period of time, Bravo Next shall during said period inform in writing (e-mail) the Customer about the reasons for such delay and the expected timeframe of complaint consideration.

Art. 69. A breach of the complaint procedure justifies the complaint rejection.

Art. 70. The right to pursue claims arising from the Agreement in court proceedings is vested in the Customer after the complaint procedure has been exhausted.

Section XIV – Final Provisions

Art. 71. Bravo Next has the right to perform audits of the Customer’s books and records, to interview relevant Customer representatives, and accessing the Customer’s services, products, Content and/or hardware, to validate that the Customer’s use of the Services is compliant with the Agreement.

Art. 72. If an audit reveals non-compliance by the Customer, the Customer shall remedy such breach immediately after receipt of notice from Bravo Next. Such remedy shall be without prejudice to any other rights or remedies applicable under the Agreement.

Art. 73. The Customer agrees to place its name, trademark and/or logo on the Bravo Next’s website. The Customer authorizes Bravo Next to place its name, trademark and/or logo in internal materials used for the needs of Bravo Next.

Art. 74. This Agreement does not authorize Bravo Next to use, in any other manner than the one resulting from this Agreement, trademarks, advertising slogans, trade names or other intellectual property rights to which the Customer is entitled.

Art. 75. All declarations of the parties which are connected with the Agreement entered into by and between them shall be sent to the User/s’ or other persons’ listed in the Account addresses or e-mail addresses as indicated during the Account registration. The User/s is/are obliged together with the Customer to immediately inform Bravo Next about any changes of the contact data. If the respective party has not notified of the change in the manner set out herein, all notices served at the contact data set out in the Account until that happens shall be considered validly served.

Art. 76. The Agreement shall be governed and interpreted under the laws of Bulgaria. In the absence of an amicable solution any dispute, controversy or claim arising out of or in connection with these GTC or the Agreement must be brought to the competent courts in Sofia, Bulgaria.

Art. 77. Bravo Next reserves the right to introduce changes to the GTC.

Art. 78. Bravo Next reserves the right to monitor, store and archive the Content and the IP addresses of the computers from which the Services are used, to which the Customer gives consent. The data are stored in order to prove the rendering of the Services in the case of dispute / infringement of the GTC, and also in order to ensure compliance and assistance to the competent authorities in relation to the Services.

Art. 79. If any provision of this Agreement is deemed invalid, this shall not prejudice the validity of the other provisions.

Art. 80. The appendices to these GTC are an integral part of the Agreement between the parties, hereunder: Data Processing Appendix, Security Appendix, Scope Appendix, and the Technical Specification available at the Website.

Introduction

Art. 1. This Data Processing Appendix (“DPA”) is entered into by Bravo Next and the Customer and constitutes an integral part of the GTC and the Agreement, together with the Scope Appendix, the Security Appendix; the Standard contractual clauses (“SCC”) Appendix and any other agreed appendices.

Art. 2. When the data exporter, as defined in the SCC Appendix, is based in Switzerland, the references to the GDPR in the SCC should be understood as references to the Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020 (FADP) insofar as the data transfers are subject to the FADP. When the data exporter, as defined in the SCC appendix, is based in Switzerland, the SCC clauses also protect the data of legal entities until the entry into force of the revised FADP.

Art. 3. "Data Protection Legislation" is defined as in the GTC. Terms defined in art. 4 of GDPR shall be understood in accordance with the GDPR definition.

Scope and commitment

Art. 4. The Parties agree and acknowledge that, during Bravo Next’s Performance of Services under the Agreement, processing of personal data on Customer’s behalf will take place. Customer therefore appoints Bravo Next as data processor. The terms and conditions of data processing are set forth in this DPA. Bravo Next guarantees that it will implement appropriate technical and organizational measures in such a manner that Bravo Next’s processing will meet the requirements of the Data Protection Legislation and ensure the protection of the rights of the Data Subjects.

