Products

Driver Safety
Prevent accidents and reduce risk with the industry’s most accurate AI.
Fleet Management
Get unparalleled visibility into the location, utilisation and health of your vehicles.
Equipment Monitoring
Gain comprehensive insights into your equipment’s location, utilisation, and health.
Workforce Management
Qualifications, time tracking, training, and coaching – all in one place.
Platform Overview
Your Operations. One platform, with AI-powered automation at its core.
View All Products
product content card mobile 2x
See Motive in action. Request demo.

Learn how you can improve the safety, productivity, and profitability of your business with Motive’s Integrated Operations Platform.

Get to know Motive

Leadership
Motive executives and board
Reviews & Awards
Platform and workplace merits
Careers
Join our team

Connect

Contact Us
Connect with Sales or Support
company product card mobile 2x
Hear from our customers around the world.

Read what clients, partners, analysts, and the press are saying about Motive in their testimonials and reviews.

Customers

Get started
Contact

Talk to Sales or Support (24/7)

+44 800 055 6684 Visit Help Center

Get started

LEGAL

Policies & Agreements

Terms of Service
API Terms of Service
Professional Services
Privacy Policy
EU Declarations of Conformity
UK Declaration of Conformity
Data Protection Addendum
Patents and Attributions
Hardware Terms

Effective Date: July 21, 2025

This Data Processing Addendum (“DPA”) is made between Motive Technology UK Limited (company no. 15530223), a company incorporated in England and Wales  (hereinafter “ the Service Provider”) and you and the entity you represent (“Customer”) with effect from the Effective Date. This DPA applies to Personal Data processed by, transferred or accessible to the Service Provider and its Subprocessors in connection with the provision of services under the Services Agreement and is hereby incorporated into the Services Agreement.

Table of Contents

1. DEFINITIONS

1.1 The terms “controller”, “processor”, “data subject”, “personal data”, “biometric data”, “personal data breach”, “processing” (including its correlative forms such as “process”), “special categories of personal data”, and “supervisory authority” shall have the respective meanings given to them or their cognates under the Data Protection Laws, unless otherwise expressly defined in this DPA or the context otherwise requires.

1.2 “Adequate Territory” means any country or territory deemed to provide an adequate level of protection of personal data under the Data Protection Laws.

1.3 “Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with, another entity.

1.4 “Applicable Law” means (with respect to a party) any law, rule, statute, regulation, instrument, order, judgment, decree, decision, injunction, subordinate legislation, treaty, common law or other requirement having the force of law in any jurisdiction.

1.5 “Authorised Subprocessor” means the third parties appointed by the Service Provider to process Personal Data on the Service Provider’s behalf as subprocessors, as set out in Schedule 3, including any New Subprocessor appointed in accordance with this DPA from to time.

1.6 “Data Protection Laws” means any applicable law or regulation relating to the processing, privacy and use of Personal Data, as applicable to either party or the Services, including without limitation: (i) the EU General Data Protection Regulation (2016/679) (“GDPR”) and/or EU Privacy and Electronic Communications Directive (2002/58/EC) and any laws or regulations which implement or supplement any such laws in an applicable jurisdiction; (ii) the UK Data Protection Act 2018, the UK GDPR (as defined in s. 3 of the UK Data Protection Act 2018) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended); (iii) federal privacy laws of, or state specific privacy laws in, the Unites States of America; (iv) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing; and (v) all formal, authoritative guidance, guidelines, codes of practice and codes of conduct issued by any relevant supervisory authority relating to such Data Protection Laws.

1.7 “Effective Date” means the date on which the Servicer Provider starts to process Personal Data or the date of the Services Agreement, whichever is earlier.

1.8 “EU Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679, Module 2, approved by Commission Implementing Decision (EU) 2021/914, of 4 June 2021, and any new, revised or updated versions of such standard contractual clauses or similar such contracts issued under the Data Protection Laws from time to time.

