Please find on this page the terms and conditions governing the processing of personal data in compliance with data protection regulations. The purpose of this agreement is to establish a clear and transparent framework for how we handle and safeguard your personal information when you use our payment gateway. Our commitment to protecting your rights and interests is reflected in this agreement, which guarantees the privacy and security of your personal information. We will define in this document the roles and responsibilities of both parties involved in the data processing activities and clarify the purposes for which your data is processed.
Data Controller
Our payment gateway services are governed by a Data Controller who determines the purposes and methods for processing personal data. A Data Controller is responsible for collecting and processing certain types of personal data required for the initiation and completion of payment transactions. As part of our commitment to protecting your personal data, we ensure its security and confidentiality in accordance with applicable laws and regulations. According to this Data Processing Agreement, the Data Controller is responsible for defining the lawful basis for processing, implementing data protection policies, and responding to data subject requests.
Data Processor
It is the Data Processor's responsibility to process personal data on behalf of the Data Controller. The Data Processor acts strictly in accordance with instructions provided by the Data Controller and solely for the purposes defined in this Agreement. In order to maintain the security and confidentiality of the data entrusted to them, the Data Processor complies with applicable data protection laws and regulations.
Personal Data
As defined in this Data Processing Agreement, personal data refers to any information relating to an identified or identifiable natural person. Our payment gateway services may process personal data such as names, contact information, financial information, and transaction information. In accordance with applicable laws and regulations, personal data is only processed for specific and legitimate purposes, as outlined in this agreement. Managing personal data responsibly is paramount to us, and this agreement sets forth the terms and conditions under which such data will be handled in the context of our payment gateway services.
Processing Activities
All actions and operations performed on personal data within the framework of our payment gateway services are included in this Data Processing Agreement. Among these activities are the collection, recording, organization, structuring, storage, retrieval, use, disclosure, and deletion of personal data. Whenever possible, the Data Controller ensures that the processing of personal data complies with the laws and regulations governing data protection.
Data Security Measures
To safeguard personal data processed within the scope of our payment gateway services, we have implemented a range of robust measures. In addition to encryption, access controls, firewalls, and regular security assessments, these measures protect personal data from unauthorized access, disclosure, alteration, or destruction. In the event of a security incident, we have established a data breach response plan to ensure the confidentiality, integrity, and availability of your personal information. Data protection best practices are taught to our personnel, and we conduct regular security audits to assess the effectiveness of our security measures.
Confidentiality
As part of this Data Processing Agreement, confidentiality is a fundamental principle governing our data processing activities. We are committed to maintaining the strictest confidentiality regarding all personal data entrusted to us, ensuring that it is accessible only to authorized personnel for legitimate processing purposes. We require our employees and subcontractors who process data to sign confidentiality agreements to prevent unauthorized disclosure or use of personal information. As specified in this agreement, confidentiality extends throughout all phases of data processing, including collection, storage, transmission, and eventual deletion.
Data Subject Rights
As outlined in this Data Processing Agreement and in accordance with applicable data protection laws, data subjects have certain rights regarding the processing of their personal data. As part of these rights, you may have access to, rectify, and delete your personal information, as well as restrict or object to specific processing activities. When applicable, data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. We are committed to facilitating the exercise of these rights by data subjects and will respond promptly to requests submitted in accordance with this agreement.
Data Breach Response
A comprehensive data breach response plan has been developed to address the situation promptly and effectively in the event of a data breach. Our response plan includes procedures for identifying and assessing breaches, notifying the appropriate authorities, and communicating with affected data subjects. In the event of a data breach, we are committed to taking all necessary steps to mitigate the impact, including implementing remedial measures and preventing further unauthorized access.
Sub Processing
In accordance with this Data Processing Agreement, we may use sub-processors to assist us in the processing of personal data related to our payment gateway services. The sub-processors are carefully selected and assessed to ensure they meet the same stringent data protection standards and obligations. In compliance with applicable data protection laws, we only use sub-processors with the prior written consent of the Data Controller.
Audit Rights
In order to verify compliance with the terms and conditions of this Data Processing Agreement and applicable data protection laws, the Data Controller reserves the right to audit our data processing activities. Requests for audits should be submitted in writing and include the scope, purpose, and timeframe. We will fully cooperate with the Data Controller's audit activities, providing access to relevant documentation and information as needed. Our audits will be conducted in a manner that minimizes disruption to our operations while ensuring transparency and accountability.
Deletion of Data
Data processed within the scope of our payment gateway services will be retained only for the duration necessary to fulfill the purposes outlined in this Data Processing Agreement. Upon expiration of the data retention period or upon request from the Data Controller, we will securely and completely delete all personal data, including copies and backups. The deletion of data will be done using secure methods to prevent accidental or unlawful destruction, loss, alteration, or disclosure.
Retention of Data
We will retain personal data processed within the framework of our payment gateway services for no longer than is necessary to achieve the purposes outlined in this Data Processing Agreement. Depending on the specific processing activity, regulatory requirements, and instructions from the Data Controller, the retention period may vary. In the event that personal data is no longer required for a defined purpose, we will securely delete or anonymize it, ensuring that it can no longer be identified or accessed.
Notification Obligations
We are committed to promptly notifying the Data Controller of any breach of personal data that poses a risk to the rights and freedoms of data subjects. All relevant information about the breach, its potential consequences, and the measures taken or proposed to address the breach will be included in notifications. As part of our investigation and mitigation efforts, we will cooperate fully with the Data Controller to prevent a repeat of the breach.
Liability
This Data Processing Agreement limits our liability to the extent permitted by applicable data protection laws. In accordance with the Data Controller's instructions and our obligations under this agreement, it is our responsibility to process personal data. In the event that personal data is processed, we will not be liable for any indirect, incidental, special, or consequential damages, including, but not limited to, loss of profits or revenue. Furthermore, we are responsible for the Data Controller's failure to comply with their obligations under data protection laws and regulations.
Indemnification
A Data Controller agrees to indemnify and hold the Data Processor harmless from any claims, losses, or liabilities arising from the Data Controller's breach of their obligations under this Data Processing Agreement or any applicable data protection laws. The indemnification includes, but is not limited to, legal fees, costs, and expenses incurred by the Data Processor in defending against such claims or liabilities. Any breach of data protection laws, unauthorized processing, or non-compliance with the terms of this agreement constitutes a breach of the Data Controller's obligation to indemnify the Data Processor. In the event of a potential claim, the Data Processor agrees to promptly notify the Data Controller so that the Data Controller can take appropriate action.
Governing Law
The Data Processing Agreement shall be governed by and construed in accordance with the laws of India. In the event of any dispute arising out of or related to this agreement, Indian courts shall have exclusive jurisdiction.
Changes to the Agreement
To ensure alignment with evolving data protection laws and our business practices, we reserve the right to make changes and updates to this Data Processing Agreement. Modifications to this agreement will be communicated to the Data Controller in writing or by electronic means with reasonable advance notice. The Data Controller will be deemed to have accepted the revised terms if he or she fails to object within a reasonable period of time.
