Nauto
Product
Industries
Resources
Company
Log in
Get a quote →
OverviewSafetyCoaching and Risk

Nauto AI Fleet Safety Platform

A predictive AI platform designed to reduce collisions and improve fleet safety at scale.
What is Nauto?
Nauto brings together real-time alerts, predictive risk scoring, and coaching in a single fleet safety platform.
Proven results
Explore independent VTTI validation, collision reduction outcomes, and fleet ROI.

Prevent collisions before they happen

Predictive, real-time safety powered by AI that understands how risk builds on the road and inside the cab.
Predictive Collision Alerts
Detect dangerous patterns early and alert drivers before incidents become unavoidable.
Driver Risk Scoring (VERA™)
Turn real-time driving behavior into a single, predictive risk score to identify and reduce future collisions.

Turn risk insight into behavior change

Coaching, alerts, and incident intelligence that drivers trust and managers can act on.
Impact-Focused Coaching
Combine self-guided and manager-led coaching to drive measurable, lasting behavior change.
Driver Behavior Alerts
Detect distraction, drowsiness, and risky behavior in real time and help drivers self-correct in the moment.
Incident Intelligence and Exoneration
Detect real incidents, understand what happened, and protect drivers with AI-powered event intelligence.

Our clients span many industries

Nauto supports customers across Automotive, Construction, Delivery, Field Services, Food and Beverage, Insurance, Oil and Gas, Passenger Transit, Retail Distribution, Trucking and Logistics, Waste and Recycling, and Utilities and Telecom
Automotive
Nauto built-into-the vehicle delivering the next leap in Automotive safety
Insurance
AI-powered fleet intelligence for smarter insurance decisions
Oil and Gas
Smarter fleet safety for high-risk oil & gas operations
About
Learn about Nauto’s mission, leadership, and the technology driving predictive fleet safety.
News
Read the latest announcements, product updates, and media coverage.
Blog
Explore insights on AI, fleet safety, risk reduction, and industry trends.
Partners
Discover how Nauto works with technology and strategic partners to extend fleet intelligence.
Careers
Join a team building AI-powered technology to make roads safer worldwide.
Contact
Get in touch with our team to learn more about Nauto or request a demo.
Product
Overview
What is Nauto?
How Nauto works (fast follow)
Proven results (fast follow)
Safety
Predictive Collision Alerts
Driver Risk Scoring (VERA™)
Proven results (fast follow)
Coaching and Risk
Impact-Focused Coaching
Driver Behavior Alerts
Incident Intelligence and Exoneration
Industries
Resources
Automotive
Insurance
Oil and Gas
Company
About
News
Blog
Partners
Careers
Contact
Log in
Get a quote →

Data Processing Addendum

Last Revision Date:  1 July 2026

This Data Processing Addendum (DPA) is between Customer and Nauto and applies to all Customers who use the Nauto Solution to the extent that Customer is subject to the GDPR or CCPA or similar applicable law and such law requires a data processing agreement. To the extent any of the terms in this Data Processing Addendum conflict with any other terms agreed to by Nauto and Customer as it relates to the Nauto Solution, the terms in this DPA will control to the extent they relate to Nauto’s processing of Personal Data as a Processor.

Definitions: In addition to terms defined in the Solution Terms, located at [insert link], the following terms have the meanings as follows:

  • Personal Data Breach means any security breach that Data Protection Law would require (i) Nauto to report to Customer or (ii) Customer to report to a Supervisory Authority or affected individuals, or to maintain a record of, that involves Personal Data subject to this DPA.
  • Supervisory Authority means a Government Entity or regulatory authority responsible for administering, overseeing compliance with, and/or enforcing Data Protection Law.

Relationship of the parties:

  • Controller: Customer is the Controller of the Customer Personal Data.
  • Processor: Nauto is a Processor of the Customer Personal Data.

Compliance with Data Protection Laws: Each party will comply with Data Protection Laws.

