Data Processing Agreement

2. Definitions

• Personal Data: Any information relating to an identified or identifiable person
• Processing: Any operation performed on personal data
• Data Controller: You (the B2B customer/supplier/trading partner)
• Data Processor: Blue Horizon
• Data Subject: The individual to whom the personal data relates (your employees, contacts, etc.)

3. Processing Instructions

We process personal data only on documented instructions from you, including regarding:

• The purpose of processing (B2B connections, trading, consultancy)
• The type of personal data processed (names, business addresses, phone numbers, business contacts)
• The recipients of the data (verified trading partners, consultants)
• The duration of processing

4. Data Categories

The following categories of personal data are processed:

• Business contact name, company name, business address, phone number, email
• Trading partner information (suppliers, buyers, consultancy clients)
• Business transaction and negotiation history
• Payment and billing information
• Communication history and correspondence
• Business verification and compliance documentation

5. Sensitive Data

We do not knowingly process special categories of personal data (racial origin, political opinions, religious beliefs, etc.). If your shipment contains such information, you must inform us immediately and ensure appropriate safeguards are in place.

6. Data Processor Obligations

As a data processor, Blue Horizon commits to:

• Process data only in accordance with your written instructions
• Ensure persons authorized to process data are committed to confidentiality
• Implement and maintain appropriate technical and organizational security measures
• Not subcontract processing without prior authorization and DPA
• Assist you in fulfilling data subject rights requests
• Delete or return personal data after service termination
• Make available all information necessary to demonstrate compliance
• Cooperate with data protection authorities and conduct DPAs
• Maintain records of processing activities

7. Security & Confidentiality

7.1 Technical Measures

• Encryption of data in transit (TLS 1.3)
• Encryption of data at rest (AES-256)
• Secure authentication and access controls
• Regular security patches and updates
• Network segmentation and firewalls

7.2 Organizational Measures

• Employee confidentiality agreements
• Data protection training and awareness programs
• Least privilege access principles
• Incident response procedures
• Data protection impact assessments

7.3 Monitoring

• Regular security audits and penetration testing
• Continuous monitoring of access logs
• Quarterly security reviews
• Compliance certifications (SOC 2, ISO 27001)

8. Sub-processors

Logistics Pro may engage the following sub-processors with your explicit consent:

• Twilio: SMS delivery - US-based
• SendGrid: Email delivery - US-based
• Vercel: Web hosting - Global CDN
• Stripe: Payment processing - US-based
• Shipping carriers: Local and international delivery partners

We will notify you of any changes to sub-processors 30 days in advance.

9. International Data Transfers

Logistics Pro is based in the United States. By using our services, you consent to the transfer of personal data outside the European Union/EEA. We implement Standard Contractual Clauses (SCCs) for all international transfers and maintain supplementary technical and organizational measures to ensure an adequate level of protection.

10. Data Subject Rights

We will assist you in responding to data subject rights requests within 30 days:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

11. Data Retention

Personal data will be retained for the following periods:

• Active shipment data: Until 90 days after delivery
• Archived data: Up to 7 years for audit purposes
• After service termination: Deleted within 30 days unless legally required to retain

12. Data Breach Notification

In case of a confirmed data breach, we will:

• Notify you without undue delay and no later than 72 hours
• Provide details of the breach, affected data, and likely consequences
• Outline mitigation measures taken or proposed
• Provide contact information for our Data Protection Officer

13. Assistance & Cooperation

Logistics Pro will reasonably assist you in:

• Conducting Data Protection Impact Assessments
• Implementing technical and organizational security measures
• Responding to data subject rights requests
• Responding to data protection authority requests
• Demonstrating compliance with applicable laws

Note: Excessive requests for assistance may incur additional fees.

14. Audit & Inspection

You reserve the right to audit our processing activities for compliance with this DPA. Audits may be conducted:

• Annually upon reasonable notice (at your expense)
• Upon reasonable suspicion of non-compliance (at your expense)
• By data protection authorities (without notice)

15. Data Deletion or Return

Upon termination of our services, you may request that we:

• Delete all personal data within 30 days
• Return personal data in a structured format
• Provide certification of deletion

We may retain data as required by law or if necessary for compliance verification.

16. Liability

Both parties assume responsibility for damages caused by violation of their obligations under this DPA. Liability is limited to direct damages only, except where prohibited by applicable law.

17. Amendments

We may amend this DPA to comply with legal requirements. Material changes will be communicated 60 days in advance, with your consent required for non-compliance-driven changes.

18. Governing Law

This DPA is governed by applicable data protection laws, including GDPR for EU/UK residents. Disputes will be resolved according to the terms and conditions of your service agreement.

19. Contact

For questions about data processing, contact:

• Data Protection Officer: dpo@BLUEHORIZONCO.com
• Privacy Team: support@consultbluehorizon.services
• Phone: +14155552671