1.9 “Services Agreement” means the master services agreement made between the Service Provider and the Customer governing the provision of Services by the Service Provider and references to the Services Agreement in this DPA shall mean and include the master services agreement, this DPA and any other exhibits thereto and statements of work or order forms entered thereunder, unless contrary to the context or meaning thereof.

1.10 “New Subprocessor” means any new third party (in addition to or in replacement of any Authorised Subprocessor) appointed or proposed to be appointed by the Service Provider to process Personal Data on the Service Provider’s behalf as a subprocessor.

1.11 “Personal Data” means the personal data to be processed by the Service Provider on behalf of the Customer in connection with the Services Agreement, as further set forth in Schedule 1 of this DPA or other written documents approved by authorised representatives of the Customer and the Service Provider from time to time.

1.12 “Services” means the services to be provided by the Service Provider to the Customer under or in connection with the Services Agreement.

1.13 “Standard Contractual Clauses” means (as applicable) the EU Standard Contractual Clauses, the UK Addendum, any new, revised or updated versions of such standard contractual clauses, and/or similar such standard contractual contracts in an applicable jurisdiction issued under the Data Protection Laws from time to time for transfers of personal data outside a particular jurisdiction. 

1.14 “UK Addendum means the EU Standard Contractual Clauses as amended and supplemented by the UK ICO’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses which entered into force on 21 March 2022, any new, revised or updated versions of such standard contractual clauses or addendum or similar such contracts issued by the UK ICO or other UK governing authority.

1.15 References to this DPA include its schedules and any appendices to those schedules.

2. DATA PROTECTION

2.1 At all times during the term of the Services Agreement and during any period during which the Service Provider processes or has access to Personal Data, the Service Provider and the Customer shall comply with the terms of this DPA.

2.2 The Customer, as controller, appoints the Service Provider, as processor, to process Personal Data on behalf of the Customer as is necessary to provide the Services in accordance with the Customer’s instructions as set forth in this DPA, the Services Agreement or as may subsequently be agreed by the parties in writing. 

2.3 The parties agree and acknowledge that Schedule 1 sets out the scope, nature and purpose of the processing of Personal Data by the Service Provider, the duration of the processing, the types of Personal Data to be processed and the categories of data subjects.

2.4 Each party shall comply with its respective obligations under the Data Protection Laws in respect of the Personal Data it processes in connection with this DPA and the Services Agreement and shall not do, cause or permit to be done anything which may cause or otherwise result in a breach by the other party of the Data Protection Laws.

2.5 Without prejudice to the generality of Section 2.4, the Customer warrants and represents that, in relation to Personal Data:

  • it has complied and shall continue to comply with its obligations under the Data Protection Laws in respect of the collection, use, and transfer of Personal Data and is able to document its compliance; 
  • it shall provide an appropriate notice, compliant with the Data Protection Laws, to data subjects which identifies Customer as the controller of Personal Data; and
  • no Personal Data provided or transferred to Service Provider constitutes special category of Personal Data pursuant to Article 9 of the GDPR or Personal Data relating to criminal convictions and offences pursuant to Article 10 of the GDPR.