Purpose limitation: Nauto will (i) process the Customer Personal Data as necessary to perform its obligations under the Orders between Nauto and Customer and the Solution Terms and strictly in accordance with the documented instructions of the Customer as set forth in this DPA (including Annex 1 hereto), except where otherwise required or permitted by applicable law (collectively, the Permitted Purpose) and (ii) not process the Customer Personal Data as a Processor for its own purposes or those of any third party in any circumstances. Nauto will promptly inform the Customer if, in Nauto’s opinion, Customer’s processing instructions violate Data Protection Laws.

International transfers: Customer acknowledges that Nauto is certified under the EU-US Data Privacy Framework (EU-US DPF) and the United Kingdom extension thereto (UK Extension). Any sub-processors (as that term is defined by Data Protection Laws) engaged by Nauto must process Customer Personal Data with at least the same level of protection as required under Data Protection Laws and, to ensure Nauto’s compliance with the Onward Transfer Principle, the EU-US DPF Principles. If the EU-US DPF and UK Extension lose its EU/UK Adequacy Decision, the parties agree that the standard contractual sections adopted or approved by the European Commission are hereby included by reference into this DPA and will be applied to the data transfer from the EEA to the US. In such case, to the extent the UK is implicated, the UK Addendum set out in Annex 2 of this DPA will also automatically apply.

Confidentiality of processing: Nauto will ensure that any person it authorizes to process Customer Personal Data (including staff, agents and subcontractors) (Authorized Personnel) will be subject to a contractual or statutory duty of confidentiality. Nauto will only authorize Authorized Personnel to process the Customer Personal Data as necessary for the Permitted Purpose.

Security: Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nauto will implement appropriate technical and organizational measures designed to ensure a reasonable level of security applied to the Customer Personal Data, including, as appropriate the measures identified in the Security Policy. Nauto may modify such measures from time to time, provided that such modifications will not materially reduce the overall level of protection for Customer Personal Data.

Sub-processing:

  • Customer specifically authorizes and consents to Nauto’s use of the subprocessors engaged by Nauto and listed on Nauto’s Subprocessor List, located at [insert link] (“Subprocessor List”) to process Customer Personal Data for the Permitted Purpose (Authorized Subprocessors). In addition, Customer generally authorizes Nauto to engage subprocessors not on such list as of the effective date of this DPA (New Subprocessors) in accordance with this section to process Customer Personal Data for the Permitted Purpose.
  • Nauto will endeavor to provide Customer with at least thirty (30) days’ notice before Nauto adds a New Subprocessor (including replacing an Authorized Subprocessor) by (i) updating the Subprocessor List identifying the New Subprocessor and (ii) sending an email notification to the business email(s) subscribed to receive such notifications as set forth on the Subprocessor List site. Customer agrees that it is responsible for subscribing to receive such notices by following the instructions set forth on the Subprocessor List site and that the notice process described herein satisfies Nauto’s notice obligations. 
  • Within ten (10) days of Nauto’s notice to Customer of any New Subprocessor(s), Customer may in good faith object to the New Subprocessor(s) by providing written notice to Nauto explaining Customer’s reasonable basis for such objection and Nauto may, in its sole discretion, attempt to resolve Customer’s objection, in which case, the parties will come together in good faith to discuss a resolution. If Nauto determines, in its sole discretion, that corrective actions with respect to the New Subprocessor, or an alternative New Subprocessor, cannot reasonably be made available to Customer within thirty (30) days of Customer providing notice of its objection, then, if Customer continues to reasonably object to the New Subprocessor(s), Customer (subject to all fees and payment due for services rendered) or Nauto may, upon prior written notice to the other party, terminate any Order or Agreement between the parties solely to the extent that it requires the use of the New Subprocessor. If Customer fails to provide notice to Nauto of its objection to a New Subprocessor in accordance with this section, Customer will be deemed to have authorized and consented to Nauto’s engagement of such New Subprocessor.
  • With respect to each Subprocessor, Nauto will (i) impose data protection terms on such sub-processor that protect the Customer Personal Data to the same standard provided for by this DPA and (ii) remain fully liable to Customer for any failure of such Subprocessor to fulfill such data protection terms.

