Data Processing Agreement
At Corevantage Solutions, we understand that handling personal data is a responsibility you take seriously, and it is one we share. This Data Processing Agreement (“DPA”) establishes a formal and legally binding understanding between Corevantage Solutions, acting as the “Data Processor,” and you, the party agreeing to these terms, acting as the “Data Controller.” Its purpose is to clearly define how we manage, protect, and process Personal Data in connection with the payment gateway services provided through our platform.
For clarity, in this agreement, “we,” “our,” or “us” refers to Corevantage Solutions. The terms “you” or “your” refer to the party agreeing to this DPA and using our services.
By entering into this agreement, both parties can proceed with confidence, knowing that Personal Data is handled carefully, responsibly, and in compliance with applicable regulations. This ensures a transparent, secure, and trustworthy relationship that makes the processing of sensitive information simple and reliable for everyone involved.
Roles of the Parties
Understanding each party’s responsibilities is essential to maintaining a secure and trustworthy approach to handling Personal Data. In this collaboration, the Data Controller determines the reasons for processing data, identifies the legal basis for such processing, and ensures full compliance with all applicable data protection regulations.
Meanwhile, the Data Processor works strictly according to the instructions provided by the Controller and only processes Personal Data as necessary to deliver the payment gateway services outlined in this agreement.
By clearly defining these roles, both parties can operate with confidence, knowing where each responsibility begins and ends. This clarity fosters a transparent, reliable relationship, allowing everyone involved to trust that Personal Data is managed with care and accountability.
Scope Of Processing
Your trust is at the heart of how we handle Personal Data, and we are committed to using it only for purposes that ensure secure, compliant, and smooth transactions. Every piece of information you provide is processed with clear, specific objectives designed to protect both you and the payment ecosystem.
The data you share enables the initiation, authorization, and final settlement of payment transactions. It is also utilized for Know Your Customer (KYC) verification, helping to detect and prevent fraudulent activities before they affect your account. To enhance your security, authentication methods such as two-factor verification are applied whenever necessary.
Personal Data also plays a key role in accurate transaction reporting and reconciliation, allowing you to maintain transparent records of your payment history. The Processor ensures that all processing activities comply with applicable regulations, including those of the RBI, NPCI, and the rules outlined by relevant payment networks.
By keeping your data usage limited to these clearly defined purposes, we aim to give you confidence and peace of mind. Each step of our processing is designed so that you can trust your information is handled responsibly, transparently, and with your protection as a top priority.
Security Measures
Your sensitive information deserves the highest standard of protection, and we treat it with the care it requires. The Processor implements comprehensive technical and organizational safeguards designed to reduce risks, maintain reliability, and ensure your data remains secure at every step.
Key measures include:
- Advanced encryption protocols that protect data both in transit and at rest.
- Strong authentication controls requiring multiple verification factors before system access is granted.
- Secure cryptographic key management to prevent misuse or unauthorized exposure of sensitive materials.
- Regular vulnerability assessments and penetration testing to identify potential weaknesses and address them proactively.
Beyond technology, every team member follows strict confidentiality rules and undergoes ongoing training to stay current with data protection best practices.
By combining these technical, procedural, and human safeguards, we strive to provide you with confidence that your information is handled responsibly, securely, and with the utmost diligence.
Data Subject Rights
Your personal information belongs to you, and you should always have control over how it is used. The Processor works closely with the Controller to ensure that your rights under Applicable Laws are respected and upheld at all times.
These rights give you the power to:
- Access the personal data that is stored about you.
- Correct any information that is incomplete or inaccurate.
- Request the deletion of your personal data when the situation allows.
- Receive your information in a portable format for your own use.
- Restrict or object to certain ways your data is processed.
By exercising these rights, you remain an active participant in managing your personal information. The Processor’s responsibility is to assist the Controller in honoring these requests, making sure your choices are acknowledged and applied in practice.
With these protections in place, you can feel confident that your personal data is treated with respect, transparency, and accountability.
Subprocessors
Your data deserves careful handling at every stage, and transparency is key to building trust. The Processor will only engage a Subprocessor after receiving explicit written approval from the Controller. This ensures that no additional party is involved without your knowledge and consent.
Whenever a Subprocessor is authorized, they are bound by formal agreements that require them to uphold data protection standards equal to or exceeding those in this Data Processing Agreement. These contracts make certain that your information is treated responsibly and securely, even when another organization is handling it.
By applying these rules, the Processor ensures that accountability and vigilance extend to all parties involved, giving you confidence that your data remains protected under consistent standards at every step.
