Thank you for visiting our Data Processing Agreement page, which describes the guidelines for processing personal data in compliance with data protection laws. Our goal with this agreement is to provide you with a clear, understandable framework for how we manage and protect your personal information. Your privacy and security are protected by this agreement, which safeguards your rights and interests. The purpose of processing your data and the obligations of each party involved in the data processing activities are outlined in this document.
Data Controllers are the entities that determine how and why personal data is processed as part of our payment gateway services. For payment transactions to start and finish, certain categories of personal data must be gathered and processed. In order to protect your privacy and security, we process your personal information according to current data protection laws and regulations. A Data Processor must define the lawful basis for processing, implement data protection policies, and respond to data subject requests under this Data Processing Agreement.
A data processor is an organization that handles personal data on behalf of a data controller. In addition to adhering strictly to the instructions of the Data Controller, the Data Processor only acts in accordance with this agreement. A Data Processor ensures the security and privacy of personal information entrusted to them by adhering to applicable data protection laws and regulations.
In this data processing agreement, personal data means any information that can be used to identify or locate a natural person. As part of our payment gateway services, we may process personal data such as names, contact information, financial information, and transaction-related information. This agreement specifies the precise and legal purposes for which personal data will be processed in accordance with applicable data protection laws. Our company places a high priority on the protection and responsible processing of personal data, and this agreement explains how we handle that information.
This Data Processing Agreement applies to all operations and actions performed on personal data while using our payment gateway services. In the course of these activities, personal information may be collected, entered, logged, organized, arranged, stored, retrieved, used, disclosed, and erased. The processing of personal data is limited to the specific and legitimate purposes specified by the data controller in compliance with data protection laws and regulations.
In order to protect any personal information handled by our payment gateway, we have implemented a number of strong safeguards. The purpose of these security measures is to prevent unauthorized access, disclosure, alteration, or destruction of personal information. Routine security assessments, firewalls, access controls, and encryption are examples of these measures. Our data breach response plan will ensure that personal information is protected, available, and intact in the event of a security incident. The best practices for data protection are taught to our staff on a regular basis. We regularly audit our security protocols to evaluate their effectiveness.
A basic concept of confidentiality guides our data processing activities within the framework of this Data Processing Agreement. All personal information you provide to us will be kept completely confidential, and only authorized employees will be able to access it for legal processing purposes. All employees and subcontractors who handle personal information are bound by strict confidentiality agreements. Under the terms of this agreement, confidentiality applies to all stages of the data processing process, from gathering to storing to transmitting to deleting.
A data subject has certain rights regarding the processing of their personal data under current data protection legislation and this Data Processing Agreement. These rights include the ability to restrict or object to particular processing activities, as well as the ability to access, correct, and delete personal information. In addition, data subjects have the right to receive their personal information in a machine-readable, structured, and widely-used format. As outlined in this agreement, we will respond promptly to requests for assistance from data subjects exercising their rights.
A comprehensive data breach response plan has been developed to deal with the incident as quickly and efficiently as possible. We locate and evaluate the breach, alert the relevant authorities, and, if necessary, contact the impacted data subjects as part of our response strategy. Putting in place corrective measures and preventing additional unauthorized access are important parts of our mission to minimize the impact of a data breach.
As part of this Data Processing Agreement, we may use subprocessors' services to help us process personal data that falls under the purview of our payment gateway services. The sub-processors are carefully selected and evaluated to ensure they adhere to the same strict data protection requirements. We obtain the prior written approval of the Data Controller before using subprocessors, and we comply with all applicable data protection laws.
In order to confirm compliance with this Data Processing Agreement and applicable data protection legislation, the Data Controller may audit our data processing activities. Requests for audits must be in writing and include the audit's objectives, scope, and timeline. We will assist the Data Controller with all of its auditing needs, offering access to pertinent records and data when needed. Our operations will be minimized by keeping data processing open and accountable during audits.
During the course of providing payment gateway services, we will only retain personal information for as long as is necessary to achieve the goals specified in this Data Processing Agreement. Upon expiration of the data retention period or at the request of the Data Controller, all personal data, including copies and backups, will be securely deleted. To prevent unintentional or illegal loss, change, disclosure, or destruction of deleted data, deleted data must be handled securely.
The personal data handled by our payment gateway services will only be kept for as long as necessary to fulfill the objectives identified in this Data Processing Agreement. There may be a variation in the retention period depending on the particular processing activity, legal constraints, and the Data Controller's instructions. When personal data is no longer needed for the specified reasons, we will securely erase or anonymize it to ensure it is no longer traceable or accessible.
When we discover a breach of personal data that threatens the rights and freedoms of data subjects, we immediately notify the Data Controller. Information about the breach, its potential effects, and the actions taken or recommended to remedy it will be included in the notification. In close collaboration with the data controller, we will investigate the breach, address it, and take the necessary precautions to prevent it from happening again.
The terms and conditions of this data processing agreement, as well as any applicable data protection legislation, limit our liability. According to this agreement and the Data Controller's instructions, we are responsible for processing personal data on behalf of the Data Controller. We will not be liable for any indirect, incidental, special, or consequential damages caused by the processing of personal data. Data Controllers are only liable if they comply with their legal and regulatory duties regarding the privacy of personal information.
If the Data Controller violates this Data Processing Agreement or any applicable data protection legislation, the Data Controller shall defend, indemnify, and hold the Data Processor harmless from any claims, losses, or liabilities. In this indemnity, the Data Processor is protected against legal fees, costs, and other expenses incurred in defending against such claims or liabilities. Upon unauthorized processing, noncompliance with the terms of this agreement, or violations of data protection regulations, the Data Controller must indemnify the Data Processor. If there is a potential claim, the Data Processor agrees to notify the Data Controller as soon as possible so that the Data Controller can take the necessary action to resolve it.
The data processing agreement shall be governed and interpreted in accordance with Indian law. Any issues arising from or connected to this agreement will be resolved by Indian courts only.
As data protection regulations and our business operations change, we reserve the right to revise and adjust this Data Processing Agreement as necessary. Whenever possible, the Data Controller will receive notice of any changes to this agreement by electronic mail or letter with a reasonable amount of advance notice. If the Data Controller does not object within a reasonable period of time, the updated terms will be presumed accepted.
