ENPL

Data Processing Agreement (DPA)

Version 1.0 · Effective as of May 24, 2026

Constituting an integral appendix to the LiteTMS.eu Terms of Service, concluded between:

The Client (Service Recipient), hereinafter referred to as the "Controller"

and

CodeJungle Sp. z o.o., Kawki 51, 42-140 Panki, NIP (Tax ID): 5742064222, KRS (National Court Register): 0000722231, REGON (National Business Registry): 369658794, hereinafter referred to as the "Data Processor" or "Processor".

§1. Subject Matter, Purpose, and Duration of Processing

  1. Pursuant to Art. 28 of the General Data Protection Regulation (GDPR), the Controller entrusts the Processor with the processing of personal data entered into the LiteTMS.eu system.
  2. Purpose of processing: provision of services comprising the access to and maintenance of transport management software (TMS) in the SaaS cloud model, in accordance with the provisions of the main Terms of Service.
  3. The Agreement is concluded for the term of the Terms of Service and shall be automatically terminated upon the expiration or termination of the main service.

§2. Scope of Data and Categories of Data Subjects

  1. The processing involves the following categories of data subjects: employees of the Controller, fleet drivers, collaborators, and contractors/carriers of the Controller.
  2. The types of entrusted personal data (standard data) include, in particular: identification data (first names, last names, company names), contact details (addresses, phone numbers, e-mail addresses), vehicle registration numbers, logistics documentation, and location history (geolocation).
  3. The Controller declares that they do not entrust special categories of personal data (e.g., health data) and bears sole responsibility for the legal basis for collecting data of their employees (including GPS data).

§3. Representations and Obligations of the Data Processor (CodeJungle)

  1. The Processor shall process personal data solely on documented instructions from the Controller (i.e., using the functionalities of the LiteTMS.eu system).
  2. The Processor ensures that persons authorized to process the personal data (e.g., CodeJungle engineers) have committed themselves to confidentiality.
  3. The Processor implements and maintains appropriate technical and organizational measures, including logical separation of databases (multi-tenancy) at the level of the instance assigned to the Client.
  4. The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach concerning the entrusted data.

§4. Sub-processing

  1. The Controller grants general authorization for the engagement of verified sub-processors necessary for the technical maintenance of LiteTMS.eu.
  2. The approved list of sub-processors as of the date of concluding the agreement includes: OVH (main hosting), Cloudflare (security, proxy, R2 files), Amazon Web Services (backups), Stripe (transactions), Fakturownia.pl (accounting API), EmailLabs (e-mail), SMSAPI.pl (SMS), Google Firebase (notifications), and OpenRouter (AI aggregator).
  3. Any potential transfer of data to third countries shall be carried out with strict adherence to the Standard Contractual Clauses (SCCs). External AI services are not authorized to train public models on the entrusted logistical information of the Controller.

§5. Right to Audit

  1. The Controller has the right to verify compliance with the Agreement, including the right to request information and conduct inspections at the Processor's premises.
  2. Audits shall take place during the Processor's working hours, upon prior notification of at least 14 days, and shall be carried out at the sole expense of the Controller.

§6. Deletion of Data and Limitation of Liability

  1. Upon the termination of services (taking into account a 30-day retention/soft-delete period), the Processor shall destroy the entrusted personal data and existing copies thereof, unless the law requires their further storage.
  2. The total, aggregate liability for damages of the Processor towards the Controller due to non-performance or improper performance of this DPA is limited to the equivalent of the fees paid by the Controller to the Processor in the 6-month period preceding the event. This limitation does not apply to situations caused by willful misconduct.

Related: Terms of Service · Privacy Policy

Back to homepage