Data Processing Agreement

We know that handling personal data is not just a formality—it’s a responsibility you care about, and it’s one we take seriously as well. The Data Processing Agreement, or DPA, is designed to create a clear and formal understanding between you, the “Data Controller,” and us, acting as the “Data Processor.” It lays out how we collect, manage, protect, and process Personal Data when providing payment gateway services through our platform.

In this agreement, “we,” “our,” or “us” refers to PIVOTALLOX SOLUTIONS, while “you” or “your” refers to the party agreeing to these terms and using our services.

By entering into this DPA, both sides can operate with confidence knowing that personal information is handled responsibly and in line with applicable regulations. This agreement ensures a transparent and secure process, making sensitive data management simple, reliable, and trustworthy, so you can focus on your business while we take care of the details.

Roles of the Parties

Handling personal data works best when everyone knows their part, like a well-coordinated team. In this partnership, the Data Controller takes the lead on deciding why data is processed, identifies the legal basis for it, and ensures everything follows the rules.

Meanwhile, the Data Processor acts like a careful teammate, processing Personal Data only according to the Controller’s instructions and strictly as needed to deliver the payment gateway services.

Having these roles clearly defined makes the process smooth and predictable. It builds trust, keeps responsibilities transparent, and gives everyone confidence that personal information is managed thoughtfully and responsibly.

Scope Of Processing

At PIVOTALLOX SOLUTIONS, your personal data is like the compass that keeps every transaction on the right path. We only use it in ways that make payments secure, smooth, and completely above board. Every detail you share serves a clear purpose and is handled with care to protect both you and the larger payment ecosystem.

The information you provide powers the full payment journey, from starting a transaction to getting it successfully settled. It also helps us confirm identities through Know Your Customer (KYC) checks, spotting and stopping suspicious activity before it ever touches your account. When needed, extra layers of security like two-factor verification help keep things locked tight.

Your data also helps maintain clear and accurate records of your payments, making reconciliation and reporting straightforward. All processing is carried out following the rules and regulations of the RBI, NPCI, and relevant payment networks, ensuring everything stays compliant and reliable.

Security Measurestion

We treat your sensitive information like treasure—valuable, important, and worth guarding at every step. At PIVOTALLOX SOLUTIONS, we combine technology, processes, and a vigilant team to make sure your data stays safe while you focus on your payments and daily business.

Some of the ways we protect your information include:

  • Meeting all security requirements whenever cardholder information is stored, processed, or transmitted.
  • Using advanced encryption to keep data secure both while it moves and when it rests on our systems.
  • Implementing strong authentication that requires multiple verification steps before anyone can access sensitive systems.
  • Managing cryptographic keys securely to prevent misuse or unauthorized exposure of critical data.
  • Conducting regular vulnerability scans and penetration tests to catch and fix potential weaknesses before they become problems.

Our team is part of this safety net too. Every member follows strict confidentiality guidelines and undergoes continuous training to stay up to date with the latest data protection best practices.

Data Subject Rights

Your personal data is like the keys to your own house—you should always know who has access and how it is being used. At PIVOTALLOX SOLUTIONS, we make sure you have full control and that your rights are respected every step of the way. Our team works with the Controller to ensure your choices are applied correctly and efficiently.

Here’s what you can do with your data:

  • See exactly what personal information we hold about you.
  • Fix or update any details that are incomplete or incorrect.
  • Ask for your personal data to be deleted where allowed.
  • Download your data in a format you can use elsewhere.
  • Limit or object to certain ways your information is processed.

By using these rights, you are in charge of how your information moves through our system. The Processor’s responsibility is to support the Controller, making sure your requests are handled quickly, accurately, and with respect.

Subprocessors

Your personal data is important, and we treat it like it belongs in a safe you actually trust. At PIVOTALLOX SOLUTIONS, we only allow other service providers, called Subprocessors, to handle your information when the Controller has given clear written approval. This way, you always know exactly who might be involved.

Any Subprocessor we work with signs agreements that require them to meet the same high standards we do for protecting your data. They must follow strict rules to keep your information safe, private, and secure, just as if it were never leaving our own hands.

By applying these safeguards, we make sure every step of the process is accountable and transparent.