Art. 5. This DPA covers processing of personal data when Bravo Next processes on the Customer’s behalf as processor (GDPR Article 28.3) or, if the Customer is itself a processor, as a sub-processor (GDPR Article 28.4).

Art. 6. For the purpose of this DPA, Customer shall hold the obligations of Controller, and is fully responsible towards a controller on whose behalf it processes Personal Data by use of Bravo Next Services. Reference to the “Controller” herein will therefore in all cases be a refer to the Customer.

Art. 7. Subject to the Customer being based in Third Country located outside the European Union (EU) or the European Economic Area (EEA) and without an adequacy decision by the European Commission, the SCC Appendix, Module four shall apply to the processing activities requiring personal data transfers from Bravo Next as processor to the Customer.

Art. 8. Bravo Next as processor, its Sub-processors, and other persons acting under the authority of Bravo Next who have access to the Personal Data shall process the Personal Data only on behalf of the Controller and in compliance with the Agreement and the Controller’s documented instructions, and in accordance with the DPA, unless otherwise stipulated in the Data Protection Legislation.

Art. 9. Bravo Next shall inform the Controller if, in Bravo Next’s opinion, an instruction infringes the Data Protection Legislation.

Art. 10. Bravo Next’s processing of personal data as controller is available in the privacy section of bravo-next.com.

Obligations of the Controller

Art. 11. The Controller warrants that the Personal Data is processed lawfully, for specified, explicit and legitimate purposes. The Controller will not instruct Bravo Next to process more Personal Data than required for fulfilling such purposes.

Art. 12. The Controller is responsible for ensuring that a valid legal basis for processing as defined in the Data Protection Legislation (ref. GDPR Article 6.1) exists at the time of transferring the Personal Data to Bravo Next. If such legal basis is consent (ref. GDPR Article 6.1 (a)) the Controller warrants that any consent is given explicitly, voluntarily, unambiguously and on an informed basis.

Art. 13. In addition, the Controller warrants that the Data Subjects to which the personal data pertains have been provided with information required under the Data Protection Legislation (ref. GDPR article 13 and 14) on the processing of their Personal Data.

Art. 14. Any instructions regarding the processing of Personal Data carried out under this DPA shall primarily be submitted to Bravo Next. In case the Controller instructs a Sub-processor appointed in accordance with the DPA directly, the Controller shall immediately inform Bravo Next hereof. Bravo Next shall not in any way be liable for any processing carried out by the Sub-processor as a result of instructions received directly from the Controller, and such instructions result in a breach of this DPA, the Agreement or Data Protection Legislation.

Confidentiality

Art. 15. Bravo Next ensures that its employees, its Sub-processors, and other persons who process the personal data by authority of Bravo Next have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Art. 16. The Controller is subject to a duty of confidentiality regarding any documentation and information, received by Bravo Next, related to Bravo Next or Bravo Next’s Sub-processors’ implemented technical and organizational security measures, or information which Bravo Next’s Sub-processors have defined as confidential. However, Controller may always share such information with supervisory authorities, if necessary, to act in compliance with Controller’s obligations under Data Protection Legislation or other statutory obligations.

Security

Art. 17. The security requirements applying to Bravo Next’s processing of Personal Data is governed by Security Appendix to the DPA, available at the security section of bravo-next.com.

Access to Personal data and fulfilment of Data Subjects’ rights

Art. 18. TUnless otherwise agreed or dictated by applicable law, the Controller is entitled to request access to personal data being processed by Bravo Next on behalf of the Controller.

Art. 19. TIf Bravo Next, or a Sub-processor, receives a request from a Data Subject relating to processing of Personal Data processed on behalf of the Controller, Bravo Next shall send such request to the Controller, for the Controller’s further handling thereof, unless otherwise stipulated in statutory law.

