DKV Transport Management Software Premium: Special Product Conditions

1. Scope of Application

DKV Transport Management Software Premium is a digital solution for planning, managing, and optimizing commercial goods transport by vehicle. The functionalities are detailed in the service description, which the customer can access here.

These Special Product Conditions ("BPB") apply to the use of the DKV Cockpit product DKV Transport Management Software Premium in its version valid at the time of contract conclusion. They supplement the Special Terms of Use for DKV Cockpit Products ("BNB") and other contractual terms agreed between DKV and the customer for their business relationships. In case of contradictions between the contractual terms, the following order of precedence applies:

• These Special Product Conditions DKV Transport Management Software Premium
• Special Terms of Use DKV Cockpit Products
• General Terms of Use for DKV eServices
• General Terms and Conditions of DKV ("DKV GTC")

2. Usage Requirements and Restrictions

Use of DKV Transport Management Software Premium requires the customer to have a customer account for the DKV Cockpit (DKV's web portal). Vehicles and drivers for DKV Transport Management Software Premium can be created by the customer in the free basic version of DKV Fleet Management Software provided in the DKV Cockpit.

Use of driver-related functions requires the customer to have created the driver in the DKV Cockpit as described above and authorized them for the use of the DKV App, and that the driver uses the DKV App on a mobile device with internet access as a user (as described in sections 4.3 and 4.4 of the BNB).

3. Scope of Use

The customer may use the customer data provided by them for the use of DKV Transport Management Software Premium also for the functionalities provided free of charge within the DKV Cockpit.

4. Data Basis; Legal Provisions

The customer is solely responsible for ensuring that the data provided by them for the creation of invoices and accounts in DKV Transport Management Software Premium are correct and complete, and that the invoices created by them comply with the applicable legal provisions (e.g., for VAT, participation in e-invoicing procedures, transparency requirements, invoice archiving).

For the automated generation of draft invoices and reports, analyses, and similar documents (if provided by DKV Transport Management Software Premium), data provided by third parties, particularly exchange rate data and position data, may be used in addition to the data provided by the customer. The scope and quality of the draft invoices, reports, analyses, and similar documents may therefore also depend on the availability, completeness, and correctness of such third-party data, the verification and assurance of which DKV does not owe.

5. Grant of Rights

DKV grants the customer the non-exclusive, temporally and spatially unlimited, non-transferable to third parties, and non-sublicensable right to use internally for their own business operations all invoices, position data, reports, analyses, and similar documents created by DKV Transport Management Software Premium (to the extent provided by DKV Transport Management Software Premium), in particular to export, reproduce, and process them.

6. Remuneration

The prices according to the price list DKV Transport Management Software Premium at the time of contract conclusion apply, which can be viewed here, unless otherwise agreed in individual cases. Remuneration is billed monthly, unless otherwise agreed in individual cases.

7. Service Level Agreement

DKV provides DKV Transport Management Software Premium with the Service Levels agreed in Annex 1 to these BPB ("Service Level Agreement" – "SLA").

8. Data Protection

In the course of using the DKV Transport Management Software Premium product, personal data relating to the customer's vehicle and/or driver data, their employees, affiliated sales partners, and/or their customers will be processed by DKV. This is done by way of order processing within the meaning of Art. 28 EU General Data Protection Regulation. For the concretization of the data protection obligations and the order processing associated with the use of DKV Transport Management Software Premium, the parties agree on the Data Processing Agreement attached in Annex 2, which is an essential part of the contract.

To the extent that GPS positioning of the customer's vehicles (position data) is carried out for the provision of the DKV Transport Management Software Premium product, this data is collected, processed, and stored by DKV as described in the service description. In the event of contradictions between the DKV contractual terms and the data processing agreement, the provisions of the data processing agreement shall take precedence.

9. Miscellaneous

For contracts with customers whose registered office is outside the Federal Republic of Germany, these BPB DKV Transport Management Software Premium, drafted in German, also apply. The translation made accessible to these customers in English or their respective national language serves only for better understanding. In case of an interpretation dispute, only the German text version is binding.

