Data Processing Agreement (DPA)
Data Processing Agreement (DPA)
FLEETRIX DATA PROCESSING AGREEMENT (DPA)
Version 1.1
Effective Date: 01/02/2026
Last Updated: 01/06/2026
This Data Processing Agreement (“DPA”) forms part of the contractual relationship between Fleetrix Technologies Enterprise (“Fleetrix”, “Company”, “we”, “us”, or “our”) and Customer regarding the processing of Personal Data through Fleetrix Services.
This DPA supplements Fleetrix Terms of Use, Privacy Notice, and SaaS Service Agreement.
1. Scope
This DPA governs Fleetrix’s processing of Personal Data on behalf of Customer in connection with Fleetrix Services.
This DPA applies where Fleetrix processes Personal Data for service delivery, operations, support, security, analytics, or related purposes.
2. Roles
For purposes of Personal Data processing:
Customer acts as Data Controller.
Fleetrix acts as Data Processor.
Customer determines the purposes and means of Personal Data processing through Fleetrix Services.
Fleetrix processes Personal Data in accordance with Customer instructions, contractual requirements, and legal obligations.
3. Scope of Processing
Fleetrix processes Personal Data only for legitimate service-related purposes, including:
Platform operation
GPS tracking
Route optimization
Scheduling
Billing and invoicing
OCR processing
Analytics
Customer support
Security monitoring
Processing activities may include collection, storage, access, transmission, backup, and deletion.
4. Categories of Personal Data
Personal Data processed through Fleetrix may include:
Personal information
Driver records
Staff records
Customer records
Location data
Photos
Financial records
Technical data
The exact categories depend on Customer usage of Services.
5. Processing Instructions
Fleetrix processes Personal Data only in accordance with:
Customer instructions
Contract requirements
Service operation requirements
Legal obligations
Fleetrix shall not process Personal Data for unrelated purposes without lawful basis.
6. Confidentiality
Fleetrix personnel handling Personal Data are subject to confidentiality obligations.
Fleetrix shall take commercially reasonable measures to ensure Personal Data is accessed only by authorized personnel with legitimate business needs.
Confidentiality obligations survive termination.
7. Security Measures
Fleetrix implements commercially reasonable technical, administrative, and organizational safeguards to protect Personal Data.
Security measures may include:
Access controls
Authentication controls
Monitoring
Backup procedures
Infrastructure safeguards
Operational security measures
Fleetrix may update security measures as technology and operational requirements evolve.
8. Subprocessors
Fleetrix may engage subprocessors including:
Infrastructure providers
Storage providers
Technical service providers
Monitoring providers
Security providers
Fleetrix remains responsible for managing subprocessors appropriately.
Fleetrix shall take commercially reasonable steps to ensure subprocessors implement appropriate safeguards.
9. Data Breach Notification
Fleetrix shall notify affected Customers within commercially reasonable time after becoming aware of a confirmed material data breach affecting Customer Personal Data.
Such notification may include:
Nature of breach
Potential impact
Known affected systems
Mitigation measures
Notification timing may be subject to legal, security, or investigative requirements.
10. Cross-Border Transfer
Fleetrix may transfer Personal Data internationally where necessary to provide Services.
Transfers may occur for purposes including:
Hosting
Storage
Backup
Disaster recovery
Technical support
Legal compliance
Fleetrix shall implement commercially reasonable safeguards where required.
11. Data Return or Deletion
Upon termination or expiration of Services, Fleetrix may return or delete Personal Data subject to:
Legal requirements
Contract obligations
Operational limitations
Security requirements
Customer may request data export within thirty (30) days after termination.
Data may be permanently deleted after sixty (60) days unless longer retention is required.
12. Governing Law
This DPA shall be governed by and construed in accordance with the laws of Malaysia.
Disputes arising under this DPA shall be subject to the jurisdiction of the courts of Malaysia.
Version 1.1
Effective Date: 01/02/2026
Last Updated: 01/06/2026
This Data Processing Agreement (“DPA”) forms part of the contractual relationship between Fleetrix Technologies Enterprise (“Fleetrix”, “Company”, “we”, “us”, or “our”) and Customer regarding the processing of Personal Data through Fleetrix Services.
This DPA supplements Fleetrix Terms of Use, Privacy Notice, and SaaS Service Agreement.
1. Scope
This DPA governs Fleetrix’s processing of Personal Data on behalf of Customer in connection with Fleetrix Services.
This DPA applies where Fleetrix processes Personal Data for service delivery, operations, support, security, analytics, or related purposes.
2. Roles
For purposes of Personal Data processing:
Customer acts as Data Controller.
Fleetrix acts as Data Processor.
Customer determines the purposes and means of Personal Data processing through Fleetrix Services.
Fleetrix processes Personal Data in accordance with Customer instructions, contractual requirements, and legal obligations.
3. Scope of Processing
Fleetrix processes Personal Data only for legitimate service-related purposes, including:
Platform operation
GPS tracking
Route optimization
Scheduling
Billing and invoicing
OCR processing
Analytics
Customer support
Security monitoring
Processing activities may include collection, storage, access, transmission, backup, and deletion.
4. Categories of Personal Data
Personal Data processed through Fleetrix may include:
Personal information
Driver records
Staff records
Customer records
Location data
Photos
Financial records
Technical data
The exact categories depend on Customer usage of Services.
5. Processing Instructions
Fleetrix processes Personal Data only in accordance with:
Customer instructions
Contract requirements
Service operation requirements
Legal obligations
Fleetrix shall not process Personal Data for unrelated purposes without lawful basis.
6. Confidentiality
Fleetrix personnel handling Personal Data are subject to confidentiality obligations.
Fleetrix shall take commercially reasonable measures to ensure Personal Data is accessed only by authorized personnel with legitimate business needs.
Confidentiality obligations survive termination.
7. Security Measures
Fleetrix implements commercially reasonable technical, administrative, and organizational safeguards to protect Personal Data.
Security measures may include:
Access controls
Authentication controls
Monitoring
Backup procedures
Infrastructure safeguards
Operational security measures
Fleetrix may update security measures as technology and operational requirements evolve.
8. Subprocessors
Fleetrix may engage subprocessors including:
Infrastructure providers
Storage providers
Technical service providers
Monitoring providers
Security providers
Fleetrix remains responsible for managing subprocessors appropriately.
Fleetrix shall take commercially reasonable steps to ensure subprocessors implement appropriate safeguards.
9. Data Breach Notification
Fleetrix shall notify affected Customers within commercially reasonable time after becoming aware of a confirmed material data breach affecting Customer Personal Data.
Such notification may include:
Nature of breach
Potential impact
Known affected systems
Mitigation measures
Notification timing may be subject to legal, security, or investigative requirements.
10. Cross-Border Transfer
Fleetrix may transfer Personal Data internationally where necessary to provide Services.
Transfers may occur for purposes including:
Hosting
Storage
Backup
Disaster recovery
Technical support
Legal compliance
Fleetrix shall implement commercially reasonable safeguards where required.
11. Data Return or Deletion
Upon termination or expiration of Services, Fleetrix may return or delete Personal Data subject to:
Legal requirements
Contract obligations
Operational limitations
Security requirements
Customer may request data export within thirty (30) days after termination.
Data may be permanently deleted after sixty (60) days unless longer retention is required.
12. Governing Law
This DPA shall be governed by and construed in accordance with the laws of Malaysia.
Disputes arising under this DPA shall be subject to the jurisdiction of the courts of Malaysia.