Data Processing Addendum (DPA) – CybroCRM
This Data Processing Addendum (“DPA”) forms part of the Terms & Conditions between CybroCRM (“Processor”) and the customer (“Subscriber” or “Controller”).
This DPA governs the processing of personal data by CybroCRM on behalf of the Subscriber.
- Definitions
- “Controller” – The entity that determines the purposes and means of processing personal data
- “Processor” – CybroCRM, which processes data on behalf of the Controller
- “Personal Data” – Any information relating to an identifiable individual
- “Processing” – Any operation performed on personal data (collection, storage, use, etc.)
- “Data Subject” – The individual whose data is processed
- Scope of Processing
CybroCRM processes personal data only:
- To provide CRM services
- Based on instructions from the Subscriber
- In accordance with applicable data protection laws
Types of Data Processed:
- Contact details (name, email, phone)
- Business-related data
- Customer interaction data
Categories of Data Subjects:
- Customers
- Leads
- Employees (if applicable)
- Roles & Responsibilities
Subscriber (Controller):
- Determines purpose of data processing
- Ensures lawful collection of data
- Obtains necessary consents
CybroCRM (Processor):
- Processes data only as instructed
- Ensures data security
- Assists in compliance obligations
- Data Processing Obligations
CybroCRM agrees to:
- Process data only for specified purposes
- Not use data for its own benefit
- Maintain confidentiality of all data
- Ensure authorized personnel access only
- Data Security Measures
CybroCRM implements appropriate technical and organizational measures, including:
- SSL encryption
- Secure servers and infrastructure
- Access control systems
- Regular system monitoring
- Sub-Processors
CybroCRM may engage third-party sub-processors (e.g., hosting, analytics, payment providers).
- Sub-processors are bound by data protection obligations
- CybroCRM remains responsible for their actions
- A list of sub-processors may be provided upon request
- Data Transfers
- Data may be processed in locations where CybroCRM or its providers operate
- CybroCRM ensures appropriate safeguards for cross-border data transfers
- Data Subject Rights
CybroCRM will assist the Subscriber in fulfilling requests related to:
- Access to data
- Correction of data
- Deletion of data
- Data portability
Requests should be initiated by the Subscriber.
- Data Breach Notification
In case of a data breach, CybroCRM will:
- Notify the Subscriber without undue delay
- Provide relevant details of the breach
- Take necessary steps to mitigate impact
- Data Retention & Deletion
- Data is retained as per subscription terms.
- Upon termination:
- Data is retained for a limited period (as defined in policy)
- After that, data is permanently deleted
- Audit Rights
- The Subscriber may request information regarding data protection practices
- CybroCRM may provide compliance documentation upon reasonable request
- Confidentiality
CybroCRM ensures:
- All personnel handling data are bound by confidentiality obligations
- Data is not disclosed without authorization
- Liability
- Each party is responsible for its own compliance
- Liability is subject to the limitations defined in the Terms & Conditions
- Governing Law
This DPA is governed by the laws of India, unless otherwise required by applicable data protection regulations.
- Changes to This DPA
CybroCRM may update this DPA to reflect:
- Legal requirements
- Changes in services
Updates will be communicated via the website.
- Contact Information
For data protection inquiries:
- Email: admin@cybrocrm.com
- Address: Cybros Infotech PVT LTD, Bangalore