.webp)
.webp)
.webp)
.webp)
This Data Processing Agreement (“DPA”) establishes a legally binding understanding between Seribiz Software Solutions, referred to as the “Data Processor,” and the entity accepting these terms, referred to as the “Data Controller”.
Obligations of the Data Controller
The Data Controller holds the responsibility for defining the purposes and lawful basis for processing personal data and for ensuring adherence to all relevant data protection rules and obligations.
Obligations of the Data Processor
The Data Processor is granted authority by the Data Controller to handle personal data solely in line with the Controller’s documented instructions and applicable data privacy legislation.
What Constitutes Personal Data
Under data protection laws, “personal data” refers to any information that can directly or indirectly identify a natural individual.
Extent of Data Processing
Processing encompasses all activities related to personal data—such as collection, structuring, storing, modifying, retrieving, transmitting, or deleting—carried out exclusively under the Controller’s guidance.
Security Measures for Data
The Data Processor must implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, breaches, or misuse.
Confidentiality Assurance
All personal data processed must be kept confidential. The Data Processor and its personnel must not disclose any data to unauthorized individuals under any circumstances.
Rights of Data Subjects
The Data Processor is obligated to assist the Data Controller in addressing any data subject requests for access, correction, limitation, or removal of their personal data.
Handling Data Breaches
In the event of a breach involving personal data, the Data Processor must promptly notify the Data Controller and take all necessary actions to mitigate harm and prevent recurrence.
Use of Third-Party Subprocessors
The Data Processor may only engage subprocessors with prior written consent from the Data Controller. All subprocessors must follow equivalent standards for data protection.
Compliance with Regulations
Both the Data Processor and Data Controller affirm their ongoing commitment to complying with all applicable data protection laws and regulatory standards governing their operations.
Audit and Verification Rights
The Data Controller reserves the right to audit or request verifiable proof that the Data Processor is operating in compliance with the terms set forth in this DPA, subject to reasonable prior notice.
Data Retention and Final Disposal
At the end of the agreement term, the Data Processor must either return all personal data or permanently erase it, as instructed explicitly by the Data Controller.
Data Storage Duration
Personal data shall be retained only for the period necessary to accomplish the stated purposes or as required by applicable legal obligations.
Notification Duties
The Data Processor must inform the Data Controller without delay of any legislative or regulatory changes that may influence the manner or legality of data processing activities.
Limitation of Responsibility
The liability of each party under this agreement shall align with the provisions laid out in the primary service agreement between them.
Indemnification Clause
The Data Processor agrees to indemnify and hold the Data Controller harmless against any legal actions, claims, or penalties resulting from breaches of this DPA or relevant data protection obligations.
Governing Law
This Agreement shall be interpreted and enforced in accordance with the laws of India, excluding any conflict-of-law provisions.
Amendments and Modifications
Any changes or revisions to this DPA must be formally documented and mutually signed by both parties to be considered legally valid.
Acknowledgment and Acceptance
By entering this Agreement, both parties affirm their understanding of and agreement to the terms contained within this Data Processing Agreement.
