DATA PROCESSING AGREEMENT

  • Home
  • DATA PROCESSING AGREEMENT

Greetings and welcome to our Data Processing Agreement page, where we describe the guidelines for processing personal data in accordance with data protection laws. The purpose of this agreement is to provide a clear and understandable structure for how we manage and protect your personal information when you use our payment gateway services. This agreement is a promise to safeguard your rights and interests, and it demonstrates our dedication to maintaining the privacy and security of your personal information. We will outline the obligations of each party participating in the data processing activities as well as the reasons behind the processing of your data in this document.

DATA CONTROLLER

Within the context of our payment gateway services, the entity in charge of deciding how and why to process personal data is known as the Data Controller. Certain categories of personal data that are necessary for the start and finish of payment transactions must be gathered and processed by the data controller. We are dedicated to processing your personal information in accordance with current data protection laws and regulations and to taking the necessary precautions to guarantee its security and privacy. In compliance with this Data Processing Agreement, the Data Controller shall define the lawful basis for processing, put data protection policies into effect, and address requests from data subjects. 

DATA PROCESSOR

The organization in charge of handling personal data on behalf of the data controller is known as the data processor. The data processor rigorously complies with directives from the data controller and uses the information only for the purposes specified in this agreement. The Data Processor guarantees the security and privacy of the information entrusted to them and is dedicated to processing personal data in accordance with applicable data protection laws and regulations.

PERSONAL DATA 

Any information pertaining to an identified or identifiable natural person, often referred to as a data subject, is considered personal data as defined in this data processing agreement. In the course of providing our payment gateway services, we may process personal data such as names, contact information, financial data, and transaction-related data. It is crucial to remember that personal data is processed in accordance with applicable data protection laws and regulations, and only for the precise and legal objectives specified in this agreement. We place a high priority on the protection and responsible processing of personal data, and this agreement lays out the terms and conditions under which we treat that data when you use our payment gateway services.

PROCESSING ACTIVITIES

All operations and actions carried out on personal data while using our payment gateway services fall under the purview of the processing activities described in this Data Processing Agreement. These actions could involve gathering, logging, organizing, arranging, storing, retrieving, using, disclosing, and erasing personal information, among other things. Processing of personal data is limited to the particular and legitimate objectives specified by the data controller, in compliance with data protection laws and regulations. 

DATA SECURITY MEASURES

Since we place a high priority on data security, we have put in place a number of strong safeguards to protect any personal information handled as part of our payment gateway services. The goal of these security measures is to prevent unauthorized access, disclosure, alteration, or destruction of personal data. Examples of these measures are firewalls, access controls, encryption, and routine security assessments. In order to protect the privacy, availability, and integrity of personal information, we have set up a data breach response plan that will be implemented in the event of a security incident. Best practices for data protection are taught to our staff, and we regularly audit our security protocols to evaluate their efficacy.

CONFIDENTIALITY

Within the framework of this Data Processing Agreement, confidentiality is a basic concept that guides our data processing activities. We pledge to keep all personal information given to us completely confidential, making sure that only authorized workers can access it for legally permitted processing needs. Strict confidentiality agreements are in place for our staff members and any subcontractors that handle data, ensuring that personal information is protected from unwanted use or exposure. According to the conditions outlined in this agreement, confidentiality covers every stage of data processing, from gathering and storing it to transmitting it and finally deleting it.

DATA SUBJECTS RIGHTS 

In accordance with current data protection legislation and as specified in this Data Processing Agreement, data subjects have certain rights regarding the processing of their personal data. These rights include the ability to restrict or object to particular processing activities, as well as the ability to access, correct, and delete personal data. When appropriate, data subjects also have the right to obtain their personal information in a machine-readable, structured, and widely-used format. We are dedicated to helping data subjects exercise these rights, and we will reply to requests for assistance in a timely manner in line with the guidelines outlined in this agreement.

DATA BREACH RESPONSE

We have developed a thorough data breach response plan to deal with the incident as soon as possible and efficiently. Procedures for locating and evaluating the breach, alerting the relevant authorities, and, if required, getting in touch with the impacted data subjects are all part of our response strategy. We are dedicated to doing all within our power to lessen the effects of a data breach, including putting corrective measures in place and averting additional unauthorized access.

