Data Processing Agreement

The Customer is the controller of Customer Personal Data.

Dayem Solutions acts as processor where it processes Customer Personal Data on behalf of the Customer for the purpose of providing PestRouting.

Where Dayem Solutions processes personal data for its own business purposes, such as website operation, sales, billing communication, customer relationship management, support management, security administration or legal compliance, Dayem Solutions acts as controller. Such processing is described in the Privacy Policy and is not governed by this DPA.

“Agreement” means the Terms of Service, subscription agreement, order confirmation, checkout agreement or other agreement governing the Customer’s use of PestRouting.

“Customer Data” means all data provided to PestRouting by or on behalf of the Customer, including data imported from FieldRoutes or other customer-authorized integrations.

“Customer Personal Data” means any personal data contained in Customer Data and processed by Dayem Solutions on behalf of the Customer.

“Data Protection Laws” means all applicable data protection and privacy laws, including the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection laws.

“Subprocessor” means another processor engaged by Dayem Solutions to process Customer Personal Data on behalf of the Customer.

“Services” means PestRouting, including the website, application, routing optimization software, audits, simulations, dashboards, analytics, integrations, support and related services.

Capitalized terms not defined in this DPA have the meaning given to them in the Agreement.

The subject matter of the processing is the provision of PestRouting to the Customer.

The processing includes importing, storing, analyzing, optimizing, displaying, syncing and, where enabled, writing back Customer Data from FieldRoutes or other customer-authorized systems.

The duration of the processing corresponds to the term of the Agreement and continues until Customer Personal Data is deleted, anonymized or returned in accordance with this DPA, the Agreement and applicable law.

Dayem Solutions processes Customer Personal Data for the following purposes:

• providing access to PestRouting;
• importing and syncing data from FieldRoutes or other customer-authorized integrations;
• analyzing appointment, route, technician, office, service-location and operational data;
• generating routing recommendations, simulations and optimization outputs;
• displaying dashboards, analytics and operational insights;
• enabling route planning, scheduling analysis and related workflows;
• writing data back to FieldRoutes or other connected systems where enabled and authorized by the Customer;
• providing audits, demos, onboarding, implementation and support;
• debugging, securing, monitoring and improving the Services;
• maintaining integration credentials and technical system functionality;
• complying with documented Customer instructions.

Customer Personal Data may include the following categories:

• customer and service-location data, including customer names, service addresses, contact details and customer flags;
• appointment data, including scheduled and completed appointments, dates, status and technician assignments;
• subscription data, including recurring service agreements, service frequencies, contract details and cancellation reasons;
• employee data, including technician and office-staff records, roles, active status and, where enabled, commission data;
• office data, including branch and office locations;
• route data, including planned and completed routes and assigned technicians;
• appointment-slot or spot data, including time slots associated with routes;
• service-type data, including service definitions and associated service durations;
• skill data, including technician qualifications;
• user account data, including names, email addresses, roles, permissions and activity logs;
• integration data, including API keys, access tokens, refresh tokens, integration credentials, permission scopes and connection metadata;
• support and error data, including support messages, screenshots, error reports, logs, user IDs, account IDs, technical metadata and debugging context.

The exact categories depend on the Customer’s configuration, enabled features, FieldRoutes permissions, integrations, API availability and future product development.

Customer Personal Data may relate to:

• the Customer’s employees;
• technicians;
• office staff;
• administrative users;
• dispatchers and route planners;
• managers and business users;
• the Customer’s customers and end customers;
• service-location contacts;
• other individuals whose data is contained in FieldRoutes or another customer-authorized system.

The Customer is responsible for:

• determining the purposes and means of processing Customer Personal Data;
• ensuring a valid legal basis for processing and sharing Customer Personal Data with PestRouting;
• providing all legally required notices to data subjects;
• ensuring that FieldRoutes or other third-party systems may be connected to PestRouting;
• ensuring that Customer Personal Data is accurate, lawful and suitable for the intended processing;
• ensuring that users are authorized and trained to use PestRouting appropriately;
• reviewing and validating routing, scheduling and write-back outputs before operational use, unless automated execution is intentionally enabled;
• responding to data subject requests where the Customer is the controller;
• ensuring that no special categories of personal data are submitted unless expressly agreed in writing.

The Customer’s instructions to Dayem Solutions are documented in this DPA, the Agreement, the Customer’s configuration of the Services, integration settings, support requests and other written instructions accepted by Dayem Solutions.

