This Data Processing Agreement (DPA) sets forth the terms and responsibilities between Stratuspeakenterprises (referred to as the “Data Processor”) and the organization or individual accepting this agreement (referred to as the “Data Controller”). This agreement becomes effective as of the date mutually agreed upon (the “Effective Date”).

Role of the Data Controller

The Data Controller holds the authority to determine the reasons for collecting personal data and the way it should be processed. They are solely responsible for defining the purpose and the manner in which data processing activities take place.

Role of the Data Processor

The Data Processor, in this case Stratuspeakenterprises, is entrusted with handling personal data strictly in accordance with the instructions and objectives defined by the Data Controller. The Processor shall not process any personal data for its own purposes.

Understanding Personal Data

“Personal Data” refers to any information that can identify, directly or indirectly, an individual. This includes names, contact details, identification numbers, online identifiers, or any data tied to an individual’s identity.

Processing Activities

Processing involves a wide range of operations performed on personal data. This includes collecting, recording, organizing, storing, modifying, accessing, transferring, or deleting personal data.

Data Security Commitments

To ensure the safety and confidentiality of personal data, the Data Processor will implement robust technical and organizational security measures. These measures are designed to prevent unauthorized access, data leaks, or any unlawful processing.

Commitment to Confidentiality

All personal data handled by the Data Processor and its authorized personnel must remain strictly confidential. No personal data shall be shared with any third party without proper authorization, unless required by law.

Support for Data Subject Rights

The Data Processor will assist the Data Controller in fulfilling requests from data subjects, including those related to access, correction, deletion, or restriction of their personal data, as per applicable data protection laws.

Handling Data Breaches

If a data breach occurs, the Data Processor will promptly notify the Data Controller and take all necessary steps to mitigate potential risks and limit the impact of the breach.

Use of Subprocessors

If the Data Processor needs to engage subprocessors to support the processing of data, it must obtain prior written approval from the Data Controller. All subprocessors must follow the same data protection obligations outlined in this agreement.

Legal Compliance

Both the Data Controller and Data Processor commit to complying with all applicable data protection laws and regulations, including but not limited to the Information Technology Act and related rules enforced in India.

Audit and Inspection Rights

The Data Controller reserves the right to conduct audits to ensure the Data Processor’s compliance with this agreement. Such audits will be conducted with prior notice and during regular business hours.

Data Deletion Upon Termination

Upon the conclusion or termination of this DPA, the Data Processor will, as instructed by the Data Controller, either securely delete or return all personal data, unless retention is required by applicable law.

Data Retention Practices

Personal data will only be retained for as long as necessary to fulfill the intended purpose or as mandated by legal obligations. Data no longer needed will be securely deleted or anonymized.

Change Notification Obligations

The Data Processor agrees to inform the Data Controller of any legal or regulatory changes that may impact personal data processing obligations or rights under this agreement.

Liability Terms

Each party’s liability will be governed by the terms and conditions of the overarching agreement between them. Any breach of this DPA will be addressed accordingly and in alignment with the main service agreement.

Indemnification

The Data Processor agrees to indemnify and protect the Data Controller from any legal, regulatory, or financial consequences that arise due to a breach of applicable data protection laws or this agreement.

Governing Law

This DPA shall be governed and interpreted in accordance with the laws of India, without regard to any conflict of laws principles.

Amendments

Any amendments or modifications to this DPA must be documented in writing and mutually agreed upon by both the Data Processor and Data Controller.

By entering into this agreement, both parties confirm their understanding and acceptance of the responsibilities outlined above as of the Effective Date.