The terms and conditions governing the processing of personal data are outlined on our Data Processing Agreement page. The purpose of this agreement is to establish a clear and transparent framework for handling and safeguarding your personal information. This agreement ensures the privacy and security of your personal information in order to protect your rights and interests. This document clarifies the roles and responsibilities of both parties involved in data processing.
Data ControllerThe Data Controller determines how and why personal data is processed through our payment gateway services. Payment transactions require the Data Controller to collect and process certain types of personal data. We are committed to protecting your personal information in accordance with applicable data protection laws. In this Data Processing Agreement, the Data Controller is responsible for defining the lawful basis for processing, implementing data protection policies, and responding to requests from data subjects.
Data ProcessorUnless otherwise specified, the Data Processor is responsible for processing personal data on behalf of the Data Controller. In addition to maintaining the security and confidentiality of data, data Processors comply with applicable data protection laws and regulations.
Personal DataThe Data Processing Agreement defines personal data as information about an identified or identifiable natural person. We may process personal data such as names, contact details, financial information, and transactional data through our payment gateway services. We will only process personal data for specific and legitimate purposes, as described in this agreement. This agreement outlines the conditions under which we handle and protect your data.
Processing ActivitiesIn the context of our payment gateway services, the Data Processing Agreement covers all actions and operations involving personal data. These activities include collecting, recording, organizing, structuring, storing, retrieving, using, disclosing, and deleting personal data. The Data Controller processes personal data exclusively for specific and lawful purposes in accordance with data protection laws and regulations.
Data Security MeasuresTo ensure the security of personal data processed as part of our payment gateway services, we have implemented a number of robust measures. In order to prevent unauthorized access, disclosure, alteration, or destruction of personal data, encryption, access controls, firewalls, and regular security assessments are used. As part of our data breach response plan, we ensure the privacy, integrity, and availability of personal data. Security audits are conducted regularly to assess the effectiveness of our security measures, and our personnel are trained in data protection best practices.
ConfidentialityA fundamental principle of this Data Processing Agreement is confidentiality. All personal data entrusted to us will be treated with strict confidentiality, ensuring that only authorized personnel have access. Data processing employees and subcontractors are bound by strict confidentiality agreements. Data confidentiality applies to all phases of processing, including collection, storage, transmission, and eventual deletion, under this agreement.
Data Subject RightsData subjects are entitled to certain rights regarding the processing of their personal data under applicable data protection laws. In addition to the right to access, rectify, and delete personal data, you have the right to restrict or object to certain processing activities. When possible, data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. Data subjects may exercise their rights in accordance with this agreement by submitting requests promptly.
Response to Data BreachWe have developed a comprehensive data breach response plan to address a data breach as quickly and effectively as possible. As part of our response plan, we identify and assess the breach, notify the appropriate authorities, and communicate with affected data subjects, if needed. All necessary measures will be taken to mitigate data breaches, including remediation and preventing further unauthorized access.
Sub ProcessingAs part of our payment gateway services, we may engage sub processors for the purpose of processing personal data. In accordance with the terms of this agreement, sub-processors are carefully selected and assessed to ensure they meet the same high data protection standards and obligations. According to applicable data protection laws, subprocessors can only be used with the Data Controller's prior written consent.
International Data TransfersData transfers may occur if personal data is processed or stored outside the jurisdiction of the Data Controller. When necessary, appropriate safeguards will be implemented during international data transfers to comply with applicable data protection laws. It is possible to use standard contractual clauses, binding corporate rules, and data protection mechanisms recognized by relevant data protection authorities as safeguards.
Audit RightsThe Data Controller reserves the right to audit our data processing activities to ensure compliance with this Data Processing Agreement and applicable data protection laws. Requests for audits should be submitted in writing and include a description of the scope, purpose, and timeline of the audit. We will cooperate with the Data Controller's audit activities, providing access to relevant documentation and information as needed. In order to minimize disruptions to our operations, we will ensure transparency and accountability during audits.
Deletion of DataPersonal data will be retained by payment gateway services only as long as necessary to fulfill the purposes outlined in this Data Processing Agreement. Data will be securely and completely deleted upon expiration of the data retention period or upon request from the Data Controller. Secure methods will be used to prevent accidental or unlawful destruction, loss, alteration, or disclosure of data.
Retention of DataTo achieve the purposes outlined in this Data Processing Agreement, payment gateway data will be retained only for as long as necessary. Based on specific processing activities, regulatory requirements, and the Data Controller's instructions, the retention period may vary. Once the data is no longer needed for the defined purposes, it is securely deleted or anonymized.
Notification ObligationsData breaches that threaten the rights and freedoms of data subjects will be reported promptly to the Data Controller. The notice will include all relevant information about the breach, its potential consequences, and the measures taken or proposed to address it. We will cooperate fully with the Data Controller in order to mitigate the breach and prevent its recurrence.
LiabilityThis Data Processing Agreement limits our liability in accordance with applicable data protection laws. We process personal data in accordance with the Data Controller's instructions and this agreement's obligations. We shall not be liable for any indirect, incidental, special, or consequential damages resulting from the processing of personal data, including, but not limited to, lost profits, revenue, or data. Furthermore, we are only liable if the Data Controller complies with its obligations under data protection laws.
IndemnificationAny claims, losses, or liabilities arising from the Data Processor's breach of their obligations will be indemnified and held harmless by the Data Controller. Indemnification includes legal fees, costs, and expenses incurred by the Data Processor in defending against such claims or liabilities. Any breach of data protection laws, unauthorized processing, or failure to comply with this agreement triggers the Data Controller's obligation to indemnify the Data Processor. Any potential claims will be notified promptly to the Data Controller, so that the Data Controller can take appropriate action.
Governing LawThe Data Processing Agreement shall be governed by and construed in accordance with the laws of India. Courts in India shall have exclusive jurisdiction over disputes arising from or related to this agreement.
Changes to the AgreementWe reserve the right to update this Data Processing Agreement as data protection laws and business practices evolve. Modifications to this agreement will be communicated to the Data Controller in writing or electronically with reasonable advance notice. A revised agreement will be deemed accepted if the Data Controller does not object within a reasonable timeframe.