Our Data Processing Agreement (DPA) outlines the procedures and protocols for handling personal data by Starlfinx on behalf of our users (Merchants), ensuring adherence to relevant data protection laws and regulations. This agreement specifies the roles, obligations, and safeguards necessary to maintain the security and confidentiality of personal data.

Roles

The Data Controller, typically the Merchant in our payment gateway services, determines the purposes and means of processing personal data. The Data Processor, Starlfinx, processes personal data on behalf of the Data Controller, following their instructions to facilitate payment transactions and associated services.

Personal Data

Personal data encompasses any information related to identified or identifiable individuals, including names, addresses, email addresses, and payment card details. This data is provided by users during their interaction with our payment gateway services.

Processing Activities

Processing activities include all operations performed on personal data, such as collection, recording, organization, storage, retrieval, use, disclosure, restriction, erasure, or destruction. These activities are conducted in compliance with the instructions provided by the Data Controller.

Security Measures

We implement robust data security measures to protect personal data. These measures include encryption, access controls, regular security audits, continuous monitoring, and incident response protocols. These safeguards ensure the confidentiality, integrity, and availability of the processed personal data.

Confidentiality

All personal data processed through our platform is treated with the highest level of confidentiality. It is used solely for the purposes outlined in the Data Processing Agreement. We enforce strict confidentiality obligations on our employees and third-party service providers involved in data processing.

Data Subject Rights

Users of our payment gateway services have specific rights regarding their personal data. These rights include the ability to access, rectify, limit, or erase their data, object to data processing, and request data portability. We facilitate the exercise of these rights in accordance with applicable data protection laws.

Data Breach Response

In the event of a data breach, we promptly respond to mitigate the impact and notify affected individuals as required by relevant data protection laws and regulations. Our response includes immediate action to contain and address the breach.

Subprocessing

We may engage third-party sub processors to help deliver our services. These subprocessors are held to the same high standards of security and data protection that we adhere to, ensuring consistent protection of personal data.

International Data Transfers

Personal data may be transferred, stored, and processed internationally. We ensure that appropriate measures are in place to protect this data and comply with applicable data protection laws, regardless of where the data is processed.

Compliance with Laws

We strictly comply with all relevant laws and regulations governing the handling of personal data. Our processing practices are lawful, fair, and transparent, ensuring that we meet all legal obligations.

Audit Rights

Upon request, we provide access to audit reports or other documentation that demonstrates our compliance with data protection regulations. This transparency helps ensure that our data processing practices meet the required standards.

Data Deletion and Retention

Personal data is deleted upon request or when it is no longer necessary for the purposes for which it was collected. Data is retained only as long as required for legal, regulatory, or legitimate business purposes outlined in our agreement.

Notification Obligations

In the event of a significant data breach, we promptly notify affected individuals in compliance with applicable laws. This notification includes relevant information about the breach and steps being taken to mitigate its impact.

Liability and Indemnification

Our liability is limited to the extent permitted by law. Users agree to indemnify us against any claims arising from their use of our services, ensuring mutual protection against legal liabilities.

Governing Law

These terms are governed by the laws of India, and any disputes will be subject to the jurisdiction of Indian courts.