DATA PROCESSING AGREEMENT

THIS DATA PROCESSING AGREEMENT (herein defined as the “DPA”) is between Company xyz (hereinafter “Data Controller”) and IziFin Technologies Limited (hereinafter “Data Processor”).

BACKGROUND:

In connection with the Agreement, certain Personal Data concerning Data Subjects (both as defined below) may be transferred from the Data Controller to the Data Processor. This DPA is intended to govern such transfers.

1. DEFINITIONS:

1.1 Applicable Data Protection law: means the Data Protection Act or any secondary or related data or privacy legislation or regulation in force or as may vary from time to time which has jurisdiction in relation to the Data Subjects.
1.2 Data Subject: means an individual who is the subject of Personal Data.
1.3 Personal Data: means any and all personal data as defined by the Applicable Data Protection Law or other data or information belonging to any individual that the Processor obtains in performing the Services under the Principal Agreement.

2. TERMS

The parties agree that:

  1. 2.1 The Data Processor shall process Personal Data only for the purposes of carrying out their obligations arising under the Agreement.
  2. 2.2 The Data Controller shall instruct the Data Processor to process the Personal Data in any manner that may reasonably be required in order for the Data Processor to carry out the processing in compliance with this DPA and in compliance with Applicable Data Protection law. The Data Controller shall refrain from providing instructions that are not in accordance with applicable laws including Applicable Data Protection law, and, in the event that such instructions are given, the Data Processor is entitled to resist carrying out such instructions.
  3. 2.3 This DPA shall continue for no less a term than the term of the Agreement.
  4. 2.4 The rights and obligations of the parties with respect to each other under this Clause ‎2 shall survive any termination of the DPA.

3. OBLIGATIONS OF THE DATA PROCESSOR

The Data Processor warrants and undertakes that:

  1. 3.1 It will comply with all applicable laws including Applicable Data Protection law in its performance of this DPA.
  2. 3.2 It will only process the Personal Data on the instructions of the Data Controller.
  3. 3.3 It will not appoint sub-processors to process the Personal Data on its behalf without the prior written approval of the Data Controller.
  4. 3.4 Once approved by the Data Controllers, sub-processors will only process the Personal Data on the instructions of the Data Processor, and the Data Processor will put in place a legal agreement in writing to govern the sub-processing.
  5. 3.5 It will have in place appropriate technical and organizational measures, and all measures pursuant to Applicable Data Protection law, to protect the confidentiality of the Personal Data and to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.
  6. 3.6 It will obtain guarantees from any sub-processors processing the Personal Data, that they will have in place appropriate technical and organizational measures, and all measures pursuant to Applicable Data Protection law, to protect the confidentiality of the Personal Data and to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.
  7. 3.7 It will have in place procedures so that any individual party it authorises to have access to the Personal Data, including employees of the Data Processor, will respect and maintain the confidentiality and security of the Personal Data. Any person acting under the authority of the Data Processor shall be obligated to process the Personal Data only on instructions from the Data Processor. This provision does not apply to persons authorised or required by law or regulation to have access to the Personal Data.
  8. 3.8 It will not disclose any Personal Data to a third party in any circumstances other than at the specific written request of the Data Controller unless such disclosure is necessary to fulfill the obligations of the Services under the Agreement or is required by applicable law.
  9. 3.9 It will notify the Data Controller of any request for information by any order of any court of competent jurisdiction or any competent judicial, governmental, or regulatory body.
  10. 3.10 It will notify the Data Controller of any complaint, notice, or communication received which relates directly or indirectly to the processing of the Personal Data, or other connected activities, or which relates directly or indirectly to the compliance of the Data Processor and/or the Data Controller with relevant applicable law including Applicable Data Protection law.
  11. 3.11 It will give the Data Controller prompt notice of a Personal Data breach or a potential data breach, once becoming aware of same, and the Data Processor will cooperate with the Data Controller in implementing any appropriate action concerning the breach or the potential breach as the case may be, including corrective actions.
  12. 3.12 Save as otherwise required by law to maintain data records, it will delete from its systems all soft copies of any Personal Data and return all soft and hard copy documentation on the completion of the Agreement or on request from the Data Controller and will do so in a timely manner, giving a written confirmation of same having been done.
  13. 3.13 Without prejudice to other legal provisions concerning the Data Subject’s right to compensation and the liability of the parties generally, as well as legal provisions concerning fines and penalties, the Data Processor will carry full liability in the instance where it or its sub-processor is found to have infringed the terms of this DPA through the processing of the Personal Data.
  14. 3.14 It has no reason to believe, at the time of entering into this DPA, of the existence of any reason that would have a substantial adverse effect on the guarantees provided for under this DPA, and it will inform the Data Controller if it becomes aware of any such reason.
  15. 3.15 It will identify to the Data Controller a contact person within its organization authorized to respond to inquiries concerning the processing of the Personal Data and will cooperate in good faith with the Data Controller, and the Data Subject concerning all such inquiries within a reasonable time.
  16. 3.16 It will do all things necessary to comply with the Applicable Data Protection law and be responsible in accordance with law, for any infringement of privacy or disclosure arising from its negligence, howsoever caused.
  17. 3.17 It will be capable of demonstrating its compliance with the obligations of Applicable Data Protection law.