Art. 20. TTaking into account the nature of the processing, Bravo Next shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights stipulated in Data Protection Legislation, including the Data Subject’s right to (i) access to its Personal Data, (ii) rectification of its inaccurate Personal Data; (iii) erasure of its Personal Data; (iv) restriction of, or objection to, processing of its Personal Data; and (v) the right to receive its Personal Data in a structured, commonly used and machine-readable format (data portability). To the extent Customer requests assistance exceeding the requirements towards processors in the GDPR, Bravo Next shall be compensated for such assistance at Bravo Next’s then current rates.

Other assistance to the Controller

Art. 21. If Bravo Next, or a Sub-processor, receives a request for access or information from the relevant supervisory authority relating to the registered Personal Data or processing activities subject to this DPA, Bravo Next shall notify the Controller, for the Controller’s further processing thereof, unless Bravo Next is entitled to handle such request itself.

Art. 22. If the Controller is obliged to perform a Data Protection Impact Assessment and/or Prior consultation with the supervisory authority in connection with the processing of Personal Data under this DPA, Bravo Next shall provide assistance to the Controller, taking into account the nature of processing and the information available to Bravo Next. To the extent Customer requests assistance exceeding the requirements towards processors in the GDPR, the Customer shall bear any costs accrued by Bravo Next related to such assistance.

Notification of Personal Data Breach

Art. 23. Bravo Next shall notify the Controller without undue delay after becoming aware of a Personal Data Breach. The Controller is responsible for notifying the Personal Data Breach to the relevant supervisory authority in accordance with GDPR article 33.

Art. 24. The notification to the Controller shall be sent to the e-mail indicated by the Account’s registration, or provided later at the Account, in accordance with the Agreement concluded under GTC, and as a minimum describe (i) the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the likely consequences of the Personal Data Breach; (iii) the measures taken or proposed to be taken by Bravo Next to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

Art. 25. In the event the Controller is obliged to communicate a Personal Data Breach to the Data Subjects, Bravo Next shall assist the Controller, taking into account the nature of processing and the information available to Bravo Next. The Controller shall bear any costs related to such communication to the Data Subject.

Transfer to Third Countries

Art. 26. Transfer of Personal Data to countries located outside the European Union (EU) or the European Economic Area (EEA) and without an adequacy decision by the European Commission, hereunder by disclosure or provision of access, may only occur in case of documented instructions from the Controller.

Art. 27. For transfer to sub-processors, the documented instructions are described in section below and is subject to EU’s standard contractual clauses as provided in the SCC Appendix, Module three - transfers from Bravo Next as processor to a sub-processor in a Third Country.

Use of sub-processors

Art. 28. The Controller agrees that Bravo Next may appoint another processor, hereinafter referred to as Sub-processor, to assist in providing the services and processing Personal Data under the Agreement, provided that Bravo Next ensures that the data protection obligations as set out in this DPA and in Data Protection Legislation are imposed upon any Sub-processor by a written agreement; and that any Sub-processor provides sufficient guarantees that they will implement appropriate technical and organizational measures to comply with Data Protection Legislation and this DPA, and will provide the Controller and relevant supervisory authorities with access and information necessary to verify such compliance.

Art. 29. Bravo Next shall remain fully liable to the Controller for the performance of any Sub-processor.

Art. 30. Applicable Sub-processors are listed in Scope Appendix. Bravo Next may update the list to reflect any addition or replacement of Sub-processors by notification to the Customer or publication on the Website at least one month prior to the date on which such Sub-processor shall commence processing of Personal Data. Any objection to such changes must be provided to Bravo Next within two weeks of receipt of such notification or publication on the Website. In case of an objection from Customer as to the supplementing or change of a Sub-processor, Bravo Next may terminate the Agreement and this DPA with one-month notice. The Customer is aware and accepts that in case of objection the Services may be no longer provided without necessarily effecting the Subscription.

