This Data Processing Agreement ("Agreement") outlines the terms governing the processing of personal data between Quantum Techfin ("Processor") and the party agreeing to these terms ("Controller"), effective from (Effective Date).
The Controller defines the goals and legal basis for handling personal data and guarantees adherence to data protection regulations.
The Processor is authorized by the Controller to handle personal data solely based on documented instructions provided by the Controller and must follow relevant data privacy laws throughout all processing operations.
Under data protection legislation, "personal data" consists of any details that, alone or together, may reveal the identity of a living person.
Processing covers a broad range of operations such as collection, categorization, storage, alteration, retrieval, transfer, and removal of personal data, all carried out as per the Controller’s directions.
The Processor is required to adopt robust technical and organizational protocols to ensure the security of personal data, protecting it from loss, unauthorized access, misuse, or disclosure.
All personal data handled under this Agreement must remain strictly confidential. The Processor and all personnel involved must not disclose information to any party not explicitly authorized.
The Processor shall assist the Controller in addressing and fulfilling data subject rights, such as requests for access, correction, limitation of processing, or data deletion, in accordance with applicable laws.
In the event of a personal data breach, the Processor must promptly inform the Controller and take immediate action to contain and mitigate any resulting impact.
The Processor is prohibited from engaging any subprocessors without obtaining prior written consent from the Controller. If approved, all subprocessors must adhere to obligations that are consistent with those outlined in this Agreement.
Both the Controller and Processor agree to fulfill all applicable data protection laws, rules, and industry standards related to personal data handling.
The Controller has the authority to initiate audits or request evidence demonstrating the Processor’s compliance with this Agreement, provided that reasonable prior notice is given.
At the conclusion of the contractual relationship, the Processor must, as instructed by the Controller, either return all personal data or delete it securely, ensuring no unauthorized retention.
Personal data shall only be stored for the time period necessary to meet the contractual purposes of this Agreement or in accordance with legal obligations requiring extended retention.
The Processor is obliged to notify the Controller without delay if any legal, regulatory, or procedural changes impact how personal data is processed under this Agreement.
The responsibilities and limitations concerning each party’s liability are governed by the principal agreement signed between them and remain applicable within this Data Processing Agreement.
The Processor commits to defending, indemnifying, and holding the Controller harmless against any damages, claims, or penalties resulting from the Processor’s failure to comply with data protection duties.
All matters associated with this Agreement shall fall under the jurisdiction of Indian law.
Any changes or updates to this Agreement will be valid only if documented in writing and signed by both the Controller and Processor.