Last Updated: 16th December 2025
This Data Processing Agreement ("DPA") forms part of the Terms of Use (or other similarly titled written or electronic agreement addressing the same subject matter) ("Agreement") between Customer (as defined in the Agreement) and IVC Venture International Innovations Pvt. Ltd. under which the Processor provides the Controller with the software and services (the "Services"). The Controller and the Processor are individually referred to as a "Party" and collectively as the "Parties".
The Parties seek to implement this DPA to comply with the requirements of EU GDPR (defined hereunder) in relation to Processor's processing of Personal Data (as defined under the EU GDPR) as part of its obligations under the Agreement.
This DPA shall apply to Processor's processing of Personal Data, provided by the Controller as part of Processor's obligations under the Agreement.
Except as modified below, the terms of the Agreement shall remain in full force and effect.
Terms not otherwise defined herein shall have the meaning given to them in the EU GDPR or the Agreement. The following terms shall have the corresponding meanings assigned to them below:
This DPA sets out various obligations of the Processor in relation to the Processing of Personal Data and shall be limited to the Processor's obligations under the Agreement. If there is a conflict between the provisions of the Agreement and this DPA, the provisions of this DPA shall prevail.
The Controller authorizes permission to the Processor to process the Personal Data to the extent of which is determined and regulated by the Controller. The current nature of the Personal Data is specified in Annex I to Schedule 1 to this DPA.
The objective of Processing of Personal Data by the Processor shall be limited to the Processor's provision of the Services to the Controller and or its Client, pursuant to the Agreement.
The Processor will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing by the Controller.
The Data Controller shall have the following obligations:
The Data Processor shall have the following obligations:
To Process the Personal Data, the Processor will use personnel who are:
The Controller has the following audit rights:
Any Data Transfer for the purpose of Processing by the Processor in a country outside the European Economic Area (the "EEA") shall only take place in compliance as detailed in Schedule 1 to the DPA. Where such model clauses have not been executed at the same time as this DPA, the Processor shall not unduly withhold the execution of such template model clauses, where the transfer of Personal Data outside of the EEA is required for the performance of the Agreement.
Regarding Sub-processors:
Regarding Personal Data Breaches:
Regarding data retention and deletion:
Having regard to the state of technological development and the cost of implementing any measures, the Processor will take appropriate technical and organizational measures against the unauthorized or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (a) the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage; and (b) the nature of the data to be protected [including the measures stated in Annex II of Schedule 1].
Data exporter is established in an EEA country. The competent supervisory authority is as determined by application of Clause 13 of the EU SCCs.
Description of the technical and organisational security measures implemented by IVC Venture International Innovations Pvt. Ltd. as the data processor/data importer to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons.
IVC Venture International Innovations Pvt. Ltd. personnel are required to conduct themselves in a manner consistent with the company's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. IVC Venture International Innovations Pvt. Ltd. conducts reasonably appropriate background checks on any employees who will have access to client data under this Agreement, including in relation to employment history and criminal records, to the extent legally permissible and in accordance with applicable local labor law, customary practice and statutory regulations.
Personnel are required to execute a confidentiality agreement in writing at the time of hire and to protect Customer Personal Data at all times. Personnel must acknowledge receipt of, and compliance with, IVC Venture International Innovations Pvt. Ltd.'s confidentiality, privacy and security policies. Personnel are provided with privacy and security training on how to implement and comply with the Information Security Program. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role (e.g., certifications). IVC Venture International Innovations Pvt. Ltd.'s personnel will not process Customer Personal Data without authorization.
The controller has authorized the use of the following sub-processors:
| Name of Sub-Processor | Description of Processing | Location of Other Processor |
|---|---|---|
| Amazon Web Services | Hosting the Production Environment | Asia Pacific (Mumbai) ap-south-1 |