ATFENIX
24/7 Support
99.99% Uptime

Data Processing Agreement

Effective Date: August 17, 2025

This Data Processing Agreement (DPA) forms part of the Terms of Service (ToS) between Atfenix Data Centre Private Limited (“Atfenix”, “Processor”) and the Customer (“Controller”), and governs Atfenix's processing of personal data on behalf of the Customer.

1. Definitions

  • “Personal Data” :Any information relating to an identified or identifiable natural person.
  • “Processing” : Any operation performed on Personal Data, such as collection, storage, transmission, or deletion.
  • “Controller” : The entity that determines the purposes and means of processing Personal Data.
  • “Processor” :The entity that processes Personal Data on behalf of the Controller.
  • “Sub-Processor ”: A third party engaged by Atfenix to process Personal Data.
  • “Applicable Law ”: All data protection and privacy laws, including but not limited to the EU General Data Protection Regulation (GDPR), Indian IT Act & DPDP Act, and other applicable global standards.

3. Obligations of Atfenix (Processor)

Atfenix shall:

1. Lawful Processing: Process Personal Data only on documented instructions from the Controller.

2. Confidentiality: Ensure that employees and personnel with access to Personal Data are bound by confidentiality obligations.

3. Security Measures: Implement appropriate technical and organizational measures (encryption, access controls, firewalls, redundancy, monitoring, etc.) to protect Personal Data against unauthorized access, loss, or disclosure.

4. Sub-Processors:

  • Use only approved Sub-Processors.
  • Inform the Controller of any intended changes to Sub-Processors.
  • Ensure Sub-Processors are bound by data protection obligations at least as strict as this DPA.

5. Data Breach Notification: Notify the Controller without undue delay (within 72 hours) of any personal data breach, providing details of the incident, potential risks, and mitigation steps.

6. Assistance: Assist the Controller in fulfilling obligations under Applicable Law, including:

  • Responding to data subject requests (access, correction, deletion, portability).
  • Conducting Data Protection Impact Assessments (DPIA).
  • Ensuring compliance with security, notification, and audit requirements.

7. Deletion or Return of Data: Upon termination of services, Atfenix shall, at the Controller’s choice:

  • Return all Personal Data securely, or
  • Permanently delete all Personal Data, unless retention is required by law.

8. Audit Rights: Allow the Controller to audit Atfenix’s data processing practices, subject to reasonable notice, frequency, and security restrictions.

4. Obligations of the Controller

The Controller shall:

  • Ensure that Personal Data provided to Atfenix has been collected lawfully.
  • Provide documented instructions to Atfenix regarding lawful processing.
  • Remain responsible for determining the purpose and legality of Personal Data processing.
  • Ensure compliance with Applicable Law, including providing necessary notices and obtaining consents.

5. International Data Transfers

  • If Personal Data is transferred across borders, Atfenix shall ensure adequate safeguards (such as Standard Contractual Clauses (SCCs) or legally recognized mechanisms).
  • Data hosting location shall be communicated to the Controller upon request.

6. Data Breach Management

    In the event of a Personal Data breach, Atfenix shall:

    Notify the Controller promptly with:

  • Nature of the breach.
  • Categories of data and individuals affected.
  • Likely consequences.
  • Steps taken to mitigate risk.
  • Cooperate fully with the Controller to investigate and remediate the incident.

Liability

  • The Controller remains primarily responsible for compliance with Applicable Law.
  • Atfenix is liable only for breaches of this DPA directly caused by its actions or negligence.
  • Atfenix’s liability shall be limited as defined in the Terms of Service, except where prohibited by law.

Term & Termination

  • This DPA remains in effect as long as Atfenix processes Personal Data on behalf of the Controller.
  • Upon termination, Atfenix shall delete or return Personal Data as per Section 3.7.

Governing Law & Jurisdiction

This DPA shall be governed by and construed in accordance with the laws of India, with exclusive jurisdiction in Noida, Uttar Pradesh.

Contact Us

For data protection matters, please contact:

Support Email

[email protected]

Corporate Email

[email protected]