The provisions of the DKV GTC regarding contract transfer, choice of law, and place of jurisdiction also apply to this contract and any disputes arising therefrom.

Annex 1: Service Level Agreement

1. Definitions

"Planned Downtime" means the time measured in minutes within a calendar month during which the customer cannot access DKV Transport Management Software Premium due to planned system maintenance. DKV will make every effort to carry out planned system maintenance on weekends. DKV will inform the customer with reasonable advance notice about planned maintenance work that is likely to result in DKV Transport Management Software Premium being unavailable for at least 15 minutes. Planned Downtime is limited to four (4) hours per calendar month.

"Total Monthly Time" means the total time of the calendar month in minutes minus the Planned Downtime during that calendar month. For each partial calendar month in which the customer has subscribed to DKV Transport Management Software Premium, System Availability will be calculated based on the Total Monthly Time and not just the portion of the affected calendar month for which the customer has subscribed to DKV Transport Management Software.

"Unplanned Downtime" means the time measured in minutes within a calendar month during which the customer cannot access DKV Transport Management Software Premium, excluding the following periods (which do not count as Unplanned Downtime):

• Planned Downtime
• Periods during which DKV Transport Management Software Premium is unavailable due to unavailability not attributable to DKV, as per section 11 BNB DKV Cockpit Products.

"System Availability" is determined for each calendar month as follows:

System Availability = (Total Monthly Time – Unplanned Downtime) / Total Monthly Time * 100

2. System Performance

The agreed System Availability is 98% per calendar month.

The customer can report Unplanned Downtime and other impairments to the use of DKV Transport Management Software Premium at any time via e-mail or by phone via the DKV Service Hotline during the service hours of DKV Customer Service. Information on this can be found here and in the service description. The processing of these reports takes place within the service hours.

DKV continuously monitors and measures system availability. DKV provides the customer with a report on system availability upon request.

3. Support

DKV supports the customer to the best of its reasonable judgment with questions regarding the use of DKV Transport Management Software Premium and problems that arise, even if they are not caused by a defect in DKV Transport Management Software Premium. However, DKV reserves the right to charge an additional fee for such support services if they exceed a certain scope. In this case, DKV will offer these support services to the customer in writing for a fee, and it is up to the customer whether to accept this offer or not.

Annex 2: Data Processing Agreement (DPA)

Preamble

This DPA sets out the parties' data protection obligations arising from the processing of personal data in connection with the parties' contract for the provision of the DKV Transport Management Software service (hereinafter referred to as the "Contract").

This DPA is based on the EU Commission's standard contractual clauses from Implementing Decision (EU) 2021/915. Against this background, the parties agree as follows:

SECTION I

Clause 1: Purpose and Scope

These Clauses aim to ensure compliance with Article 28 paragraphs 3 and 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

The Controllers and Processors have agreed to these Clauses to ensure compliance with Article 28 paragraphs 3 and 4 of Regulation (EU) 2016/679 and/or Article 29 paragraphs 3 and 4 of Regulation (EU) 2018/1725.

These Clauses apply to the processing of personal data as per Annex I.

Annexes I to III are an integral part of the Clauses.

These Clauses are without prejudice to the obligations incumbent on the Controller under Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

These Clauses alone do not ensure that the obligations relating to international data transfers pursuant to Chapter V of Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725 are fulfilled.

Clause 2: Inalterability of the Clauses

The parties undertake not to amend the Clauses, except to supplement or update the information provided in the Annexes.

This does not prevent the parties from including the standard contractual clauses set out in these Clauses in a more extensive contract and adding further clauses or additional guarantees, provided that they do not conflict with the Clauses, directly or indirectly, or restrict the fundamental rights or freedoms of the data subjects.

Clause 3: Interpretation

Where terms defined in Regulation (EU) 2016/679 or Regulation (EU) 2018/1725 are used in these Clauses, these terms shall have the same meaning as in the relevant Regulation.

These Clauses shall be interpreted in light of the provisions of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725.

These Clauses shall not be interpreted in a way that conflicts with the rights and obligations provided for in Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, or that restricts the fundamental rights or freedoms of data subjects.

