Data Controller

The Data Controller, Azurepays, is the entity responsible for determining the purposes and means of processing personal data. This includes making decisions on what data is collected, how it is processed, and for what purposes. The Data Controller is entrusted with ensuring that all processing activities align with applicable data protection laws and regulations.

Data Processor

Azurepays, the Data Processor, is engaged by the Data Controller to carry out specific processing activities on behalf of the Data Controller. The Data Processor is obligated to act strictly in accordance with the instructions provided by the Data Controller and is bound by the terms of this agreement in relation to the processing of personal data.

Personal Data

Personal Data encompasses any information related to an identified or identifiable natural person. For a payment gateway website, this may include customer names, contact details, financial transaction information, and any other data processed during the course of providing payment services.

Processing Activities

This section details the specific activities involved in the processing of personal data. It includes the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available, alignment, combination, restriction, erasure, or destruction of personal data.

Data Security Measures

The Data Processor commits to implementing and maintaining robust security measures to ensure the confidentiality, integrity, and availability of the personal data processed. This may include encryption, access controls, regular security assessments, and other measures designed to protect against unauthorized access, disclosure, alteration, and destruction of personal data.

Confidentiality

Both parties commit to maintaining the confidentiality of personal data and any other proprietary or confidential information exchanged during the course of the agreement. This includes implementing measures to prevent unauthorized access or disclosure of such information.

Data Subject Rights

This section outlines the rights of individuals (data subjects) whose personal data is being processed. It includes the right to access, rectify, erase, object to processing, and the mechanisms in place to facilitate the exercise of these rights.

Data Breach Response

In the event of a data breach, the Data Processor outlines the procedures for promptly identifying, reporting, and mitigating the impact of the breach. This includes notifying the Data Controller and relevant authorities as required by applicable data protection laws.

Subprocessing

Specifies the conditions under which the Data Processor may engage subprocessors. The Data Processor is responsible for ensuring that any sub processors comply with the data protection obligations set forth in this agreement.

International Data Transfers

Details the mechanisms employed to ensure the lawful transfer of personal data across international borders. This may include the use of standard contractual clauses, binding corporate rules, or other legally recognized mechanisms.

Compliance with Laws

Both parties commit to complying with all applicable data protection laws and regulations governing the processing of personal data.

Audit Rights

The Data Controller retains the right to audit the Data Processor's compliance with the terms of this agreement. This may involve conducting regular assessments or specific audits as deemed necessary.

Data Deletion

Outlines the procedures for deleting or returning personal data upon the termination or expiration of the agreement, in accordance with applicable data protection laws.

Data Retention

Details the duration for which personal data will be retained and the purposes for which it will be retained. This is aligned with the principles of data minimization and storage limitation.

Notification Obligations

Specifies the obligations of the Data Processor to notify the Data Controller of any changes in processing activities or legal requirements that may impact the processing of personal data.

Liability

Defines the liability of each party in the event of a breach of the agreement or data protection laws. This includes indemnification for damages resulting from non-compliance.

Indemnification

Addresses the indemnification of each party against liabilities arising from a breach of the agreement. This is a mechanism to allocate responsibility and cover potential financial or legal consequences.

Governing Law

Specifies the governing law under which the agreement is interpreted and enforced. This provides clarity on the legal framework within which the agreement operates.

Amendments to the Agreement

Outlines the procedures for amending the agreement, including any notice and consent requirements from both parties. This ensures that changes to the agreement are made in a transparent and mutually agreeable manner.

This Data Processing Agreement is effective as of [Effective Date] and will remain in force until terminated by either party. The agreement reflects a commitment to ensuring the lawful and secure processing of personal data in accordance with applicable data protection laws.