Cooperation and data subjects’ rights: Taking into account the nature of the processing, Nauto will provide reasonable and timely assistance to the Customer (at Customer’s expense) by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to a request from a data subject to exercise any of its rights under Data Protection Laws. In the event that Nauto directly receives any such request, or any other correspondence, inquiry, or complaint received from a data subject, regulator, or other third party in connection with the processing of Customer Personal Data for which Customer is a Controller, Nauto will promptly inform Customer (except to the extent prohibited by law from doing so) provided Nauto can reasonably identify from the information provided that such request relates to the Customer and/or Customer Personal Data.

Data Protection Impact Assessment: At Customer’s request, Nauto will provide reasonable assistance to Customer with any data protection impact assessments and prior consultations with Supervising Authorities required by Data Protection Laws, in each case solely in relation to Nauto’s processing of Customer Personal Data under the applicable Agreement between the parties and taking into account the nature of the processing and information available to Nauto. Nauto reserves the right to charge a reasonable fee for such requested assistance, to the extent permitted by applicable law.

Personal Data breach: Upon confirmation of a Personal Data Breach, Nauto will (i) inform the Customer without undue delay and (ii) taking into account the nature of processing and the information available to Nauto, provide reasonable assistance and cooperation to the Customer (as requested by such Customer in writing) for the Customer to fulfill its data breach reporting obligations under (and in accordance with the timescales required by) Data Protection Laws. Nauto will further take all such measures and actions as are reasonably necessary (as determined in Nauto’s sole discretion) to remedy or mitigate the effects of such Personal Data Breach and will keep the Customer reasonably informed of all material developments in connection with the Personal Data Breach. Nauto’s notification of, or response to, a Personal Data Breach will not be construed as an acknowledgement by Nauto or, if relevant, its Subprocessors, of any fault or liability with respect to the performance of products and services or its or their obligations under this DPA or an Agreement between the parties.

Deletion or return of Customer Personal Data: Customer Personal Data will be stored in the Nauto Solution for a limited time only, in accordance with this DPA. During the Subscription Term or Pilot Period, as applicable, and for thirty (30) days thereafter, Customer may download available Customer Personal Data in a manner consistent with the functionality of the Nauto Solution. If Customer desires to retain any Customer Personal Data after the end of the Subscription Term or Pilot Period, as applicable, it may do so by downloading available Customer Personal Data in accordance with the foregoing sentence during the Subscription Term or Pilot Period, as applicable, and for thirty (30) days thereafter. Customer instructs Nauto to delete all remaining Customer Personal Data (including existing copies) for which Nauto is a Processor from Nauto’s systems, which will occur as soon as reasonably practicable after the end of the Subscription Term or Pilot Period, as applicable, unless Data Protection Laws require otherwise.

Audit: To demonstrate compliance with this DPA, Nauto will make available to Customer, upon Customer’s written request, Nauto’s latest SOC 2 Type 1 and 2 (and similar) reports, if available. Such reports are Nauto Confidential Information. If the foregoing information does not give Customer the information and audit rights meeting the relevant requirements of Data Protection Laws, then, solely as required under such laws, Customer may request, upon sixty (60) days’ prior written notice to Nauto and up to once per calendar year, to perform an audit of relevant Nauto policies and procedures governing Nauto’s handling of Customer Personal Data in connection with the Permitted Purpose for purposes of verifying Nauto’s compliance with this DPA, at Customer’s own expense and with scope, dates, duration, auditor, and any security or confidentiality controls of such audit to be mutually agreed. Such audit will be conducted in a manner that does not compromise Nauto’s confidentiality obligations to Nauto’s other customers. All materials and findings of such audits are Nauto Confidential Information.

