Demo
Registration
Login

Data Processing Agreement (DPA)

Effective Date: 2025-10-01

This is a legal agreement between Customer and GPS-server.net for the service use. By using our service you agree to be bound by the terms and conditions of this agreement. If Customer does not agree to this agreement, Customer may not use our service.

Parties

  • Data Processor (“Processor”) – MB AE digital, a limited liability company incorporated in the Republic of Lithuania, Business ID 307282021, VAT ID LT100018841110;
  • Data Controller (“Customer”) – The entity that subscribes to the Services and determines the purposes and means of processing Personal Data.

Services

The GPS-server platform provided by the Processor, including real-time location tracking, route history, geo-fence alerts, fleet management tools, mobile applications, and related support.

Definitions

Capitalized terms have the following meanings (other terms follow the definitions in the GDPR):

  • Applicable Laws – All laws relating to data protection, privacy, and electronic communications, including the GDPR (Regulation (EU) 2016/679);
  • Personal Data – Any information relating to an identified or identifiable natural person that the Processor processes on behalf of the Customer through the Services;
  • Sub-processor – Any third party engaged by the Processor that processes Personal Data;
  • GDPR – The EU General Data Protection Regulation.

Scope and instructions for processing

The Processor processes Personal Data only for the purposes and in the manner described in Privacy Policy.

The Processor acts solely on the Customer’s documented instructions. The Customer’s normal use of the Services (including settings and configuration) constitutes its documented instructions.

If the Processor believes an instruction infringes Applicable Laws, it will promptly inform the Customer.

The Customer warrants that it has a valid legal basis for processing the Personal Data and for transferring it to the Processor.

Sub-processors

The Processor will notify the Customer at least 30 days in advance of any new or replacement Sub-processor. The Customer may object to the change on reasonable data protection grounds within that period. If the Customer objects, the parties will discuss a solution in good faith.

Each Sub-processor will be bound by data protection obligations that are at least as protective as those in this DPA. The Processor remains fully liable to the Customer for any Sub-processor’s failure to meet these obligations.

International transfers to Sub-processors outside the EEA are protected by appropriate safeguards, such as Standard Contractual Clauses.

The Customer authorizes the Processor to engage the following Sub-processors:

  • UAB Interneto vizija – Cloud infrastructure and hosting (EU);
  • Amazon Web Services – Cloud infrastructure and hosting (USA);
  • PayPal – Payment processing (USA/EU);
  • Google Analytics – Web analytics (USA/EU).

Security

The Processor implements appropriate technical and organizational security measures to protect Personal Data. These include:

  • Encryption of Personal Data in transit and at rest;
  • Strong access controls and authentication;
  • Regular security testing and vulnerability assessments;
  • Incident response procedures;
  • Staff training on data protection and confidentiality.

Assistance with data subject rights

The Processor will:

  • Promptly notify the Customer if it receives a direct request from a data subject (e.g., access, rectification, erasure, or objection);
  • Provide reasonable technical assistance so the Customer can respond to such requests;
  • Not respond directly to data subjects unless the Customer instructs it to do so.

Personal data breach notification

The Processor will notify the Customer without undue delay and, where feasible, within 72 hours after becoming aware of a Personal Data breach.

The notification will include, to the extent known at the time:

  • Description of the breach;
  • Categories and approximate number of data subjects and records affected;
  • Likely consequences;
  • Measures taken or proposed to address the breach.

Return or deletion of data

Upon termination or expiry of the Services (or upon the Customer’s written request), the Processor will, at the Customer’s choice return all Personal Data to the Customer, or delete all Personal Data and provide a certificate of deletion. This must occur within 30 days, unless Applicable Laws require longer retention.

The Processor may retain anonymized or aggregated data for statistical purposes and service improvement, provided it cannot be used to re-identify individuals.

International data transfers

Personal Data may be transferred outside the EEA/UK only when protected by appropriate safeguards under Applicable Laws (e.g., Standard Contractual Clauses or adequacy decisions).

The listed Sub-processors operate in the EU and the USA. By using the Services, the Customer consents to these transfers under the safeguards described.

Audits and demonstrating compliance

The Processor will make available all information reasonably necessary to demonstrate compliance with this DPA and the GDPR.

The Customer (or its appointed auditor) may conduct an audit at its own expense upon reasonable prior notice, subject to confidentiality obligations and security requirements. The Processor may propose reasonable alternatives if an audit would risk security or confidentiality.

Data Protection Impact Assessments (DPIAs)

The Processor will provide reasonable assistance to the Customer with any required Data Protection Impact Assessment relating to the Processor’s activities.

Liability

The Processor is liable for any damage caused by its (or its Sub-processors) processing that breaches processor obligations under the GDPR. Liability remains subject to the limitations in the Terms of Service.

General provisions

  • Term – This DPA continues for as long as the Processor processes Personal Data on behalf of the Customer;
  • Changes – The Processor may update this DPA with at least 30 days’ notice for legal or compliance reasons. Continued use of the Services after the update constitutes acceptance;
  • Precedence – In case of conflict: (1) any applicable Standard Contractual Clauses, (2) this DPA, (3) the Terms of Service;
  • Contact – Data protection questions should be directed to the Processor’s support or designated privacy contact.

More information

If you have any questions or concerns please feel free to contact our DPO by e-mail at info@gps-server.net.

Manufacturers

Products

Support

Customers area

News

25, Feb 2026

GPS server updated to 4.32 version. Changelog

26, Jan 2026

GPS server updated to 4.31 version. Changelog

08, Dec 2025

GPS server updated to 4.30 version. Changelog

16, Oct 2025

GPS server updated to 4.29 version. Changelog

Privacy PolicyDPATerms of Service
Copyright © 2026 GPS-server.net. All Rights Reserved.

We value your privacy

This website uses cookies. See our Privacy Policy to learn more.

Accept