Last updated: 20 January 2025

‍MappedUp is a Bulgarian company and we care and compete on data privacy when delivering our services. This means that we are continuously striving to fulfill the GDPR and have taken all necessary technical and contractual measures to ensure that personal data is processed securely.

This document describes the overall content of our GDPR compliance programme, but if you have any additional questions related to privacy or security, please feel free to reach out at privacy@mappedup.co.uk

• A free use of the platform by any personal user. For this, we have a Privacy Policy, where we explain our use of data as a data controller.
• A paid service to enterprises or other organisations who wish to use our services as an integrated professional tool. For this, we have a Data Processor Agreement, which outlines how we process personal information as a data processor on behalf of a customer.

Data Processing Agreement (DPA)
‍Our DPA relies on the EU Commission Standard Contractual Clauses. One of the reasons we use this agreement as a standard is that the SCC is well known and approved by the European Data Protection Board. Another reason is that we use some sub-processors outside of the EU and that such transfers are based on the SCC as well given the fact EU/US Privacy Shield arrangement was deemed invalid by the European Court of Justice in the summer 2020.

As of November 2020, we have carried out individual risk assessment of all our data processors and entered into Data Processing Agreements that relies on SCCs for the transfers that goes outside of the EU. You can read more about sub-processors below.