1.1. Client as the data controller instructs GeoRoute to process personal data in order to provide Service to the Client pursuant to the Service agreement concluded between the Client and GeoRoute. In respect of personal data obtained from the Client or GeoRoute system during the provision of Services, Client acts as data controller and GeoRoute as data processor. 
1.2. For the avoidance of doubt, this Agreement contains complete and final instructions of the Client to GeoRoute in relation to processing of personal data of Client’s data subjects, and therefore constitutes a binding data processing agreement in accordance with the applicable data protection laws and regulations.
1.3. For the avoidance of doubt, this Agreement contains complete and final instructions of the Client to GeoRoute in relation to processing of personal data of Client’s data subjects, and therefore constitutes a binding data processing agreement in accordance with the applicable data protection laws and regulations.

2.1. GeoRoute will process your personal data in order to provide you with the Service, improve it, solve any Service related issues you may have and ensure that you receive the best customer experience possible.
2.2. GeoRoute collects and processes your personal data for the following purposes:
- to register you for the use of the Service, verify your identity and create your GeoRoute account;
- to send you invoices and process payments for the Service;
- to personalize your use of the Service when you set up your account settings;
- to analyze your preference or use of the Service;
- to communicate with you and inform you about GeoRoute Service and provide you any Service related support, answer your questions and process your requests;
- to improve Service or to develop new features within the Service;
- to analyze and measure how our Service is used. For example, we analyze data about your usage of the Service to optimize product design, to generate reports and create statistics;
- to deliver personalized ads, promotions and offers to you;
- to protect legal interests of GeoRoute, its users and other third parties and for legal reasons such as, e.g. enforcing our Terms & Conditions, agreements or policies, complying with any applicable law and assisting law enforcement authorities.

3.1. GeoRoute collects, generates and receives information in a variety of ways when the Client uses the Service or places an order. Some of this information constitutes personal data.
3.2. Data subject categories include Client’s employees, representatives and other data subjects that will be registered under Client’s account.
3.3. Client ensures that it has acquired all necessary consents and/or relies on other appropriate legal grounds for the processing of personal data of data subjects. Client confirms that data subjects have been informed about the fact that their personal data is transferred to GeoRoute as a processor and other third parties (sub-processors) used by GeoRoute for the provision of Service.
3.4. When setting up an account with GeoRoute or placing an order, the Client provides GeoRoute with the following information, containing personal data:
3.4.1. name/ company name;
3.4.2. e-mail address;
3.4.3. payment information;
3.4.4. phone number;
3.4.5. shipping/billing address;
3.4.6. any other information provided to GeoRoute for this purpose.
3.5. Some information may be processed while the Client or data subject (for example, Client’s employee) uses the Service. Depending on the scope and configuration of GeoRoute Service, this information may also contain personal data:
3.5.1. data subject’s device and browser (such as IP address, browser type, software version etc.);
3.5.2. Digital tachograph and driver's activities (time spent on breaks, start, stop and end time of driving, driving duration, tachograph calibration, tachograph manufacturer, absence calendar, information about colleagues, option to use calculation tool of costs, etc.);
3.5.3. vehicle data (such as name and type of vehicle, mileage, technical information, etc.)
3.5.4. digital tachograph card (such as card issuing authority, information about controls, etc.).
3.6. Upon using or configuring GeoRoute account settings, the Client may provide some information, which in connection with other information may contain personal data (for example, location, time zone, photo etc.).
3.7. The Client can choose to integrate third-party services in relation to certain aspects of GeoRoute Service. A third-party service is a software that integrates with the Service and the Client can enable or disable such integration for GeoRoute account. Once enabled, the relevant third-party service provider may share or receive certain information (including importing or exporting). The Client should check the privacy settings of these third-party services to understand what data may be disclosed to GeoRoute.

4.1. GeoRoute will process the aforementioned data for as long as GeoRoute provides the Service to the Client and the Client has an active GeoRoute account. However, personal data can be deleted at any time upon Client’s request.
4.2. Unless the applicable law requires, GeoRoute has no obligation to store Client’s personal data after the termination of contract with the Client. After terminating the contract, GeoRoute may continue to store some personal data, limited to the minimum amount required for GeoRoute to comply with legal obligations, to ensure reliable back-up systems, resolve dispute between the Client and GeoRoute, if any, prevent fraud and abuse, enforce GeoRoute agreements, and/or to pursue legitimate interests of GeoRoute or third parties.

