Data Processing Agreement

(Data Processing Agreement – DPA)

Last updated: 15/04/2025

Between:
The Client (hereinafter, the "Data Controller")
and
NetCargo Hub S.L., VAT B75950030, registered at Calle Icar, Parcela II 3, Edificio Transjunior, Planta 2, 08820 El Prat de Llobregat (Barcelona), Spain (hereinafter, the "Data Processor").

  1. Purpose

    This Agreement regulates the processing of personal data by the Processor on behalf of the Controller, in connection with the use of the NetCargo Platform services.

  2. Nature and Purpose of Processing

    NetCargo will process the personal data entered by the Client solely for the purpose of providing the contracted services:

    • Management of transport documents (eAWB, FWB, FHL).
    • Communication of data with logistics agents (handling, customs, carriers).
    • Automation of operational flows in the air cargo environment.
  3. Type of Data and Categories of Data Subjects
    • Types of data: names, surnames, emails, phone numbers, contact addresses, logistics identification data (HWB, packages, kg, etc.).
    • Data subjects: Client staff, Client customers, consignees, logistics agents, operators, and customs representatives.
  4. Processor's Obligations

    NetCargo undertakes to:

    • Process data only in accordance with documented instructions from the Client.
    • Ensure that authorized personnel are committed to confidentiality.
    • Apply appropriate technical and organizational measures to ensure the security of processing.
    • Not transfer data outside the European Economic Area without express consent or adequate safeguards.
    • Delete or return data at the end of the service provision.
  5. Subprocessors

    NetCargo may use technology providers as subprocessors, provided that:

    • The Controller is informed of the identity and function of the subprocessor.
    • There is a contract between NetCargo and the subprocessor that complies with the GDPR.
    • It is ensured that the subprocessor complies with the same obligations of this agreement.

    The Client expressly authorizes the use of necessary technology subprocessors for the provision of the services.

  6. Duty of Information and Assistance

    NetCargo will assist the Controller, to the extent possible, in fulfilling its obligations to:

    • Respond to rights requests.
    • Notify security breaches.
    • Carry out impact assessments and prior consultations if applicable.
  7. Security

    NetCargo implements technical and organizational security measures appropriate to the risk, including:

    • Access control and authentication.
    • Encrypted communications.
    • Internal audits.
    • Backup and restoration policies.
  8. Security Breaches

    In the event of a security breach affecting the processed personal data, NetCargo will notify the Client without undue delay, indicating:

    • Nature of the incident.
    • Affected data.
    • Measures taken or proposed.
    • Contact for follow-up.
  9. Duration and Termination

    This Agreement will remain in force as long as NetCargo processes personal data on behalf of the Client. Once the services are completed, NetCargo will delete or return all personal data, unless retention is required by law.

  10. Audit

    The Client may audit compliance with this Agreement upon reasonable notice, without interfering with NetCargo's normal activity. NetCargo will provide all necessary information to demonstrate compliance with its obligations.

  11. Governing Law

    This Agreement shall be governed by Spanish law and Regulation (EU) 2016/679 (GDPR). The parties submit to the jurisdiction of the Courts and Tribunals of Barcelona.