This Data Processing Agreement (“DPA”) sets out a clear and legally binding arrangement between Digital Dwelings, acting as the “Data Processor,” and the party agreeing to these terms, identified as the “Data Controller.” Its purpose is to define how the Processor manages and safeguards Personal Data in connection with the Payment solutions services offered through our platform.
For clarity, when this agreement uses “we,” “our,” or “us,” it refers to Digital Dwelings. When it uses “you,” or “your,” it refers to the party accepting these terms and using the services.
By continuing with this arrangement, both sides gain clarity and assurance that Personal Data is handled with responsibility and care, making the process easier to trust and understand.
When working together, each side has a distinct part to play in ensuring that Personal Data is handled responsibly. The organization acting as the Controller decides why the data is processed, the legal foundation for doing so, and carries the responsibility of complying with all relevant data protection laws.
On the other hand, the Processor handles Personal Data strictly according to the documented directions given by the Controller, and only to the extent necessary for providing the Payment solutions services described under this agreement.
These defined roles create balance and accountability, making sure both parties know exactly where their responsibilities begin and end, so that trust and clarity remain at the center of the relationship.
When you trust us with your information, it is our responsibility to handle it only for the purposes that keep your transactions secure, compliant, and seamless. Every action taken with your Personal Data is limited to clearly defined uses that protect both you and the payment ecosystem.
Your information is managed to enable the initiation, approval, and final settlement of payment transactions. It is also used for KYC verification, ensuring that fraud risks are identified and prevented before they can cause harm. To strengthen your protection, customer authentication measures are applied, including the use of two-factor authentication.
In addition, Personal Data supports accurate transaction reporting and reconciliation, which helps maintain transparency in your payment history. The Processor also ensures compliance with all relevant requirements of and the rules set forth by the applicable payment networks.
Every step of this process is designed with your confidence in mind, so that whenever you use our services, you know exactly how and why your data is being processed.
When you trust us with sensitive information, it becomes our duty to protect it with the highest level of care. To ensure your data remains safe, the Processor applies strong technical and organizational safeguards designed to reduce risk and strengthen reliability.
These protective steps include:
Alongside these measures, the Processor makes certain that every staff member upholds confidentiality and receives thorough training on best practices in data protection.
Your personal information should always remain under your control, and the Processor is committed to supporting the Controller in honoring that principle. To ensure compliance with Applicable Laws, the Processor will actively assist in responding to requests from individuals whose data is being handled.
These rights include:
Through these measures, you can be assured that your voice is respected, and your choices about personal information are taken seriously. The Processor’s role is to help the Controller ensure that your rights are not only recognized but also meaningfully upheld.
When it comes to handling your data, trust and clarity matter. For that reason, the Processor will never appoint a Subprocessor unless the Controller has given prior written approval. This ensures that no third party is introduced without oversight and agreement.
In situations where Subprocessors are authorized, they must operate under written contracts that require them to follow data protection commitments equal to, or stronger than, those outlined in this Data Processing Agreement.
By setting these conditions, the Processor provides reassurance that even when another party is involved, the same level of care and responsibility is applied to safeguard your information.
Protecting your information means being prepared for every situation, including the unlikely event of a data breach. If the Processor becomes aware of any incident involving Personal Data, the Controller will be informed without delay and always within 24 hours.
The notice provided will contain clear details, including:
This approach ensures that you are never left in the dark. By requiring swift and transparent communication, the Processor supports the Controller in protecting your rights and maintaining trust at every stage.
Transparency is the foundation of trust, and the Controller has the right to confirm that the Processor is meeting its commitments under this Data Processing Agreement. When reasonable notice is given, the Controller may carry out an audit to review how compliance is maintained.
To support this process, the Processor will provide access to all necessary records, internal policies, and certifications, which include compliance reports. These materials allow the Controller to verify that safeguards and obligations are being properly observed.
Your information deserves to be handled with care and only kept for as long as it truly serves a purpose. The Processor ensures that Personal Data is retained strictly for the time required to complete payment processing and to meet legal obligations, including retention periods mandated by RBI.
When services come to an end, the Processor will either securely erase or return all Personal Data, unless the law requires it to be preserved for a longer period. This process ensures that your information is never held longer than necessary.
Laws and regulations are constantly evolving, and staying aligned with them is essential for protecting personal information. If any legal or regulatory change impacts the Processor’s ability to handle Personal Data in accordance with this Agreement, the Controller will be notified without delay.
This commitment ensures that both parties remain aware of any developments that could affect compliance, allowing timely adjustments and continued protection of sensitive information.
Accountability is an important part of protecting personal data and honoring agreements. If either Party fails to uphold its responsibilities under this Agreement, that Party will be held liable for any damages resulting from the breach.
In addition, the Processor will indemnify the Controller for any fines, claims, or losses that arise due to the Processor’s failure to meet data protection obligations. This safeguard ensures that the burden of non-compliance does not fall unfairly on the Controller.
For every agreement, it is important to have clarity on which legal framework applies. This Agreement will be interpreted and enforced under the laws of India.
If any dispute arises in connection with this Agreement, such matters shall fall under the exclusive authority of the courts located in India. This ensures consistency and certainty in how disagreements are addressed.
Agreements may need to evolve over time, but any change must be clear and mutually accepted. To ensure transparency, modifications to this Agreement will only be valid when documented in writing and formally signed by both Parties.
This requirement guarantees that no adjustment is overlooked or assumed, giving both Parties equal clarity on their commitments.
Every agreement is built on mutual clarity and consent. By entering into this Data Processing Agreement, both Parties confirm that they have carefully reviewed, understood, and accepted all the terms set out within it.
This acknowledgment represents more than a formality—it reflects a shared commitment to uphold responsibilities and protect the trust placed in this arrangement.
With this acceptance, both Parties move forward on a foundation of transparency, accountability, and respect for the safeguards established in this Agreement.
