Data Processing Agreement

Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between Cenvero Private Limited and its customers for the provision of services that involve the processing of personal data.

Definitions

• • "Personal Data" means any information relating to an identified or identifiable natural person.
• • "Processing" means any operation performed on personal data.
• • "Data Controller" means the entity that determines the purposes and means of processing.
• • "Data Processor" means the entity that processes data on behalf of the controller.

Processing Obligations

As a Data Processor, Cenvero agrees to:

• • Process personal data only on documented instructions from the Data Controller
• • Ensure that persons authorized to process data have committed to confidentiality
• • Implement appropriate technical and organizational security measures
• • Assist the Controller in responding to data subject requests
• • Notify the Controller of any personal data breach without undue delay

Sub-processors

Cenvero may engage sub-processors to assist in providing services. We maintain a list of current sub-processors and will notify customers of any intended changes, providing an opportunity to object.

Data Transfers

Any transfer of personal data to third countries will be conducted in compliance with applicable data protection laws, including the use of appropriate transfer mechanisms.

Data Retention

Upon termination of services, Cenvero will delete or return all personal data to the Controller, unless retention is required by applicable law.

Contact

For questions about this DPA, please contact [email protected].