Clause 4: Precedence

In the event of a conflict between these Clauses and the provisions of related agreements existing or subsequently entered into or concluded between the parties, these Clauses shall prevail.

Clause 5: Docking Clause

An entity that is not a party to these Clauses may join these Clauses at any time with the consent of all parties as a Controller or Processor by completing and signing (together with) the Annexes.

Upon completion and signing of the Annexes referred to in point (a), the joining entity shall be treated as a party to these Clauses and shall have the rights and obligations of a Controller or Processor in accordance with the agreement concluded.

For the joining entity, no rights or obligations arising from these Clauses shall apply for the period prior to its joining as a party.

SECTION II

Obligations of the Parties

Clause 6: Description of the Processing

The details of the processing operations, in particular the categories of personal data and the purposes for which the personal data are processed on behalf of the Controller, are set out in Annex I.

Clause 7: Obligations of the Parties

7.1. Instructions

The Processor shall process personal data only on documented instructions from the Controller, unless it is required to process the data by Union or Member State law to which the Processor is subject. In such a case, the Processor shall inform the Controller of this legal requirement before processing, unless that right prohibits disclosure due to an important public interest. The Controller may issue further instructions throughout the duration of the processing of personal data. These instructions must always be documented.

The Processor shall immediately inform the Controller if it is of the opinion that instructions issued by the Controller infringe Regulation (EU) 2016/679, Regulation (EU) 2018/1725 or applicable Union data protection law.

7.2. Purpose Limitation

The Processor shall process personal data within the scope of this DPA only for the specific purpose(s) stated in Annex I, unless it receives further instructions from the Controller.

7.3. Duration of Processing of Personal Data

The data shall be processed by the Processor only for the duration specified in Annex I.

7.4. Security of Processing

The Processor shall implement at least the technical and organizational measures set out in Annex III to ensure the security of personal data. This includes protecting the data against a security breach which, whether accidental or unlawful, results in destruction, loss, alteration, or unauthorized disclosure or access to the data (hereinafter referred to as a "Personal Data Breach"). When assessing the appropriate level of protection, the parties shall duly consider the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons.

The Processor shall grant its personnel access to the personal data being processed only to the extent necessary for the performance, administration, and supervision of the contract. The Processor shall ensure that persons authorized to process the personal data received are bound by an obligation of confidentiality or are under an appropriate statutory obligation of confidentiality.

7.5. Sensitive Data

If the processing concerns personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, or data concerning criminal convictions and offences, the Processor shall apply special restrictions and/or additional safeguards.

7.6 Documentation and Compliance with Clauses

The parties shall be able to demonstrate compliance with these Clauses.

The Processor shall respond to the Controller's requests regarding the processing of data under these Clauses promptly and in an appropriate manner.

The Processor shall provide the Controller with all information necessary to demonstrate compliance with the obligations laid down in these Clauses and arising directly from Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. At the Controller's request, the Processor shall also permit audits of the processing activities falling within the scope of these Clauses to be carried out at reasonable intervals or in the event of indications of non-compliance, and shall contribute to such audits. When deciding on an audit or inspection, the Controller may take into account the Processor's relevant certifications.

The Controller may carry out the audit itself or commission an independent auditor. Audits may include inspections of the Processor's premises or physical facilities and shall be carried out with reasonable prior notice where appropriate.

The parties shall make the information referred to in this Clause, including the results of audits, available to the competent supervisory authority(ies) upon request.

7.7. Use of Sub-processors

The Processor has the Controller's general authorization to engage sub-processors listed in an agreed list. The Processor shall inform the Controller in writing at least 30 calendar days in advance of any intended changes to this list by adding or replacing sub-processors, thereby giving the Controller sufficient time to raise objections to these changes before the sub-processor(s) are engaged. The Processor shall provide the Controller with the necessary information to exercise its right of objection.

If the Controller does not object within 30 days, its consent shall be deemed to have been given.

The Controller hereby expressly agrees to the use of the sub-processors listed in Annex III.

