Data Processing Addendum
Public DPA wording for cases where Haulier.AI acts as a processor under a written agreement.
Last updated: 9 July 2026
1. Status of this DPA
This Data Processing Addendum applies only where Jagelo Haulage Limited trading as Haulier.AI processes personal data as a processor on behalf of a customer or other controller under a written agreement that incorporates this DPA.
For many transport operations, Haulier.AI may act as an independent controller because it decides how to manage enquiries, jobs, claims, compliance, billing, security and business records. Where Haulier.AI acts as an independent controller, the Privacy Policy applies instead of this DPA.
2. Definitions
Controller, processor, personal data, processing, data subject, personal data breach and supervisory authority have the meanings given in applicable UK data protection law.
3. Documented instructions
Where Haulier.AI acts as processor, it will process personal data only on documented instructions from the controller, including instructions set out in the relevant agreement, order, portal workflow, transport instruction, job request or this DPA, unless required by law.
4. Subject matter and purpose
The subject matter is the processing of personal data needed to provide AI-assisted transport enquiry handling, portal access, operational communication, job administration, document management, billing support and related services.
The purpose is to enable Haulier.AI to provide the agreed services to the controller.
5. Categories of personal data
Personal data may include business contact details, collection/delivery contacts, site contacts, driver or haulier contacts, email content, job references, PODs, invoices, operational notes, account access logs and support communications.
Special category personal data is not expected and should not be provided unless specifically agreed and necessary.
6. Categories of data subjects
Data subjects may include customer staff, supplier staff, haulier contacts, drivers, site contacts, consignee contacts, accounts contacts, support users and authorised portal users.
7. Duration
Processing continues for the term of the relevant services and any retention period needed for deletion, return, audit, legal, tax, insurance, claims, dispute, security or accounting purposes.
8. Confidentiality
Haulier.AI will ensure that people authorised to process personal data are subject to confidentiality obligations or an appropriate statutory duty of confidentiality.
9. Security measures
Haulier.AI will apply appropriate technical and organisational measures taking into account the nature of the processing and risk. Measures may include access controls, role-based permissions, secure authentication, audit logs, encrypted connections where appropriate, backup controls, supplier due diligence, incident procedures and staff access management.
10. Sub-processors
The controller gives Haulier.AI general authorisation to use sub-processors needed to provide the services, including hosting, email, AI, document signing, transport management, accounting, communications, security, support and storage providers.
Haulier.AI will put appropriate data protection obligations in place with sub-processors where required. Haulier.AI remains responsible for sub-processor processing as required by applicable law. A current list or category list of material sub-processors can be provided on request where appropriate.
11. Assistance with data subject rights
Taking into account the nature of the processing, Haulier.AI will provide reasonable assistance to help the controller respond to data subject rights requests. The controller remains responsible for deciding how to respond to such requests unless otherwise agreed.
12. Assistance with compliance
Haulier.AI will provide reasonable assistance with security, breach notification, data protection impact assessments and regulator consultation where required by law and where the information is available to Haulier.AI.
13. Personal data breaches
Haulier.AI will notify the controller without undue delay after becoming aware of a personal data breach affecting personal data processed as processor under this DPA. The notice will include available information reasonably required by applicable law.
14. Return or deletion
At the end of the processing services, Haulier.AI will delete or return processor personal data where reasonably possible and unless continued retention is required for legal, tax, accounting, insurance, claims, audit, security, dispute or compliance purposes.
15. Audits and information
Haulier.AI will make available information reasonably necessary to demonstrate compliance with this DPA. Audits must be reasonable, proportionate, subject to confidentiality, limited to relevant systems and arranged in a way that does not compromise security or other customers' information.
16. International transfers
Where personal data is transferred outside the UK, Haulier.AI will use appropriate safeguards where required, such as adequacy decisions, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses or another lawful transfer mechanism.
17. Conflict
If this DPA conflicts with the main agreement, the provision that provides stronger data protection for personal data will apply, unless the main agreement expressly states otherwise and the law permits it.