2.6 Without prejudice to the generality of Section 2.4, the Service Provider shall, in relation to Personal Data:

  1. process the Personal Data only on the written instructions of the Customer, unless the Service Provider is required by Applicable Law to otherwise process the Personal Data and where the Service Provider is required by Applicable Law to process the Personal Data for any purpose, or in any manner, that is not consistent with, or is in addition to, the written instructions of the Customer, the Service Provider shall notify the Customer in writing giving reasonable advance notice before performing the processing required by Applicable Law unless such Applicable Law prohibits the Service Provider from so notifying the Customer;
  1. process Biometric Data solely for the functional purpose of monitoring driver behavior and delivering performance and safety-related services to the Customer, and not for uniquely identifying an individual or establishing identity unless expressly authorized by Customer along with the consent of the data subject obtained by the Customer; 
  1. notify the Customer in writing if, in the Service Provider’s opinion, any instruction of the Customer infringes any Data Protection Laws, in which case the Customer shall promptly provide amended written processing instructions;
  1. ensure that all personnel who have access to and/or process Personal Data are obliged by binding contractual commitments or a statutory obligation under Applicable Law to keep the Personal Data confidential;
  1. taking into account the nature of the processing by the Service Provider, ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, which shall include implementing and maintaining the minimum security requirements set out in Schedule 2 of this DPA;
  1. only engage subprocessors as set forth in Section 3;
  1. where requested by the Customer, assist the Customer, at the Customer’s cost, as appropriate taking into account the nature of the processing by the Service Provider, in ensuring compliance with the Customer’s obligations under the Data Protection Laws with respect to data security, personal data breach notifications, data protection impact assessments and consultations with supervisory authorities and/or regulators;
  1. at the written direction and option of the Customer, delete or return Personal Data to the Customer on termination of the Services Agreement or as otherwise instructed by the Customer from time to time, provided that nothing in this Section 2.6(g) shall prevent the Service Provider retaining a copy of Personal Data archived on the Service Provider’s back-up systems, or where required by Applicable Law;
  1. maintain records and information to demonstrate its compliance with this DPA, promptly make such records and information available to the Customer upon written request, and allow for one audit per calendar year by the Customer or the Customer’s designated auditor for the purposes of verifying the Service Provider’s compliance with this DPA and the Data Protection Laws;
  1. notify the Customer in writing if the Service Provider:
  1. receives any request, complaint or communication from a data subject in respect of Personal Data; and/or
  1. receives any request, complaint or communication from any supervisory authority or regulator relating directly or indirectly to the processing of Personal Data in connection with this DPA or the Services Agreement; and
  1. where requested by the Customer, assist the Customer, at the Customer’s cost, in responding to any valid request, complaint or communication from either a data subject or any supervisory authority or regulator.

2.7 Where the Customer exercises its audit right under Section 2.6(h), the Customer shall give the Service Provider at least 10 business days prior written notice. The Customer shall  (or shall procure that any auditor mandated by the Customer shall) enter into such reasonable confidentiality and security undertakings as the Service Provider may reasonably request and shall take all reasonable measures to prevent unnecessary disruption of the Service Provider’s operations.

3. SUBPROCESSORS

3.1 The Customer authorises the Authorised Subprocessors set out in Schedule 3 to process Personal Data. The Service Provider shall implement written contract terms with each Authorised Subprocessor set out in Schedule 3 which are substantially the same as those contained in this DPA. 

3.2 The Service Provider may appoint a New Subprocessor provided the Service Provider:

  • provides the Customer with an opportunity to object to the appointment of the New Subprocessor within 5 (five) business days after the Service Provider supplies  to the Customer details regarding the New Subprocessor, including the identity and location of the New Subprocessor and a brief description of the intended processing to be carried out by the New Subprocessor; and
  • implements legally binding contract terms with the New Subprocessor which are substantially the same as those contained in this DPA.

If the Customer notifies the Service Provider of an objection (on reasonable grounds) within the timeframe set out in Section 3.2(a), the Service Provider may, at its discretion, select an alternative subprocessor (in which case the provisions of Section 3.2(a) shall apply to the alternative subprocessor), or maintain the appointment of the New Subprocessor in which case the Customer shall have the right to terminate this DPA and the Services Agreement upon thirty (30) days’ notice in writing, unless the Customer and the Service Provider agree a commercially reasonable change in the provision of the Services to accommodate the objection (if feasible). If the Customer terminates this DPA and the Services Agreement pursuant to this Section 3.2, such termination shall not be treated as a termination for breach of the Services Agreement and the Customer shall not be entitled to any refund of any fees under the Services Agreement.

