This is a translation for convenience. The Dutch version is the legally binding original: logentic.nl/verwerkersovereenkomst.
Last updated: 23 February 2026
This data processing agreement (“Data Processing Agreement”) has been drawn up in accordance with Article 28 of the General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter: “GDPR”) and forms an integral part of the agreement between the Controller and the Processor.
1.1 Controller: the party that uses Logentic's Service and that determines the purpose of and the means for the processing of personal data (hereinafter also: “Client”).
1.2 Processor: BI Solutions B.V., trading under the name Logentic, with registered office at Blaak 16, 3011 TA Rotterdam, Chamber of Commerce 88262340 (hereinafter also: “Logentic”).
1.3 Personal Data: any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR.
1.4 Processing: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
1.5 Sub-processor: a third party engaged by the Processor for the processing of Personal Data on behalf of the Controller.
1.6 Personal Data Breach: a breach relating to personal data as defined in Article 4(12) GDPR.
1.7 Service: the AI Managed Service as described in the Agreement and Logentic's Terms & Conditions.
2.1 This Data Processing Agreement relates to the processing of Personal Data that Logentic carries out in the context of the Service on behalf of the Controller.
2.2 The duration of this Data Processing Agreement is equal to the term of the Agreement between the parties. Upon termination of the Agreement, the provisions of this Data Processing Agreement will remain in force to the extent necessary for the completion of the processing of Personal Data.
3.1 Logentic processes Personal Data solely on the instructions and on behalf of the Controller, in the context of the following processing activities:
a) E-mail processing: the automated receipt, classification and processing of incoming logistics e-mails, including the extraction of personal data from e-mail communications (sender, recipient, contact details, substantive data).
b) Document processing: the automated reading and processing of transport documents, including Bills of Lading (B/L), CMR consignment notes, Air Waybills (AWB), invoices and packing lists, insofar as they contain personal data.
c) Quote automation: the generation of draft quotations based on incoming requests, in the course of which contact details of customers and prospects are processed.
d) Track & Trace: monitoring and tracking shipment statuses, in the course of which contact details of parties involved in shipments may be processed for notification purposes.
e) Storage and display: the storage and presentation of processed data in Logentic's Platform for the purposes of the Controller's operational business.
3.2 The purpose of the processing is to perform the Service in accordance with the Agreement: automating and supporting the Controller's logistics operations by means of an AI agent.
4.1 In the context of the Service, the following categories of personal data are processed:
• Contact details: names, e-mail addresses, telephone numbers, job titles and company details of contact persons.
• Communication data: content of e-mail messages, sender and recipient addresses, timestamps, attachments and metadata of e-mail communications.
• Document data: personal data contained in transport documents, such as names and addresses of shippers, consignees, notify parties and customs agents.
• Shipment data: booking references, container numbers, tracking information and related contact details.
• User data: login credentials, IP addresses and activity logs of users of the Platform.
4.2 No special categories of personal data within the meaning of Article 9 GDPR are processed, unless they unintentionally appear in documents or e-mails provided by the Controller.
5.1 The Personal Data processed relates to the following categories of data subjects:
• Employees of the Controller: persons who use the Service on behalf of the client or who are involved in logistics operations.
• Customers of the Controller: contact persons at the Controller's clients whose data appears in logistics communications and documents.
• Carriers and shipping lines: contact persons at transport companies, shipping lines and air carriers.
• Customs contacts: contact persons at customs forwarders, agents and government authorities.
• Terminal contacts: contact persons at storage facilities, terminals and warehouses.
• Other supply chain partners: contact persons at other parties in the logistics supply chain, such as suppliers, buyers and agents.
6.1 Logentic processes Personal Data solely on the basis of written instructions from the Controller, unless Logentic is required to process data under Union or Member State law. In that case, Logentic will inform the Controller of that legal requirement prior to processing, unless the legislation prohibits such notification on important grounds of public interest.
6.2 Logentic ensures that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
6.3 Logentic takes appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as referred to in Article 32 GDPR. These measures are further described in Article 9 of this Data Processing Agreement.
6.4 Logentic assists the Controller in fulfilling its obligation to respond to requests from data subjects concerning the exercise of their rights under the GDPR (Articles 15 to 22).
6.5 Logentic assists the Controller in complying with the obligations under Articles 32 to 36 GDPR, taking into account the nature of the processing and the information available to Logentic.
6.6 On completion of the processing services, Logentic will delete all Personal Data and erase existing copies, unless storage is required under Union or Member State law. This is done in accordance with the provisions of Article 12 of this Data Processing Agreement.
6.7 Logentic makes available all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and enables and contributes to audits, including inspections, by the Controller or another auditor mandated by the Controller, in accordance with the provisions of Article 11 of this Data Processing Agreement.
6.8 Logentic immediately informs the Controller if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
7.1 The Controller grants Logentic general written authorisation to engage sub-processors. Logentic maintains an up-to-date list of sub-processors, which is made available to the Controller on request.
7.2 Logentic will inform the Controller at least 30 days prior to engaging a new sub-processor or replacing an existing sub-processor. The Controller has the right to object to the intended change. If the Controller raises a reasoned objection within 14 days of notification, the parties will enter into consultations to find a solution.
7.3 Logentic imposes on each sub-processor, by means of a contract, the same data protection obligations as those set out in this Data Processing Agreement. Logentic remains fully liable to the Controller for the sub-processors' performance of their obligations.
7.4 The current sub-processors are available on request via alex@logentic.nl. For each sub-processor, the list contains the name, country of establishment, nature of the processing and the categories of personal data that are processed.
