We welcome you to our Data Processing Agreement page, where we outline the terms and conditions governing the processing of personal data. The purpose of this agreement is to establish a clear and transparent framework for how we handle and safeguard your personal data. As a commitment to protecting your rights and interests, this agreement ensures the privacy and security of your personal information. The purpose of this document is to clarify the roles and responsibilities of both parties involved in the data processing activities. 

Data Controller

In the context of our payment gateway services, the Data Controller determines the purposes and means of processing personal data. Payment transactions require certain types of personal data to be collected and processed by the Data Controller. We are committed to protecting your personal information in accordance with applicable data protection laws and regulations. In accordance with this Data Processing Agreement, the Data Controller is responsible for defining the lawful basis for processing, implementing data protection policies, and responding to data subject requests.

Data Processor

As the entity responsible for processing personal data on behalf of the Data Controller, the Data Processor follows the instructions provided by the Data Controller and solely for the purposes specified herein. In addition to maintaining the security and confidentiality of the data entrusted to them, the Data Processor complies with applicable data protection laws and regulations.

Personal Data

As defined in this Data Processing Agreement, personal data is any information relating to an identified or identifiable natural person. Examples of personal data that may be processed within the scope of our payment gateway services include names, contact details, financial information, and transaction-related data. In accordance with applicable data protection laws and regulations, personal data is only processed for specific and legitimate purposes, as outlined in this agreement. We place a high priority on protecting and handling personal data responsibly, and this agreement sets out the terms and conditions under which such data is processed.

Processing Activities

All actions and operations performed on personal data within the framework of our payment gateway services are included in this Data Processing Agreement. Among these activities are the collection, recording, organization, structuring, storage, retrieval, use, disclosure, and deletion of personal data. The Data Controller processes personal data exclusively for specific and lawful purposes, ensuring compliance with data protection laws and regulations.

Data Security Measures

To safeguard personal data processed within the scope of our payment gateway services, we have implemented a number of robust measures. Security measures include encryption, access controls, firewalls, and regular security assessments to prevent unauthorized access, disclosure, alteration, or destruction of personal data. To ensure the privacy, integrity, and availability of personal data, we have established a data breach response plan. We conduct regular security audits to assess the effectiveness of our security measures, and our personnel are trained in data protection best practices. 

Confidentiality

Within the context of this Data Processing Agreement, confidentiality is a fundamental principle. All personal data entrusted to us will be treated with the strictest confidentiality, ensuring that only authorized personnel can access it for legitimate purposes. To protect personal data from unauthorized disclosure or use, our employees and subcontractors involved in data processing are bound by strict confidentiality agreements. The terms of this agreement specify that the confidentiality of data extends to all phases of processing, including collection, storage, transmission, and eventual deletion. 

Data Subject Rights

In compliance with applicable data protection laws, data subjects have certain rights regarding the processing of their personal data. These rights include the right to access, rectify, and delete personal data, as well as the right to restrict or object to specific processing activities. Whenever possible, data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. According to the procedures defined in this agreement, we will promptly respond to any requests submitted by data subjects in order to facilitate the exercise of these rights.

Response to Data Breach

To address a data breach quickly and effectively, we have established a comprehensive data breach response plan. In our response plan, we identify and assess the breach, notify the appropriate authorities, and communicate with affected data subjects, if necessary. All necessary measures will be taken to mitigate the impact of a data breach, including remedial measures and preventing further unauthorized access. 

Sub Processing 

We may engage sub-processors to assist us in processing personal data within the scope of our payment gateway services, as outlined in this Data Processing Agreement. We carefully select and assess sub-processors to ensure that they meet the same stringent data protection standards and obligations as specified in this agreement. Subprocessors are only used with the prior written consent of the Data Controller and in compliance with applicable data protection laws.

International Data Transfers 

If personal data is processed or stored outside of the jurisdiction in which the Data Controller operates, international data transfers may occur. Any international data transfers will be in accordance with applicable data protection laws, including the implementation of appropriate safeguards as necessary. Standard contractual clauses, binding corporate rules, and data protection mechanisms recognized by relevant data protection authorities can all serve as safeguards.

Audit Rights 

The Data Controller reserves the right to audit our data processing activities to ensure compliance with this Data Processing Agreement and applicable data protection laws. Requests for audits must be submitted in writing and should describe the scope, purpose, and timeframe. We will cooperate fully with the Data Controller's audit activities, providing access to relevant documentation and information as needed. We will conduct audits in a way that minimizes disruption to our operations and ensures transparency and accountability.

Deletion of Data

Our payment gateway services will retain personal data only for as long as necessary to fulfill the purposes outlined in this Data Processing Agreement. When the data retention period expires or upon request from the Data Controller, we will securely and completely delete personal data, including copies and backups. The deletion of data will be done using secure methods to prevent accidental or unlawful destruction, loss, alteration, or disclosure.

Retention of Data 

Payment gateway data will be retained only as long as necessary to achieve the purposes outlined in this Data Processing Agreement. Depending on specific processing activities, regulatory requirements, and the Data Controller's instructions, the retention period may vary. As soon as personal data is no longer needed for the defined purposes, we securely delete or anonymize it, ensuring that it cannot be identified or accessed. 

Notification Obligations 

Data breaches that threaten the rights and freedoms of data subjects will be promptly notified to the Data Controller. All relevant information about the breach, its potential consequences, and the measures taken or proposed to address the breach will be included in the notifications. To mitigate the breach and prevent its recurrence, we will fully cooperate with the Data Controller.

Liability 

This Data Processing Agreement limits our liability to the extent permitted by applicable data protection laws. In accordance with the Data Controller's instructions and the obligations set forth in this agreement, we process personal data. Neither we nor our agents shall be liable for any indirect, incidental, special, or consequential damages resulting from the processing of personal data, including, but not limited to, lost profits, revenue, or data. Furthermore, we are liable only if the Data Controller complies with their obligations under data protection laws and regulations.

Indemnification

By signing this Data Processing Agreement, the Data Controller agrees to indemnify and hold the Data Processor harmless from any claims, losses, or liabilities arising from the Data Controller's breach of their obligations. Legal fees, costs, and expenses incurred by the Data Processor in defending against such claims or liabilities are included in this indemnification. The Data Controller's obligation to indemnify the Data Processor extends to any breaches of data protection laws, unauthorized processing, or failure to comply with the terms of this agreement. If any potential claims arise, the Data Processor will promptly notify the Data Controller, allowing the Data Controller to take appropriate action. 

Governing Law

This Data Processing Agreement shall be governed by and construed in accordance with the laws of India. Any disputes arising from or related to this agreement shall be subject to the exclusive jurisdiction of Indian courts.

Changes to the Agreement

In order to maintain compliance with evolving data protection laws and business practices, we reserve the right to make changes and updates to this Data Processing Agreement. Modifications to this agreement will be communicated to the Data Controller in writing or electronically, giving reasonable advance notice whenever possible. The Data Controller will be deemed to have accepted the revised terms if he or she does not object within a reasonable timeframe.