Suspendisse interdum consectetur libero id. Fermentum leo vel orci porta non. Euismod viverra nibh cras pulvinar suspen.

Sign Up
image

Data processing Agreement

home - Data processing Agreement

This Data Processing Agreement (“DPA”) sets forth a legally binding agreement between asterionix, referred to as the “Data Processor,” and the entity accepting these terms, referred to as the “Data Controller.” This DPA governs the Processor’s collection, handling, and processing of Personal Data in connection with the Payment Solutions services provided by asterionix.

Roles of the Parties

  • Data Controller:

The Controller determines the purposes and legal grounds for processing Personal Data and retains overall responsibility for compliance with all applicable data protection laws.

  • Data Processor:

The Processor handles Personal Data strictly according to documented instructions from the Controller and only for the purposes of delivering the Payment Solutions services outlined in this agreement.

Scope of Processing

The Processor shall handle Personal Data exclusively for the following purposes:

  • Initiating, authorizing, and settling payment transactions.
  • Conducting KYC (Know Your Customer) verification and preventing fraud.
  • Authenticating customers, including two-factor authentication (2FA).
  • Generating transaction reports and performing reconciliation.
  • Ensuring compliance with RBI, NPCI, and relevant payment network regulations.

Security Measures

The Processor shall implement appropriate technical and organizational safeguards, including:

  • Compliance with standards for storing, processing, and transmitting cardholder data.
  • Encryption of Personal Data during transit and while at rest.
  • Multi-factor authentication for system access.
  • Secure management of encryption keys.
  • Regular vulnerability assessments and penetration testing.

All personnel handling Personal Data must maintain strict confidentiality and receive training in best practices for data security.

Data Subject Rights

The Processor shall assist the Controller in fulfilling requests from Data Subjects under applicable laws, including:

  • Right of access to Personal Data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure of Personal Data.
  • Right to data portability.
  • Right to restrict or object to processing.

Subprocessors

The Processor may not engage Subprocessors without prior written approval from the Controller.

All authorized Subprocessors must adhere to written agreements that impose data protection obligations at least as strict as those outlined in this DPA.

Data Breach Notification

The Processor must notify the Controller within 24 hours of becoming aware of any Personal Data Breach. Notifications should include:

  • The nature of the breach.
  • Categories and approximate number of affected Data Subjects.
  • Actions taken to contain and mitigate the breach.
  • Measures planned to prevent future breaches.

Audit and Compliance

The Controller may, upon reasonable notice, audit the Processor’s adherence to this DPA. The Processor shall provide access to relevant records, policies, and certifications, including compliance documentation.

Data Retention and Deletion

Personal Data will be retained only as long as necessary for payment processing and to comply with legal obligations, such as RBI-mandated retention periods.
Upon termination of services, the Processor shall securely delete or return all Personal Data unless retention is required by law.

Legal and Regulatory Changes

The Processor must promptly notify the Controller of any changes in laws or regulations that could impact its ability to process Personal Data in accordance with this Agreement.

Liability and Indemnification

Each Party is responsible for any damages caused by a breach of this Agreement. The Processor shall indemnify and hold harmless the Controller from any fines, claims, or losses arising from failure to comply with data protection obligations.

Governing Law and Dispute Resolution

This DPA shall be governed by the laws of India. Any disputes arising from or in connection with this Agreement shall fall under the exclusive jurisdiction of courts located in India.

Amendments

Any modifications to this Agreement must be made in writing and signed by both Parties to be valid.

Acknowledgment and Acceptance

By entering into this Agreement, both Parties confirm that they have read, understood, and agreed to the terms set forth in this Data Processing Agreement.