Last updated: [01/01/2026]

This Data Processing Agreement (“Agreement” or “DPA”) forms part of the Terms of Service or any other written or electronic agreement (“Principal Agreement”) between the Customer (“Controller”) and HazShield (“Processor”). It governs the processing of personal data in connection with the Customer’s use of the HazShield platform and related services (“Services”).

1. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation performed on Personal Data, including collection, storage, use, transmission, or deletion.
• “Controller” means the entity that determines the purposes and means of processing Personal Data.
• “Processor” means HazShield, which processes Personal Data on behalf of the Controller.
• “Sub‑processor” means any third party engaged by HazShield to process Personal Data.
• “Applicable Data Protection Laws” means GDPR, local privacy laws, and any regulations governing data protection.

2. Roles and Responsibilities

Controller Responsibilities

The Controller:

• Determines the purpose and legal basis for processing
• Ensures Personal Data provided to HazShield is lawful and accurate
• Manages user access and permissions within the platform

Processor Responsibilities

HazShield processes Personal Data only:

• As instructed by the Controller
• As required to provide the Services
• As required by law

HazShield does not sell or use Personal Data for unauthorized purposes.

3. Scope of Processing

HazShield processes Personal Data for:

• User authentication and account management
• Shipment creation, DG classification, validation, and documentation
• Platform analytics, performance, and security
• Customer support and service notifications

Categories of Personal Data may include:

• User contact details
• Login credentials
• Shipment‑related data
• System usage logs

No special category (sensitive) data is intentionally collected.

4. Sub‑processors

HazShield may engage Sub‑processors for hosting, analytics, communication, or support services.
HazShield will:

• Maintain a list of Sub‑processors
• Ensure Sub‑processors are bound by data protection obligations
• Notify the Controller of material changes to Sub‑processors

The Controller may object to a Sub‑processor if it reasonably believes the Sub‑processor poses a data protection risk.

5. Security Measures

HazShield implements industry‑standard technical and organizational measures, including:

• Encrypted data transmission (HTTPS/SSL)
• Access controls and authentication safeguards
• Role‑based permissions
• Regular security audits and monitoring
• Data redundancy and backup procedures

HazShield will notify the Controller without undue delay if a data breach occurs.

6. International Data Transfers

If Personal Data is transferred outside the Controller’s jurisdiction:

• HazShield ensures appropriate safeguards (e.g., Standard Contractual Clauses)
• Transfers comply with Applicable Data Protection Laws

7. Data Subject Rights

HazShield assists the Controller in responding to requests from data subjects, including:

• Access
• Correction
• Deletion
• Restriction
• Data portability

HazShield will not respond directly to data subjects unless instructed by the Controller.

8. Data Retention and Deletion

HazShield retains Personal Data only as long as necessary to:

• Provide the Services
• Comply with legal obligations
• Maintain audit trails for DG compliance

Upon termination of the Principal Agreement, HazShield will:

• Delete or return Personal Data upon request
• Retain only what is legally required

9. Confidentiality

HazShield ensures that all personnel with access to Personal Data:

• Are bound by confidentiality obligations
• Receive appropriate training
• Access data only when necessary for service delivery

10. Audit Rights

The Controller may request:

• Security documentation
• Compliance reports
• Evidence of technical and organizational measures

On‑site audits may be conducted with reasonable notice and subject to confidentiality.

11. Liability

Liability under this DPA follows the limitations set out in the Principal Agreement.
HazShield is not responsible for:

• Incorrect data entered by users
• Misuse of the platform
• Regulatory non‑compliance caused by user actions

12. Term and Termination

This DPA remains in effect as long as HazShield processes Personal Data on behalf of the Controller.
Termination of the Principal Agreement automatically terminates this DPA.

13. Contact Information

For questions regarding this DPA or data protection matters:

HazShield Compliance Team
Email: [support@hazshield.com]
Website: [www.hazshield.com]