Data Processing Addendum
Last updated: 29 June 2026
This Addendum explains how we handle personal data on your organisation's behalf when you use batapp. It applies whenever your use of the service involves us processing personal data for you, and it forms part of our Terms & Conditions.
The short version: For the data your organisation puts into batapp, your organisation is in charge (the responsible party / controller) and we act on your instructions (the operator / processor). We protect that data, only use approved subprocessors, help you meet your obligations, and return or delete the data when you leave.
It's designed to satisfy the written-contract requirement under section 21 of POPIA, and to align with Article 28 of the GDPR where it applies.
Who's who
- Customer / you — the organisation using batapp. For the personal data in your account (your staff, and any individuals in your asset records), you are the responsible party (controller).
- Albertec / we / us — Albertec IT Solutions CC (Reg No: 2008/017765/23), provider of batapp. For that data, we act as your operator (processor).
For your own account, billing and support data, we are the responsible party — that's covered by our Privacy Policy, not this Addendum.
What we process, and why
- Purpose of processing — To provide, support, secure and improve batapp for you
- Duration of processing — For as long as you use the service, plus the retention periods in our Privacy Policy
- Types of data — Account and user details (names, emails, roles); asset records and any personal data you choose to include in them; photos and location data you capture; usage and device information
- Categories of people — Your staff and authorised users, and any individuals referenced in your asset data
Our obligations
We will:
- Process on your instructions — use the data only to provide the service and as set out here, not for our own unrelated purposes.
- Keep it confidential — limit access to staff who need it, under confidentiality obligations.
- Secure it — apply the technical and organisational measures described in our Security Overview, including encryption, access control and encrypted backups.
- Use only approved subprocessors — see our Subprocessors page, and keep data-protection terms in place with them. We remain responsible for what they do.
- Help you respond to individuals — assist, as far as reasonably possible, when someone exercises their rights (access, correction, deletion, and so on).
- Tell you about breaches — notify you without undue delay if we become aware of a security breach affecting your data, with the information you need to meet your own obligations.
- Return or delete the data — on termination, give you the chance to export, then delete the data in line with the retention periods in our Privacy Policy (some records are kept longer where law requires).
International transfers
Your data is hosted in the EU (Germany), as described in our Privacy Policy and Security Overview. Where personal data is transferred across borders to reach our EU infrastructure, we rely on the EU's recognised level of data protection and on contractual safeguards with our providers.
Audits and information
We'll provide the information reasonably needed to show we're meeting this Addendum, and support audits to a degree appropriate for a shared SaaS service. More detailed assurance is available to Enterprise customers as part of an Enterprise agreement (see our Terms).
Putting this in place
This Addendum applies automatically when you use batapp to process personal data — you don't need to send us anything. If your procurement process needs a signed copy, contact [email protected] and we'll arrange one.
Contact
- Albertec IT Solutions CC (Reg No: 2008/017765/23)
- Information Officer: Theuns Alberts
- Email: [email protected]
