Data Processing Agreement (DPA)

Effective Date: 01/05/2026 | Version: 4.0 (Enterprise SaaS DPA)

Legal Centre
Overview Terms & Conditions Privacy Policy Data Processing Service Levels Acceptable Use Transport Compliance Cookie Policy

This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions between iRydo Ltd (“Processor”, “iRydo”, “we”) and the Client (“Controller”, “you”) and governs the processing of Personal Data in connection with the FrontDesk platform.

1. DEFINITIONS

  • Applicable Data Protection Law: UK GDPR and Data Protection Act 2018
  • Personal Data: Information relating to an identified or identifiable individual
  • Controller: Entity determining purposes and means of processing
  • Processor: Entity processing Personal Data on behalf of Controller

2. SCOPE & ROLE OF PARTIES

The Client acts as Data Controller and iRydo acts as Data Processor. iRydo shall process Personal Data only on documented instructions from the Controller, unless required by law.

3. NATURE OF PROCESSING

3.1 Categories of Data Subjects: Passengers / End Users, Client personnel, Drivers, Support contacts.

3.2 Categories of Personal Data: Name, contact details, booking and journey data, location data, communication records, payment reference data.

4. PROCESSOR OBLIGATIONS

iRydo shall:

  • Process Personal Data only on documented instructions
  • Ensure persons authorised to process data are subject to confidentiality
  • Implement appropriate technical and organisational security measures
  • Assist the Controller in ensuring compliance and responding to rights requests
  • Notify the Controller of data breaches without undue delay

6. SUB-PROCESSORS

iRydo may engage Sub-Processors to provide the Platform. Approved Sub-Processors include Stripe, Inc., Bolt Technology OÜ, and various hosting and infrastructure providers.

7. INTERNATIONAL TRANSFERS

Where Personal Data is transferred outside the UK, iRydo shall ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

10. DATA RETENTION & DELETION

Upon termination of services, iRydo shall, at the choice of the Controller, return or delete Personal Data unless retention is required by law.

11. AUDIT & COMPLIANCE

iRydo shall maintain records of processing activities and provide reasonable information to demonstrate compliance. Audits may be conducted subject to reasonable notice and at the Controller's cost.