4. PERSONAL DATA BREACH

4.1 The Service Provider shall notify the Customer in writing without undue delay after becoming aware of a personal data breach.

4.2 The Service Provider shall provide the Customer with a reasonably detailed description of the personal data breach, the type of data that was the subject of the personal data breach and (to the extent known to the Service Provider) the identity of each affected person, as soon as such information can be collected or otherwise becomes available, as well as all other information and cooperation which the Customer may reasonably request relating to the personal data breach.

4.3 The parties agree to cooperate in handling any personal data breach relevant to this DPA and/or the Services Agreement.

4.4 Unless required by Applicable Laws, the parties shall not issue, publish or make available to any third party any press release or other communication concerning a personal data breach without the other party’s prior written approval.

5. DATA TRANSFERS

5.1 The Service Provider and the Customer (in relation to transfers between each other) and the Service Provider (in relation to any onward transfer authorised by the Customer in accordance with this DPA) shall comply with the requirements of the Data Protection Laws and Applicable Law in relation to such transfers.

5.2 Any transfer of (including remote access granted to) Personal Data from the Customer to the Service Provider outside an Adequate Territory shall be pursuant to the applicable Standard Contractual Clauses. In particular, and without prejudice to the foregoing: 

  • When transferring Personal Data within the EEA to a country or territory outside of the EEA (which is not an Adequate Territory), the Customer and the Service Provider shall comply with the EU Standard Contractual Clauses as applicable pursuant to Part 1 of Schedule 4.
  • When transferring Personal Data within the UK to a country or territory outside of the UK (which is not an Adequate Territory), the Customer and the Service Provider shall comply with the UK Addendum as applicable pursuant to Part 2 of Schedule 4.

5.3 In the event of any conflict between this DPA and the applicable Standard Contractual Clauses, the Standard Contractual Clauses shall prevail. 

5.4 If the Standard Contractual Clauses are amended, replaced or repealed, the parties shall work together in good faith to promptly enter into an updated or successor version of the Standard Contractual Clauses or otherwise promptly negotiate in good faith a solution to enable the lawful transfer of Personal Data to the Service Provider outside of the Adequate Territory.

6. MISCELLANEOUS

6.1 Each party may by written notice to the other party propose any variations to this DPA which that party reasonably considers to be necessary to address the requirements of the Data Protection Laws. The parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in the notice as soon as reasonably practicable.

6.2 Either party may propose the adoption of any applicable standard clauses, code of conduct, or certification scheme for data processing, in each case approved by a competent supervisory authority or regulator as contemplated by the Data Protection Laws, and to amend this DPA to remove any duplicative obligations. Upon such proposal by one party, the other party shall reasonably consider such proposal and any related amendments to this DPA but shall not be required to agree to such proposal and amendments.

6.3 This DPA shall survive for so long as the Service Provider processes the Personal Data.

6.4 Each party may provide this DPA and a copy of the relevant privacy and security provisions of the Services Agreement to a supervisory authority or regulator if required by Applicable Law.

6.5 In the event of a conflict between this DPA and the Services Agreement, the terms and definitions of this DPA shall control and govern as regard its subject matter.

[Signature page follows the Schedules]

SCHEDULE 1

DESCRIPTION OF THE PROCESSING

Details not specifically described herein will be set forth and incorporated in the Order Form, which shall form an integral part of the DPA.

1. Subject matter (general scope) of the processing

To provide the Services in connection with the Services Agreement and any applicable statements of work entered into thereunder.

2. Nature and purpose of the processing

The nature of the processing is further set out in the Services Agreement and the applicable statements of work entered into thereunder.

3. Duration of the processing

As between the Customer and the Service Provider, the duration of the term of the Services Agreement.

