Greetings and welcome to our Data Processing Agreement page, which outlines guidelines for processing personal data in compliance with data protection laws. Our goal with this agreement is to provide a clear, understandable framework for managing and protecting your personal information. Your rights and interests are protected by this agreement, which demonstrates our commitment to privacy and security. We outline the obligations of each party involved in the data processing activities as well as the reasons for the data processing in this document.
Data Controller
The Data Controller is the entity that decides how and why personal data is processed as part of our payment gateway services. For the start and completion of payments, certain categories of personal data must be collected and processed by the data controller. In order to protect your privacy and security, we process your personal information according to current data protection laws and regulations. In accordance with this Data Processing Agreement, the Data Controller shall define the lawful basis for processing, implement data protection policies, and respond to requests from data subjects.
Data Processor
A data processor is an organization that handles personal data on behalf of a data controller. Apart from adhering strictly to the instructions given by the Data Controller, the Data Processor will only act for the purposes specified in this agreement. By processing data in accordance with applicable data protection laws and regulations, the Data Processor ensures the security and privacy of personal information.
Personal Data
According to this data processing agreement, personal data refers to any information about a natural person who can be identified. We may process personal data such as names, contact information, financial information, and transaction-related information when providing payment gateway services. According to applicable data protection laws and regulations, this agreement specifies the exact and legal goals for which personal data will be processed. Personal data protection and responsible processing are high priorities for us, and this agreement describes how we handle it.
Processing Activities
The data processing activities described in this Data Processing Agreement apply to all operations and actions performed on personal data during the use of our payment gateway services. During the course of these activities, personal information may be collected, entered, logged, organized, arranged, stored, retrieved, used, disclosed, and erased. The processing of personal data is limited to the specific and legitimate purposes specified by the controller in accordance with data protection laws and regulations.
Data Security Measures
The security of our payment gateway's personal information is of the utmost importance to us, so we have implemented several strong safeguards. Personal information is protected through these security measures in order to prevent unauthorized access, disclosure, alteration, or destruction. Routine security assessments, firewalls, access controls, encryption, and access controls are examples of these measures. Our data breach response plan will be implemented in case of a security incident to ensure that personal information is protected, accessible, and secure. Our staff is trained in the best practices for data protection and we regularly audit our security protocols to evaluate their effectiveness.
Confidentiality
A basic concept of confidentiality guides our data processing activities within the framework of this Data Processing Agreement. All personal information you provide to us will remain confidential, with only authorized workers having access to it. Our employees and subcontractors who handle personal information are bound by strict confidentiality agreements. Under this agreement, confidentiality applies to all stages of data processing, from collecting to storing to transmitting to deleting.
Data Subject Rights
A data subject's rights regarding the processing of his or her personal data are outlined in current data protection legislation and in this Data Processing Agreement. A few of these rights include the right to restrict or object to particular processing activities, as well as the right to access, correct, and delete personal data. In addition, data subjects have the right to receive their personal information in a machine-readable, structured, and widely accepted format. We will respond promptly to requests for assistance from data subjects exercising their rights in accordance with this agreement.
Data Breach Response
To deal with this incident as quickly and efficiently as possible, we have developed a comprehensive data breach response plan. As part of our response strategy, we locate and evaluate the breach, alert the relevant authorities, and, if necessary, contact the impacted data subjects. In the event that a data breach occurs, we will do everything we can to mitigate its effects, including implementing corrective measures and preventing further unauthorized access.
Sub Processing
In accordance with this Data Processing Agreement, we may use the services of subprocessors for processing personal data related to our payment gateway services. This agreement specifies that sub-processors are carefully selected and evaluated to ensure they adhere to the same strict data protection requirements. We obtain the Data Controller's prior written approval whenever we use subprocessors, and we comply with all applicable data protection laws.
Audit Rights
To confirm compliance with this Data Processing Agreement and applicable data protection legislation, the Data Controller may audit our data processing activities. Audit requests must be in writing and include the audit's objectives, scope, and timeline. We will assist the Data Controller with its auditing needs, providing access to pertinent records and data as needed. During audits, our data processing will be transparent and accountable, minimizing disruption to our business.
Deletion of Data
The data that we process as part of our payment gateway services will only be retained for the length of time necessary to meet the goals specified in this Data Processing Agreement. We securely delete all personal data, including copies and backups, after expiration of the data retention period or at the request of the Data Controller. In order to prevent unintentional or illegal loss, change, disclosure, or destruction of deleted data, it must be handled securely.
Retention of Data
We will only retain personal data processed through our payment gateway services as long as necessary in order to achieve the objectives outlined in this Data Processing Agreement. Retention durations may vary depending on the type of processing, legal constraints, and instructions provided by the Data Controller. In the event that personal data is no longer required for the specified purposes, it will be securely erased or anonymized to ensure it cannot be traced or accessed.
Notification Obligations
When we discover a breach of personal data that threatens the rights and freedoms of data subjects, we immediately notify the Data Controller. All pertinent information about the type of breach, its potential effects, and actions taken or recommended to remedy it would be included in the notification. Our team will investigate the breach, address it, and take the necessary precautions to prevent it from happening again.
Liability
In addition to any applicable data protection legislation, we are limited in our liability by the terms and conditions of this data processing agreement. Our responsibility is to process personal data on behalf of the Data Controller in accordance with the terms of this agreement and the Data Controller's instructions. We are not liable for any indirect, incidental, special, or consequential damages resulting from the processing of personal data. A Data Controller is also only liable if they adhere to their legal and regulatory obligations regarding personal data privacy.
Indemnification
In the event the Data Controller violates this Data Processing Agreement or any applicable data protection legislation, the Data Controller shall defend, indemnify, and hold the Data Processor harmless from any claims, losses, or liabilities. This indemnity covers legal fees, costs, and other expenses incurred by the Data Processor in defending against such claims or liabilities, although they are not the only ones. In the event that the Data Processor violates the terms of this agreement or does not comply with the terms of this agreement, the Data Controller must indemnify the Data Processor. The Data Processor agrees to notify the Data Controller promptly of any potential claims so that the Data Controller can take the necessary action to resolve them.
Governing Law
This data processing agreement will be governed by and interpreted in accordance with Indian law. The Indian courts will have exclusive jurisdiction over any issues arising out of or related to this contract.
Changes to the Agreement
As data protection regulations change and our business operations change, we reserve the right to revise and adjust this Data Processing Agreement. Whenever possible, any changes to this agreement will be notified to the Data Controller by electronic mail or letter with reasonable advance notice. If Data Controllers fail to object within a reasonable period of time, they will be presumed to have accepted the updated terms.