If the Processor engages a sub-processor to carry out specific processing activities (on behalf of the Controller), this engagement must be made by contract, which imposes essentially the same data protection obligations on the sub-processor as those applicable to the Processor under these Clauses. The Processor shall ensure that the sub-processor fulfills the obligations incumbent on the Processor under these Clauses and under Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

The Processor shall provide the Controller with a copy of such sub-processing agreement and any subsequent amendments upon the Controller's request. To the extent necessary to protect business secrets or other confidential information, including personal data, the Processor may redact the wording of the agreement before providing a copy.

The Processor shall be fully liable to the Controller for the sub-processor's compliance with its contractual obligations. The Processor shall notify the Controller if the sub-processor fails to meet its contractual obligations.

7.8. International Data Processing / Transfers

Any processing / transfer of data by the Processor to a third country or international organization shall be carried out – subject to the authorization under point 7.8 lit. b below – exclusively:

• on the basis of documented instructions from the Controller,
• on the basis of prior (general) consent from the Controller, or
• to comply with a specific provision of Union law or the law of a Member State to which the Processor is subject, and must comply with Chapter V of Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.

The Controller hereby generally agrees that in cases where the processing of data by the Processor involves a transfer of personal data within the meaning of Chapter V of Regulation (EU) 2016/679, or the Processor engages a sub-processor pursuant to Clause 7.7 for the performance of specific processing activities (on behalf of the Controller) and these processing activities involve a transfer of personal data within the meaning of Chapter V of Regulation (EU) 2016/679, such processing is permitted under the following conditions:

• the processing takes place in a country for which the EU Commission has adopted an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679, or
• the Processor and the sub-processor ensure compliance with Chapter V of Regulation (EU) 2016/679 by using standard contractual clauses adopted by the Commission pursuant to Article 46(2) of Regulation (EU) 2016/679, provided that the conditions for the application of these standard contractual clauses are met.

The Controller hereby agrees to the transfer and processing of personal data within the meaning of Chapter V of Regulation (EU) 2016/679 by the Processors and/or sub-processors listed in Annex III.

Clause 8: Support for the Controller

The Processor shall immediately inform the Controller of any request received from the data subject. It shall not respond to the request itself, unless authorized to do so by the Controller.

Taking into account the nature of the processing, the Processor shall assist the Controller in fulfilling its obligations to respond to data subjects' requests to exercise their rights. In fulfilling its obligations under points (a) and (b), the Processor shall follow the Controller's instructions.

In addition to the Processor's obligation to assist the Controller under Clause 8(b), the Processor shall also assist the Controller in fulfilling the following obligations, taking into account the nature of the data processing and the information available to it:

• Obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (hereinafter referred to as "Data Protection Impact Assessment"), where any processing is likely to result in a high risk to the rights and freedoms of natural persons;
• Obligation to consult the competent supervisory authority(ies) prior to processing, where a Data Protection Impact Assessment indicates that the processing would result in a high risk in the absence of measures taken by the Controller to mitigate the risk;
• Obligation to ensure that personal data are accurate and kept up to date by promptly informing the Controller if it becomes aware that the personal data it processes are inaccurate or have become outdated;
• Obligations pursuant to Article 32 of Regulation (EU) 2016/679.

The parties shall specify in Annex II the appropriate technical and organizational measures to support the Controller by the Processor in applying this Clause, as well as the scope and extent of the required support.

Clause 9: Notification of Personal Data Breaches

In the event of a personal data breach, the Processor shall cooperate with and assist the Controller accordingly to enable the Controller to fulfill its obligations under Articles 33 and 34 of Regulation (EU) 2016/679 or, where applicable, Articles 34 and 35 of Regulation (EU) 2018/1725, taking into account the nature of the processing and the information available to it.

9.1 Breach of Protection of Data Processed by the Controller

In the event of a personal data breach relating to the data processed by the Controller, the Processor shall assist the Controller as follows:

• in promptly notifying the breach of personal data to the competent supervisory authority(ies), after the Controller becomes aware of the breach, where relevant (unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons);
• in obtaining the following information, which must be provided in the Controller's notification pursuant to Article 33(3) of Regulation (EU) 2016/679, including at least:
• the nature of the personal data, where possible, including categories and approximate number of data subjects concerned and approximate number of personal data records concerned;
• the likely consequences of the personal data breach;
• the measures taken or proposed to be taken by the Controller to address the personal data breach and, where appropriate, to mitigate its possible adverse effects.