4. Categories of data subject and types of Personal Data

Categories of data subjectTypes of Personal Data
As provided by the Customer in the DPA and/or Order Form(s)As provided by the Customer in the DPA and/or Order Form(s)

5. Processing Operations

The personal data will be subject to the following basic processing activities (please specify): organisation, structuring, storage, adaptation, use, analysis, computation and any other processing operation required in connection with the Services.

6. Customer Affiliates

The following Customer Affiliates may use the Services and have the benefit of the rights set out in this DPA:

Legal NameJurisdiction
Customer identified in the DPA and/or Order Form(s)As provided by the Customer in the DPA and/or Order Form(s)

7. Service Provider Affiliates

The following Service Provider Affiliates may provide the Services and shall comply with the obligations set out in this DPA:

Legal NameJurisdiction
Motive Technologies, Inc.USA
ABS-Labs Pvt Ltd.Pakistan
Motive Technologies MXMexico
Motive Technologies Canada, Inc.Canada
KeepTruckin India Private Ltd.India
Motive Financial Products LLCDelaware, USA
Motive Technologies NetherlandsNetherlands
Motive Technologies, Inc, Taiwan BranchDelaware, USA

SCHEDULE 2

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

In addition to any data security requirements set forth in the Services Agreement and the DPA, the Service Provider agrees to comply with the following security requirements:

  • Access Control – Employee access to the Motive environment is maintained by a central directory and authenticated using strong passwords, passphrase-protected SSH keys, and 2FA. Firewall configuration is tightly controlled, limited to a small number of administrators, and employees must follow best practices for creating and storing SSH private keys.
  • Access Monitoring – Access to our internal infrastructure is reviewed on a regular basis to ensure that permissions maintain the principle of least privilege.
  • Backend Enablement – Motive leverages AWS’s fully managed backup utility, AWS Backup, to provide centralised and automated data backups across services for EC2, RDS, S3, DynamoDB, EFS, and multi-tenant architecture. Motive does not utilise traditional backup media including magnetic tapes, optical drives, or periodic data media removal and rotation.
  • Data Deletion – When a customer deletes a Motive Cloud cluster, the data stored in the system immediately becomes inaccessible through the APIs. Customers can configure the maximum retention period for their data. 
  • Data Loss Prevention (DLP) The DLP programme is backed by robust DLP tools, including Endpoint DLP and CASB solutions, to monitor, detect, and prevent data leakages across endpoints and cloud environments. 
  • Data Protection Impact Assessments (DPIAs) – For any high-risk processing, DPIAs are performed to identify and assess any data protection risks associated with processing of personal data.
  • Employee Privacy Training – All Motive employees and contractors must complete security and privacy training within 30 days of hire and annually thereafter.
  • Encryption – Customer data is encrypted at rest using industry-standard AES-256 encryption. We use AWS’s Key Management Service (KMS) to securely manage encryption keys. Additionally, we have stringent measures in place to protect the lifecycle of sensitive information, including encryption keys and service account credentials, ensuring the security and integrity of your data throughout its lifecycle.
  • Firewall & ACL – Motive leverages AWS Security Groups and firewalls to protect your data and applications by controlling network traffic and ensuring that only authorised access is permitted.
  • Network Segmentation – Motive employs network segmentation to enhance security by isolating different parts of the network, preventing unauthorised access and containing potential threats to protect sensitive data and critical systems.
  • Physical Security – Physical security of our data centers is handled by AWS.

SCHEDULE 3

AUTHORISED SUBPROCESSORS

Name of Authorised SubprocessorScope of Personal Data Processing
Amazon Web Services (AWS)Cloud computing
DatadogApplication performance management
FivetranData integration
Pendo.ioData analytics
SnowflakeData warehousing platform
MarqetaFleetCard Processor issuer
Modern TreasuryACH processing
PlaidConnecting user bank accounts to apps and services
TwilioSMS service
ConfluentFully managed Kafka and real-time data streaming service
PusherPush notifications and updates
MuleSoftAPI Manager and Analytics
WorkOSSSO Provider
MandrillAPI to send Customer Emails
SalesforceData storage, Cloud computing
GitHubSource Code Repository
ElasticSIEM Platform

