This page outlines the terms and conditions governing the processing of personal data in compliance with data protection regulations. This agreement outlines how we handle and safeguard your personal information when you use our payment gateway services. This agreement serves as a commitment to protect your rights and interests by ensuring the privacy and security of your personal information. We will define the roles and responsibilities of both parties involved in data processing activities and clarify the purposes of processing your data in this document.
Data Controller
Data Controllers are responsible for determining the purposes and methods of processing personal data within the scope of our payment gateway services. It is the Data Controller's responsibility to collect and process certain types of personal data required for the initiation and completion of payment transactions. Our commitment is to process your personal data in accordance with applicable data protection laws and regulations and to ensure its security and confidentiality. According to this Data Processing Agreement, the Data Controller is responsible for determining the lawful basis for processing, implementing data protection policies, and responding to data subject requests.
Data Processor
The Data Processor is responsible for the processing of personal data on behalf of the Data Controller. It acts strictly according to the instructions provided by the Data Controller and solely for the purposes defined in this agreement. In addition to maintaining the security and confidentiality of the data entrusted to it, the Data Processor is committed to processing personal data in compliance with applicable data protection laws and regulations.
Personal Data
This Data Processing Agreement defines personal data as any information about a natural person, known as a data subject, who can be identified or identified. Names, contact information, financial information, and transaction-related data are examples of personal data that may be processed through our payment gateway services. Data is processed solely for specific and legitimate purposes, as outlined in this agreement, and in accordance with applicable data protection laws and regulations. Using our payment gateway services requires the protection and responsible handling of personal data, and this agreement sets out the terms and conditions under which such data is processed.
Processing Activities
In this Data Processing Agreement, all actions and operations performed on personal data within the framework of our payment gateway services are covered. These activities include collecting, recording, organizing, structuring, storing, retrieving, using, disclosing, and deleting personal data. In accordance with data protection laws and regulations, personal data are processed exclusively for specific and lawful purposes defined by the Data Controller.
Data Security Measures
Providing secure payment gateway services is of paramount importance to us, which is why we have implemented a variety of robust security measures. In addition to encryption, access controls, firewalls, and regular security assessments, all of these measures are aimed at protecting personal data from unauthorized access, disclosure, alteration, or destruction. We have established a data breach response plan in case of any security incidents to ensure confidentiality, integrity, and availability of personal data. Data protection best practices are taught to our employees, and we conduct regular security audits to ensure the effectiveness of our security measures.
Confidentiality
In the context of this Data Processing Agreement, confidentiality is a fundamental principle. It is our policy to maintain strict confidentiality regarding all personal data entrusted to us, and to ensure that it is accessible only to authorized personnel for legitimate processing purposes. Our employees and any subcontractors involved in data processing are bound by strict confidentiality agreements to safeguard personal data from unauthorized disclosure or use. All phases of data processing are covered by confidentiality, from collection and storage to transmission and eventual deletion, in accordance with this agreement.
Data Subject Rights
As outlined in this Data Processing Agreement and in compliance with applicable data protection laws, data subjects have certain rights when their personal data is processed. Rights include the right to access, rectify, and delete personal data, as well as the right to restrict or object to specific processing activities. When applicable, data subjects also have the right to receive their personal data in a structured, commonly used, and machine-readable format. Our commitment is to facilitate the exercise of these rights by data subjects and will promptly respond to any requests submitted in accordance with the agreement's procedures.
Data Breach Response
To respond promptly and effectively to a data breach, we have established a comprehensive data breach response plan. As part of our response plan, we identify and assess the breach, notify the appropriate authorities, and communicate with data subjects affected by the breach, if necessary. In the event of a data breach, we will take all the necessary steps to mitigate the impact, including implementing remedial measures and preventing further unauthorized access.
Sub Processing
As outlined in this Data Processing Agreement, we may use sub-processors to assist in the processing of personal data within the scope of our payment gateway services. We carefully select and assess sub-processors to ensure they comply with the same strict data protection standards and obligations as outlined in this contract. Under applicable data protection laws, we always obtain prior written consent from the Data Controller before using sub-processors.
If personal data are processed or stored outside the jurisdiction where the Data Controller operates, may occur. we commit to complying with applicable data protection laws, including implementing appropriate safeguards. A data protection mechanism recognized by the relevant data protection authority could include standard contractual clauses, binding corporate rules, or binding corporate rules.
Audit Rights
We reserve the right to audit our data processing activities to ensure compliance with the terms and conditions of this Data Processing Agreement and applicable data protection laws. In addition to specifying the scope, purpose, and timeframe of the audit, audit requests must be submitted in writing. We will fully cooperate with the Data Controller's audit activities, providing access to relevant documentation and information as needed. We will conduct audits in a way that minimizes disruption to our operations while ensuring transparency and accountability.
Deletion of Data
We will retain personal data processed within the scope of our payment gateway services only for as long as necessary to fulfill the purposes outlined in this Data Processing Agreement. Upon expiration of the data retention period or upon request from the Data Controller, we will securely and completely delete personal data, including copies and backups. The deletion of data will be carried out using secure methods to avoid accidental or unlawful destruction, loss, alteration, or disclosure.
Retention of Data
Data processed within the framework of our payment gateway services will be retained only as long as is necessary to accomplish the purposes outlined in this Data Processing Agreement. Retention periods may vary based on the particular processing activity, regulatory requirements, and instructions from the Data Controller. In the event that personal data is no longer needed for the defined purposes, we will securely delete or anonymize the data, making it unidentifiable and unreachable.
Notification Obligations
Data subjects' rights and freedoms are protected in the event of a personal data breach. We will promptly notify the Data Controller of such a breach. A breach notification will include all relevant information about the nature of the breach, its potential consequences, and the measures taken or proposed to address it. As part of our cooperation with the Data Controller, we will investigate and mitigate the breach and take the necessary measures to prevent its recurrence.
Liability
It is our policy to limit our liability to the extent permitted by applicable data protection laws and the terms and conditions of this Data Processing Agreement. We are responsible for processing personal data in accordance with the Data Controller's instructions and the obligations set forth in this agreement. Neither we nor our affiliates are liable for indirect, incidental, special, or consequential damages resulting from the processing of personal data, including, but not limited to, loss of profits, revenue, or data. Further, our liability depends on the Data Controller's compliance with data protection laws and regulations.
Indemnification
Any claims, losses, or liabilities arising out of the Data Controller's breach of their obligations under this Data Processing Agreement or any applicable data protection laws will be indemnified by the Data Processor. Indemnification includes, but is not limited to, legal fees, costs, and expenses incurred by the Data Processor in defending against such claims or liabilities. If the Data Controller breaches data protection laws, or unauthorized processing occurs, or if this agreement is not followed, the Data Controller must indemnify the Data Processor. In the event that the Data Processor receives a potential claim, the Data Controller agrees to notify the Data Processor promptly so that appropriate measures can be taken.
Governing Law
This Data Processing Agreement shall be governed by and construed in accordance with Indian law. The exclusive jurisdiction of Indian courts shall apply to any dispute arising out of or relating to this agreement.
Changes to the Agreement
As data protection laws and our business practices evolve, we reserve the right to make changes and updates to this Data Processing Agreement. When possible, the Data Controller will be notified of any modification to this agreement in writing or via electronic means. In the event the Data Controller does not object to the proposed changes within a reasonable period of time, the revised terms will be deemed to have been accepted by the Data Controller.