Data Breach Notification
Your personal information is important, and we take every precaution to protect it. In the rare event of a data breach, it is essential to act quickly and transparently. If the Processor identifies any incident involving Personal Data, the Controller will be notified immediately and always within 24 hours of discovery.
The notification will include:
- A detailed explanation of the nature of the breach.
- The categories of individuals affected and an estimated number of records involved.
- The steps already taken to contain the breach and minimize any potential harm.
- Planned measures to reinforce systems and prevent similar incidents in the future.
This process ensures that you are fully informed and that corrective actions are swift. By maintaining open and prompt communication, the Processor helps the Controller protect your rights and preserve trust in the platform.
Audit & Compliance
Building trust requires clear visibility into how your data is handled. The Controller has the authority to verify that the Processor fulfills all responsibilities outlined in this Data Processing Agreement. With reasonable notice, the Controller may conduct an audit to assess compliance and ensure that standards are consistently upheld.
To facilitate these checks, the Processor will grant access to all relevant documentation, internal policies, and certifications. These materials allow the Controller to confirm that protective measures and contractual obligations are actively maintained.
By enabling such audits, both parties demonstrate accountability, ensuring that data protection practices are transparent and reliable, and reinforcing confidence in how your information is managed.
Data Retention & Deletion
Your personal information deserves thoughtful management and should only be kept for as long as it serves a clear purpose. The Processor ensures that all Personal Data is stored solely for the duration necessary to complete payment processing and fulfill legal obligations, including any retention periods required by RBI.
Once the services are no longer active, the Processor takes steps to securely erase or return all Personal Data, except in cases where applicable law mandates extended retention. These measures guarantee that your information is not stored beyond what is required for operational or regulatory purposes.
By handling data in this way, the Processor prioritizes your privacy and ensures that your information is respected, giving you confidence that it is only kept as long as needed and safely removed when no longer required.
Legal & Regulatory Changes
The legal landscape is always shifting, and keeping pace with these changes is crucial to ensure your personal information remains protected. Whenever a new law or regulation affects the Processor’s ability to manage Personal Data under this Agreement, the Controller will be informed promptly.
This notification allows both the Controller and the Processor to stay fully aware of compliance requirements and make any necessary adjustments without delay. By maintaining this proactive approach, we ensure that sensitive information is continuously safeguarded and that both parties can act confidently in line with current legal obligations.
Liability & Indemnification
Maintaining accountability is essential when handling personal data and honoring the commitments outlined in this Agreement. If either Party does not fulfill its responsibilities, that Party will be held responsible for any resulting damages caused by the breach.
Furthermore, the Processor agrees to indemnify and protect the Controller against any fines, claims, or losses that occur due to the Processor’s failure to comply with data protection requirements. This arrangement ensures that the Controller is not unfairly burdened by issues arising from the Processor’s non-compliance.
By clearly defining these responsibilities, both Parties can work with confidence, knowing that obligations are enforceable and protections are in place to address any lapses.
Governing Law & Dispute Resolution
Understanding which legal framework applies is crucial for clarity and mutual trust in any agreement. This Agreement is governed by and will be interpreted in accordance with the laws of India.
In the event of any disagreement or dispute arising from this Agreement, the matter will be subject to the exclusive jurisdiction of courts located in India. This approach ensures that any issues are resolved consistently, fairly, and with legal certainty.
By clearly defining the applicable law and forum for disputes, both Parties can move forward with confidence, knowing that there is a structured process to handle disagreements if they occur.
Amendments
Over time, agreements may need to adapt to new circumstances, but any updates must be clearly communicated and agreed upon by both Parties. To maintain transparency and avoid confusion, changes to this Agreement will only be considered valid if they are documented in writing and formally signed by both Parties.
This process ensures that no modification is assumed or overlooked, giving everyone involved a clear understanding of their responsibilities and obligations. By following this approach, both Parties can confidently navigate any necessary updates while maintaining trust and clarity in their relationship.
Acknowledgment and Acceptance
Trust and understanding form the foundation of every successful agreement. By agreeing to this Data Processing Agreement, both Parties confirm that they have thoroughly read, understood, and accepted all the terms outlined within it.
This acknowledgment is more than a procedural step. It represents a shared commitment to act responsibly, safeguard Personal Data, and honor the trust each Party places in the other.
By giving this acceptance, both Parties proceed with confidence, knowing that their collaboration is grounded in transparency, accountability, and respect for the protections and responsibilities established in this Agreement. This ensures that everyone involved can engage with clarity and assurance, confident in the integrity of the process.