SCHEDULE 4

STANDARD CONTRACTUAL CLAUSES

Part 1

Data Transfers outside the EU/EEA

  1. Where the Customer transfers or otherwise makes available Personal Data to the Service Provider in a country or territory outside of the EEA which is not an Adequate Territory, Module II of the EU Standard Contractual Clauses shall apply and is hereby deemed to be incorporated into this Schedule and the DPA, and the parties’ signatures in and to this DPA shall be construed as the parties’ signatures to the EU Standard Contractual Clauses and this Schedule. In the event of an inconsistency between the DPA, this Schedule and the EU Standard Contractual Clauses, the EU Standard Contractual Clauses will prevail.
  2. The optional provisions of Module II of the EU Standard Contractual Clauses shall be construed as follows:
    1. Clause 7 (Docking Clause) shall not apply.
    2. Clause 11: The optional wording/clause shall not apply.
    3. Clause 9a (Prior/General Authorisation): Option 2 (General) shall apply.
    4. Clause 9a (Time Period): As set out in the DPA at Section 3.2(a).
    5. Clause 13a (Supervision): [Dutch] Data Protection Authority.
    6. Clause 17 (Governing Law): the law of the [Netherlands].
    7. Clause 18b (Choice of Forum and Jurisdiction): the courts of the [Netherlands]. 

ANNEX I to Part 1 of Schedule 4

A. LIST OF PARTIES

Data exporter(s): The Customer Affiliates established in the EEA who use the Services as set out in Schedule 1

Activities relevant to the data transferred under these Clauses: The Data Importer provides the Customer Users’ Personal Data in accordance with the DPA. 

Signature and date / Role: Please refer to the signature block and date in the DPA.

Role: Controller		Data importer(s): Service Provider Affiliates not established in the EEA (or an Adequate Territory) who provide the Services as set out in Schedule 1

Activities relevant to the data transferred under these Clauses: The Data Importer provides the Services, including any applicable services under the Service Agreement to the Data Exporter in accordance with the DPA.  

Signature and date / Role: Please refer to the signature block and date in the DPA.

Role: Processor

B. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

See Schedule 1 of this DPA.

Categories of personal data transferred

See Schedule 1 of this DPA.

Sensitive data transferred (if applicable) and applied restrictions or safeguards

See Schedule 1 of this DPA. 

Frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuous as and when required under the Services Agreement.

Nature of the processing

The nature of the processing is further set out in the Services Agreement and the applicable statements of work entered into thereunder.

Purpose(s) of the data transfer and further processing

To provide the Services in connection with the Services Agreement and any applicable statements of work entered into thereunder.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

As between the Customer and the Service Provider, the duration of the term of the Services Agreement.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

To provide the Services in connection with the Services Agreement and any applicable statements of work entered into thereunder. For the duration of the term of the Services Agreement.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

As set out in Part 1 of Schedule 4, paragraph 2.5.

ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

See Schedule 2 to the DPA

ANNEX III – LIST OF SUB-PROCESSORS

See Schedule 3 to the DPA 

Part 2

Data Transfers outside the UK

Section 1: General

  1. Where the Customer transfers or otherwise makes available Personal Data to the Service Provider in a country or territory outside of the UK which is not an Adequate Territory, the UK Addendum shall apply. For the purposes of Table 2 of the UK Addendum: Module II of the EU Standard Contractual Clauses shall apply with the Customer as the controller and the Service Provider as processor.
  2. The UK Addendum is hereby deemed incorporated into this Part 2 of Schedule 4 and the DPA and the parties’ signatures in and to this DPA shall be construed as the applicable parties’ signature to the UK Addendum and this Schedule. In the event of an inconsistency between the DPA, this Schedule and the UK Addendum, the UK Addendum will prevail.

