Login
Sign Up

Data Processing Agreement

This Data Processing Agreement (“DPA”) is entered into as of [●] (“Effective Date”) by and between:

Best Nanotech Pvt Ltd, through its division Nanotech Academy, having its office at
523-24, 5th Floor, Tower A,
Emaar Digital Greens, Sector-61,
Gurugram-122011, Haryana, India
Email: talent@bestnanotech.in | Phone: +91 9818817303
(“Controller”)

and

[Vendor Name], a [entity type] organized under the laws of [jurisdiction] with its principal office at [address] (“Processor”).

Controller and Processor each a “Party” and collectively the “Parties.”

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person processed under the Services.
  • “Process/Processing” means any operation performed on Personal Data, including collection, recording, organization, storage, retrieval, use, disclosure, erasure, or destruction.
  • “Purpose” means the performance of the services described in the underlying Master Services Agreement or Purchase Order between the Parties.
  • “Data Protection Legislation” means the Information Technology Act, 2000 (including Rules thereunder), the Digital Personal Data Protection Act, 2023, and any other applicable Indian privacy laws and regulations.

2. Roles and Responsibilities

  • Controller is the data controller, determining the purposes and means of Processing Personal Data.
  • Processor shall process Personal Data only on documented instructions from Controller, to fulfil the Purpose and in accordance with this DPA and Data Protection Legislation.

3. Details of Processing

  • Categories of Data Subjects: Controller’s employees, learners, instructors, and other end users.
  • Categories of Personal Data: names, contact details, demographic data, payment identifiers, usage data, or any other data Controller provides to Processor.
  • Processing Activities: hosting, storing, transmitting, backing up, and otherwise managing Personal Data as necessary to deliver the Services.

4. Processor Obligations

  • Process Personal Data only on Controller’s documented instructions unless required by law.
  • Ensure that personnel authorized to Process Personal Data are bound by confidentiality obligations.
  • Implement and maintain appropriate technical and organisational measures—such as encryption, access controls, vulnerability management, and incident response—to protect Personal Data, aligned with industry standards (e.g., ISO 27001) and Data Protection Legislation.

5. Subprocessors

  • Processor may engage subcontractors (“Subprocessors”) only with Controller’s prior written consent.
  • Processor shall flow down to each Subprocessor corresponding obligations under this DPA and remain fully liable for their compliance.

6. Data Subject Rights

Processor shall, to the extent legally permitted, promptly assist Controller by implementing appropriate technical and organisational measures to fulfil obligations to respond to Data Subject requests (access, correction, erasure, portability, objection) under Data Protection Legislation.

7. Data Breach Notification

  • Processor shall notify Controller without undue delay—and in any event within 48 hours—after becoming aware of any Personal Data breach.
  • Processor’s notification shall describe the nature of the breach, affected data categories, remediation steps taken, and proposed measures to prevent recurrence.

8. Audit and Inspection

Processor shall allow Controller, or an independent auditor appointed by Controller, to conduct audits or inspections (onsite or remote) to verify compliance with this DPA, giving at least 15 days’ prior notice and subject to confidentiality protections.

9. Return or Deletion of Personal Data

Upon termination or expiry of the underlying services agreement, Processor shall, at Controller’s choice, return all Personal Data or securely delete it, unless retention is required by law.

10. Liability and Indemnity

  • Each Party’s liability under this DPA shall be subject to the limitations set forth in the underlying agreement, except that Processor’s indemnity obligations for breaches of Data Protection Legislation shall not be limited.
  • Processor shall indemnify and hold harmless Controller from all losses arising from Processor’s violation of this DPA or applicable Data Protection Legislation.

11. Term and Termination

This DPA shall commence on the Effective Date and continue until all Personal Data is returned or deleted in accordance with Section 9.

12. Governing Law and Jurisdiction

This DPA is governed by Indian law. The courts of New Delhi shall have exclusive jurisdiction over any disputes not subject to arbitration as provided in the underlying agreement.

13. Miscellaneous

  • Any amendment to this DPA must be in writing and signed by both Parties.
  • If any provision of this DPA is held invalid, the remainder shall remain in force.
  • Nothing in this DPA shall limit or affect the Parties’ rights and obligations under the underlying services agreement, except to the extent they relate to Processing of Personal Data.

IN WITNESS WHEREOF, the Parties have executed this Data Processing Agreement as of the Effective Date.

For Best Nanotech Pvt Ltd (Controller)
Name: ________
Title: ________
Date: ________

For [Vendor Name] (Processor)
Name: ________
Title: ________
Date: ________

Best NanoTech Academy is an initiative of Best NanoTech Pvt. Ltd., a pioneer in semiconductor workforce and recruitment. Now training India’s engineers to power the next-gen chip era.

Quick Link

Other Link

Contact Us

Social Profiles

Facebook-f Instagram Linkedin-in Youtube
Copyright © 2025 Best NanoTech Academy, All Rights Reserved.