If and to the extent that not all of this information can be provided at the same time, the initial notification shall contain the information available at that time, and further information shall be provided as soon as it becomes available, without undue delay.

in complying with the obligation under Article 34 of Regulation (EU) 2016/679 to notify the data subject without undue delay of the personal data breach, when such breach is likely to result in a high risk to the rights and freedoms of natural persons.

9.2 Breach of Protection of Data Processed by the Processor

In the event of a personal data breach relating to the data processed by the Processor, the Processor shall notify the Controller immediately after becoming aware of the breach. This notification must include at least the following information:

• a description of the nature of the breach (as far as possible, indicating the categories and approximate number of data subjects and the approximate number of personal data records concerned);
• contact details of a contact point where further information about the personal data breach can be obtained;
• the likely consequences and the measures taken or proposed to be taken to address the personal data breach, including measures to mitigate its possible adverse effects.

If and to the extent that not all of this information can be provided at the same time, the initial notification shall contain the information available at that time, and further information shall be provided as soon as it becomes available, without undue delay.

The parties shall specify in Annex II – if necessary – any other information that the Processor must provide to assist the Controller in fulfilling its obligations under Articles 33 and 34 of Regulation (EU) 2016/679.

SECTION III

Final Provisions

Clause 10: Breach of Clauses and Termination of Contract

If the Processor fails to comply with its obligations under these Clauses, the Controller may – without prejudice to the provisions of Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725 – instruct the Processor to suspend the processing of personal data until compliance with these Clauses is restored or the contract is terminated. The Processor shall immediately inform the Controller if it is unable to comply with these Clauses for any reason.

The Controller is entitled to terminate the contract with regard to the processing of personal data under these Clauses if:

• the Controller has suspended the processing of personal data by the Processor as per point (a) and compliance with these Clauses has not been restored within a reasonable period, in any case within one month after suspension;
• the Processor substantially or persistently breaches these Clauses or fails to fulfill its obligations under Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725;
• the Processor fails to comply with a binding decision of a competent court or supervisory authority(ies) concerning its obligations under these Clauses, Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725.

The Processor is entitled to terminate the contract with regard to the processing of personal data under these Clauses if the Controller insists on fulfilling its instructions after being informed by the Processor that its instructions violate applicable legal requirements pursuant to Clause 7.1(b).

Upon termination of the contract, the Processor shall, at the Controller's choice, delete all personal data processed on behalf of the Controller and certify to the Controller that this has been done, or return all personal data to the Controller and delete existing copies, unless there is an obligation to store the personal data under Union law or the law of the Member States. Until deletion or return of the data, the Processor shall continue to ensure compliance with these Clauses.

Clause 11: List of Annexes

• Annex I: Description of the Processing
• Annex II: Technical and organizational measures, including measures to ensure data security
• Annex III: Sub-processors / International Data Transfers

Annex I – Description of Processing

1. Purpose(s) for which personal data are processed on behalf of the controller

The Processor is commissioned by the Controller to act as a data processor, processing personal data on behalf and for the account of the Controller, to the extent required for the provision of the contractually agreed services.

Processing of personal data within the scope of the DKV Transport Management Software (TMS) service for the purpose of fulfilling the main contract between the client and the client concluded for DKV TMS. The Transport Management Software can – depending on the scope of services agreed with the client – include the following modules / features in particular:

• Transport Participants: Master data management of customers, freight forwarders, carriers, shippers, etc.
• Order Management: Processing of transport orders, incl. entry, route calculation, truck/driver assignment, and billing.
• Dispatch Plan: Combination of truck overview and order overview for assigning truck/driver and order.
• Map: Tracking of order status or vehicle/driver position via the DKV Mobility App (GPS positioning); further information can be found in the service description.
• Invoices: Creation and entry of debtor and creditor invoices.
• Document Management: Overview of all documents attached to transport participants or orders.
• App: Driver interaction (order acceptance, status messages, etc.) and location transmission.

