Greetings and welcome to our Data Processing Agreement page, which describes the guidelines for processing personal data in accordance with data protection laws. The purpose of this agreement is to provide a clear, understandable structure for how we manage and protect your personal information. Our commitment to privacy and security of your personal information is demonstrated by this agreement, which safeguards your rights and interests. In this document, we outline the obligations of each party participating in the data processing activities as well as the reasons for processing your data.
Data Controller
As part of our payment gateway services, the entity that decides how and why personal data is processed is known as the Data Controller. The data controller must gather and process certain categories of personal data necessary for the start and finish of payment transactions. To ensure your privacy and security, we process your personal information in accordance with current data protection laws and regulations. According to this Data Processing Agreement, the Data Controller shall define the lawful basis for processing, implement data protection policies, and respond to data subject requests.
Data Processor
An organization responsible for handling personal data on behalf of a data controller is known as a data processor. In addition to adhering strictly to the instructions given by the Data Controller, the Data Processor only acts for the purposes specified in this agreement. Dedicated to processing personal data in accordance with applicable data protection laws and regulations, the Data Processor assures the security and privacy of information entrusted to them.
Personal Data
According to this data processing agreement, personal data refers to any information pertaining to a natural person who can be identified or identified. When providing payment gateway services, we may process personal data such as names, contact information, financial information, and transaction-related information. This agreement specifies the precise and legal goals for which personal data will be processed in accordance with applicable data protection laws and regulations. We place a high priority on the protection and responsible processing of personal data, and this agreement describes how we handle that data.
Processing Activities
Data processing activities described in this Data Processing Agreement apply to all operations and actions carried out on personal data while using our payment gateway services. As part of these activities, personal information may be collected, entered, logged, organized, arranged, stored, retrieved, used, disclosed, and erased. In compliance with data protection laws and regulations, processing of personal data is limited to the specific and legitimate objectives specified by the data controller.
Data Security Measures
Data security is of utmost importance to us, so we have implemented a number of strong safeguards to protect any personal information handled by our payment gateway. These security measures aim to prevent unauthorized access, disclosure, alteration, or destruction of personal information. Firewalls, access controls, encryption, and routine security assessments are examples of these measures. We have created a data breach response plan that will be implemented in case of a security incident so that personal information is protected, available, and intact. We regularly audit our security protocols to evaluate their effectiveness, and we teach our staff the best practices for data protection.
Confidentiality
Our data processing activities are guided by a basic concept of confidentiality within the framework of this Data Processing Agreement. The personal information you provide to us will remain completely confidential, with only authorized workers being able to access it for legal processing purposes. We have strict confidentiality agreements in place for all employees and subcontractors who handle personal information, ensuring that it is protected. Confidentiality covers all stages of data processing under the terms of this agreement, from gathering to storing to transmitting to deleting.
Data Subject Rights
According to current data protection legislation and this Data Processing Agreement, data subjects have certain rights regarding the processing of their personal data. Among these rights are the ability to restrict or object to particular processing activities, as well as access, correct, and delete personal data. Additionally, data subjects have the right to receive their personal information in a machine-readable, structured, and widely used format. In accordance with the guidelines outlined in this agreement, we will respond promptly to requests for assistance from data subjects exercising their rights.
Data Breach Response
In order to deal with the incident as quickly and efficiently as possible, we have developed a comprehensive data breach response plan. As part of our response strategy, we locate and evaluate the breach, alert the relevant authorities, and, if necessary, contact the impacted data subjects. It is our mission to do all we can to lessen the effects of a data breach, including putting in place corrective measures and preventing additional unauthorized access.
Sub Processing
We may use subprocessors' services to help us process personal data that falls under the purview of our payment gateway services in accordance with this Data Processing Agreement. As outlined in this agreement, sub-processors are selected carefully and evaluated to ensure they adhere to the same strict data protection requirements. Whenever we use subprocessors, we obtain the Data Controller's prior written approval, and we comply with all applicable data protection laws.
International Data Transfers
An international data transfer occurs when personal data is processed or kept outside of the legal jurisdiction in which the data controller operates. When transferring data internationally, we promise to comply with all applicable data protection laws, including putting in place the necessary safeguards. Among these measures are standard contract clauses, enforceable corporate policies, and data protection methods approved by relevant data protection authorities.
Audit Rights
Data Controller retains the right to audit our data processing activities in order to confirm compliance with this Data Processing Agreement and applicable data protection legislation. The audit request must be in writing and include the audit's objectives, scope, and timeline. We will assist the Data Controller with all of its auditing needs, offering access to pertinent records and data when needed. Data processing will be kept open and accountable during audits, which will minimize disruption to our operations.
Deletion of Data
We will only retain personal information that we process as part of our payment gateway services for as long as necessary to achieve the goals specified in this Data Processing Agreement. Upon expiration of the data retention period or at the request of the Data Controller, we will securely delete all personal data, including copies and backups. Deleted data shall be handled securely to prevent unintentional or illegal loss, change, disclosure, or destruction.
Retention of Data
In order to fulfill the objectives identified in this Data Processing Agreement, we will only keep personal data processed through our payment gateway services for as long as necessary. The retention duration may vary depending on the particular processing activity, legal constraints, and instructions from the Data Controller. As soon as personal data is no longer needed for the specified reasons, we will securely erase or anonymize it to ensure it is no longer traceable or accessible.
Notification Obligations
If we discover a breach of personal data that threatens data subjects' rights and freedoms, we promptly notify the Data Controller. In the notification, all pertinent information about the type of breach, its potential effects, and the actions taken or recommended to remedy it would be included. Working closely with the data controller, we will investigate the breach, address it, and take the necessary precautions to prevent it from happening again.
Liability
We are limited in our liability by the terms and conditions of this data processing agreement, as well as any applicable data protection legislation. In accordance with the terms of this agreement and the Data Controller's instructions, we are responsible for processing personal data on behalf of the Data Controller. As a result of the processing of personal data, we will not be liable for any indirect, incidental, special, or consequential damages. We are also only liable if the Data Controller complies with their legal and regulatory duties regarding the privacy of personal data.
Indemnification
If the Data Controller violates this Data Processing Agreement or any applicable data protection legislation, the Data Controller shall defend, indemnify, and hold the Data Processor harmless from any claims, losses, or liabilities. The Data Processor is indemnified in this indemnity against legal fees, costs, and other expenses incurred in defending against such claims or liabilities, although they are not the only ones. It is the Data Controller's responsibility to indemnify the Data Processor for unauthorized processing, noncompliance with the terms of this agreement, and violations of data protection regulations. Data Processors agree to promptly notify the Data Controller of any potential claims so that the Data Controller can take the necessary action to resolve the issue.
Governing Law
Throughout the data processing agreement, Indian law shall govern and be interpreted. Indian courts will be the only authority over any issues arising from or connected to this agreement.
Changes to the Agreement
In order to keep this Data Processing Agreement up-to-date with changing data protection regulations and our business operations, we reserve the right to revise and adjust it as necessary. Any changes to this agreement will be notified to the Data Controller by electronic mail or letter, whenever possible, with a reasonable amount of advance notice. Data Controllers will be presumed to have accepted the updated terms if they do not object within a reasonable period of time.