Sign In
Sign In

Data Processing Agreement

Home Data Processing Agreement

This Data Processing Agreement (“DPA”) establishes a legally binding arrangement between (Website Name) (referred to as the “Data Processor”) and the entity agreeing to these terms (referred to as the “Data Controller”). It governs how the Processor manages Personal Data in connection with the services provided.

Responsibilities of the Parties

Data Controller:

  • Determines the purposes and legal basis for processing Personal Data
  • Ensures compliance with all applicable Data Protection Laws

Data Processor:

  • Processes Personal Data strictly based on documented instructions from the Controller
  • Handles Personal Data solely to deliver the services

Scope of Data Processing

The Processor will handle Personal Data only for the following purposes:

  • Initiation, authorization, and settlement of payment transactions
  • KYC (Know Your Customer) verification and fraud prevention
  • Customer authentication, including two-factor authentication (2FA)
  • Transaction reporting and reconciliation

Security Measures

The Processor commits to implementing appropriate technical and organizational safeguards, including:

  • Encryption of Personal Data in transit and at rest
  • Multi-factor authentication for system access
  • Secure key management practices
  • Regular vulnerability assessments and penetration testing
  • Ensuring all personnel maintain strict confidentiality and receive data security training

Support for Data Subject Rights

The Processor shall assist the Controller in fulfilling Data Subject rights under applicable laws, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to restrict or object to processing

Engagement of Subprocessors

  • No Subprocessor shall be engaged without prior written approval from the Controller
  • Any approved Subprocessor must enter into written agreements with obligations that are no less protective than those in this DPA

Personal Data Breach Notification

In the event of a Personal Data Breach, the Processor must notify the Controller within 24 hours, including:

  • Nature of the breach
  • Categories and approximate number of affected Data Subjects
  • Steps taken to contain and mitigate the breach
  • Measures planned to prevent recurrence

Auditing and Compliance

  • The Controller may audit the Processor’s compliance with reasonable notice
  • The Processor shall provide access to relevant records, and internal policies

Data Retention and Deletion

  • Personal Data will be retained only for as long as necessary for payment processing and legal compliance
  • Upon service termination, the Processor will securely delete or return all Personal Data unless retention is required by law

Legal and Regulatory Updates

The Processor must promptly notify the Controller of any changes in laws or regulations affecting its ability to process Personal Data in compliance with this DPA

Liability and Indemnification

  • Each Party is responsible for damages arising from its breach of this Agreement
  • The Processor shall indemnify the Controller against any claims, fines, or damages due to non-compliance with data protection obligations

Governing Law and Dispute Resolution

  • This DPA is governed by the laws of India
  • All disputes will be subject to the exclusive jurisdiction of Indian courts

Amendments

Any modifications to this Agreement must be documented in writing and signed by both Parties

Acknowledgment

By entering into this DPA, both Parties confirm their understanding of and agreement to the terms set forth herein.