Data Processing Agreement (DPA)

Our commitment to safeguarding personal data is outlined in this Data Processing Agreement (DPA), which governs the handling of such data by our platform on behalf of our users (Merchants). This agreement ensures compliance with applicable data protection laws and regulations, delineating the roles and responsibilities of the Data Controller and Data Processor, as well as the measures implemented to maintain the security and confidentiality of personal data.

Roles and Responsibilities

• Data Controller: The Data Controller, typically the Merchant, determines the purposes and methods of processing personal data provided through our payment gateway services.

• Data Processor: As the Data Processor, our platform processes personal data on behalf of the Data Controller, facilitating payment transactions and associated services as instructed by the Merchant.

Personal Data

Personal data refers to any information relating to identified or identifiable individuals, including but not limited to names, addresses, email addresses, and payment card details provided during the use of our services.

Processing Activities

We undertake various processing activities on personal data, including collection, storage, use, and disclosure, to facilitate payment transactions and deliver associated services.

Data Security Measures

Our platform implements robust data security measures to preserve the confidentiality, integrity, and availability of processed personal data. These measures include encryption, access controls, regular security audits, monitoring, and incident response protocols.

Confidentiality

We uphold strict confidentiality obligations regarding the handling of personal data, ensuring it is utilized solely for the purposes stipulated in the DPA. Our employees and third-party service providers involved in data processing are bound by confidentiality agreements.

Data Subject Rights

Users retain specific rights regarding their personal data, including the right to access, rectify, limit processing, erase data, object to processing, and request data portability. Our Privacy Policy provides comprehensive details on how to exercise these rights.

Data Breach Response

In the event of a data breach, we promptly respond, mitigate, and inform affected individuals and relevant authorities in compliance with applicable laws and regulations.

Subprocessing

We may engage third-party sub processors to assist in delivering our services, ensuring they adhere to the same stringent standards of security and data protection as we do.

Compliance with Laws

We are committed to complying with all relevant data protection laws and regulations, including the GDPR and CCPA, to ensure lawful, fair, and transparent processing of personal data.

Audit Rights

Upon request, we provide access to audit reports or other documentation demonstrating compliance with data protection laws and regulations.

Data Deletion and Retention

We promptly delete personal data upon request under certain circumstances and retain data only for as long as necessary to fulfill purposes outlined in the DPA.

Notification Obligations

In the event of a significant data breach, affected individuals are promptly notified in accordance with applicable laws and regulations.

Liability and Indemnification

Our liability for damages arising from the use of our services is limited, and users agree to indemnify and hold us harmless from any claims resulting from their use of our services.

Governing Law

This agreement is governed by the laws of India