Data Breach Notification

Even the most secure systems can have hiccups, and we believe in being upfront if anything ever affects your personal information. At PIVOTALLOX SOLUTIONS, if the Processor detects a data incident, the Controller is informed immediately, always within 24 hours, so action can be taken without delay.

When notifying, we share:

  • What happened and how the situation unfolded.
  • Which individuals were affected and the estimated number of records involved.
  • Immediate steps already taken to contain the issue and minimize risk.
  • Long-term measures to prevent the same situation in the future.

This approach ensures that you are not left guessing. Prompt, transparent communication lets the Controller protect your data, respond quickly, and maintain confidence in the platform. Think of it as a safety net working behind the scenes, keeping your information secure.

Audit & Compliance

At PIVOTALLOX SOLUTIONS, we believe trust grows when you can see how your information is cared for. The Controller has the right to check that the Processor is doing everything promised in this Data Processing Agreement. With reasonable notice, audits can be conducted to make sure standards are not just on paper but actively in practice.

During these audits, the Processor provides access to all necessary documents, internal guidelines, and certifications, including security standards compliance reports. This transparency allows the Controller to confirm that protections are in place and that all contractual commitments are being followed diligently.

By making audits possible and straightforward, both the Processor and the Controller show that accountability matters. This process reassures you that your data is treated with care, compliance is consistent, and every step of your payment experience is handled responsibly and securely.

Data Retention & Deletion

At PIVOTALLOX SOLUTIONS, we believe your personal information should stick around only as long as it has a reason to be here. Your data is stored just long enough to process payments smoothly and meet any legal requirements, including retention rules set by the RBI.

When our services are no longer in use, we take steps to either securely erase your information or return it safely, unless the law requires us to keep certain records longer. This ensures that your data is never lingering unnecessarily and is always treated with care.

Legal & Regulatory Changes

Laws and regulations in the payments world are constantly evolving, and we make sure your personal information keeps up safely. At PIVOTALLOX SOLUTIONS, any time a new rule affects how the Processor handles your data under this agreement, the Controller is informed right away.

This early notice gives both the Controller and the Processor the chance to adapt quickly, ensuring compliance is never left to chance. It helps keep processes smooth and safeguards your information according to the latest requirements.

Liability & Indemnification

At PIVOTALLOX SOLUTIONS, we believe that clear accountability is the foundation of trust. If either Party does not fulfill its responsibilities under this agreement, that Party is responsible for any consequences or damages that result from the oversight.

The Processor also agrees to shield the Controller from any fines, claims, or losses that happen because of the Processor’s failure to follow data protection rules. This ensures the Controller is never left carrying the burden for issues caused by the Processor.

Governing Law & Dispute Resolution

In any agreement, it helps to know which rules are guiding the way. At PIVOTALLOX SOLUTIONS, all terms are governed by the laws of India, giving both Parties a clear and familiar framework for how things are interpreted.

If a disagreement or dispute ever comes up, it will be handled exclusively by courts in India. This makes sure any issues are resolved fairly, consistently, and with certainty, keeping surprises to a minimum.

By laying out the governing law and forum upfront, both Parties can focus on smooth operations and secure transactions, knowing there is a clear path for resolving any conflicts.

Amendments

Sometimes agreements need a little update to keep pace with changing circumstances. At PIVOTALLOX SOLUTIONS, we make sure any changes are handled transparently and officially. Updates are only considered valid when they are written down and signed by both Parties, so nothing is left to guesswork.

This approach ensures that responsibilities and obligations remain clear for everyone involved. Nothing is assumed, and nothing is overlooked, helping both Parties stay aligned and confident.

Acknowledgment and Acceptance

At PIVOTALLOX SOLUTIONS, we believe that clarity and trust go hand in hand. By agreeing to this Data Processing Agreement, both Parties confirm that they have carefully read and understood all the terms, and that they accept them fully. This is more than a signature—it’s a shared promise to handle personal data responsibly and respect the trust placed in each other.

This acknowledgment ensures that everyone is on the same page about roles, responsibilities, and the protections in place. It gives both Parties a clear understanding of how to act with care, accountability, and integrity.