Skip to content
+91-11-43791919
Get a Quote Contact Us
Legal

Data Processing Agreement

Effective Date: March 15, 2026

DPDP & GDPR
Compliant
Transparent
Policies
Regular
Reviews
Dpa Policy

Last Updated: March 15, 2026

Version: 1.0  |  Effective Date: 4 March 2026

1. Scope and Applicability

This Data Processing Agreement ("DPA") forms part of the service agreement between Codesaint Technologies Pvt. Ltd. ("Data Processor") and the client ("Data Fiduciary") for the processing of personal data in connection with the services provided.

2. Definitions

Terms used in this DPA have the meanings assigned to them in the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the General Data Protection Regulation ("GDPR"), as applicable.

3. Data Processing Obligations

The Data Processor shall:

  • Process personal data only on documented instructions from the Data Fiduciary
  • Ensure persons authorized to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Not engage sub-processors without prior written authorization from the Data Fiduciary
  • Assist the Data Fiduciary in responding to Data Principal rights requests
  • Delete or return all personal data upon termination of services, unless retention is required by law

4. Security Measures

Codesaint implements the following measures to protect personal data:

  • Encryption of data in transit and at rest
  • Regular access reviews and role-based access control
  • Network security monitoring and intrusion detection
  • Regular security assessments and penetration testing
  • Incident response procedures and breach notification protocols

5. Data Breach Notification

In the event of a personal data breach, the Data Processor shall notify the Data Fiduciary without undue delay (and in any case within 72 hours) after becoming aware of the breach. Notification shall include the nature of the breach, categories and approximate number of data subjects affected, and measures taken to address the breach.

6. Sub-Processing

The Data Processor maintains a list of approved sub-processors. Any changes to sub-processors will be communicated to the Data Fiduciary with at least 30 days prior notice.

7. International Transfers

Personal data transfers outside India shall comply with Section 16 of the DPDP Act and applicable notifications by the Central Government. For EU/EEA data, transfers comply with Chapter V of the GDPR.

8. Audit Rights

The Data Fiduciary may audit the Data Processor's compliance with this DPA, subject to reasonable notice and during normal business hours.

9. Term and Termination

This DPA is effective for the duration of the service agreement. Upon termination, the Data Processor shall, at the Data Fiduciary's choice, delete or return all personal data within 30 days.

10. Contact

For questions about this DPA, contact: privacy@codesaint.in

Have Questions?
Contact Us
Need Help?
View FAQs

Other Policies

Privacy Policy
Updated 1 month ago
Terms of Service
Updated 1 month ago
Cookie Policy
Updated 1 month ago
Refund & Cancellation Policy
Updated 1 month ago

We use cookies to enhance your experience and analyze site traffic. Cookie Policy

Cookie Preferences

Essential

Required for the website to function. Cannot be disabled.