Data Processing Addendum
Effective June 19, 2023
This Data Processing Addendum ("DPA") is an integral part of the agreement ("Agreement") between Internset Private Limited ("Internset") and the entity or individual ("Data Controller") that engages Internset's services for processing personal data on behalf of the Data Controller.
1. Definitions
1.1. "Data Protection Laws" means all applicable laws and regulations related to data protection, privacy, and security, including but not limited to the General Data Protection Regulation (GDPR) and other relevant data protection laws.
1.2. "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject") that is processed by Internset on behalf of the Data Controller pursuant to the Agreement.
1.3. "Processor" means Internset, which processes Personal Data on behalf of the Data Controller.
2. Purpose and Scope
2.1. The Data Controller engages Internset as a Processor to process Personal Data solely for the purpose of providing the services as described in the Agreement.
2.2. Internset shall process Personal Data in accordance with the Data Controller's documented instructions, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law. The Data Controller hereby instructs Internset to process Personal Data as necessary to perform the services under the Agreement and as further specified in this DPA.
3. Data Security
3.1. Internset shall implement and maintain appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data, protect against unauthorized or unlawful processing, and prevent accidental loss, destruction, or damage.
3.2. Internset shall restrict access to Personal Data to those employees, contractors, or agents who need access to perform the services under the Agreement.
4. Sub-Processors
4.1. The Data Controller provides its general consent for Internset to engage sub-processors to process Personal Data. Internset shall inform the Data Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Data Controller the opportunity to object to such changes if it has legitimate grounds to do so. If the Data Controller objects to a change, Internset will work with the Data Controller to find a mutually acceptable solution.
5. Data Subject Rights
5.1. Internset shall assist the Data Controller in fulfilling its obligations to respond to requests from Data Subjects exercising their rights under Data Protection Laws, including but not limited to rights of access, rectification, erasure, and objection.
6. Data Transfer Abroad
6.1. Internset may transfer Personal Data to countries outside the territory of India (including countries outside the European Economic Area - EEA) in connection with the provision of services to its global user base. Such data transfers shall be conducted in strict compliance with applicable data protection laws and regulations, including obtaining necessary consents or ensuring the use of appropriate safeguards.
6.2. Depending on the location of the service provider and the recipient of the data, incoming emails and data may be processed either inside or outside the EEA or India. Internset shall take all necessary measures to ensure the security and confidentiality of Personal Data during such transfers.
For more information regarding data transfers and how Internset safeguards Personal Data, please contact us at support@internset.com.
7. Technical and Organizational Measures
7.1. Prior to the execution of this DPA, Internset shall adopt all necessary technical and organizational security measures and provide the Data Controller with a document describing such measures in detail, specifically in reference to this Agreement.
7.2. The Processor warrants that it has taken all security measures in accordance with Article 28(3)(c) and Article 32 of the GDPR, ensuring data security and a protection level adequate to the level of risk concerning confidentiality, integrity, availability, and resilience of the systems.
8. Assistance and Cooperation
8.1. Internset shall assist the Data Controller in complying with obligations concerning the security of personal data, reporting data breaches, data protection impact assessments, and prior consultations set forth in Articles 32 to 36 of the GDPR.
8.2. The Processor may charge a reasonable fee for support services not included in the description of services and not attributable to the Processor's misconduct, mistakes, or infringements.
9. Audits
9.1. The Data Controller has the right to carry out inspections or have them carried out by an auditor appointed on a case-by-case basis to assess Internset's compliance with this DPA.
9.2. Internset shall allow the Data Controller to verify compliance with its obligations and demonstrate the implementation of technical and organizational measures.
10. Liability
10.1. Each party shall indemnify the other for damages resulting from its own culpable infringement of this DPA, including any infringement committed by its agents. Each party shall indemnify the other against any third-party claims due to or in connection with infringements by the respective party.
11. Deletion and Return of Personal Data
11.1. Internset shall not create copies or duplicates of the data without the Data Controller's knowledge and consent, except for backup copies necessary for data processing accuracy and legal requirements.
11.2. After the provision of services, Internset shall either delete in a data-protection compliant manner or return to the Data Controller all Personal Data collected and processed under this DPA, unless applicable legal provisions require further data storage.
12. Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of India, and any disputes arising under or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of India.
IN WITNESS WHEREOF, the parties have executed this Data Processing Addendum as of the date the Agreement is accepted by the Data Controller.
For Internset Private Limited:
Authorized Signatory
Steve Lobo
Chief Technology Officer
steve.lobo@internset.io
For Data Controller:
Authorized Signatory
Casey Leon
Strategist SVP
casey.leon@internset.io
Please note that this DPA reflects Internset's data privacy and security commitments and aligns with GDPR requirements. As a small team without a legal department, we cannot sign individual customers' DPAs or make changes to this standard DPA. If you have any questions or require further information, please email us at support@internset.com.