Art. 31. By entering into this DPA, the Customer grants Bravo Next authority to secure any legal basis for Transfer to Third Countries for any Sub-processor approved in accordance with the procedure stipulated above. If Customer is not itself controller, Customer will ensure such grant from controller. Upon request, Bravo Next shall provide the Controller with a copy of the EU’s standard contractual clauses under the SCC Appendix, Module three or description of the legal basis for Transfer.

Art. 32. Bravo Next shall provide reasonable assistance and documentation to be used in Controller’s independent risk assessment in relation to use of Sub-processors or Transfer of Personal Data to a Third Country.

Audits

Art. 33. Bravo Next shall, upon request, provide the Customer with documentation of implemented technical and organizational measures to ensure an appropriate level of security, and other information necessary to demonstrate Bravo Next’s compliance with its obligations under the DPA and relevant Data Protection Legislation.

Art. 34. Controller and the supervisory authority under the relevant Data Protection Legislation shall be entitled to conduct audits, excluding on-premises inspections, and evaluations of Personal Data being processed, the systems and equipment used for this purpose, implemented technical and organizational measures, including security policies and similar, and Sub-processors. Controller shall not be given access to information concerning Bravo Next’s other customers and information subject to confidentiality obligations.

Art. 35. Controller is entitled to conduct such audits one (1) day per year, upon no less than two-week notice. If Controller appoints an external auditor to perform the audits, such external auditor shall be bound by a duty of confidentiality. Controller shall bear any costs related to audits initiated by Controller or accrued in relation to audits of Controller, including compensation to Bravo Next to the extent Controller requires support exceeding the requirements in the GDPR.

Term and termination

Art. 36. The DPA is valid for as long as Bravo Next processes Personal Data on behalf of the Controller.

Art. 37. In the event of Bravo Next’s breach of the DPA or non-compliance of the Data Protection Legislation, the Controller may (i) instruct Bravo Next to stop further processing of Personal Data with immediate effect; and/or (ii) terminate the DPA with immediate effect.

Effects of termination

Art. 38. Bravo Next shall, upon the termination of the DPA delete all the Personal Data to the Controller unless otherwise stipulated in applicable law. Customer accepts and understands that Personal Data is accessible by it until termination, should Customer require copies of such data before deletion.

Art. 39. Upon Customer’s request, Bravo Next shall document in writing to the Controller that deletion has taken place in accordance with the DPA.

Breach of the DPA and Limitation of liability

Art. 40. Each party’s non-conformity with requirements set out in this DPA shall be regarded as a breach of agreement by that party, and the party shall ensure that breach is remedied without delay. The party in breach shall update the other party on measures adopted to remedy the non-conformity. Neither party shall be liable to the other party for errors caused by the other party’s systems or actions, negligence or omissions, or by general internet or line delays, power failure or other error outside the parties’ reasonable control.

Art. 41. Liability limitations in the GTC between the parties apply to liability under this DPA and the SCC Appendix.

Notices and amendments

Art. 42. All notices relating to the DPA shall be submitted in writing to the email address indicated by the Account’s registration, or provided later at the Account, in accordance with the Agreement concluded under GTC.

Art. 43. In case changes in Data Protection Legislation, a judgement or opinion from another authoritative source causes another interpretation of Data Protection Legislation, or changes to the services under the Agreement require changes to this DPA, Bravo Next will propose implementation of such changes into the DPA.

Art. 44. Any modification or amendment of this DPA shall be effective only if agreed in writing and signed by both parties.

Governing law and legal venue

Art. 45. The GTC’s terms regarding governing law, dispute resolution method and legal venue agreement shall apply if the location is within the EU or EEA. In other cases, the governing law shall be Bulgarian, and the legal venue shall be the courts of Sofia, Bulgaria.

