This Data Processing Agreement outlines the roles, responsibilities, and terms between Infraxcel IT Solution, hereafter referred to as the “Data Processor,” and the individual or organization accepting this agreement, referred to as the “Data Controller.” This agreement is effective from the mutually agreed commencement date (the “Effective Date”).

Responsibilities of the Data Controller

The Data Controller holds primary responsibility for deciding the objectives and legal basis for collecting and handling personal data. They determine how and why such data is processed.

Responsibilities of the Data Processor

The Data Processor, being Infraxcel IT Solution, is responsible for processing personal data solely as instructed by the Data Controller. The Processor will not use the data for any independent or unrelated purposes.

Definition of Personal Data

“Personal Data” is defined as any detail that can directly or indirectly identify an individual. This includes, but is not limited to, names, phone numbers, addresses, ID numbers, IP addresses, or other identifiable information linked to an individual.

Scope of Processing

Processing activities may involve collecting, storing, organizing, modifying, retrieving, transmitting, or erasing personal data. These operations are performed to meet the goals defined by the Data Controller.

Data Protection and Security

The Data Processor agrees to apply advanced organizational and technical safeguards to secure personal data against breaches, unauthorized disclosures, or unlawful access. These safeguards are essential to maintain data integrity and confidentiality.

Confidentiality Obligations

All personal data accessed or managed by the Data Processor or its authorized personnel must be kept strictly confidential. Data shall not be disclosed to third parties without explicit consent, except where legally required.

Assistance with Data Subject Rights

The Data Processor will support the Data Controller in addressing requests from individuals (data subjects) regarding their personal data—such as access, rectification, deletion, or data restriction—based on applicable legal requirements.

Response to Data Breaches

In the event of a data breach, the Data Processor will immediately inform the Data Controller and act swiftly to reduce risks and limit potential damage from the incident.

Engagement of Subprocessors

Should the Data Processor require the involvement of subprocessors, prior written consent from the Data Controller is mandatory. All subprocessors must adhere to the same privacy obligations set forth in this DPA.

Regulatory Compliance

Both parties affirm their compliance with relevant data protection regulations, including those under the Information Technology Act and other applicable Indian laws.

Audit and Monitoring Rights

The Data Controller maintains the right to conduct audits to verify the Data Processor’s adherence to this agreement. Such inspections will occur during standard business hours and with prior notice.

Post-Termination Data Handling

Upon termination of this agreement, the Data Processor is required—based on the Data Controller’s instructions—to securely delete or return all stored personal data, unless retention is required by law.

Data Retention Guidelines

Personal data shall only be retained for the period necessary to serve its intended processing purpose or as legally mandated. Once no longer needed, data will be either deleted or anonymized to protect individual privacy.

Change Notification

The Data Processor is obligated to notify the Data Controller of any legal or regulatory developments that could influence data processing practices or alter compliance responsibilities under this agreement.

Liability Clauses

The accountability of each party is subject to the provisions in their overarching agreement. Breaches of this DPA will be dealt with in accordance with the terms laid out in the primary service contract.

Indemnity Clause

The Data Processor agrees to indemnify the Data Controller against any legal or regulatory consequences, including penalties or damages, arising from violations of this DPA or applicable data protection laws.

Jurisdiction

This agreement will be interpreted and enforced in accordance with Indian laws, irrespective of any conflict of law principles.

Modifications to the Agreement

Any alterations or updates to this DPA must be formalized in writing and require mutual consent from both the Data Processor and the Data Controller.

Acceptance

By accepting this agreement, both parties confirm that they fully understand and agree to uphold the obligations and responsibilities stated herein as of the Effective Date.