This Data Processing Agreement is a legal agreement between Quick Response Technologies Pvt. Ltd. ("Recepto", "we", "our", "us") and you (the "Customer", "you"). This Data Processing Agreement supplements our Recepto Services – Terms and Conditions available at https://recepto.ai/terms-and-conditions which you opt into when signing up for Services provided by Recepto. You can opt out anytime by cancelling your Recepto account.
Definitions
"Affiliate" means any entity that directly or indirectly controls, is controlled by or is under common control of a party.
"Controller" means You, the customer.
"Customer Data" means all the information, data or materials that you or your end users share with Recepto and/or received by Recepto in connection with your use of the Services.
"Data Subject" means the individual to whom Personal Data relates.
"Data Protection Law" means all applicable legislation relating to data protection and privacy, including the (Indian) Digital Personal Data Protection Act, 2023, EU Data Protection Directive 95/46/EC, GDPR, and related national implementing laws.
"DPA" means this data processing agreement.
"Personal Data" means any data relating to an identified or identifiable individual where such data is contained within Customer Data and is protected similarly as personal data under applicable Data Protection Law.
"Processor" means Recepto. "Sub-Processor" means any person or entity engaged by Recepto to process Personal Data for the provision of Services to the Customer.
Purpose
In providing the Services, the Processor shall process Customer Data on behalf of the Controller. Customer Data may include Personal Data. The Processor will process and protect such Personal Data in accordance with the terms of this DPA.
Scope
The Processor shall process Personal Data only to the extent necessary to provide the Services in accordance with both the Terms of Service and the Controller's instructions documented in the Terms of Service and this DPA.
Categories of data subjects
Data Subjects shall include Customer's contacts and other end users including Customer's employees, contractors, collaborators, customers, prospects, suppliers and subcontractors.
Types of personal data
Information pertaining to Customer's contacts and other Personal Data such as website/application usage information, messaging data, system usage data, and other electronic data submitted by Customer's end users. Customer confirms that it will not be providing sensitive or special categories of Personal Data to Recepto.
Obligations of the processor
The Processor shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
- Employees and contractors are contractually bound to keep Personal Data confidential;
- staff receive appropriate training on their responsibilities as a data processor; and
- staff are bound by the terms of this DPA.
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including pseudonymisation and encryption of Personal Data, ongoing confidentiality and integrity of processing systems, timely restoration after incidents, and regular testing of security measures.
Obligations of the controller
The Controller represents and warrants that it shall comply with the Terms of Service, this DPA and all applicable Data Protection Laws, and has obtained any necessary permissions and authorizations for the Processor and Sub-Processors to execute their obligations.
Sub-processors
The Controller acknowledges that Affiliates of the Processor may be used as Sub-processors and that the Processor may engage Sub-processors in connection with the provision of the Services. All Sub-processors shall comply with obligations similar to those set out in this DPA.
The current list of Sub-processors can be obtained by sending an email to contact@recepto.ai.
Liability
The limitations on liability set out in the Terms of Service apply to all claims made pursuant to any breach of the terms of this DPA. The Processor shall be liable for breaches caused by Sub-processors to the same extent the Processor would be liable if performing the services directly.
Audit
The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with its processing obligations and allow for audits and inspections subject to reasonable confidentiality provisions.
Data deletion
Upon expiration or termination of the Controller's engagement, Processor shall return or delete all Personal Data save that it may maintain Personal Data for statistical and/or financial purposes on an aggregated or de-identified basis.
Notification of data breach
The Processor shall notify the Controller without undue delay after becoming aware of (and in any event within 72 hours of discovering) any accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to any Personal Data.
Compliance, cooperation and response
If the Processor receives a request from a Data Subject in relation to Personal Data, the Processor will refer the Data Subject to the Controller unless otherwise prohibited by law. The Controller and Processor shall cooperate with supervisory data protection authorities as required.
Term and termination
The term of this DPA shall coincide with the commencement of the Controller's engagement of the Processor and shall terminate automatically together with termination or expiry of such agreement.
General
This DPA sets out the entire understanding of the parties with regards to the subject matter herein. In case of any conflict between the terms of this DPA and the Terms of Service, the terms of this DPA shall take precedence for the subject matter to which it relates.
This DPA shall be governed by the laws of India. The courts of Bangalore, India shall have exclusive jurisdiction for the settlement of all disputes arising under this DPA.