This agreement outlines how we handle your personal data whenever you use our payment solutions services. It is an important part of our service terms and ensures that we manage your data responsibly, transparently, and in full compliance with relevant data protection laws. By continuing to use our platform, you agree to the terms described here, which are designed to keep your information safe and secure throughout your relationship with us.
Who Controls the Data?
The Data Controller is the individual or entity that determines how and why personal data is processed. This is usually the user, merchant, or client using our services. The Controller is responsible for making sure the data is collected lawfully and that individuals are informed of its use. Our role is to follow the Controller’s instructions, which must comply with data protection regulations. We do not use the data for any purpose beyond what we are told.
Our Role as the Data Processor
We act as a Data Processor, which means we handle personal data only as directed by the Controller. Our responsibilities may include storing, transmitting, or safeguarding data. We do not make decisions about how the data is used. Our role is to carry out processing tasks responsibly while following applicable laws and maintaining robust data security practices.
What is Considered Personal Data?
Personal data refers to any information that can be used to identify someone, either directly or indirectly. This includes names, contact details, payment information, or device identifiers. We only collect the data necessary to provide our services. We never sell, share, or use your information for unauthorized purposes. The type of data we collect depends on how you use our platform.
What Does Data Processing Involve?
Our processing activities may include collecting, storing, transmitting, or organizing data to fulfill service requirements. Automated systems may be used to detect fraud, maintain security, or enhance platform functionality. Any data use outside the agreed purpose requires written approval from the Data Controller. We maintain logs for accountability and transparency.
How We Keep Your Data Safe
To protect your data, we implement strong technical and organizational measures. This includes encryption, secure servers, limited access controls, and regular system checks. Our staff is trained in data protection, and systems are monitored to detect and prevent unauthorized access or breaches.
Confidentiality Standards
All personal data is treated as confidential. Only authorized personnel who require access for specific tasks are allowed to view or handle data. These individuals are bound by confidentiality agreements. We do not share any personal data with third parties unless it is legally required or requested by the Data Controller. Any breach of confidentiality is treated with urgency and seriousness.
Your Data Rights
As a data subject, you have rights that allow you to access, update, delete, or limit how your personal data is used. We help the Data Controller address such requests as required by law. If you wish to exercise your rights, you should contact the Controller directly. We will provide support from our side whenever needed.
If a Data Breach Happens
If a breach occurs, we will notify the Data Controller without delay. Our report will explain what happened, what data was affected, and what steps were taken to control the situation. We take immediate action to minimize harm and prevent similar incidents. The Controller may need to inform users or authorities, depending on the severity of the breach.
Use of Subprocessors
We may work with trusted third parties (known as subprocessors) to help with data handling. These partners are thoroughly vetted and must meet our data protection standards. A full list of subprocessors is available upon request. We inform Controllers of any changes in subprocessors to allow feedback or objections.
Data Transfers and Compliance
Sometimes, data may need to be transferred across locations or to third parties. Any such transfer is done in compliance with legal standards and with proper safeguards. We never send data to unauthorized locations. If restrictions apply, we take alternate steps to stay compliant.
Following the Law
We are fully committed to following all applicable data protection laws. Our policies are regularly updated to reflect changes in regulations or services. If legally required to share data with authorities, we will comply only through the proper legal process. The Controller is also expected to maintain lawful data handling practices.
Audit Rights for Controllers
The Data Controller may request to inspect or audit how we handle their data. We cooperate fully, provide documentation, and help resolve any findings. Audits are scheduled in advance to avoid disruption. Confidentiality remains protected during and after all audits.
What Happens After Service Ends
Once our services are terminated, we either delete or return all personal data as instructed by the Controller. If data cannot be deleted immediately due to legal or technical reasons, it will be securely stored and removed as soon as possible. Confirmation of deletion can be provided upon request.
Data Retention Period
We retain personal data only as long as necessary to meet service and legal obligations. Once the retention period is over, data is either deleted or anonymized. If the Controller requests early deletion, we will accommodate it when possible.
Keeping Each Other Informed
Both parties agree to keep each other informed of any significant developments, such as audits, legal notices, or breaches that affect personal data. Prompt and clear communication ensures timely action and reduces risks on both sides.
Responsibilities and Accountability
Each party is responsible for fulfilling its part under this agreement. We are accountable for safe and legal data processing, and the Controller is responsible for ensuring data collection is lawful. If errors or issues occur, both parties agree to work together toward a fair resolution.
Indemnity Terms
The Controller agrees to cover any losses we suffer due to unlawful instructions or non-compliance with data laws. Likewise, we will cover any damages caused by our own failures. Indemnity covers direct costs and legal fees. Both sides are expected to act in good faith and minimize any losses.
Governing Law and Jurisdiction
This agreement is governed by Indian law. Any disputes arising from it will be settled in the appropriate courts within India. Before going to court, both parties agree to try resolving the issue through dialogue and mutual understanding.
Updates to This Agreement
We may update this DPA if there are changes to our services, operations, or the law. If major updates occur, we will inform you in advance. Continuing to use our services means you accept the new terms. We recommend checking this agreement regularly. Older versions may be saved for your reference.