This Data Processing Agreement (“DPA”) constitutes a legally binding arrangement between FUSIONERA SYSTEMS, acting as the “Data Processor,” and the entity accepting these terms, acting as the “Data Controller.” This Agreement governs how the Processor handles Personal Data in connection with the services provided to the Controller.
The Controller determines the purpose, scope, and lawful basis for the Processing of Personal Data and remains fully responsible for ensuring compliance with all applicable data protection laws.
The Processor processes Personal Data only on documented instructions received from the Controller and solely for the purpose of delivering the agreed services.
The Processor shall process Personal Data strictly for the following activities:
The Processor shall implement appropriate technical and organizational safeguards, including:
The Processor shall ensure that all authorized personnel are subject to confidentiality obligations and receive appropriate training on data protection and security practices.
The Processor shall assist the Controller, where required, in responding to requests from Data Subjects under applicable laws, including:
The Processor shall not appoint any Subprocessor without obtaining prior written approval from the Controller.
All authorized Subprocessors must be contractually bound by data protection obligations that provide a level of protection no less stringent than those set out in this Agreement.
The Processor shall inform the Controller within 24 hours of becoming aware of any Personal Data Breach.
Such notification shall include:
Upon reasonable notice, the Controller may conduct audits to verify the Processor’s compliance with this DPA. The Processor shall make available relevant records, policies, and compliance documentation necessary to demonstrate adherence to data protection obligations.
Personal Data shall be retained only for the duration necessary to fulfill service requirements and comply with applicable legal obligations.
Upon termination of services, the Processor shall securely return or delete all Personal Data, unless continued retention is required under applicable law.
The Processor shall promptly notify the Controller if any change in applicable law or regulation impacts its ability to process Personal Data in accordance with this Agreement.
Each Party shall be responsible for damages resulting from its own breach of this Agreement. The Processor agrees to indemnify the Controller against any penalties, claims, or losses arising from the Processor’s failure to comply with its data protection obligations.
This Agreement shall be governed by the laws of India. Any disputes arising under or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of India.
Any modifications or amendments to this Agreement must be made in writing and duly executed by both Parties.
By entering into this Agreement, both Parties confirm that they have read, understood, and agreed to the terms and conditions set forth in this Data Processing Agreement.