Sign In

Data Processing Agreement

Data Processing Agreement 

We are happy that you have come to our page on the Data Processing Agreement, which outlines the policies for handling personal data in compliance with data protection regulations. This agreement provides a clear and accessible explanation of how we handle and protect your personal information. Through this agreement, which protects your rights and interests, we are dedicated to maintaining your privacy and security. This paper describes the responsibility of each party involved and the reasons why your personal information is being processed. 

Data Controller

The organization that determines how and why personal data is processed is known as the Data Controller when we offer payment gateway services. Certain categories of personal data must be gathered and processed by the data controller in order for a financial transaction to be started and finished. We process your personal information in compliance with current data protection laws and regulations to safeguard your security and privacy. The Data Controller shall define the lawful basis for processing, put data protection procedures into effect, and reply to requests from data subjects as per this Data Processing Agreement.

Data Processor

Data processors are businesses that handle personal data on behalf of data controllers. In addition to following the Data Controller's instructions to the letter, the Data Processor exclusively works toward the goals specified in this agreement. The Data Processor is dedicated to upholding relevant data protection laws and regulations in order to safeguard the confidentiality and security of any personal information entrusted to them.

Personal Data

Any information that identifies or is related to a natural person is considered personal data under the terms of this data processing agreement. In order to provide payment gateway services, it can be required for us to process personal information such as names, contact details, financial information, and transaction-related data. This agreement outlines the specific and legitimate reasons for which personal data will be treated in compliance with applicable data protection laws and regulations. This agreement details our dedication to safeguarding and processing personal data in an ethical manner. 

Processing Activities

When utilizing our payment gateway services, all operations and actions involving personal data are subject to the terms of this data processing agreement. Personal data may be gathered, entered, tracked, saved, retrieved, utilized, disclosed, and deleted as part of these actions. To ensure compliance with laws and regulations pertaining to data protection, the data controller only processes personal data for the particular and legitimate purposes that they have defined.

Data Security Measures

Strong security measures have been put in place to guarantee the privacy of any personal data processed through our payment channel. These security procedures guard against unauthorized access, disclosure, alteration, and destruction of personal information. Among these are firewalls, encryption, access controls, and regular security audits. We have created a data breach response plan that will guarantee the security, accessibility, and integrity of personal data in the case of a security incident. We train our employees on the best practices for data protection and do routine audits of our security procedures to make sure they are working.

Confidentiality

As stated in this Data Processing Agreement, a fundamental confidentiality principle governs our data processing operations. Your personal data will be kept private and only accessed by authorized staff members in accordance with the law. Strict confidentiality agreements must be signed by all employees and subcontractors that handle personal data. The word "confidentiality" relates to the handling of personal data during its entire processing, including gathering, storing, transferring, and erasing it.

Data Subject Rights

Data subjects have specific rights about how their personal information is processed, as per this Data Processing Agreement and current data protection laws. These rights include the ability to access, correct, and erase personal information as well as the ability to restrict or object to specific processing activities. The data subject also has the right to obtain their personal data in a format that is widely accepted, machine-readable, and organized. When exercising their rights, data subjects should follow the principles in this agreement and expect timely help from us. 

Data Breach Response

In order to respond to the issue as fast and effectively as possible, we created a thorough data breach response strategy. Our response plan includes actions including identifying and assessing the breach, alerting the relevant authorities, and, if required, getting in touch with the impacted parties. Our goal is to reduce the impact of a data breach as much as possible by putting corrective measures in place and stopping additional unauthorized access. 

Sub Processing 

We may utilize subprocessors to handle personal data that is handled by our payment gateway services in compliance with the provisions of this Data Processing Agreement. Sub-processors are carefully chosen and assessed in compliance with this agreement to make sure they follow the same stringent data protection guidelines. We adhere to all data protection rules and get the Data Controller's prior written consent before using subprocessors. 

International Data Transfers 

Anytime personal data is processed or kept outside of the country in which the data controller is based, this is known as an international data transfer. We make sure that all applicable data protection regulations are followed whenever we transfer data internationally, including by putting in place the required measures. Standard contract provisions, enforceable company policies, and data protection techniques authorized by pertinent data protection agencies are some examples of these precautions.

Audit Rights 

In order to verify compliance with this Data Processing Agreement and any applicable data protection laws, Data Controller retains the right to examine our data processing operations. All written requests for audits must specify the goals, parameters, and schedule of the audit. When required, we shall grant the Data Controller access to pertinent documents and data in order to support its auditing requirements. Our data processing will be open and responsible during audits, reducing interruptions.

Deletion of Data

We shall only keep personal data we process for our payment gateway services as long as it is required, in compliance with our Data Processing Agreement. At the conclusion of the data retention period or upon the Data Controller's request, all personal data, including copies and backups, shall be securely erased. Data that has been deleted should be kept securely to avoid accidental or unlawful loss, alteration, disclosure, or destruction.

Retention of Data 

We shall only keep personal data processed by our payment gateway services for as long as is required to achieve the goals stated in this Data Processing Agreement. The length of retention may change based on the specific processing activity, regulatory requirements, and data controller instructions. All personal data that is no longer required for the intended purposes will be securely destroyed or anonymized to guarantee that it cannot be tracked down or accessed. 

Notification Obligations 

In the event that we become aware of a breach of personal data that poses a risk to the rights and freedoms of data subjects, we promptly notify the data controller. The notification must include all relevant details about the type of breach, the possible ramifications of the breach, and the steps that have been taken or are advised to be taken to address the situation. We will work with the data controller to investigate the breach, address it, and take appropriate steps to ensure that it doesn't happen again.

Liability 

The terms and conditions of this data processing agreement and any applicable data protection laws limit our obligation. It is our duty to handle personal data on the Data Controller's behalf in line with this agreement and the Data Controller's instructions. We shall not be responsible for any indirect, incidental, special, or consequential damages in the case that personal data is processed. Our liability is contingent upon the Data Controller adhering to their legal and regulatory duties pertaining to the confidentiality of personal data.

Indemnification

In the event that the Data Processing Agreement or other applicable data protection laws are broken, the Data Controllers will be responsible for defending, holding harmless, and indemnifying the Data Processor. The Data Processor is, but is not limited to, indemnified against all legal fees, charges, and other expenditures spent in defending against such claims or liabilities. The Data Controller shall indemnify the Data Processor for any unauthorized processing, noncompliance with this agreement, and infringement of data protection legislation. Data Processors consent to promptly notify the Data Controller of any possible claims so that the Data Controller can take the appropriate action to address them.

Governing Law

Indian law will apply and be construed in accordance with the terms of the data processing agreement. This agreement is subject to Indian law, and any issues arising out of it will only be heard by Indian courts.

Changes to the Agreement

In order to stay up to date with changes in data protection laws and our business operations, we reserve the right to update and modify this data processing agreement. Whenever possible, the Data Controller will be informed of any modifications to this agreement with a reasonable amount of advance notice. If data controllers do not object within a reasonable timeframe, it will be assumed that they have accepted the new conditions.