DATA PROCESSING AGREEMENT

This Data Processing Agreement (“DPA”) outlines a legally enforceable arrangement between Contentsqure Digital (“Data Processor”) and the organization agreeing to these terms (“Data Controller”), effective as of (Effective Date).

Responsibilities of the Data Controller
The Data Controller is accountable for determining the purposes and legal basis for handling personal data and for ensuring full compliance with applicable data protection laws and standards.

Responsibilities of the Data Processor
The Data Processor is authorized by the Data Controller to handle personal data strictly in accordance with the Controller’s documented instructions and prevailing data protection laws.

Definition of Personal Data
According to data protection regulations, “personal data” includes any information that can directly or indirectly identify a natural person.

Scope of Data Processing
Processing refers to any operation carried out on personal data, including collection, organization, storage, alteration, retrieval, transfer, or erasure, based solely on the Controller’s directives.

Data Security Measures
The Data Processor shall employ adequate technical and organizational safeguards to ensure personal data is protected from unauthorized access, loss, or exposure.

Confidentiality Requirement
All personal data must remain strictly confidential. The Data Processor and its staff must not disclose data to any unauthorized party under any circumstances.

Data Subject Rights
The Data Processor shall support the Data Controller in fulfilling requests from data subjects regarding access, rectification, restriction, or deletion of their personal information.

Data Breach Response
In the event of a personal data breach, the Data Processor is required to inform the Data Controller without unnecessary delay and take appropriate steps to contain and minimize potential damage.

Use of Subprocessors
The Data Processor may only appoint subprocessors with prior written approval from the Data Controller. All subprocessors must comply with equivalent data protection standards.

Regulatory Compliance
Both parties affirm their commitment to comply with all relevant data protection laws and regulatory frameworks applicable to their operations.

Audit Rights
The Data Controller retains the right to audit or request evidence confirming the Data Processor’s compliance with the terms outlined in this DPA, with appropriate prior notice.

Data Retention and Disposal
Upon conclusion of this agreement, the Data Processor shall either return all personal data or securely delete it, in accordance with the Data Controller’s explicit instructions.

Retention Period of Data
Personal data may only be stored for the duration necessary to fulfill the purposes stated in the agreement, or as mandated by applicable law.

Obligation to Notify
The Data Processor must promptly inform the Data Controller of any changes in laws or regulations that could impact the processing of personal data.

Limitation of Liability
Each party’s responsibility under this agreement shall be governed by the terms specified in the main service contract between them.

Indemnity Clause
The Data Processor agrees to indemnify and defend the Data Controller against any legal claims or penalties arising from a breach of its data protection responsibilities.

Applicable Law
This DPA shall be governed by and interpreted in accordance with the laws of India, excluding any conflict-of-law principles.

Changes and Amendments
Any revisions or updates to this DPA must be documented in writing and signed by both parties to be considered valid and enforceable.

Acknowledgment
Both parties confirm their understanding and acceptance of the terms outlined in this Data Processing Agreement as of the effective date indicated above.