8.1 In principle, Logentic processes Personal Data within the European Economic Area (EEA). Transfer of Personal Data to a country outside the EEA only takes place if the conditions of Chapter V of the GDPR are met.
8.2 If transfer to a third country is necessary, Logentic ensures that appropriate safeguards are in place, including: (a) an adequacy decision by the European Commission; (b) Standard Contractual Clauses (SCCs) approved by the European Commission; or (c) approved binding corporate rules (BCRs).
8.3 Logentic informs the Controller, prior to the transfer to a third country, about the intended transfer, the receiving country and the safeguards taken.
9.1 Logentic takes the following technical and organisational measures to secure the Personal Data:
Technical measures:
• Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256).
• Multi-factor authentication (MFA) for access to the Platform and internal systems.
• Role-based access control (RBAC) based on the need-to-know principle.
• Automated monitoring and logging of all data processing activities.
• Regular vulnerability scans and penetration tests (at least annually).
• Automated backups with encryption, stored in geographically separated EU data centres.
• Firewalls, intrusion detection/prevention systems (IDS/IPS) and DDoS protection.
• Secure software development processes (secure SDLC) with code reviews.
Organisational measures:
• Confidentiality declarations for all staff with access to Personal Data.
• Regular awareness training in the area of information security and privacy.
• Documented information security policy in accordance with ISO 27001 principles.
• Incident response plan for handling personal data breaches.
• Periodic internal audits and assessments of security measures.
• Supplier assessment and monitoring for all sub-processors.
9.2 Logentic periodically reviews the security measures and adjusts them to the current state of the art and the risks of the processing.
10.1 Logentic notifies the Controller without undue delay, and in any event within 24 hours of discovery, of a Personal Data Breach relating to Personal Data processed under this Data Processing Agreement.
10.2 The notification contains at least the following information, insofar as available:
• the nature of the Personal Data Breach, including, where possible, the categories and approximate number of data subjects and personal data records concerned;
• the name and contact details of the contact point at Logentic;
• the likely consequences of the Personal Data Breach;
• the measures Logentic has taken or proposes to take to address the Personal Data Breach and mitigate its adverse effects.
10.3 Where it is not possible to provide all information simultaneously, the information will be provided in phases without undue further delay.
10.4 Logentic provides the Controller with all cooperation necessary to comply with the notification obligation towards the Dutch Data Protection Authority (Art. 33 GDPR) and the obligation to inform data subjects (Art. 34 GDPR).
10.5 Logentic documents all Personal Data Breaches, including the facts relating to the Personal Data Breach, its effects and the corrective measures taken, and makes this documentation available to the Controller on request.
11.1 Logentic enables the Controller to carry out audits, or to have them carried out by an independent third party, in order to verify compliance with this Data Processing Agreement.
11.2 The Controller announces an audit at least 30 days in advance. Audits take place during regular office hours and are carried out in a way that disturbs Logentic's business operations as little as possible.
11.3 Logentic may have the audit carried out by an independent, qualified auditor subject to a confidentiality obligation, if the Controller agrees. On request, Logentic makes available recent audit reports, certifications (such as ISO 27001 or SOC 2) or security assessments as an alternative to a physical audit.
11.4 The costs of the audit are borne by the Controller, unless the audit reveals a material shortcoming on the part of Logentic, in which case the reasonable costs are borne by Logentic.
12.1 Upon termination of the Agreement and/or this Data Processing Agreement, Logentic will make all Personal Data processed in the context of the Service available to the Controller in a common, structured and machine-readable format (such as CSV, JSON or XML).
12.2 The Controller has a period of 30 days after termination to request the data. Logentic will provide reasonable cooperation in this respect.
12.3 After transfer of the data to the Controller, or after expiry of the period referred to in paragraph 2, Logentic will delete all Personal Data and existing copies within 90 days, unless storage is required under Union or Member State law. Logentic confirms the deletion in writing to the Controller.
12.4 Personal Data included in backups will be deleted as soon as the relevant backup is overwritten according to the regular rotation policy, and in any event within 180 days of termination.
13.1 The liability of the parties under this Data Processing Agreement is governed by the liability provisions in the Agreement and Logentic's Terms & Conditions, to the extent not otherwise provided in the GDPR.
13.2 Each party is liable for damage caused by processing that is in breach of the GDPR, in accordance with Article 82 GDPR. Logentic is only liable for damage caused by processing where it has failed to comply with the obligations specifically imposed on the Processor, or where it has acted outside or contrary to the lawful instructions of the Controller.
13.3 If a party is held liable for damages in respect of damage for which the other party is (also) responsible, the first-mentioned party is entitled to recourse against the other party for the other party's share in the damage.
14.1 This Data Processing Agreement enters into force at the moment the Agreement takes effect and remains in force for as long as Logentic processes Personal Data on behalf of the Controller.
14.2 This Data Processing Agreement cannot be terminated separately from the Agreement. Termination of the Agreement automatically leads to termination of this Data Processing Agreement, subject to the obligations regarding return and deletion of data (Article 12).
14.3 The provisions of this Data Processing Agreement which by their nature are intended to continue after termination remain in force after termination, including the provisions on confidentiality, liability and return/deletion of data.
15.1 This Data Processing Agreement is governed exclusively by Dutch law.
15.2 Disputes arising from or in connection with this Data Processing Agreement will be submitted to the competent court in the district of Rotterdam.
For questions about this Data Processing Agreement or the processing of personal data, please contact:
BI Solutions B.V. (Logentic)
Blaak 16, 3011 TA Rotterdam
E-mail: alex@logentic.nl
Telephone: +31 085 888 2729