Section 2: UK Addendum

This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.

Part 1 Tables

Table 1: Parties

Start dateThe Effective Date.
The PartiesExporter (who sends the Restricted Transfer)Importer (who receives the Restricted Transfer)
Parties’ detailsFull legal name: Any Customer Affiliate established in the UK which uses the Services
Trading name (if different): As set out in the DPA (where/if applicable)
Main address (if a company registered address): As set out in the DPA
Official registration number (if any) (company number or similar identifier): As set out in the DPA and/or provided in the applicable public register of companies		Full legal name: Any the Service Provider Affiliate established outside the UK (and an Adequate Territory) which provides the Services
Trading name (if different): As set out in the DPA (where/if applicable)
Main address (if a company registered address): As set out in the DPA
Official registration number (if any) (company number or similar identifier): As set out in the DPA and/or provided in the applicable public register of companies
Key ContactCustomer identified in the DPA and/or Order Form(s)Privacy@GoMotive.com
Signature (if required for the purposes of Section ‎2)Please refer to the Customer’s signature block in the DPAPlease refer to the Service Provider’s signature block in the DPA

Table 2: Selected SCCs, Modules and Selected Clauses

Addendum EU SCCsThe version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information:
Date: 
Reference (if any): 
Other identifier (if any): 
Or
☒the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:
ModuleModule in operationClause 7 (Docking Clause)Clause 11
(Option)		Clause 9a (Prior Authorisation or General Authorisation)Clause 9a (Time period)Is personal data received from the Importer combined with personal data collected by the Exporter?
1No
2YesNoNoGeneralAs set out in the DPA at Section 3.2(a)
3No
ModuleModule in operationClause 7 (Docking Clause)Clause 11
(Option)		Clause 9a (Prior Authorisation or General Authorisation)Clause 9a (Time period)Is personal data received from the Importer combined with personal data collected by the Exporter?
4No

Table 3: Appendix Information

Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:

Annex 1A: List of Parties

As set out in Table 1 above and Annex I.A. of Part 1 of Schedule 4 of the DPA.

Annex 1B: Description of Transfer

See Annex I.B. of Part 1 of Schedule 4 of the DPA

Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data

See Schedule 2 of the DPA.

Annex III: List of Subprocessors (Modules 2 and 3 only)

See Schedule 3 of the DPA

Table 4: Ending this Addendum when the Approved Addendum Changes

Ending this Addendum when the Approved Addendum changesWhich Parties may end this Addendum as set out in Section 19:
☒Importer
☐Exporter
☐neither Party

Part 2 Mandatory Clauses

Mandatory ClausesPart 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses.

SIGNATURE PAGE

FOR AND ON BEHALF OF THE CUSTOMER AND THE CUSTOMER AFFILIATES LISTED AT SCHEDULE 1FOR AND ON BEHALF OF THE SERVICE PROVIDER AND THE SERVICE PROVIDER AFFILIATES LISTED AT SCHEDULE 1
……………………………………………………
Name:Name:
Position:Position:
Date:Date:

[INSERT SIGNATURE BLOCKS FOR EACH THE CUSTOMER AFFILIATE AND THE SERVICE PROVIDER AFFILIATE WHO WILL BE PARTY TO THE STANDARD CONTRACTUAL CLAUSES BELOW]

IN RESPECT OF THE STANDARD CONTRACTUAL CLAUSES FOR AND ON BEHALF OF THE CUSTOMER AFFILIATES LISTED AT SCHEDULE 1IN RESPECT OF THE STANDARD CONTRACTUAL CLAUSES FOR AND ON BEHALF OF THE SERVICE PROVIDER AFFILIATES LISTED AT SCHEDULE 1
……………………………………………………
Name of Customer Affiliate:Name of Service Provider Affiliate:
Name:Name:
Position:Position:
Date:Date:
Table of Contents