This Data Processing Agreement (“DPA”) forms part of the agreement between MapLogiQ (Pty) Ltd and the Customer and applies where MapLogiQ processes personal information on the Customer’s behalf under POPIA and applicable data protection laws.
“Responsible Party” means the Customer, who determines the purpose and means of processing personal information.
“Operator” means MapLogiQ (Pty) Ltd, who processes personal information on behalf of and under the authorisation of the Responsible Party.
“Personal Information” has the meaning given in POPIA: information relating to an identifiable, living, natural person or existing juristic person.
“Processing” means any operation performed on personal information, including collection, storage, retrieval, use, transmission, or deletion.
The Customer is the Responsible Party in respect of personal information it uploads to or processes via the MapLogiQ platform. MapLogiQ acts as an Operator, processing such personal information solely on the documented instructions of the Customer.
Each party shall comply with all applicable data protection laws in respect of personal information processed under this DPA.
MapLogiQ shall process personal information only on the documented instructions of the Customer, including those set out in the main service agreement, unless required to do otherwise by law. MapLogiQ shall immediately inform the Customer if any instruction infringes applicable data protection law.
| Subject Matter | Duration | Nature | Data Subjects |
|---|---|---|---|
| Geospatial project data | Subscription term | Storage, display, analysis | As determined by Customer |
| Field survey responses | Subscription term | Collection, storage, export | Field workers, respondents |
| User account data | Subscription term + 12 months | Authentication, access control | Customer’s employees/users |
MapLogiQ commits to:
The Customer provides general authorisation for MapLogiQ to engage sub-processors to assist in providing the Service. Current sub-processors include cloud infrastructure, email delivery, and monitoring services. A current list of sub-processors is available on request.
MapLogiQ shall impose data protection obligations on sub-processors that are equivalent to those in this DPA and shall remain liable for the acts and omissions of sub-processors.
MapLogiQ primarily processes data within South Africa. Where data is transferred to a third country, MapLogiQ shall ensure adequate safeguards are in place in accordance with Section 72 of POPIA, including binding corporate rules, standard contractual clauses, or equivalent measures.
MapLogiQ implements and maintains the following technical and organisational security measures:
In the event of a confirmed personal information breach affecting Customer data, MapLogiQ shall notify the Customer without undue delay and in any event within 72 hours of becoming aware of the breach. The notification shall include the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed.
MapLogiQ shall assist the Customer in meeting any breach notification obligations to the Information Regulator or affected data subjects.
Upon termination of the service agreement, MapLogiQ shall, at the Customer’s election and within 30 days: (a) return all personal information to the Customer in a portable format, or (b) securely delete all personal information. MapLogiQ shall provide written confirmation of deletion upon request.
Backup copies will be purged within 90 days of termination in accordance with our backup rotation schedule.
MapLogiQ shall provide the Customer with all information reasonably necessary to demonstrate compliance with this DPA. The Customer may conduct audits or inspections with reasonable prior notice (minimum 30 days) and at the Customer’s own cost, subject to reasonable confidentiality obligations.
Our team is happy to clarify anything in plain language.