Scope of the processing

The DPA concerns Bravo Next’s processing of Personal Data on behalf of the Controller in connection with provision of automized system striving to facilitate the Customer’s logistical planning and transport management processes in a way of allowing the Customer to input variety of criteria, dependent on Customer’s choice and limited by Bravo’s available at the time of use functionalities, in order to derive suggestions for proposed transportation routes and related logistical optimizations, made available as SaaS (Software as a service) solution, usually provided through the Website.. The Services include Controller’s access to Bravo Next’s solutions for purposes and frequency as chosen by Controller by use of the Services. The Agreement will provide further insight into the specific type of services provided to Controller under the Agreement.

Categories of Data Subjects

The categories of Data Subjects whose personal data may be processed under this DPA are defined by Controller. The processing involves processing of Personal Data related to Controller’s employees / contractors / other hired personnel (such as drivers, etc.), Users, contact persons under Controller’s Account in Bravo, representatives, etc.

Types of Personal Data

The Processing relates to the following category types of Personal Data, subject to the Controller’s concrete use of the Services:

• Basic Personal Data, such as name, contact details such as email, phone number etc.
• Location data, such as GPS, Wi-Fi location data, IP addresses, derived from use of the Platform.
• Logistical and transportation management / planning data (when in some way data pertains to individuals, e.g., drivers, contact persons, etc.): routes (included elements (such as stop points, locations, marks, etc,) and excluded elements (such as toll roads, ferries, tunnels, difficult / U-turns, countries, etc.)), transportation vehicles (by type, composition elements (trailers, trucks, etc.), weight, licence plates etc.), drivers’ specifications (such as long/short-haul, working hours/days, etc.), expenses (such as wages, fuel cost, parts / consumables (e.g., tyres), etc.).
• Billing data (when in some way data pertains to individuals, e.g., representatives, accountants, consultants, contact persons, etc.).
• Data related to content of communication, such as e-mails, phone / VoIP calls, voice mails, chat, SMS / OTT, browsing data, etc.

Special categories of Personal Data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or health data, will be processed under this DPA if the Services are used by Customer to process such data.

Subject-matter of the processing

The subject-matter of Bravo Next’s processing of Personal Data on the customer’s behalf is the provision of services to the Customer that require processing of Personal Data. Personal Data will be subject to processing activities as specified in the GTC.

Duration of the processing

The processing will continue for the duration of Customer’s contract with Bravo Next. Bravo Next will retain Personal Data for as long as it is necessary to fulfil the purposes for processing.

Nature of the processing

Personal Data will be processed by Customer entering the data into Bravo Next’s Platform, either through its access to the Platform (via its Account and User(s)), or by providing data to Bravo Next employees in order for them to enter data to the respective Customer’s area of the Platform. The data will further be processed in order for logistical planning / transportation management and/or their optimization as required by Customer be fulfilled and other related services be executed.

Purpose of the processing

The purpose of engaging Bravo Next to process Personal Data on Customer’s behalf is for Customer to fulfil its requirements for logistical planning / transportation management and/or their optimization.

Sub-processors / independent controllers

The Sub-processors approved under the DPA are found in Bravo Next sub-processors list below, subject to unilateral changes by Bravo Next from time to time.

The following Sub-processors / independent controllers are approved by Customer (if applicable under the respective Services and the Subscription):

• Bravo Next’s affiliates, i.e., subsidiary companies/entities, such as TT Union EOOD, registered in Bulgaria under reg. # (UIC) 205142685, etc.
• Cloud service providers / colocation providers, such as the providers of DigitalOcean (www.digitalocean.com), Ploi.io (www.ploi.io), etc.
• Email service providers, such as the provider(s) of Mailtrap (www.mailtrap.io), etc.
• Maps / routes service providers, such as the providers of Here Maps API (www.here.com) Maptiler (www.maptiler.com), Maplibre (www.maplibre.org), www.openstreetmap.org, etc.
• Payment service providers, such as the provider(s) of Stripe (www.stripe.com), banks, etc.

This DPA is regarded as an instruction from Customer to transfer Personal Data to the listed Sub-processors / independent controllers.

