Data Processing Agreement

Last updated: 11th April 2025
This Data Processing Agreement (“Agreement”) forms part of the Terms of Use between:
The Customer (“Data Controller”)
and
Repair Pilot Ltd, trading as Repair Pilot (“Data Processor”).

---

1. Definitions

• Data Controller: The Customer, who determines the purpose and means of processing Personal Data.

• Data Processor: Repair Pilot, who processes Personal Data on behalf of the Data Controller.

• Personal Data: Any information relating to an identifiable person, as defined under UK GDPR.

• Sub-processor: A third-party engaged by the Data Processor to help deliver the service.

---

2. Scope of Processing

The Data Processor shall process Personal Data only to the extent necessary to provide the Repair Pilot SaaS platform, in accordance with:

• The Data Controller’s instructions

• The applicable service agreement

• Applicable data protection laws (including the UK GDPR and EU GDPR, where applicable)

---

3. Nature & Purpose of Processing

Purpose: To provide the Repair Pilot repair management platform and related services.

Nature of Processing:

• Storing, organising, accessing, modifying, transmitting, and deleting customer data as required for service functionality.

Types of Personal Data Processed:

• Customer names, email addresses, phone numbers, job details, device information, communication logs, payment status, and related data input into the platform by the Data Controller.

Data Subjects:

• The Data Controller’s customers, staff, and service users.

---

4. Sub-Processors

The Data Processor uses the following sub-processors to provide the service:

The Data Controller consents to the use of these sub-processors. The Data Processor will inform the Controller of any intended changes and allow objections where applicable.

---

5. Security

The Data Processor shall implement appropriate technical and organisational measures to ensure the security of Personal Data, including:

• Data encryption in transit

• Secure access controls and role-based permissions

• Regular system updates and vulnerability patching

• Encrypted backups and restricted access to production environments

---

6. Confidentiality

The Data Processor shall ensure all personnel and sub-processors are bound by confidentiality obligations and will not access, use, or disclose Personal Data except as necessary to deliver the service.

---

7. Data Subject Rights

The Data Processor shall assist the Data Controller in responding to requests from data subjects, including:

• Right to access

• Right to rectification

• Right to erasure

• Right to data portability

• Right to restrict or object to processing

---

8. Data Breach Notification

In the event of a personal data breach, the Data Processor shall:

• Notify the Data Controller without undue delay (within 72 hours)

• Provide all available details about the breach

• Assist with any legal or regulatory obligations resulting from the breach

---

9. Data Transfers

Personal Data is stored and processed in the UK or EU. Where data is transferred outside of these regions, the Data Processor will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

---

10. Data Retention & Deletion

Upon termination of the service, the Data Processor shall:

• Delete or return all Personal Data within a reasonable period (e.g., 30 days), unless required to retain it by law

• Delete all backups of the Data Controller’s data in accordance with its backup policy

---

11. Audit & Compliance

The Data Processor shall provide information necessary to demonstrate compliance and, where required, allow audits by the Data Controller or its appointed auditor, subject to reasonable notice and confidentiality.

---

12. Governing Law

This Agreement shall be governed by and interpreted in accordance with the laws of England and Wales.

---

13. Contact

For all data protection matters, please contact:

Email: shaun@repairpilot.com
Address: 65 Green Lane, Middlesbrough, TS5 7SN
Data Protection Officer: Shaun Brereton