Data Processing Agreement

Last updated: June 4, 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between Carlink LLC (“Carlink”, “Processor”, “we”) and the customer (“Customer”, “Controller”, “you”) for the use of the Carlink platform and Services (the “Agreement”). It governs the processing of personal data that Carlink performs on the Customer’s behalf.

1. Definitions

“Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, and “Sub-processor” have the meanings given to them in applicable data protection laws. “Applicable Data Protection Law” means all privacy and data protection laws applicable to the processing of Personal Data under the Agreement.

2. Roles of the Parties

The Customer acts as the Controller of Personal Data it submits to the Services. Carlink acts as the Processor and processes Personal Data only on documented instructions from the Customer, including as set out in the Agreement and this DPA.

3. Scope and Purpose of Processing

• Subject matter: Provision of the Carlink CRM and dispatch platform.
• Duration: For the term of the Agreement and any retention period set out below.
• Nature and purpose: Lead management, quoting, order and dispatch operations, payment processing, and related communications.
• Categories of Data Subjects: Customer’s agents, end customers, carriers, and contacts.
• Categories of Personal Data: Names, contact details, vehicle and shipment details, and transaction records.

4. Processor Obligations

Carlink shall: (a) process Personal Data only on the Customer’s documented instructions; (b) ensure that personnel authorized to process Personal Data are bound by confidentiality; (c) implement the technical and organizational measures described in our Security overview; and (d) assist the Customer, where reasonably possible, in fulfilling its obligations under Applicable Data Protection Law.

5. Sub-processors

The Customer authorizes Carlink to engage Sub-processors to provide the Services. Carlink imposes data protection obligations on each Sub-processor that are no less protective than those in this DPA and remains responsible for their performance. Current categories of Sub-processors include cloud hosting, database and cache providers, payment processors, and communication providers.

6. Security Measures

Carlink maintains appropriate technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, or damage, as described in our Security overview.

7. Data Subject Requests

Taking into account the nature of the processing, Carlink shall assist the Customer by appropriate measures, insofar as possible, in responding to requests from Data Subjects exercising their rights under Applicable Data Protection Law.

8. Personal Data Breach

Carlink shall notify the Customer without undue delay after becoming aware of a Personal Data breach affecting the Customer’s Personal Data and shall provide information reasonably required to meet the Customer’s breach-notification obligations.

9. International Transfers

Where Personal Data is transferred across borders, Carlink will implement an appropriate transfer mechanism as required by Applicable Data Protection Law.

10. Return and Deletion

Upon termination of the Agreement, Carlink shall, at the Customer’s choice, delete or return all Personal Data, and delete existing copies unless retention is required by law.

11. Audits

Carlink shall make available to the Customer information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, subject to reasonable confidentiality and security limitations.

12. Contact

For questions about this DPA or to exercise data protection rights, contact us:

Email: info@carlink.pro
Phone: (818) 337-0699
Carlink LLC, 5830 E 2nd St, Ste 7000 #15682, Casper, WY 82609