About
Who We Are
Giving
HubSpot Apps
Netcore - HubSpot SMS Integration
LitePics - HubSpot Image Compression
Tiyora - HubSpot WhatsApp for Sales
Vira - HubSpot WhatsApp Automation
NisWire - HubSpot Telegram Integration
HubSpot Instagram Integration
HubSpot Viber Integration
HubSpot Mobile App SDK
HubSpot Services
HubSpot Management Services
HubSpot Development Services
HubSpot Integration Services
HubSpot Website Speed Optimization
HubSpot Onboarding Services
HubSpot Training Services
monday.com
monday.com Services
monday Dev
Clients
ROI Stories
Contact
    About
    Who We Are
    Giving
    HubSpot Apps
    Netcore - HubSpot SMS Integration
    LitePics - HubSpot Image Compression
    Tiyora - HubSpot WhatsApp for Sales
    Vira - HubSpot WhatsApp Automation
    NisWire - HubSpot Telegram Integration
    HubSpot Instagram Integration
    HubSpot Viber Integration
    HubSpot Mobile App SDK
    HubSpot Services
    HubSpot Management Services
    HubSpot Development Services
    HubSpot Integration Services
    HubSpot Website Speed Optimization
    HubSpot Onboarding Services
    HubSpot Training Services
    monday.com
    monday.com Services
    monday Dev
    Clients
    ROI Stories
    Contact

      DATA PROCESSING AGREEMENT

      Recitals

      WHEREAS Irayo Technologies Private Limited provides technology integration services, software solutions, and related services (collectively, the "Services") including but not limited to CRM integrations, messaging platform integrations, data analytics, and custom software development;

      WHEREAS in the course of providing Services, Irayo Technologies may process personal data on behalf of the Data Controller (you);

      WHEREAS both parties are committed to compliance with applicable data protection laws, including Regulation (EU) 2016/679 (General Data Protection Regulation or "GDPR"), the UK Data Protection Act 2018, and other applicable data protection legislation;

      NOW THEREFORE the parties agree as follows:

      1. Subject Matter and Scope

      1.1 Purpose

      This Data Processing Agreement ("DPA") defines the procedures and obligations for processing personal data by Irayo Technologies on behalf of the Data Controller in connection with the provision of Services.

      1.2 Scope of Processing

      The Data Processor shall process personal data only:

      • As necessary to provide the contracted Services
      • In accordance with documented instructions from the Data Controller
      • As described in Schedule 1 (Details of Processing) attached hereto
      • In compliance with applicable data protection laws

      1.3 Data Controller Responsibilities

      The Data Controller represents that:

      • It has lawful basis for processing under Article 6 GDPR
      • It has provided required privacy notices to data subjects
      • It has obtained necessary consents where required
      • The personal data is accurate and up-to-date

      2. Data Processor Obligations

      2.1 Processing Instructions

      • Process personal data only on documented instructions from the Data Controller
      • Immediately inform the Data Controller if instructions appear to violate applicable data protection laws
      • Not process personal data for its own purposes or commercial benefit
      • Implement appropriate technical and organizational measures as detailed in Schedule 2

      2.2 Confidentiality and Training

      • Ensure all personnel authorized to process personal data are bound by confidentiality obligations
      • Provide appropriate data protection training to authorized personnel
      • Limit access to personal data on a need-to-know basis
      • Maintain records of personnel with access to personal data

      2.3 Security Measures

      • Appropriate technical and organizational security measures per Schedule 2
      • Regular security assessments and vulnerability testing
      • Incident response procedures for security breaches
      • Business continuity and disaster recovery plans

      2.4 International Transfers

      • Personal data shall be processed only within the European Economic Area unless otherwise agreed
      • Any transfers to third countries shall comply with Chapter V GDPR requirements
      • Standard Contractual Clauses or other appropriate safeguards shall be implemented as required
      • The Data Controller shall be notified of any legal requirements for international transfers

      3. Data Subject Rights

      3.1 Assistance with Data Subject Requests

      • Requests for access, rectification, erasure, or restriction of processing
      • Data portability requests
      • Objections to processing
      • Requests related to automated decision-making

      3.2 Response Timeframes

      • The Data Processor shall respond to Data Controller requests for assistance within 5 business days
      • The Data Processor shall provide necessary information and access to enable compliance with data subject rights
      • Direct requests from data subjects shall be forwarded to the Data Controller without delay

      4. Data Breach Notification

      4.1 Notification Obligations

      • Notify the Data Controller within 4 hours of becoming aware of the breach
      • Provide detailed information including nature, categories and approximate numbers affected
      • Describe likely consequences and measures taken or proposed to address the breach
      • Provide contact information for obtaining more information

      4.2 Breach Response

      • Take immediate steps to contain and remedy the breach
      • Preserve evidence and maintain detailed incident logs
      • Cooperate fully with the Data Controller's breach response efforts
      • Implement measures to prevent similar incidents

