Data Processing Agreement (DPA)
This Data Processing Agreement ("Agreement") establishes a legally binding relationship between Omniplex Software ("Processor") and the entity accepting these terms ("Controller"), effective as of (Effective Date).
Role of the Data Controller
The Data Controller holds the responsibility for determining the purposes and legal grounds for processing personal data and ensuring compliance with applicable data protection regulations.
Role of the Data Processor
The Data Processor is engaged by the Data Controller to process personal data exclusively in line with the instructions provided by the Controller and in compliance with relevant laws.
Definition of Personal Data
Under data protection laws, "personal data" refers to any information that can identify an individual, either directly or indirectly.
Scope of Data Processing Activities
Processing activities include, but are not limited to, collecting, organizing, storing, modifying, retrieving, transmitting, and deleting data, all in accordance with the Controller's instructions.
Data Security Responsibilities
The Data Processor must implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, or disclosure.
Confidentiality Requirements
Personal data must be kept confidential at all times. The Data Processor and its staff are prohibited from sharing data with any unauthorized third parties.
Rights of Data Subjects
The Data Processor shall support the Data Controller in responding to requests from data subjects regarding the access, correction, restriction, or deletion of their personal data.
Data Breach Notification
In case of a data breach, the Data Processor must notify the Data Controller promptly and take the necessary actions to mitigate potential risks.
Subprocessors
The Data Processor may not engage any third-party subprocessors without the prior written approval of the Data Controller. All subprocessors must adhere to the same data protection obligations as the Data Processor.
Compliance with Legal Requirements
Both parties agree to comply with all relevant data protection laws and regulations governing personal data processing.
Audit Rights
The Data Controller reserves the right to conduct audits or request relevant documentation to verify the Data Processor’s compliance with the terms of this Agreement, with reasonable prior notice.
Data Retention and Deletion
Upon termination of this Agreement, the Data Processor shall either return or securely erase all personal data processed, in accordance with the instructions provided by the Data Controller.
Retention Period
Personal data will be retained only for the duration necessary to fulfill the terms of this Agreement or as required by applicable laws.
Notification of Regulatory Changes
The Data Processor is required to notify the Data Controller promptly if any regulatory changes impact the processing of personal data.
Liability Clause
Each party’s liability under this Agreement will be governed by the terms outlined in the primary service agreement.
Indemnification
The Data Processor agrees to indemnify and hold the Data Controller harmless from any claims or penalties that arise due to non-compliance with data protection obligations.
Governing Law
Any disputes related to this Agreement will be governed by Indian laws and regulations.