4. OBLIGATIONS OF THE DATA CONTROLLER

The Data Controller warrants and undertakes that:

  1. 4.1 The Personal Data has been collected, processed, and transferred in accordance with all Applicable Data Protection laws, and shall provide evidence of same to the Data Processor upon request.
  2. 4.2 It will respond to inquiries from Data Subjects concerning processing of the Personal Data by the Data Controller. Responses will be made within a reasonable time and in accordance with the Applicable Data Protection law.
  3. 4.3 It will make available, upon request, a copy of this DPA to Data Subjects who are relevant to the processing, the subject matter of this DPA, unless this DPA contains confidential information, in which case it may redact such information.

5. RIGHT OF AUDIT

Upon reasonable request of the Data Controller, the Data Processor will submit, and/or as appropriate its sub-processors will submit, data processing facilities, data files, and documentation used for processing, reviewing, auditing, and/or certifying by the Data Controller (or any independent or impartial inspection agents or auditors, selected by the Data Controller and not reasonably objected to by the Data Processor) to ascertain compliance with the warranties and undertakings in this DPA, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the Data Controller.

6. DATA SUBJECTS’ RIGHTS

The Data Processor will assist the Data Controller, whenever reasonably required, in so far as possible, to fulfill the Data Controller’s obligation to respond to requests for exercising the Data Subject’s rights as provided under Applicable Data Protection law and the Data Processor will have the appropriate organizational and technical measures in place to deal with Data Subject requests.

7. LIABILITY AND INDEMNITY

  1. 7.1 The Data Processor will not be liable for any claim brought by a Data Subject arising from any action by the Data Processor to the extent that such action resulted directly from the Data Controller’s instructions.
  2. 7.2 In the event that any claim is brought against the Data Controller by a Data Subject arising from any action by the Data Processor, to the extent that such action did not result directly from the Data Controller’s instructions, the Data Processor shall indemnify and keep indemnified and defend at its own expense the Data Controller against all costs, claims, damages or expenses incurred by the Data Controller or for which the Data Controller may become liable due to any failure by the Data Processor or its directors, officers, employees, agents or contractors to comply with any of its obligations under this DPA.
  3. 7.3 In the event that any claim is brought against the Data Processor by a Data Subject arising from any action or omission by the Data Processor to the extent that such action or omission resulted directly from the Data Controller’s instructions, the Data Controller shall indemnify and keep indemnified and defend at its own expense the Data Processor against all costs, claims, damages or expenses incurred by the Data Processor for which the Data Processor may become liable due to any failure by the Data Controller or its directors, officers, employees, agents or contractors to comply with any of its obligations under this DPA.

8. TERMINATION

  1. 8.1 In the event that either the Data Processor or the Data Controller is in breach of its obligations under this DPA, then either the Data Processor or the Data Controller may temporarily suspend the transfer of Personal Data to the Data Processor until the breach is repaired or the DPA is terminated.
  2. 8.2 In the event that:
  3. 8.2.1 compliance by the Data Controller with this DPA would put it in breach of its legal or regulatory obligations in the country of import;
  4. 8.2.2 the Data Processor or Data Controller is in substantial or persistent breach of any warranties or undertakings given by it under this DPA;
  5. 8.2.3 a final decision against which no further appeal is possible of a competent court has found that there has been a breach of this DPA by the Data Controller or the Data Processor; or
  6. 8.2.4 any equivalent event in any jurisdiction occurs, then the Data Controller, without prejudice to any other rights which it may have against the Data Processor, shall be entitled to terminate this DPA.
  7. 8.3 The parties agree that the termination of this DPA at any time, in any circumstances, and for whatever reason (except for termination under Clause 8.2) does not exempt them from the obligations and/or conditions under this DPA as regards the processing of the Personal Data transferred.

9. MISCELLANEOUS

  1. 9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.
  2. 9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.
  3. 9.3 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement unless required otherwise by the Applicable Data Protection Law.

Products

Data as a Service (DaaS)

Lending as a Service (LaaS)

Surveys

Regulations

NITDA

LEGAL

Terms Of Use

Privacy Policy

User Policy

Company

Partnerships

Contact

Pricing

Join Our newsLetter

SOCIALS

Copyrights 2024 Datamarket