This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller") and DiveFill ("Processor") for the use of the DiveFill service. It governs the Processor's processing of personal data on behalf of the Controller.
The Controller is the fill station, dive shop, or other entity that has signed up for the DiveFill service. The Processor is DiveFill, operated by the legal entity named below. For data submitted by a Controller's customers (for example a dive shop's order data submitted through a fill station's storefront), the Controller acts as data controller and the Processor processes that data only on the Controller's documented instructions.
Terms such as "personal data", "processing", "data subject", "controller", and "processor" have the meanings given in the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and equivalent laws.
The subject matter of the processing is the provision of the DiveFill platform. The duration of the processing is the term of the underlying service agreement, plus any retention period required to meet the Processor's obligations.
Nature and purpose: managing, routing, and notifying parties about scuba tank fill orders. Categories of data subjects: Controller's employees, dive shop customers and their employees, end-divers whose details appear in orders, and operators of fill stations. Categories of personal data: contact details (name, email, phone), organization affiliation, order metadata, message contents, authentication data, and basic technical and usage data.
The Processor will: (a) process personal data only on the Controller's documented instructions, including with regard to international transfers; (b) ensure persons authorized to process the data are bound by confidentiality; (c) implement appropriate technical and organizational measures (see Annex B); (d) assist the Controller with data subject requests and security obligations; (e) at the Controller's choice, return or delete personal data at the end of the engagement except where retention is required by law; (f) make available information necessary to demonstrate compliance and allow for reasonable audits.
The Controller authorizes the Processor to engage the subprocessors listed in Annex C and on the public Subprocessors page. The Processor will give the Controller at least 30 days advance notice of any new or replacement subprocessor and will offer the Controller a reasonable opportunity to object on legitimate data-protection grounds.
The Processor will, taking into account the nature of the processing, assist the Controller by appropriate technical and organizational measures in fulfilling the Controller's obligation to respond to requests by data subjects exercising their rights under applicable law.
The Processor will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach affecting the Controller's data, providing information sufficient to meet the Controller's own breach-notification obligations.
Where personal data is transferred outside the European Economic Area, United Kingdom, or other restricted jurisdiction, the parties will rely on a lawful transfer mechanism such as the European Commission's Standard Contractual Clauses (Module 2 or Module 3 as appropriate), incorporated by reference into this DPA.
This DPA takes effect on the date the underlying service agreement starts and remains in force for as long as the Processor processes personal data on behalf of the Controller. On termination, the Processor will, at the Controller's choice, delete or return all personal data within 30 days, except where retention is required by law.
Each party's liability under this DPA is subject to the limitations of liability set out in the underlying service agreement.
This DPA is governed by the law of the jurisdiction set out in the underlying service agreement.
Subject matter: provision of the DiveFill order management platform. Duration: term of the underlying service agreement plus any required retention. Nature and purpose: receiving, routing, storing, and notifying parties about tank-fill orders; AI-assisted parsing of inbound WhatsApp messages. Types of personal data: contact details, organization affiliation, order data, message contents, authentication and technical data. Categories of data subjects: as set out in clause 4.
Access control: per-organization data isolation enforced by PostgreSQL row-level security; least-privilege internal access; authentication via Supabase Auth. Encryption: TLS for data in transit; encryption at rest provided by hosting and database subprocessors. Integrity and availability: managed backups by the database provider; monitoring of availability and errors. Incident response: documented breach-notification process; notification to affected Controllers within 72 hours of confirmation. Vendor management: subprocessors are limited to the published list and bound by their own data-protection terms.
The current list of approved subprocessors is published at /legal/subprocessors and incorporated by reference into this DPA.
Dive Fill — privacy@divefill.com