2. Type of Processing

The Processor is authorized to collect, process, and use personal data in accordance with the contract and the Controller's instructions (see Clause 7.1 above).

Details on the scope, type, and purpose of the collection, processing, and/or use of personal data result from the contract, its service description, and section 1 above (Purposes).

3. Categories of Data Subjects whose Data are Processed

• Customers
• Event Participants
• Communication Participants
• Interested Parties
• Visitors
• Service Users
• Subscribers
• Supplier and/or Service Provider (individual contact persons at these providers)
• Employees
• Former Employees
• Employee Relatives
• Sales Representatives
• Contact Persons for Companies
• Business Partners
• Other, please specify: System/Service Users
• Applicants
• Trainees / Interns
• Consultants
• Shareholders / Bodies

4. Categories of Personal Data to be Processed

General Data / Private Contact Information:

• Names
• Private Address Data
• Identification Data / IDs (e.g., Passport, Driver's License, Social Security Number)
• Other, please specify: Email addresses, vehicle registration numbers, data regarding administrative offenses

Contract Data:

• Image files / Person profiles
• Date of Birth / Age
• Bank account / Credit card details
• Contract / Usage history

Professional Data:

• Personal Data
• Performance Management
• Salary / Social Data
• Positions and Employment Details
• Qualifications and Training Details
• Working Time, Absence Data
• Other, please specify: Communication Data (Email, Phone, etc.)

Service and IT (Usage) Data:

• Device Identifiers
• Image / Video Data
• Audio / Voice Data
• Access Data
• Metadata
• Other, please specify: GPS / Location Data
• Usage and Connection Data
• TK Data / Message Content
• Identification Data / IDs
• Authorization/Approvals

Special Categories of Personal Data:

• Racial / Ethnic Origin
• Health Data
• Biometric Data
• Trade Union Membership
• Criminal Convictions or Offences
• Other, please specify:

• Religious / Philosophical Beliefs
• Political Opinions
• Genetic Data
• Sexual Life / Sexual Orientation

Sensitive data processed (if applicable) and applicable restrictions or safeguards that fully take into account the nature of the data and the associated risks, e.g., strict purpose limitation, access restrictions (including access only for employees who have undergone special training), records of access to the data, restrictions on onward transfer, or additional security measures.

5. Duration of Processing

The duration of the order processing is based on the contract term of the (main) contract and/or any individual contracts or orders based on a framework agreement.

The Contractor is obliged, upon request by the Client or upon completion of the contractual work, but at the latest upon termination of the contractual relationship, to hand over to the Client or a third party designated by the Client all documents obtained, data carriers provided, processing and usage results created, and data stocks that are related to the order relationship or were created during the performance of the contract.

This obligation also extends to copies and/or reproductions of data carriers and/or archived data. A right of retention does not apply in this respect. The handover must be free of charge and without objection; any transfer costs and other expenses associated with the handover shall be borne by the Client.

The Client cannot demand the deletion of data stored by the Contractor if the Contractor is obliged to retain it due to legal provisions; this data will be blocked by the Contractor. Instead of deletion, the processing will be restricted as far as legally permissible (e.g., due to local / country-specific data protection implementation laws). This applies in particular if deletion is not possible or only possible with disproportionately high effort due to the specific storage method.

Annex II: Technical and Organizational Measures, Including Measures to Ensure Data Security

See TOM's of DKV in separate pdf document (available via the DKV website https://www.dkv-mobility.com/de under the "Policies" link in the footer).

Annex III – Sub-processor / International Data Transfers

The Processor has engaged the following sub-processors:

If the client gains access to services in the area of DKV Transport Management (https://my.dkvmobility.com/tms/...) via the DKV Cockpit as a frontend, we point out that the provision of the cockpit is generally carried out within the framework of a controller-to-controller relationship, see point 13.2 of the Special Terms of Use for DKV Cockpit Products. DKV uses the following processors for the provision of its cockpit services in relation to access to the DKV Transport Management services: