This Data Processing Agreement outlines the terms under which we process data on behalf of our users. It ensures that data handling aligns with applicable regulations and industry standards. The agreement clarifies responsibilities between the parties involved in data collection and processing. It forms an integral part of our commitment to transparency and data protection.
The Data Controller determines the purposes and means of processing personal data. They are responsible for ensuring that data is collected lawfully and used as intended. As the Data Controller, you define what data is needed and why it is processed. We support your role by implementing compliant processing practices.
We act as the Data Processor and handle personal data strictly under your instructions. Our responsibilities include processing, storing, and managing data in accordance with this agreement. We do not determine the purpose or method of data collection. All processing is done to support your operations while maintaining data confidentiality.
Personal data includes any information that can be used to identify an individual, either directly or indirectly. This can include names, contact details, identifiers, or digital records linked to a person. We process only the data necessary for fulfilling agreed services. All data is treated with care and protected against misuse.
Processing activities may involve collecting, storing, organizing, modifying, or deleting data as per the instructions of the Data Controller. These activities are strictly limited to those required for the services provided. No data is processed beyond the scope agreed upon in this DPA. Records of processing activities are maintained for accountability.
We implement strong data security measures, including encryption, restricted access, and regular monitoring. Our infrastructure is designed to prevent unauthorized access, alteration, or disclosure. Security protocols are reviewed and updated regularly to ensure continued protection. These measures align with regulatory requirements and best practices.
All personal data is treated as confidential and accessible only to authorized personnel. Employees and contractors are bound by strict confidentiality obligations. No data is disclosed to third parties without proper authorization. Confidentiality is a core principle in all aspects of our operations.
Data subjects have rights such as access, correction, deletion, and restriction of processing. We assist the Data Controller in fulfilling these rights upon receiving valid requests. Mechanisms are in place to address such requests efficiently and within the prescribed timelines. These rights ensure individuals maintain control over their data.
In the event of a data breach, we will promptly notify the Data Controller and take necessary corrective actions. Our incident response plan ensures quick identification, mitigation, and documentation of breaches. The affected parties will be informed as per legal obligations. We also cooperate in any regulatory investigation that follows.
We may engage subprocessors to assist in delivering services, but only after conducting thorough due diligence. All subprocessors are required to adhere to data protection obligations equivalent to this DPA. A list of subprocessors is maintained and made available to the Data Controller on request. Written consent may be obtained where required.
Both parties agree to comply with all applicable laws and data protection regulations relevant to data processing. We ensure that all operations adhere to legal standards and respond to any legislative changes. Compliance is continuously monitored through internal audits and reviews.
The Data Controller has the right to audit our data processing practices to verify compliance with this DPA. Reasonable notice must be given before audits are conducted. We commit to providing all necessary access and documentation for a thorough review. Audit findings are addressed promptly.
Upon request or termination of services, personal data will be deleted or returned to the Data Controller. Secure deletion methods are used to ensure data is unrecoverable. Confirmation of data removal is provided upon completion. Retained data, if any, will only be stored as required by law.
We retain data only for the duration necessary to fulfill contractual obligations or meet legal requirements. Retention periods are defined based on the nature of the data and applicable laws. Once the retention period expires, data is securely deleted from our systems.
We are obligated to inform the Data Controller about any data breach, lawful data access request, or changes affecting data processing. Timely communication ensures that appropriate actions can be taken. This helps maintain transparency and safeguard data rights.
Each party is liable for any breach of their obligations under this agreement. The Data Processor is responsible for damages caused by failure to follow the Data Controller’s instructions. Liability is limited as defined in the overarching terms and conditions.
The Data Processor agrees to indemnify the Data Controller against any loss or damage resulting from data protection breaches. This includes costs related to legal proceedings, regulatory fines, and user claims. Indemnity is subject to terms defined in the master service agreement.
This agreement is governed by the applicable laws of India. Any disputes arising from this agreement will be resolved according to the governing laws. This clause ensures clarity and consistency in legal interpretation.
We may update this agreement to reflect changes in services, laws, or best practices. All amendments will be communicated in advance and will not take effect without proper notice. The updated version will be made available through official channels for review.