SUB PROCESSING

As specified in this Data Processing Agreement, we may use sub-processors' services to help us process personal data that falls under the purview of our payment gateway services. Sub-processors are chosen with care and evaluated to make sure they adhere to the same strict requirements for data protection as outlined in this agreement. We always obtain the Data Controller's prior written approval before using sub-processors, and we always abide by the relevant data protection legislation.

INTERNATIONAL DATA TRANSMISSIONS 

When personal data is processed or kept in places outside of the legal jurisdiction in which the data controller operates, there may be an international data transfer. We promise to follow all applicable data protection rules when transferring data internationally, including putting in place the necessary protections. Standard contract clauses, enforceable corporate policies, or reliance on data protection methods approved by pertinent data protection authorities are a few examples of these measures. 

AUDIT RIGHTS

In order to confirm compliance with the terms and conditions of this Data Processing Agreement and applicable data protection legislation, the Data Controller retains the right to audit our data processing activities. Requests for audits must be made in writing and must include the audit's objectives, scope, and timeline. We will assist the Data Controller with all of its auditing needs, offering access to pertinent records and data when needed. Our operations will be minimally disrupted during audits, which will also guarantee accountability and openness in data processing.

ERASURE OF INFORMATION

We shall only keep personal information processed as part of our payment gateway services for as long as is required to achieve the goals specified in this Data Processing Agreement. We shall make sure that all personal data, including copies and backups, is securely deleted when the data retention period expires or at the Data Controller's request. Data deletion shall be done securely to avoid unintentional or illegal loss, change, disclosure, or destruction.

DATA RETENTION 

We shall only keep personal data processed through our payment gateway services for as long as it takes to fulfill the objectives specified in this Data Processing Agreement. Depending on the particular processing activity, legal constraints, and the Data Controller's instructions, the retention duration may change. We shall securely erase or anonymize personal data to make sure it is no longer traceable or accessible when it is no longer needed for the specified reasons.

NOTIFICATION REQUIREMENTS 

We are dedicated to promptly informing the Data Controller of any breach involving personal data that could jeopardize the rights and freedoms of data subjects. All pertinent information on the type of breach, its possible effects, and the actions done or suggested to remedy the breach would be included in the notifications. In order to look into the breach, address it, and take the required precautions to keep it from happening again, we will work closely with the data controller. 

LIABILITY

The terms and conditions of this data processing agreement, as well as any applicable data protection legislation, limit our liability. Processing personal data on behalf of the Data Controller in compliance with the terms of this agreement and the Data Controller's instructions is our responsibility. Any indirect, incidental, special, or consequential damages—including, but not limited to, lost earnings, income, or data—that result from the processing of personal data will not subject us to liability. Furthermore, our liability is dependent on the Data Controller abiding by their legal and regulatory duties regarding data privacy. 

INDEMNIFICATION

In the event that the Data Controller violates this Data Processing Agreement or any relevant data protection legislation, the Data Controller undertakes to defend, indemnify, and hold the Data Processor blameless against any claims, losses, or liabilities. Legal fees, costs, and other expenditures paid by the Data Processor in defending against such claims or liabilities are included in this indemnity, although they are not the only ones. Any unauthorized processing, noncompliance with the provisions of this agreement, or violations of data protection regulations are all covered by the Data Controller's duty to indemnify the Data Processor. In order to provide the Data Controller with time to take the necessary action to resolve the issue, the Data Processor agrees to quickly notify the Data Controller of any potential claims. 

GOVERNING LAW

The laws of India shall govern and be interpreted in relation to this data processing agreement. The only authority over any issues resulting from or connected to this agreement will be Indian courts. 

MODIFICATIONS TO THE AGREEMENT

To keep this Data Processing Agreement up to date with changing data protection regulations and our business operations, we reserve the right to make revisions and adjustments. Any changes to this agreement will be sent to the Data Controller by electronic mail or writing letter, with a reasonable amount of advance notice whenever possible. The updated terms will be presumed accepted by the Data Controller if they are not objected to within a reasonable timeframe.

Copyright © PIXELPULSE IT SERVICES PRIVATE LIMITED .All Rights Reserved.