Data Processing Agreement (DPA)
Data Processing Agreement (DPA)
Effective Date 18-Dec-25
This Data Processing Agreement (“Agreement” or “DPA”) forms part of the terms governing the use of services provided by Multifarious Finvisors Private Limited (“Company”, “Data Processor”, “we”, “our”, “us”) and applies to the processing of personal data of clients, users, or business partners (“Data Subject”) on behalf of the client (“Data Controller”).
This Agreement is intended to ensure compliance with applicable data protection laws and to define the responsibilities of both parties regarding personal data processing.
1. Purpose of Data Processing
The Company processes personal data solely for the purpose of providing financial facilitation, advisory support, documentation assistance, and coordination services, as requested by the Data Controller.
Processing is carried out only to the extent necessary to perform agreed services and in accordance with applicable laws.
2. Scope of Personal Data
Depending on the nature of services, personal data processed may include:
- Name, contact details (email, phone number, address)
- Identity and KYC-related information (as provided by the client)
- Financial and employment details required for service facilitation
- Business or professional information
- Any other data voluntarily shared for service-related purposes
The Company does not knowingly process data beyond what is necessary for the stated purpose.
3. Roles & Responsibilities
Data Controller
The Data Controller:
- Determines the purpose and means of processing personal data
- Confirms that all personal data shared is collected lawfully
- Ensures appropriate consent has been obtained from Data Subjects
Data Processor
The Company:
- Processes personal data only on documented instructions of the Data Controller
- Does not use personal data for its own independent purposes
- Ensures confidentiality and security of personal data
4. Data Security Measures
The Company implements reasonable technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or loss.
Such measures may include:
- Access controls
- Secure storage practices
- Restricted internal access
- Confidentiality obligations for personnel
No method of data transmission or storage is completely secure; however, reasonable safeguards are maintained.
5. Confidentiality
All personnel, contractors, or service providers who have access to personal data are bound by confidentiality obligations and are permitted to process data only as necessary to perform their duties.
6. Data Sharing & Sub-Processing
Personal data may be shared only when necessary:
- With banks, NBFCs, insurers, or regulated institutions for service facilitation
- With service providers supporting IT, communication, or operations
All such sharing is subject to confidentiality and data protection obligations.
The Company does not sell personal data.
7. Data Retention & Deletion
Personal data is retained only for as long as required to:
- Fulfill service obligations
- Meet legal or regulatory requirements
Upon completion of services or upon lawful request, personal data may be deleted or anonymized, subject to applicable laws.
8. Data Subject Rights
Where applicable, Data Subjects may request:
- Access to personal data
- Correction of inaccurate information
- Deletion of data, subject to legal obligations
Such requests may be routed through the Data Controller or directly to the Company where legally permitted.
9. Compliance with Laws
This Agreement is intended to support compliance with:
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Other applicable Indian data protection and privacy regulations
This DPA does not override any mandatory legal or regulatory obligations.
10. Limitation of Liability
The Company shall not be liable for:
- Data inaccuracies provided by the Data Controller
- Lawful disclosures required by authorities
- Breaches caused by factors beyond reasonable control
Liability, if any, shall be limited to the extent permitted under applicable law.
11. Term & Termination
This DPA remains effective for the duration of the data processing activities.
Termination of services shall not affect obligations related to confidentiality and data protection.
12. Amendments
The Company reserves the right to update this DPA to reflect changes in law, regulation, or operational practices. Updates will be published on the website and will take effect upon posting.
13. Governing Law
This Agreement shall be governed by and construed in accordance with the laws of India.
Any disputes shall be subject to the jurisdiction of competent courts in India.
14. Contact Information
For questions or requests related to data protection or this Agreement, please contact us through the details provided on the Contact Us page.