Additional California Specific Provisions: To the extent that Nauto’s processing of Customer Personal Data is subject to the California Consumer Privacy Act of 2018 (the CCPA), this section will also apply to Nauto’s processing of such data as a Processor. Customer discloses or otherwise makes available Customer Personal Data to Nauto for the limited and specific purpose of Nauto providing the Nauto Solution to Customer in accordance with the applicable Order(s) between the parties, these Solution Terms, and this DPA. Nauto will: (i) comply with its applicable obligations under the CCPA; (ii) provide the same level of protection as required under the CCPA; (iii) notify Customer if it can no longer meet its obligations under the CCPA; (iv) not “sell” or “share” (as such terms are defined by the CCPA) Customer Personal Data; (v) not retain, use, or disclose Customer Personal Data for any purpose (including any commercial purpose) other than to provide the Nauto Solution to Customer pursuant to the applicable Order(s) between the parties and these Solution Terms or as otherwise permitted under the CCPA; (vi) not retain, use, or disclose Customer Personal Data outside of the direct business relationship between Customer and Nauto; and (vii) unless otherwise permitted by the CCPA, not combine Customer Personal Data with Personal Data that Nauto (a) receives from, or on behalf of, another person, or (b) records from its own, independent consumer interaction. Solely to the extent required by Data Protection Laws, and upon Customer’s reasonable determination that Nauto is engaged in unauthorized use of Customer Personal Data, Customer may, upon prior written notice to Nauto, take reasonable and appropriate steps agreed upon by the us and Customer to stop and remediate such unauthorized use, provided that such notice includes a reasonably detailed description of the Customer Personal Data at issue, the alleged unauthorized use, and the proposed remediation. To the extent the foregoing incurs any costs on Nauto, Customer and Nauto will work together in good faith to determine a reasonable allocation of such costs.

‍

Annex 1: Description of the processing

Nature and Purpose of Processing: Nauto will process Customer Personal Data as necessary to provide the products and services under the applicable Order(s), for the purposes specified in these Solution Terms and this DPA, and in accordance with Customer’s instructions as set forth in this DPA.

Duration of Processing: Nauto will process Customer Personal Data as long as required to provide the Nauto Solution to Customer pursuant to the applicable Order(s) and these Solution Terms and as required or permitted by applicable law.

Categories of Data Subjects: Users of the Nauto Solution (for example, drivers and/or fleet managers employed or contracted by Customer), passengers in any Customer Vehicles, and passersby.

Categories of Personal Data: The potential categories of Personal Data processed by the Nauto Solution are listed below and are subject to both (i) configuration changes requested by Customer and implemented by Nauto and (ii) features that may be disabled in certain jurisdiction, each of which may remove certain Personal Data categories from being processed by Nauto.

