Data Processing Agreement (DPA)
Effective Date: [Insert Date]
Between Cnsult.in (“Processor”) and Client (“Controller”)
1. Purpose
This DPA governs how Cnsult.in processes personal data on behalf of the client in compliance with:
-
GDPR
-
UK GDPR
-
CCPA
-
NDPR
-
POPIA
-
Other applicable global regulations
2. Data Processing Obligations
Cnsult.in agrees to:
-
Process data only under client instructions
-
Maintain strict confidentiality
-
Implement robust security measures
-
Report breaches within required timelines
-
Assist with data subject rights requests
-
Support audits and compliance checks
3. Subprocessors
Cnsult.in may engage approved subprocessors (cloud providers, analytics vendors, etc.).
All subprocessors must adhere to equivalent data protection standards.
4. Data Transfers
Any transfer outside the client’s jurisdiction will follow legal safeguards such as:
-
Standard Contractual Clauses (SCCs)
-
Adequacy decisions
-
Binding Corporate Rules (BCRs)
5. Data Retention & Deletion
Upon termination, Cnsult.in will:
-
Return all personal data
-
Delete or anonymize data unless legally required to retain it
6. Liability
Each party is liable for damages resulting from violations of applicable data protection laws.