Scope of the processing

The DPA concerns Bravo Next’s processing of Personal Data on behalf of the Controller in connection with provision of automized system striving to facilitate the Customer’s logistical planning and transport management processes in a way of allowing the Customer to input variety of criteria, dependent on Customer’s choice and limited by Bravo’s available at the time of use functionalities, in order to derive suggestions for proposed transportation routes and related logistical optimizations, made available as SaaS (Software as a service) solution, usually provided through the Website.. The Services include Controller’s access to Bravo Next’s solutions for purposes and frequency as chosen by Controller by use of the Services. The Agreement will provide further insight into the specific type of services provided to Controller under the Agreement.

between

Bravo Next, and its affiliates established within EEA hereinafter “data exporter”

and

The Customer (MODULE FOUR) or the respective Sub-processor in Third Country (MODULE THREE)

Categories of Data Subjects

The categories of Data Subjects whose personal data may be processed under this DPA are defined by Controller. The processing involves processing of Personal Data related to Controller’s employees / contractors / other hired personnel (such as drivers, etc.), Users, contact persons under Controller’s Account in Bravo, representatives, etc.
hereinafter “data importer”

The SCC text is found at: Publications Office (europa.eu)

The Data exporter and Data importer enter into SCC with the following modules:

• MODULE ONE: Transfer controller to controller: No
• MODULE TWO: Transfer controller to processor: No
• MODULE THREE: Transfer processor to processor: If and to the extent applicable: Yes (in case of a sub-processor in Third Country) / No (in case of Customer in Third Country)
• MODULE FOUR: Transfer processor to controller: Yes (in case of Customer in Third Country) / No (in case of a sub-processor in Third Country)

Specifications required for each applicable module follow below:
Specifications relevant to MODULE THREE: Transfer processor to processor

Clause 7 – The Parties agree that this clause shall be included:

Specifications relevant to MODULE FOUR: Transfer processor to controller

Clause 9 – The Parties agree that Option 2 part of the clause shall apply to them:

[OPTION 2: GENERAL WRITTEN AUTHORISATION The data importer has the controller’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the controller in writing of any intended changes to that list through the addition or replacement of sub-processors at least one months in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the controller with the information necessary to enable the controller to exercise its right to object. The data importer shall inform the data exporter of the engagement of the sub-processor(s).]

Clause 11 – The Parties agree that this optional part of the clause shall not be included:

[OPTION: The data importer agrees that data subjects may also lodge a complaint with an independent dispute resolution body at no cost to the data subject. It shall inform the data subjects, in the manner set out in paragraph (a), of such redress mechanism and that they are not required to use it, or follow a particular sequence in seeking redress.]

Clause 17 – The Parties agree that Option 1 part of the clause shall apply to them:

[OPTION 1: These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the state in which the data exporter is established.]

When the data exporter is based in Switzerland the Parties agree these Clauses shall be governed by the law of:

• Switzerland (when the data transfer is exclusively subject to the FADP)
• Bulgaria (when the data transfer is subject to both the FADP and the GDPR)

Clause 18:

(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

(b) The Parties agree that those shall be the courts of the state in which the data exporter is established.

When the data exporter is based in Switzerland the Parties agree that any dispute arising from these Clauses shall be resolved by the courts of:

• Switzerland (when the data transfer is exclusively subject to the FADP)
• Bulgaria (when the data transfer is subject to both the FADP and the GDPR)

(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

The Parties agree that the term ’member state’ must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18 c.

(d) The Parties agree to submit themselves to the jurisdiction of such courts.

Specifications relevant to MODULE FOUR: Transfer processor to controller

Clause 7 – The Parties agree that this clause shall be included:

Docking clause (a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. (b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A. (c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

Clause 11 – The Parties agree that this optional part of the clause shall not be included:

[OPTION: The data importer agrees that data subjects may also lodge a complaint with an independent dispute resolution body at no cost to the data subject. It shall inform the data subjects, in the manner set out in paragraph (a), of such redress mechanism and that they are not required to use it, or follow a particular sequence in seeking redress.]