  • Real-Time Video Feed Temporarily Buffered on Device: To the extent the Nauto Device’s real-time video feed used to detect risk includes any images of data subjects or license plate numbers of data subjects while the video feed is temporarily buffered in the device’s working memory to enable the device to detect risks and provide alerts to the driver, the video feed will temporarily contain Personal Data of those data subjects.
  • Safety Incident Data (media, sensor data, and metadata):
  • In addition to the temporary real-time video feed, in order to upload data as directed by the Customer, the Nauto Device also temporarily records media (video and photos) and sensor data (e.g., GPS information, speed, vehicle state (moving/stopped/parked)). By default, the media recorded does not include audio. This data is overwritten (i.e., permanently deleted), generally within a few days, unless a Safety Incident is detected, in which case, just the Safety Incident’s media and sensor data, along with event metadata (e.g., timestamp, event type (e.g., speeding, tailgating, collision), event severity (low/medium/high), event duration) is linked, on the Nauto Device, to the device identification (Device ID) and the name of the Customer’s groups of vehicles (Fleet IDs). That safety event data is then uploaded to the Nauto Service and linked to a vehicle identification (Vehicle ID) and, if available in the relevant jurisdiction, a driver identification (Driver ID). Customers create and therefore are in control of whether any of Vehicle IDs, Driver IDs (if available), or Fleet IDs contain any Personal Data. Personal Data is not required to be used to create these IDs. These IDs may be created using random combinations of letters, numbers and special characters.
  • The Personal Data in Safety Incident data consists of (i) any images of data subjects captured in the media (which may be permanently blurred as configured by Customer and/or depending on the jurisdiction) and any information relating to such data subjects captured in the media, and (b) any sensor data and metadata that may be considered “relating to” such data subjects. However, even if Safety Incident sensor data and metadata is not linked to media containing a data subject’s image, the data is linked to a Vehicle ID and Driver ID. While such IDs themselves may not contain personal information, Customer or a third party may be able to use information outside of Nauto’s systems to link a Vehicle ID and/or Driver ID to a data subject, thereby converting sensor data and metadata linked to a Vehicle ID and/or Driver ID into Personal Data.
  • GPS Information: Depending on the features enabled and configured by Customer, the Nauto Device records and uploads snippets of GPS information that is linked on the Nauto Device to a Device ID and Fleet ID, and, once uploaded to the Nauto Service, is also linked to a Vehicle ID and a Driver ID (if available). As noted above, the IDs themselves do not require Personal Data but Customer or a third party may be able to use information outside of Nauto’s systems to link a Vehicle ID and/or Driver ID to a data subject, thereby converting the GPS information linked to such IDs into Personal Data.
  • VERA Score®: The Nauto Solution generates a VERA Score® that is also linked to a Vehicle ID and a Driver ID (if available). The VERA Score® is calculated using a proprietary formula applied to 25+ variables detected by the Nauto Device via collected metadata and sensor data (e.g., distraction, hard braking, etc.) and designed using data science as one input that can help Customer support road safety. As noted above, the IDs themselves do not require Personal Data but Customer or a third party may be able to use information outside of Nauto’s systems to link a Vehicle ID and/or Driver ID to a data subject, thereby converting the VERA Score® linked to such IDs into Personal Data. Note: the Nauto Solution does not make decisions based on this information and Nauto explicitly disclaims any warranties regarding the accuracy of the same (see “DISCLAIMERS” section). Customers are ultimately responsible for deciding how data made available via the Nauto Service is used.
  • Telematics: If part of the Nauto products or services used by Customer, the Nauto Solution can provide a Customer with telematics data about a particular Customer Vehicle, including idling time, fuel consumption, and battery and other engine data. While this data alone does not constitute Personal Data, to the extent such data is linked to a Vehicle ID and a Driver ID (if available), Customer or a third party may be able to use information outside of Nauto’s systems to link a Vehicle ID and/or Driver ID to a data subject, thereby converting this telematics data into Personal Data.
  • Customer-Provided Data: To access the Nauto Service, Users must create an Account, which at minimum requires an email, username and password. No other Personal Data is required from Customers. However, Customers have the option to include additional Personal Data into the Nauto Solution, which may include driver names, Vehicle Identification Numbers (VIN), photos, phone numbers, home/work address, driver’s license/identification information, date of birth, emergency contact information, license plate number. Customers are in control of whether they add this additional, optional Personal Data into the Nauto Solution.

‍

Annex 2 - UK Addendum to the EU Commission Standard Contractual Clauses

Entering into this UK Addendum: Each party to this DPA agrees to be bound by the terms and conditions set out in this UK Addendum, which incorporates the Approved EU SCCs, in consideration for the other party also agreeing to be bound by this UK Addendum. Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the parties, for the purpose of making Restricted Transfers (defined below), the parties may enter into this UK Addendum in any way that makes them legally binding on the parties and allows data subjects to enforce their rights as set out in this UK Addendum. Entering into this UK Addendum will have the same effect as signing the Approved EU SCCs.

Interpretation: Where this Addendum uses terms that are defined in the Approved EU SCCs those terms will have the same meaning as in the Approved EU SCCs. In addition, the following terms used in this Addendum have the following meanings:

Appropriate Safeguards means the standard of protection over the Personal Data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR.

Approved Addendum means the template UK Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 28 January 2022, as it is revised under Section ‎18.

Approved EU SCCs means the Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

ICO means the Information Commissioner.

Restricted Transfer means a transfer that is covered by Chapter V of the UK GDPR.

UK means the United Kingdom of Great Britain and Northern Ireland.

UK Data Protection Laws means all laws relating to data protection, the processing of Personal Data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.

