Last updated: 12 June 2026
This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Data Controller") and Bakfleet ("Data Processor") concerning the use of the Bakfleet fleet management platform.
The purpose of this DPA is to set out the responsibilities of both parties regarding the processing of personal data in accordance with applicable UK data protection legislation, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
The customer determines the purpose and means of processing personal data entered into the Bakfleet platform and therefore acts as the Data Controller.
Bakfleet processes personal data on behalf of the customer for the purpose of providing the fleet management service and therefore acts as the Data Processor.
Depending on how the service is used, Bakfleet may process personal data including:
Bakfleet processes personal data solely for the purpose of providing, maintaining and securing the fleet management platform, including:
Bakfleet shall only process personal data on documented instructions from the Data Controller, including the instructions provided through the customer's use of the Bakfleet platform and associated services.
Bakfleet ensures that any persons authorised to process personal data are subject to appropriate confidentiality obligations and access controls.
Bakfleet implements appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
These measures may include:
Bakfleet may use trusted third-party providers where necessary to operate the service, including hosting providers, email service providers, infrastructure providers and technical service providers.
Bakfleet will take reasonable steps to ensure that such providers maintain appropriate data protection and security standards.
Where personal data is transferred outside the United Kingdom, Bakfleet will ensure that appropriate safeguards are implemented as required by applicable data protection laws.
Bakfleet shall assist the Data Controller, where reasonably possible, in responding to requests from data subjects exercising their rights under UK GDPR, including requests for access, correction, restriction, portability or deletion of personal data.
In the event of a personal data breach affecting customer data, Bakfleet will notify the affected customer without undue delay after becoming aware of the breach and will provide available information necessary to assist the customer in meeting their legal obligations.
Customer data will be retained for the duration of the service agreement or as otherwise required by applicable law.
Upon termination of the service, Bakfleet will delete or return customer personal data within a reasonable period unless retention is required by law or necessary for legitimate legal purposes.
Bakfleet will make available information reasonably necessary to demonstrate compliance with this DPA and may provide evidence of security measures upon reasonable written request, subject to appropriate confidentiality protections.
Each party shall remain responsible for its own obligations under applicable data protection legislation. Nothing in this DPA limits or excludes liability where such limitation or exclusion is prohibited by law.
Bakfleet may update this DPA from time to time to reflect changes in legal requirements, technology, services or security practices. The latest version will be made available through the Bakfleet website.
Questions regarding this Data Processing Agreement or data protection matters can be submitted using the contact details available on the Bakfleet website.