Dayem Solutions shall:

• process Customer Personal Data only on documented instructions from the Customer, unless required by Union or Member State law;
• inform the Customer if, in our opinion, an instruction infringes Data Protection Laws, unless prohibited by law;
• ensure that persons authorized to process Customer Personal Data are subject to confidentiality obligations;
• implement appropriate technical and organizational measures as described in Annex 2;
• use Subprocessors only in accordance with this DPA;
• assist the Customer, taking into account the nature of the processing, with data subject requests where possible;
• assist the Customer with compliance obligations relating to security, personal data breaches, data protection impact assessments and prior consultation, where applicable and reasonable;
• delete, anonymize or return Customer Personal Data after the end of the Services as described in this DPA;
• make available information reasonably necessary to demonstrate compliance with this DPA;
• allow for and contribute to audits in accordance with this DPA.

Dayem Solutions will process Customer Personal Data only as necessary to provide, secure, maintain, support and improve PestRouting, and as otherwise instructed by the Customer.

The Customer authorizes Dayem Solutions to process Customer Personal Data for:

• importing data from FieldRoutes or other customer-authorized integrations;
• storing and displaying Customer Data in PestRouting;
• performing optimization, simulation, analytics and routing calculations;
• syncing data between PestRouting and connected systems;
• writing data back to FieldRoutes or other connected systems where enabled;
• providing support and troubleshooting;
• monitoring application health and fixing errors;
• maintaining security and preventing abuse;
• using aggregated or anonymized data that no longer identifies individuals.

Dayem Solutions will not sell Customer Personal Data.

Dayem Solutions will not use identifiable Customer Personal Data for artificial intelligence model training.

As of the Last Updated date, Dayem Solutions does not process identifiable Customer Personal Data through artificial intelligence APIs or AI prompts.

Where necessary to provide the Services, Dayem Solutions may store API keys, access tokens, refresh tokens or similar credentials for FieldRoutes or other customer-authorized integrations.

Such credentials are processed only to provide the relevant integration, including data import, sync, processing and, where enabled, write-back functionality.

The Customer is responsible for ensuring that credentials are valid, authorized, appropriately scoped and provided by an authorized user.

The Customer may revoke or disable integration access through the relevant third-party system where available or by contacting support.

Depending on the Customer’s plan, settings and enabled features, PestRouting may write data back to FieldRoutes or other connected systems.

Such write-back actions may include:

• new route or scheduling suggestions;
• changed routes;
• technician assignments;
• appointment dates and times;
• route, appointment or scheduling updates;
• other changes supported by the connected system and enabled functionality.

The Customer authorizes Dayem Solutions to perform write-back actions where the Customer enables, approves, triggers, configures or otherwise authorizes such functionality.

The Customer remains responsible for reviewing, validating and authorizing operational changes and for the consequences of applying automated or manual changes in its own systems.

Dayem Solutions shall ensure that persons authorized to process Customer Personal Data have committed themselves to confidentiality or are subject to an appropriate statutory obligation of confidentiality.

Access to Customer Personal Data is limited to persons who need such access for the provision, operation, support, security or maintenance of the Services.

Dayem Solutions shall implement appropriate technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

The current technical and organizational measures are described in Annex 2.

The Customer acknowledges that technical and organizational measures may be updated from time to time, provided that the overall level of protection is not materially reduced.

The Customer grants Dayem Solutions general authorization to engage Subprocessors for the provision, hosting, security, monitoring, support, analytics and improvement of PestRouting.

Current Subprocessors and relevant third-party service providers are listed in Annex 3 or on a Subprocessors page made available by Dayem Solutions.

Dayem Solutions shall impose data protection obligations on Subprocessors that are substantially equivalent to those set out in this DPA.

Dayem Solutions remains responsible for the performance of its Subprocessors to the extent required by Data Protection Laws.

Dayem Solutions will inform the Customer of intended material changes concerning the addition or replacement of Subprocessors by updating the Subprocessors page, providing in-app notice, email notice or another reasonable notice method.

The Customer may object to a new Subprocessor on reasonable data protection grounds within 30 days after notice. If the objection is reasonable, the parties will work in good faith to find a commercially reasonable solution. If no solution is available, the Customer may terminate the affected Services to the extent the new Subprocessor is required for those Services.

Dayem Solutions primarily hosts the core application and database infrastructure in the European Union.

Where Customer Personal Data is transferred outside the European Economic Area, Dayem Solutions will ensure that an appropriate transfer mechanism is in place where required by Data Protection Laws.

Such mechanisms may include:

• an adequacy decision by the European Commission;
• the EU-U.S. Data Privacy Framework where applicable;
• Standard Contractual Clauses;
• additional safeguards where required;
• another lawful transfer mechanism under Data Protection Laws.

The Customer authorizes such transfers where necessary to provide the Services and where appropriate safeguards are in place.

Taking into account the nature of the processing, Dayem Solutions shall reasonably assist the Customer by appropriate technical and organizational measures, insofar as possible, in fulfilling the Customer’s obligation to respond to requests from data subjects.