UK GDPR has the meaning as defined in section 3 of the Data Protection Act 2018.

This UK Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the parties’ obligation to provide the Appropriate Safeguards. If there is any inconsistency or conflict between UK Data Protection Laws and this UK Addendum, UK Data Protection Laws applies. If the meaning of this UK Addendum is unclear or there is more than one meaning, the meaning that most closely aligns with UK Data Protection Laws applies. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted, and/or replaced after this UK Addendum has been entered into.

Hierarchy: Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy set forth in this UK Addendum will prevail. Where there is any inconsistency or conflict between the Approved Addendum and the Approved EU SCCs (as applicable), the Approved Addendum overrides the Approved EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Approved EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum. Where this UK Addendum incorporates Approved EU SCCs that have been entered into to protect transfers subject to the GDPR then the parties acknowledge that nothing in this UK Addendum impacts those Approved EU SCCs.

Incorporation of and changes to the EU SCCs: This UK Addendum incorporates the Approved EU SCCs, which are amended to the extent necessary so that together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers. The parties agree that Sections ‎9 to ‎11 override Clause 5 (Hierarchy) of the Approved EU SCCs; and this UK Addendum is (a) governed by the laws of England and Wales and (b) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the parties. Unless the parties have agreed alternative amendments which meet the requirements of Section ‎12, the provisions of Section ‎15 will apply. No amendments to the Approved EU SCCs other than to meet the requirements of Section ‎12 may be made. The following amendments to the Approved EU SCCs (for the purpose of Section ‎12) are made: (i) references to the “Clauses” means this UK Addendum, incorporating the Approved EU SCCs; (ii) in Clause 2, delete the words: “and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”; (iii) Clause 6 (Description of the transfer(s)) is replaced with: “The details of the transfers(s) and in particular the categories of Personal Data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”; (iv) Clause 8.7(i) of Module 1 is replaced with: “it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”; (v) Clause 8.8(i) of Modules 2 and 3 is replaced with: “the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;” (vi) references to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws” (vii) references to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws; (viii) references to Regulation (EU) 2018/1725 are removed; (ix) references to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”; (x) the reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”; (xi) Clause 13(a) and Part C of Annex I are not used; (xii) the “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”; (xiii) in Clause 16(e), subsection (i) is replaced with: “the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of Personal Data to which these Clauses apply;” (xiv) Clause 17 is replaced with: “These Clauses are governed by the laws of England and Wales.” (xv) Clause 18 is replaced with: “Any dispute arising from these Clauses will be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The parties agree to submit themselves to the jurisdiction of such courts.”; and (xvi) the footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10, and 11.

Amendments to this Addendum: The parties may agree to change Clauses 17 and/or 18 of the Approved EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland. If the parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards. From time to time, the ICO may issue a revised Approved Addendum that: makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or reflects changes to UK Data Protection Laws. The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the parties need to review this UK Addendum. This UK Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified. If the ICO issues a revised Approved Addendum under Section ‎18, if any party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate, and demonstrable increase in: its direct costs of performing its obligations under this UK Addendum; and/or its risk under this UK Addendum, and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that party may end this UK Addendum at the end of a reasonable notice period, by providing written notice for that period to the other party before the start date of the revised Approved Addendum. The parties do not need the consent of any third party to make changes to this UK Addendum, but any changes must be made in accordance with its terms.

Nauto

Product

Product OverviewPredictive Collision AlertsDriver Behavior AlertsImpact Focused CoachingDriver Risk ScoringIncident Intelligence

Industries

AutomotiveInsuranceOil and Gas

Company

AboutBlogNewsCareersContact

Follow Us

LinkedIn
YouTube
Facebook
X

Newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By subscribing, you agree to our Privacy Policy and provide consent to receive updates from our company.
Copyright 2026 All Rights Reserved
® Nauto, the Nauto logo, and VERA Score are registered trademarks of Nauto, Inc. in the United States and other countries.
Website privacyUser privacyAd noticeCopyrightCustomer login