Clause 17 – These Clauses shall be governed by the law of a country allowing for third-party beneficiary rights. The Parties agree that this shall be the law of the state in which the data exporter is established.

When the data exporter is based in Switzerland the Parties agree these Clauses shall be governed by the law of:

• Switzerland (when the data transfer is exclusively subject to the FADP)
• Bulgaria (when the data transfer is subject to both the FADP and the GDPR)

Clause 18 – Any dispute arising from these Clauses shall be resolved by the courts of the state in which the data exporter is established.

When the data exporter is based in Switzerland the Parties agree that any dispute arising from these Clauses shall be resolved by the courts of:

• Switzerland (when the data transfer is exclusively subject to the FADP)
• Bulgaria (when the data transfer is subject to both the FADP and the GDPR)

1. List of Parties

MODULE THREE: Transfer processor to processor

MODULE FOUR: Transfer processor to controller

Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

1.1. Name: Bravo Next Ltd. and its affiliates

Address: 6 Letetz Hristo Arnaudov St., Bozhurishte 2227, Bulgaria,

Contact person’s name, position and contact details:

• Martin Gospodinov, DPO
• +359899316951
• dpo@bravo-next.com

Activities relevant to the data transferred under these Clauses: provision/use of logistical planning / transportation management and/or their optimization
Role (controller/processor): processor(s).

Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

Specifications relevant to MODULE THREE: Transfer processor to processor

1.2. Name: [name of Sub-processor in Third Country] as listed (if listed) in the Scope Appendix (or references / links thereto)

Address: [address of Sub-processor in Third Country] as listed (if listed) in the Scope Appendix (or references / links thereto)

Contact person’s name, position and contact details: [details of the contact person of Sub-processor in Third Country] as listed (if listed) in the Scope Appendix (or references / links thereto)

Activities relevant to the data transferred under these Clauses: provision/use of logistical planning / transportation management and/or their optimization

Role (controller/processor): processor(s)

Specifications relevant to MODULE FOUR: Transfer processor to controller

1.3. Name: Name of the Customer under the meaning of the GTCs

Address: address of the Customer provided as contact information in the Customer’s Account according to the GTCs

Contact person’s name, position and contact details: as provided by the Customer in the contact information in the Customer’s Account according to the GTCs

Activities relevant to the data transferred under these Clauses: provision/use of logistical planning / transportation management and/or their optimization

Role (controller/processor): controller

2. Description of Transfer

MODULE THREE: Transfer processor to processor

MODULE FOUR: Transfer processor to controller

Categories of data subjects whose personal data is transferred

Regarding MODULE THREE:
The categories defined by data exporter’s Customer. The processing involves processing of personal data as provided in the Scope Appendix.

Regarding MODULE FOUR:
The categories defined by data importer/controller. The processing involves processing of personal data as provided in the Scope Appendix.

The personal data transferred concern the categories of data as provided in the Scope Appendix.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
continuous basis

Nature of the processing – as provided in the Scope Appendix.

Purpose(s) of the data transfer and further processing – as provided in the Scope Appendix.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period – as provided in the Scope Appendix.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing – as provided in the Scope Appendix.

3. Competent Supervisory Authority

MODULE THREE: Transfer processor to processor

Identify the competent supervisory authority/ies in accordance with Clause 13

• The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 is the one competent in the state in which the data exporter is established
• When the data exporter is based in Switzerland the parties establish a parallel supervision:
  • The Federal Data Protection and Information Commissioner (FDPIC), insofar as the data transfer is governed by the FADP
  • The Bulgarian Data Protection Authority, insofar as the data transfer is governed by the GDPR

Technical and Organisational Measures Including Technical and Organisational

Measures to Ensure the Security of the Data

MODULE THREE: Transfer processor to processor

Description of the technical and organisational security measures:
Respectively applies the Security Appendix.

For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter
Respectively applies the Security Appendix.