GDPR Data Processing Addendum - Car Smart People

This GDPR Data Processing Addendum ("Addendum") supplements the Terms of Service and Privacy Policy for providers using the Car Smart People platform. This Addendum applies when processing personal data of individuals located in the European Economic Area (EEA) or when GDPR requirements apply.

1. Definitions

"GDPR" means the General Data Protection Regulation (EU) 2016/679
"Personal Data" means any information relating to an identified or identifiable natural person
"Data Controller" means the entity that determines the purposes and means of processing personal data
"Data Processor" means the entity that processes personal data on behalf of the Data Controller
"Data Subject" means the natural person to whom the personal data relates

2. Roles and Responsibilities

Car Smart People LLC acts as a Data Processor when processing personal data on behalf of providers (Data Controllers) who use our platform to connect with car owners.

Providers act as Data Controllers for personal data of car owners they interact with through the platform.

3. Provider Obligations

As a Data Controller, providers agree to:

3.1 Data Use Limitations

Use consumer data only for service fulfillment and legitimate business purposes related to providing automotive services. Do not use data for marketing purposes without explicit consent.

3.2 Security Safeguards

Implement reasonable technical and organizational security measures to protect personal data, including:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Staff training on data protection

3.3 Data Breach Notification

Report any data breaches to Car Smart People LLC within 72 hours of becoming aware of the breach. Include details about the nature of the breach, categories of data affected, and measures taken to address it.

3.4 Data Retention and Deletion

Delete personal data after service completion or when no longer necessary for the purpose for which it was collected, unless retention is required by law.

4. Data Subject Rights

Providers must facilitate the exercise of data subject rights, including:

Right of Access: Provide data subjects with access to their personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Delete data when requested (subject to legal requirements)
Right to Restrict Processing: Limit processing in certain circumstances
Right to Data Portability: Provide data in a structured, machine-readable format
Right to Object: Respect objections to processing for legitimate interests

5. Our Obligations as Data Processor

Car Smart People LLC commits to:

Process personal data only in accordance with provider instructions
Implement appropriate technical and organizational measures
Assist providers in responding to data subject requests
Notify providers of data breaches without undue delay
Maintain records of processing activities
Allow for audits and inspections when required

6. International Data Transfers

If personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with GDPR requirements.

7. Sub-Processors

We may engage sub-processors to assist in providing platform services. We ensure that all sub-processors:

Are bound by data protection obligations
Implement appropriate security measures
Comply with GDPR requirements

8. Compliance and Cooperation

Both parties agree to cooperate in good faith to ensure compliance with GDPR and to respond to inquiries from supervisory authorities. We will assist providers in demonstrating compliance with their obligations under GDPR.

9. Contact

For questions about this GDPR Data Processing Addendum, please contact us:

Car Smart People LLC
8 The Green, STE B
Dover, DE 19901

Data Protection Officer: legal@carsmartpeople.com

Email: legal@carsmartpeople.com