The purpose of this Data Protection Addendum (“DPA”) is to set out the specific data protection obligations of Supercards when processing Personal Data on behalf of its customers in accordance with the General Data Protection Regulation (GDPR) and any other applicable data protection legislation. This DPA is intended to form part of the Agreement between Supercards and its customers and outlines the measures that Supercards will take to ensure the protection of Personal Data. The DPA is designed to ensure that Supercards complies with its obligations as a Processor and that the customer complies with its obligations as a Controller under GDPR.

Definitions

In this DPA, the following definitions shall apply:

  • Data Protection Laws” means all applicable laws and regulations relating to data protection, privacy, and the processing of personal data, including, but not limited to, the General Data Protection Regulation (GDPR).
  • Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”).
  • Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Purpose of the Addendum

The purpose of this DPA is to establish the rights and obligations of the parties with respect to the processing of Personal Data under the Agreement. Supercards agrees to process Personal Data only as necessary to provide the Services and as permitted by the Agreement, and to comply with Data Protection Laws applicable to its processing of Personal Data under this Agreement.

Scope and Applicability

This DPA applies to Supercards’ processing of Personal Data on behalf of the Data Controller pursuant to the Agreement, including any Processing activities carried out by Supercards’ employees, agents, and Sub-processors.

Roles and Responsibilities

  • The Data Controller is responsible for determining the purposes and means of the Processing of Personal Data, and for complying with all applicable Data Protection Laws.
  • Supercards is the Data Processor under this DPA, and shall Process Personal Data only as necessary to provide the Services and in accordance with the Data Controller’s documented instructions.
  • Supercards shall ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Processing of Personal Data

  • Supercards shall process Personal Data only for the purpose of providing the Services, and in accordance with the documented instructions of the Data Controller.
  • Supercards shall implement and maintain appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction or damage, alteration, disclosure, or access.
  • Supercards shall promptly notify the Data Controller in writing if it receives any instruction from the Data Controller that it believes is in violation of Data Protection Laws.
  • Supercards shall promptly notify the Data Controller in writing if it becomes aware of any Personal Data Breach affecting the Personal Data, and shall assist the Data Controller in complying with its obligations under applicable Data Protection Laws in respect of such Personal Data Breach.

Sub-processing

  • The Customer acknowledges and consents to Supercards engaging third-party sub-processors to process Personal Data on behalf of the Customer in connection with the provision of the Services.
  • Supercards will remain liable for any sub-processing carried out by its sub-processors. Supercards shall ensure that its sub-processors are bound by written obligations, which are substantially similar to the obligations imposed on Supercards under this DPA.
  • Supercards will notify the Customer of any new sub-processors before authorizing such sub-processors to process Personal Data in connection with the provision of the Services. If the Customer has reasonable grounds to object to the proposed sub-processor, it shall notify Supercards in writing within ten (10) days after receipt of Supercards’ notice. In such case, Supercards may either not appoint the proposed sub-processor or provide an alternative solution to the Customer.

Data Subject Rights

Supercards shall provide reasonable assistance to the Customer in fulfilling its obligation to respond to requests by Data Subjects to exercise their rights under Data Protection Laws with respect to Personal Data processed by Supercards on behalf of the Customer, to the extent permitted by law and within the timescales required by Data Protection Laws.

Data Breach Notification

In the event of a Personal Data Breach, Supercards shall notify the Customer without undue delay after becoming aware of the Personal Data Breach.

The notification shall, at a minimum, describe the nature of the Personal Data Breach, provide the name and contact details of the Data Protection Officer or other contact point where more information can be obtained, describe the likely consequences of the Personal Data Breach, and provide details of the measures taken or proposed to be taken by Supercards to address the Personal Data Breach.

Deletion or Return of Personal Data

Upon the termination of the Services related to the processing of Personal Data, Supercards shall delete or return all Personal Data processed on behalf of the Customer, except to the extent that Supercards is required by applicable law to retain some or all of the Personal Data.

Audit Rights

The Customer may audit Supercards’ compliance with this DPA by providing Supercards with written notice of such a request at least 30 days in advance. Such notice shall include reasonable details of the scope and nature of the audit. Supercards shall provide the Customer with reasonable assistance to enable such an audit, including providing access to relevant records and personnel.

Governing Law and Jurisdiction

  • This DPA shall be governed by and construed in accordance with the laws of the jurisdiction in which the Customer is located.
  • The parties agree that any dispute arising out of or in connection with this DPA, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by arbitration under the rules of the arbitration institution agreed upon by the parties, or failing such agreement, under the rules of the Indian Arbitration Association. The seat of the arbitration shall be in the jurisdiction in which the Customer is located, and the language of the arbitration shall be English or Hindi.

What personal data do we collect from you?

When you create an account on our site, a contact number or email id is mandatory, or we will say required. This unique identifier allows you to log into your account and enable us to notify you of changes to our terms. If you create a paid account, you can optionally enter your name, address, telephone number, and VAT number. We use this information exclusively for issuing invoices.

You are in control of your data:

1) Right to Information;

You have all the rights to ask for confirmation as to whether personal details are being processed and for information about this data.

2) Right to Rectification

You have all the rights to request the completion of the data concerning you or correct the incorrect data concerning you.

3) Right to transmission

You have the right to receive the data you have provided to us and request their transmission to other responsible persons.

What rights do you have?

* You have the right to be informed about how your personal information is used.
* You have the right to take access to your data.
* You have the right to rectification of any incorrect or incomplete personal detail.
* You have the right to restrict the processing of your data.
* You have the right to data portability
* You have the right to object to processing your personal information.
* You have the right not to be subject to automated decision-making, including profiling.

If you want to know more or exercise these rights, check our privacy policy and contact us at info@supergovind

How do we protect your data?

The utmost importance is protecting your personal data. Therefore, we have taken appropriate technical and organizational measures to ensure the security of your data, including:

* Encrypting sensitive information
* We are using highly secure servers to store data
* We have implemented strict access control to prevent unauthorized access to personal data.
* Encrypting ongoing confidentiality, integrity, availability, and resilience of processing systems and services.

We also require our other service providers to implement appropriate measures to protect the security of your personal data.