5.1. For GeoRoute to be able to provide the Service, GeoRoute works with third parties that provide GeoRoute with different services needed in ordinary course of business. The categories of third-party recipients (sub-processors) of personal data include hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, advertising and marketing service providers, IT, legal and financial advisors, among others (“Third-Party Service Providers”).
5.2. Third-Party Service Providers only receive a minimum amount of personal data necessary for them to provide GeoRoute the requested service. GeoRoute shares personal data only with such Third-Party Service Providers that have undertaken to comply with the data protection obligations set out in this Agreement, provide sufficient guarantees and implement appropriate technical and organizational measures, and otherwise comply with applicable personal data protection laws. GeoRoute remains responsible for the processing of personal data carried out by Third-Party Service Providers that GeoRoute has engaged for respective data processing in accordance with applicable laws.
5.3. The Client provides general authorization to GeoRoute to engage Third-Party Service Providers or sub-processors. The Client can request information about Third-Party Service Providers by contacting GeoRoute. In case the Client has any legally grounded objections to the engagement of a Third-Party Service Provider, the Client and GeoRoute try to find a solution for further data processing to a limited extent without the use of the particular sub-processor or, if such a solution cannot be found, agree on the termination of the Service in accordance with the terms of termination specified in the Service contract.
5.4. In certain situations, GeoRoute might have a legal obligation to share Client’s information with third parties, if it is required by law or when the information is requested by public authorities.
5.5. Personal data processed by GeoRoute may be transferred to Third-Party Service Providers that are located outside of European Union. In such cases GeoRoute will only share personal data with such recipients that have undertaken to comply with the necessary data protection requirements and that are able to ensure an adequate level of protection or have provided adequate guarantees.

6.1. GeoRoute uses reasonable and appropriate organizational, technical, and administrative measures in accordance with applicable data protection laws in order to protect the confidentiality, integrity, and availability of personal data. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure, therefore GeoRoute encourages the Client to take care of the personal data in its possession that is processed online and set strong passwords for GeoRoute account, limit access to computer and browser by signing off after finishing the session, and avoid providing GeoRoute with any sensitive information whose disclosure could cause substantial harm to the data subject.
6.2. All of GeoRoute’s authorized personnel involved in the processing of Client’s and third person’s personal data have committed themselves to confidentiality obligations and shall not access or otherwise process personal data without the Client’s authorization if it’s not for the purposes of providing the Service.
6.3. In the event of a personal data breach, GeoRoute will notify the Client in accordance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigations of the personal data breach and the notification to the supervisory authority and data subjects regarding such personal data breach.
6.4. Taking into account the nature of the processing, GeoRoute will assist the Client with provision of technical or organizational measures, insofar as possible, for the fulfilment of Client’s obligations as a data controller in relation to:
6.4.1. any requests from the Client’s data subjects in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of their personal data that GeoRoute processes on behalf of the Client. In the event that a data subject sends such a request directly to GeoRoute, GeoRoute will promptly forward such request to the Client;
6.4.2. the investigation of personal data breach and the notification to the supervisory authority and Client’s data subjects regarding such personal data breach;
6.4.3. where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any supervisory authority. etc.)

7.1. Upon Client’s request GeoRoute agrees to provide sufficient information to demonstrate compliance with the obligations laid down in this Agreement and applicable data protection laws. This information should be provided to the extent that such information is within GeoRoute’s control and GeoRoute is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
7.2. If the provided information, in Client’s reasonable judgment, is not sufficient to confirm GeoRoute’s compliance with this Agreement, then GeoRoute agrees to allow and contribute to data processing audit.
7.3. Such audit will be carried out by independent third party with good market reputation, which has experience and competence to carry out data processing audits and confirmed by both GeoRoute and the Client.
7.4. Such audit will be carried out at the time agreed between the Client and GeoRoute within 2 (two) months from the moment the Client has requested the audit in writing. The auditor will have to sign a confidentiality agreement which includes obligation not to disclose business information in its audit report which will also be provided to GeoRoute. The audit will be carried out during normal working hours of GeoRoute, without interfering with GeoRoute’s business activities. The Client has the right to request the audit once every 2 years. All expenses regarding to the audit shall be borne by the Client.

8.1. GeoRoute may occasionally change this Agreement, for example, in cases new services or features are introduced. In case of amendments or any changes, GeoRoute will inform the Client in due time by sending an electronic notification to the Client’s representative and indicating the nature and scope of the amendments. The amendments to this Agreement are applied from the moment, which is indicated in this section of the webpage.
8.2. By continuing to use GeoRoute Service or otherwise providing personal data to GeoRoute, after the amendments to this Agreement have been implemented, the Client agrees to the updated terms of the Agreement.

9.1. This Agreement shall be governed by the laws of the Russian Federation, and any action or proceeding related to this Agreement (including those arising from non-contractual disputes or claims) will be brought in the courts of the Russian Federation.