      5. Data Protection Impact Assessment

      5.1 DPIA Assistance

      • Providing detailed information about processing operations and security measures
      • Sharing relevant policies, procedures, and technical documentation
      • Participating in DPIA meetings and consultations as reasonably requested
      • Notifying the Data Controller of any changes that may affect DPIA conclusions

      6. Audits and Compliance

      6.1 Audit Rights

      • Conduct audits of the Data Processor's compliance with this DPA
      • Review security measures and processing procedures
      • Request compliance documentation and certifications
      • Engage third-party auditors with appropriate confidentiality obligations

      6.2 Audit Process

      • Audits shall be conducted with 30 days' prior notice except in emergency situations
      • Audits shall be scheduled to minimize business disruption
      • The Data Processor shall provide reasonable cooperation and facility access
      • Audit costs shall be borne by the Data Controller unless significant non-compliance is found

      7. Sub-processors

      7.1 Authorization

      • The Data Controller provides general authorization for the Data Processor to engage sub-processors subject to:
      • Written agreements imposing equivalent data protection obligations
      • Maintaining a current list of sub-processors (available upon request)
      • Providing 30 days' advance notice of any changes to sub-processors

      7.2 Sub-processor Obligations

      • Remain fully liable for sub-processor performance
      • Conduct appropriate due diligence on sub-processors
      • Monitor sub-processor compliance with data protection requirements
      • Terminate sub-processor relationships if compliance cannot be ensured

      7.3 Current Sub-processors

      Current sub-processors are listed in Schedule 3 and may include:

      • Cloud infrastructure providers
      • Third-party service providers essential to service delivery
      • Technical support and maintenance providers

      8. Data Retention and Deletion

      8.1 Retention Period

      Personal data shall be retained only as long as necessary for the purposes of processing and as specified in the main service agreement.

      8.2 Data Return and Deletion

      Upon termination of Services, the Data Processor shall:

      • Return or securely delete all personal data within 90 days
      • Provide certification of deletion upon request
      • Retain personal data only if required by applicable law
      • Delete personal data from sub-processor systems

      9. Liability and Indemnification

      9.1 Data Processor Liability

      The Data Processor shall be liable for damages caused by processing if it:

      • Fails to comply with GDPR obligations specifically directed at processors
      • Acts outside or contrary to lawful instructions from the Data Controller
      • Determines the purposes and means of processing in violation of GDPR

      9.2 Indemnification

      The Data Processor shall indemnify the Data Controller against:

      • Regulatory fines and penalties resulting from Data Processor non-compliance
      • Third-party claims arising from Data Processor breach of this DPA
      • Costs and expenses related to Data Processor security incidents

      9.3 Limitation

      Total liability under this DPA shall not exceed the total fees paid for Services in the 12 months preceding the claim.

      10. Data Protection Officer

      10.1 Irayo Technologies DPO

      Name: Abhinav Sahai

      Contact: abhinav at niswey dot com

      Phone: +91-87999 34920

      Address: C-4 Gokul Residency, New Pundalik Nagar, Porvorim, Goa 403521

      10.2 DPO Role

      • Monitor compliance with this DPA and applicable data protection laws
      • Serve as point of contact for data protection matters
      • Assist with data protection impact assessments
      • Provide advice on data protection obligations

      11. Third-Party Dependencies

      11.1 Service Dependencies

      The Data Controller acknowledges that certain Services may depend on third-party platforms and services, including but not limited to:

      • HubSpot CRM platform
      • WhatsApp Business API
      • Other messaging and communication platforms
      • Cloud infrastructure providers

      11.2 Third-Party Limitations

      • The Data Processor shall use reasonable efforts to minimize service disruptions
      • The Data Processor is not liable for outages or security breaches of third-party services
      • The Data Controller shall comply with third-party platform terms and policies
      • Service level agreements may be subject to third-party availability
      Niswey
      Niswey delivers business automation solutions. We are a HubSpot Diamond Partner and a monday.com Certified Partner. We map out your journeys for marketing, sales, and business operations, and translate them into automated systems using powerful tools like HubSpot and monday.com.
      Quick Links
      About Us
      Newsroom
      Careers
      Resources
      ROI Stories
      Contact
      Privacy Policy
      Get HubSpot Free
      DPA
      Services
      Monday.com service
      HubSpot Management Services
      HubSpot Development Services
      HubSpot Integration Services
      HubSpot Website Speed Optimization
      HubSpot Onboarding Services
      Apps
      Netcore - HubSpot SMS Integration
      LitePics - HubSpot Image Compression
      Tiyora - HubSpot WhatsApp for Sales
      Vira - HubSpot WhatsApp Automation
      NisWire - HubSpot Telegram Integration
      HubSpot Viber Integration
      HubSpot Mobile App SDK
      Partnerships
      CallHippo
      Frejun
      Awesomeness in Your Inbox
      Partnerships
      CallHippo
      Frejun
      © Niswey, Inc.