Data Processing Agreement

Home 
/ Data Processing Agreement

This Data Processing Agreement (“Agreement” or “DPA”) constitutes a legally binding arrangement between Padizone, acting as the Data Processor, and the entity accepting these terms, acting as the Data Controller. This Agreement governs the processing of Personal Data by the Processor in connection with the payment services provided to the Controller.

Roles and Responsibilities of the Parties

Data Controller

The Controller determines the purposes and lawful basis for the processing of Personal Data and remains fully responsible for compliance with all applicable data protection and privacy laws.

Data Processor

The Processor shall process Personal Data solely in accordance with the documented instructions of the Controller and exclusively for the purpose of providing payment and related services.

Scope of Processing

The Processor shall process Personal Data strictly for the following activities:

  • Initiation, authorization, processing, and settlement of payment transactions
  • Know Your Customer (KYC) verification and fraud prevention
  • Customer authentication, including two-factor authentication (2FA)
  • Transaction monitoring, reporting, and reconciliation
Security Measures

The Processor shall implement and maintain appropriate technical and organizational security measures to protect Personal Data, including but not limited to:

  • Compliance with security standards for the storage, processing, and transmission of cardholder data
  • Encryption of data both in transit and at rest
  • Multi-factor authentication for access to systems and infrastructure
  • Secure cryptographic key management practices
  • Periodic vulnerability assessments and penetration testing

The Processor shall ensure that all personnel with access to Personal Data are bound by confidentiality obligations and are adequately trained in data protection and security best practices.

Data Subject Rights

The Processor shall reasonably assist the Controller in fulfilling requests from Data Subjects in accordance with applicable data protection laws, including requests relating to:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to restrict or object to processing
Subprocessors

The Processor shall not appoint or engage any subprocessor without the prior written authorization of the Controller. All approved subprocessors shall be subject to written agreements imposing data protection obligations that are no less protective than those set forth in this Agreement.

Personal Data Breach Notification

The Processor shall notify the Controller without undue delay and in any event within 24 hours of becoming aware of a Personal Data Breach. Such notification shall include, to the extent available:

  • A description of the nature of the breach
  • The categories and approximate number of affected Data Subjects
  • Measures taken or proposed to contain and mitigate the breach
  • Steps planned to prevent recurrence of similar incidents
Audit and Compliance

Upon reasonable prior notice, the Controller may audit the Processor’s compliance with this Agreement. The Processor shall make available relevant documentation, policies, and certifications, including but not limited to security compliance reports, to demonstrate adherence to its obligations under this DPA.

Data Retention and Deletion

The Processor shall retain Personal Data only for as long as necessary to perform the services or to comply with applicable legal and regulatory obligations, including RBI-mandated retention requirements.

Upon termination or expiration of the services, the Processor shall securely delete or return all Personal Data to the Controller, unless continued retention is required by law.

Legal and Regulatory Changes

The Processor shall promptly notify the Controller if any change in applicable law, regulation, or regulatory guidance materially impacts its ability to process Personal Data in accordance with this Agreement.

Liability and Indemnification

Each Party shall be responsible for damages arising from its own breach of this Agreement. The Processor shall indemnify and hold harmless the Controller against any fines, penalties, claims, or losses resulting from the Processor’s failure to comply with applicable data protection obligations under this Agreement.

Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of India.

Amendments

Any modification or amendment to this Agreement shall be made in writing and executed by authorized representatives of both Parties.

Acknowledgment and Acceptance

By entering into this Agreement, both Parties acknowledge that they have read, understood, and agreed to be bound by the terms and conditions set forth in this Data Processing Agreement.

strenexo-footer-cta-email-icon
Next-Generation Tools For Every Modern Payment Need
Contact Us
Contact Us
Strenexo-logo

Your trusted partner for safe, fast, and easy secure online transactions. Start scaling your business now with our powerful, flexible and smart payment solutions.

Banking
Current Account API Banking Escrow
Payments
Payment Links Instant Settlement Smart Collect
Policies
Privacy Policy Terms & Conditions Cookies Policy Refund Policy Data Processing Policy Disclaimer
Get in Touch
strenexo-footer-email-icon
PADIZON FINTECH PRIVATE LIMITED
12, Murugappa Road, Chitra Nagar, Kotturpuram, Chennai, Chennai, Tamil Nadu, 600085.
strenexo-footer-email-icon

Copyright © PADIZON FINTECH PRIVATE LIMITED | All Rights Reserved.