Data Processing Agreement

This DPA outlines the legal relationship between Praket Consultancy, hereafter the “Data Processor,” and the entity that accepts these terms, hereafter the “Data Controller." It outlines the Processor’s obligations and responsibilities regarding the processing of Personal Data in connection with the payment solution services provided by the Processor.

Roles of the Parties

  • Data Controller: Determines the purposes and lawful basis for processing Personal Data and is responsible for ensuring compliance with all applicable data protection regulations.
  • Data Processor: Processes Personal Data exclusively based on documented instructions from the Controller and solely for the purpose of delivering payment solution services.

Scope of Processing

The Processor shall handle Personal Data strictly for the following purposes:

  • Initiation, authorization, and settlement of payment transactions
  • KYC (Know Your Customer) verification and fraud prevention measures
  • Customer authentication, including two-factor authentication (2FA)
  • Transaction reporting, reconciliation, and record-keeping
  • Compliance with RBI, NPCI, and other applicable payment network regulations

Security Measures

The Processor will implement appropriate technical and organizational safeguards, including:

  • Implementation of PCI DSS controls for cardholder data storage, processing, and transmission
  • Encryption of data in transit and at rest
  • Multi-factor authentication for system access
  • Secure key management practices
  • Regular vulnerability assessments and penetration testing
  • Ensuring all personnel maintain strict confidentiality and are trained in data security best practices

Data Subject Rights

The Processor will assist the Controller in addressing requests from Data Subjects in accordance with applicable laws, including:

  • Right to access
  • Right to correction or rectification
  • Right to erasure
  • Right to data portability
  • Right to restrict or object to processing

Subprocessors

The Processor shall not engage any Subprocessor without the prior written approval of the Controller.

Approved Subprocessors are required to execute contracts mandating compliance with data protection standards equivalent to this DPA.

Data Breach Notification

The Processor shall promptly notify the Controller within 24 hours of becoming aware of any Personal Data breach. Such notification must include:

  • Nature and scope of the breach
  • Approximate number and categories of affected Data Subjects
  • Steps taken to contain and mitigate the incident
  • Measures planned to prevent future breaches

Audit & Compliance

The Controller may, with reasonable notice, audit the Processor’s adherence to this DPA. The Processor will provide access to relevant records, policies, and certifications, including PCI DSS compliance reports.

Data Retention & Deletion

Personal Data shall only be retained as long as necessary for payment processing or legal compliance, including RBI-mandated retention periods. At the conclusion of services, the Processor will remove or return all Personal Data securely, except where laws require it to be retained.

Legal & Regulatory Changes

The Processor shall promptly inform the Controller of any changes in laws or regulations that may impact its ability to process Personal Data in compliance with this Agreement.

Liability & Indemnification

Each Party is responsible for damages resulting from a breach of this DPA. The Processor shall indemnify the Controller against any fines, claims, or damages arising from non-compliance with data protection obligations.

Governing Law & Dispute Resolution

All disputes under this Agreement shall be resolved in accordance with Indian law. Any disputes arising under this Agreement shall fall under the exclusive jurisdiction of the courts in India.

Amendments

Any modifications or amendments to this Agreement must be made in writing and signed by both Parties.

Acknowledgment and Acceptance

By entering into this Agreement, both Parties confirm their understanding of, and agreement to, the terms and obligations outlined in this Data Processing Agreement.

Menu
Home Payouts Onboarding Solutions FAQ Contact Us
Quick Links
Privacy Policy Terms & Conditions Refund Policy Cookie Policy Data Processing Agreement Disclaimer
Stay Connected
Mail
PRAKET CONSULTANCY PVT LTD,

410 Sandtown, California 94001, USA

Mail
info@example.com
Call
(888) 1234-5678

Copyright © PRAKET CONSULTANCY PVT LTD. All Rights Reserved.