If Dayem Solutions receives a request directly from a data subject relating to Customer Personal Data, Dayem Solutions may redirect the data subject to the Customer or notify the Customer, unless prohibited by law.

Dayem Solutions will not independently respond to such requests except on documented instruction from the Customer or where required by law.

Dayem Solutions shall notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data.

The notification will include, to the extent available:

• a description of the nature of the breach;
• the categories and approximate number of affected data subjects, where known;
• the categories and approximate number of affected records, where known;
• likely consequences of the breach, where known;
• measures taken or proposed to address the breach;
• information reasonably available to assist the Customer with its own notification obligations.

Dayem Solutions may provide information in phases as it becomes available.

A notification under this section does not constitute an admission of fault or liability.

Taking into account the nature of the processing and the information available to Dayem Solutions, Dayem Solutions shall reasonably assist the Customer with:

• security obligations;
• personal data breach assessments;
• data protection impact assessments;
• prior consultation with supervisory authorities where required;
• documentation reasonably necessary to demonstrate compliance.

If such assistance requires significant effort beyond standard support, Dayem Solutions may charge reasonable fees unless the assistance is required due to a breach of this DPA by Dayem Solutions.

After termination or expiry of the paid subscription, Customer Personal Data will generally be deleted or anonymized within 90 days after the end of the paid subscription term, unless longer retention is required by law or necessary for legitimate legal, billing, tax, security, compliance or dispute-resolution purposes.

The Customer may contact support@pestrouting.com to request data export or deletion assistance.

Data export or deletion assistance may depend on technical feasibility, security requirements, applicable law, the Customer’s plan and the available product functionality.

Backup copies, where applicable, may persist for a limited period and will be overwritten or deleted according to Dayem Solutions’ backup and retention procedures.

Dayem Solutions is not required to delete data that it is legally required to retain or that it processes as controller for legitimate legal, billing, tax, compliance or dispute-resolution purposes.

Dayem Solutions shall make available to the Customer information reasonably necessary to demonstrate compliance with this DPA.

The Customer may request reasonable documentation regarding Dayem Solutions’ technical and organizational measures, Subprocessors and processing activities.

Audits should be conducted primarily through documentation review, security questionnaires, certifications, policies or written responses.

On-site audits may be requested only where required by Data Protection Laws and where documentation review is insufficient.

Audits must be:

• requested with reasonable prior notice;
• conducted during normal business hours;
• limited to once per calendar year unless a material breach or personal data breach justifies additional review;
• conducted in a manner that does not unreasonably disrupt Dayem Solutions’ business operations or compromise the security or confidentiality of other customers;
• subject to appropriate confidentiality obligations.

The Customer is responsible for its own audit costs. Dayem Solutions may charge reasonable fees for audit assistance that exceeds standard compliance documentation, unless the audit is required due to a breach of this DPA by Dayem Solutions.

Dayem Solutions may use aggregated, anonymized or otherwise non-identifying data to operate, analyze, improve, secure and develop PestRouting and related services.

Such data will not identify the Customer, the Customer’s customers, employees, technicians or other individuals.

Data that has been properly anonymized is not Customer Personal Data under this DPA.

The Services are not intended for processing special categories of personal data, such as health data, biometric data, genetic data, religious beliefs, political opinions or similar sensitive data.

The Customer shall not submit special categories of personal data unless expressly agreed in writing and unless appropriate additional safeguards have been implemented.

Certain personal data may be processed by Dayem Solutions as controller, including:

• website visitor data;
• lead and demo request data;
• customer relationship management data;
• billing-related communication;
• support management data;
• business contact data;
• legal and compliance records;
• security administration data.

Such processing is governed by the Privacy Policy and is outside the scope of this DPA.

Paddle may act as Merchant of Record or reseller for payment transactions and may process payment, tax, invoice, refund and billing data under its own terms and privacy documentation.

FieldRoutes and other systems connected by the Customer are generally customer-authorized third-party integrations rather than Subprocessors controlled by Dayem Solutions.

In the event of a conflict between this DPA and the Agreement regarding the processing of Customer Personal Data, this DPA shall prevail.

In all other matters, the Agreement remains applicable.

Liability between the parties is governed by the Agreement, unless mandatory Data Protection Laws provide otherwise.

Nothing in this DPA limits liability where such limitation is prohibited by applicable law.

This DPA remains in effect for as long as Dayem Solutions processes Customer Personal Data on behalf of the Customer.

The obligations relating to confidentiality, deletion, audit documentation and protection of Customer Personal Data continue for as long as relevant Customer Personal Data remains in the possession or control of Dayem Solutions.

For privacy or data processing questions, please contact:

Email: hello@pestrouting.com
Support: support@pestrouting.com