Legal
Data Processing Addendum
Contents · 7 sections
Overview#
This Data Processing Addendum (“DPA”) applies where HIYAMEE PRIVATE LIMITED(“HiyaMee Digital”) processes personal data on behalf of a customer (“Customer”) in the course of providing services. It forms part of the agreement between HiyaMee Digital and the Customer for those services. In this DPA, the Customer is the controller and HiyaMee Digital is the processor of the personal data processed for the engagement.
Scope and roles#
HiyaMee Digital processes personal data only to provide the agreed services and only on the documented instructions of the Customer, including the signed agreement and Statement of Work, unless required to act otherwise by law. The subject matter, duration, nature and purpose of processing, and the categories of data and data subjects, are determined by the services described in the signed agreement.
HiyaMee Digital's obligations#
When acting as processor, HiyaMee Digital will:
- Process personal data only on the Customer's documented instructions.
- Ensure that people authorised to process the data are bound by confidentiality.
- Apply appropriate technical and organisational security measures, taking into account the nature of the data and the risks involved.
- Assist the Customer, where reasonable, with data subject requests and with the Customer's own security, breach-notification and impact-assessment obligations.
- Notify the Customer without undue delay after becoming aware of a personal data breach affecting the Customer's data.
- Delete or return the personal data at the end of the engagement, as the Customer chooses, unless retention is required by law.
Sub-processors#
HiyaMee Digital may engage sub-processors (for example, hosting and infrastructure providers) to help deliver the services. Where it does, HiyaMee Digital will impose data-protection obligations on the sub-processor that are consistent with this DPA, and remains responsible for the sub-processor's performance. The current list of sub-processors for an engagement is available to the Customer on request.
International transfers#
HiyaMee Digital operates from India and may process data in India, the United States, Australia or through its sub-processors elsewhere. Where personal data is transferred across borders, HiyaMee Digital will put in place a lawful transfer mechanism appropriate to the data and the jurisdictions involved.
Security#
HiyaMee Digital maintains technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include encryption of data in transit, access controls on a need-to-know basis, and regular review of its practices. More detail is on our Security & Trust page.
How to put this in place#
For an active engagement, this DPA can be incorporated into the signed agreement, or executed as a separate document, on request.