RemapdbRemapdb

GDPR processing terms

Data Processing Addendum

This DPA applies when Remapdb processes personal data on behalf of a customer, especially widget quote requests and related visitor interactions.

Effective 2 June 2026. Last updated 2 June 2026.

1. Roles

For customer account, billing, marketing, security, and service administration data, Remapdb acts as controller.

For personal data submitted by visitors through a customer's embedded widget or processed through customer-configured widget workflows, the customer is usually controller and Remapdb is processor.

2. Processing instructions

Remapdb processes processor data only to provide, secure, support, maintain, and improve the service in accordance with the agreement, this DPA, customer configuration, and documented customer instructions.

3. Categories of data

  • Widget visitor and quote requester contact details.
  • Vehicle selection and quote request details.
  • Dealer, service, pricing, options, and message fields configured by the customer.
  • Technical, security, captcha, referrer, domain, and log data needed to operate and protect the widget.

4. Confidentiality and security

Remapdb limits access to personnel and providers who need it to provide the service. We use technical and organizational measures appropriate to the risk, including access controls, domain validation, token-based widget access, CSRF protection, encrypted cookies where used, logging, and provider security controls.

5. Subprocessors

Remapdb may use subprocessors to provide hosting, storage, payment, email, security, geolocation, monitoring, and support functions. Current subprocessors are listed on the Subprocessors page.

We remain responsible for subprocessors as required by GDPR and will use appropriate contractual safeguards.

6. Data subject requests

Where Remapdb acts as processor, the customer is responsible for responding to data subject requests. Remapdb will provide reasonable assistance using the tools and information available in the service.

7. Personal data breaches

If Remapdb becomes aware of a personal data breach affecting processor data, we will notify affected customers without undue delay after becoming aware of it and provide available information reasonably needed for the customer's legal obligations.

8. Return or deletion

After the end of the service, Remapdb will delete or return processor data according to the agreement, product functionality, and applicable legal retention requirements.

9. International transfers

Where processor data is transferred outside the EEA, Remapdb will use appropriate transfer safeguards required by GDPR.