Data Processing Agreement

The following page outlines the terms and conditions under which personal data is processed in accordance with data protection regulations. By using our payment gateway services, you consent to our handling and safeguarding of your personal information. The purpose of this agreement is to protect your rights and interests by ensuring the privacy and security of your personal information. This document outlines the roles and responsibilities of both parties involved in data processing activities and clarifies the purposes of processing your data. 

Data Controller

As part of our payment gateway services, Data Controllers are responsible for determining the purposes and methods for processing personal data. During the initiation and completion of a payment transaction, the Data Controller is responsible for collecting and processing certain types of personal data. We are committed to processing your personal data in accordance with applicable data protection laws and regulations. This Data Processing Agreement specifies that the Data Controller is responsible for determining the lawful basis for processing, implementing data protection policies, and responding to data subject requests.

Data Processor

The Data Processor is responsible for processing personal data on behalf of the Data Controller. It only acts in accordance with instructions provided by the Data Controller and solely for the purposes defined in this agreement. Furthermore, the Data Processor is committed to processing personal data in compliance with applicable data protection laws and regulations while maintaining the security and confidentiality of the data entrusted to it. 

Personal Data

The Data Processing Agreement defines personal data as information about a natural person who can be identified or identified, also known as a data subject. Data such as names, contact information, financial information, and transaction-related information may be processed through our payment gateway services. In accordance with applicable data protection laws and regulations, data is processed only for specific and legitimate purposes outlined in this agreement. Payment gateway services require the protection and responsible handling of personal data, and this agreement outlines how such data will be handled. 

Processing Activities

This Data Processing Agreement covers all actions and operations performed on personal data within the framework of our payment gateway services. Among these activities are the collection, recording, organizing, structuring, storing, retrieving, using, disclosing, and deleting of personal data. Personal data are processed solely for specific and lawful purposes defined by the Data Controller, in accordance with data protection laws and regulations.

 Measures for Data Security

In order to provide secure payment gateway services, we have implemented a variety of robust security measures. In addition to encryption, access controls, firewalls, and regular security assessments, all of these measures aim to prevent unauthorized access, disclosure, alteration, and destruction of personal data. Our data breach response plan ensures the confidentiality, integrity, and availability of personal data in case of any security incidents. To ensure the effectiveness of our data security measures, we teach our employees data protection best practices and conduct regular security audits. 

Confidentiality

Data processing agreements are based on a fundamental principle of confidentiality. All personal data entrusted to us are treated with strict confidentiality, and are accessible only to authorized personnel for legitimate processing purposes. To protect personal data from unauthorized disclosure or use, our employees and subcontractors involved in data processing are bound by strict confidentiality agreements. In accordance with this agreement, data processing is confidential during all phases, from collection to storage to transmission to eventual deletion.

Data Subject Rights

In compliance with applicable data protection laws, data subjects have certain rights when their personal data is processed. Personal data rights include access, rectification, and deletion, as well as the right to restrict or object to specific processing activities. In addition, data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. In accordance with the agreement's procedures, we will promptly respond to any requests submitted by data subjects to exercise these rights.

Data Breach Response

A comprehensive data breach response plan has been developed in order to respond promptly and effectively to a data breach. Our response plan involves identifying and assessing the breach, notifying the appropriate authorities, and communicating with data subjects affected by the breach, if necessary. Our team will take all necessary steps to mitigate the impact of a data breach, including implementing remedial measures and preventing further unauthorized access. 

Sub Processing 

To assist us in processing personal data within the scope of our payment gateway services, we may use sub-processors as outlined in this Data Processing Agreement. To ensure compliance with the strict data protection standards and obligations outlined in this contract, we carefully select and assess subprocessors. We obtain prior written consent from the Data Controller before using subprocessors under applicable data protection laws. 

Audit Rights 

In order to ensure compliance with the terms and conditions of this Data Processing Agreement and applicable data protection laws, we reserve the right to audit our data processing activities. Besides stating the scope, purpose, and timeframe of the audit, audit requests must be submitted in writing. Data Controller audit activities will be fully supported by us, and relevant documentation and information will be made available as needed. Our audits will be conducted in a transparent and accountable manner while minimizing disruption to our operations. 

Deletion of Data

In order to fulfill the purposes outlined in this Data Processing Agreement, we will retain personal data processed within the scope of our payment gateway services only for as long as necessary. Upon expiration of the data retention period or upon request from the Data Controller, we will securely and completely delete personal data, including copies and backups. In order to prevent accidental or unlawful destruction, loss, alteration, or disclosure of data, the deletion of data will be performed using secure methods. 

Retention of Data 

We will retain data processed within the framework of our payment gateway services only for as long as necessary to accomplish the purposes outlined in this Data Processing Agreement. Data retention periods may vary depending on the particular processing activity, regulatory requirements, and instructions from the Data Controller. Should personal data no longer be needed for the defined purposes, it will be securely deleted or anonymized, making it unidentifiable and unreachable. 

Notification Obligations 

In the event of a personal data breach, the rights and freedoms of data subjects are protected. In the event of a breach, we will notify the Data Controller as soon as possible. A breach notification should include all relevant information about the nature of the breach, its potential consequences, and the measures taken or proposed to address it. We will investigate and mitigate the breach as part of our cooperation with the Data Controller and take the necessary measures to prevent its recurrence.

Liability 

To the extent permitted by applicable data protection laws and the terms and conditions of this Data Processing Agreement, we limit our liability. Our responsibility is to process personal data in accordance with the Data Controller's instructions and this agreement's obligations. Any direct, indirect, incidental, special, or consequential damages resulting from the processing of personal data, including, but not limited to, lost profits, revenue, or data, are not covered by us or our affiliates. Furthermore, our liability depends on the Data Controller's compliance with data protection laws and regulations.

Indemnification

In the event that the Data Controller breaches their obligations under this Data Processing Agreement or any applicable data protection laws, the Data Processor will indemnify the Data Controller. A Data Processor's indemnification includes, but is not limited to, legal fees, costs, and expenses incurred in defending such claims or liabilities. In the event that the Data Controller breaches data protection laws, or unauthorized processing occurs, or if this agreement is not followed, the Data Controller must indemnify the Data Processor. Data Controller agrees to notify the Data Processor promptly if it receives a potential claim so that appropriate measures can be taken.

Governing Law

It is intended that this Data Processing Agreement be governed by and construed in accordance with Indian law. Any dispute arising out of or relating to this contract shall be subject to the exclusive jurisdiction of the Indian courts.

Changes to the Agreement

We reserve the right to update this Data Processing Agreement in line with changes in data protection laws and business practices. Any modification to this agreement will be notified to the Data Controller in writing or electronically whenever possible. The revised terms will be deemed accepted by the Data Controller if the Data Controller does not object within a reasonable period of time.