Data Processing Agreement

We are pleased you have visited our Data Processing Agreement page, which describes the guidelines for processing personal data in accordance with data protection laws. This agreement explains how we manage and protect your personal information in a clear, understandable manner. We are committed to protecting your privacy and security through this agreement, which safeguards your rights and interests. As well as describing the reasons for processing your personal information, this document outlines the obligations of each party involved. 

Data Controller

When we provide payment gateway services, the entity that decides how and why personal data is processed is referred to as the Data Controller. For a payment transaction to be initiated and completed, certain categories of personal data must be collected and processed by the data controller. In order to protect your privacy and security, we process your personal information in accordance with current data protection laws and regulations. Under this Data Processing Agreement, the Data Controller is responsible for defining the lawful basis for processing, implementing data protection policies, and responding to requests from data subjects.

Data Processor

Organizations that process personal data on behalf of data controllers are called data processors. Apart from adhering strictly to the instructions of the Data Controller, the Data Processor acts only for the purposes outlined in this agreement. The Data Processor is committed to protecting the privacy and security of personal information entrusted to them by complying with applicable data protection laws and regulations.

Personal Data

In this data processing agreement, personal data refers to any information that identifies or relates to a natural person. It may be necessary for us to process personal information such as names, contact information, financial information, and transaction-related information in order to provide payment gateway services. In accordance with applicable data protection laws and regulations, this agreement specifies the precise and legal purposes for which personal data will be processed. Our commitment to protecting and responsibly processing personal data is outlined in this agreement.

Processing Activities

This Data Processing Agreement applies to all operations and actions performed on personal data while using our payment gateway services. As part of these activities, personal information may be collected, entered, logged, organized, arranged, stored, retrieved, used, disclosed, and erased. The data controller processes personal data only for the specific and legitimate purposes specified by him or her to ensure compliance with data protection laws and regulations.

Data Security Measures

A number of strong safeguards have been implemented to ensure the security of all personal information handled by our payment gateway. Personal information is protected by these security measures in order to prevent unauthorized access, disclosure, alteration, or destruction. Firewalls, access controls, encryption, and routine security assessments are examples of these measures. In the event of a security incident, we have developed a data breach response plan that will ensure the protection, availability, and integrity of personal information. We regularly audit our security protocols to ensure they're effective, and we teach our staff the best practices for protecting data. 

Confidentiality

Our data processing activities are guided by a basic principle of confidentiality, as set forth in this Data Processing Agreement. Your personal information will be kept confidential, with only authorized employees having access to it for legal purposes. It is mandatory for all employees and subcontractors who handle personal information to sign strict confidentiality agreements. Throughout this agreement, the term "confidentiality" refers to the processing of personal data at all stages, including acquisition, storage, transmission, and deletion. 

Data Subject Rights

According to current data protection legislation and this Data Processing Agreement, data subjects have certain rights regarding the processing of their personal information. The right to restrict or object to particular processing activities, as well as the right to access, correct, and delete personal information, are among these rights. In addition, the data subject has the right to receive their personal information in a machine-readable, structured, and widely used format. By following the guidelines outlined in this agreement, data subjects exercising their rights can expect prompt assistance from us.

Data Breach Response

To deal with the incident as quickly and efficiently as possible, we developed a comprehensive data breach response plan. Among the steps we take as part of our response strategy are locating and evaluating the breach, notifying the appropriate authorities, and, if necessary, contacting the affected individuals. By implementing corrective measures and preventing further unauthorized access, we aim to minimize the effects of a data breach. 

Sub Processing 

In accordance with the terms of this Data Processing Agreement, we may use subprocessors to process personal data that falls under the purview of our payment gateway services. In accordance with this agreement, sub-processors are carefully selected and evaluated to ensure they adhere to the same strict data protection standards. When we use subprocessors, we obtain the prior written approval of the Data Controller, and we comply with all data protection laws. 

Audit Rights 

Data Controller reserves the right to audit our data processing activities in order to confirm compliance with this Data Processing Agreement and applicable data protection legislation. All audit requests must be in writing and include the audit's objectives, scope, and timeline. We will assist the Data Controller with its auditing needs, providing access to relevant records and data when necessary. During audits, our data processing will be transparent and accountable, which will minimize disruptions.

Deletion of Data

In accordance with this Data Processing Agreement, we will only retain personal information we process for the purposes of our payment gateway services for as long as necessary. All personal data, including copies and backups, will be securely deleted at the end of the data retention period or at the request of the Data Controller. In order to prevent unintentionally or illegally losing, altering, divulging, or destroying deleted data, it should be handled securely.

Retention of Data 

To fulfill the objectives identified in this Data Processing Agreement, we will only retain personal data processed through our payment gateway services for as long as necessary. Retention duration may vary depending on the particular processing activity, legal constraints, and instructions from the Data Controller. In order to ensure that it cannot be traced or accessed, all personal data that is no longer needed for the specified purposes will be securely erased or anonymized. 

Notification Obligations 

If we discover a breach of personal data that threatens the rights and freedoms of data subjects, we immediately notify the Data Controller. It is imperative that the notification contain all pertinent information regarding the type of breach, its potential consequences, and the actions taken or recommended to remedy the situation. In collaboration with the data controller, we will investigate the breach, address it, and take necessary measures to prevent it from happening again.

Liability 

Our liability is limited by the terms and conditions of this data processing agreement as well as any applicable data protection legislation. Our responsibility is to process personal data on behalf of the Data Controller in accordance with this agreement and the instructions of the Data Controller. In the event that personal data is processed, we will not be liable for indirect, incidental, special, or consequential damages. We are liable only if the Data Controller complies with their legal and regulatory obligations regarding the privacy of personal information.

Indemnification

Data Controllers shall defend, indemnify, and hold harmless the Data Processor from any claims, losses, or liabilities arising from violations of the Data Processing Agreement or applicable data protection legislation. In this indemnity, the Data Processor is protected against legal fees, costs, and other expenses incurred in defending against such claims or liabilities, although they are not the only ones covered. When unauthorized processing, noncompliance with this agreement, and violations of data protection laws occur, the Data Controller is responsible for indemnifying the Data Processor. Data Processors agree to inform the Data Controller immediately of any potential claims so that the Data Controller may take the necessary measures to resolve them.

Governing Law

As part of the data processing agreement, Indian law shall govern and be interpreted. This agreement is governed by Indian law, and the Indian courts will have sole authority over any disputes arising out of it.

Changes to the Agreement

We reserve the right to revise and adjust this Data Processing Agreement to keep it current with changes in data protection regulations and our business operations. Any changes to this agreement will be notified to the Data Controller with a reasonable amount of advance notice, whenever possible. Data controllers are presumed to have accepted updated terms if they do not object within a reasonable period of time.