Data Processing Agreement

This Data Processing Agreement (DPA) establishes the terms for CapEngage's processing of personal data on behalf of our customers.

Last updated: January 15, 2025

1. Introduction

This Data Processing Agreement ("DPA") is entered into between CapEngage Technology Solutions Private Limited ("Data Processor") and you ("Data Controller") and governs the processing of personal data by CapEngage on your behalf.

This DPA complies with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act, and other applicable data protection laws.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Data Controller: You, the entity that determines the purposes and means of processing
  • Data Processor: CapEngage, processing personal data on behalf of the Controller
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure)

3. Scope of Processing

CapEngage processes personal data solely for the purpose of providing the Services described in our agreement, including:

  • Workflow automation and communication services
  • CRM and customer data management
  • AI-powered analytics and insights
  • Message delivery and tracking
  • API integrations and data synchronization

Processing is limited to what is necessary for these purposes. CapEngage will not process personal data for other purposes without your written consent.

4. Data Controller Responsibilities

As Data Controller, you are responsible for:

  • Ensuring lawful basis for processing personal data
  • Obtaining necessary consents from data subjects
  • Providing privacy notices to data subjects
  • Responding to data subject access requests
  • Conducting data protection impact assessments where required
  • Notifying CapEngage of changes in legal requirements

You warrant that you have the legal right to provide personal data to CapEngage for processing.

5. Data Processor Obligations

5.1 Security Measures

CapEngage implements appropriate technical and organizational measures:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Incident response procedures
  • Employee training and confidentiality agreements

5.2 Confidentiality

CapEngage ensures that:

  • Authorized personnel have access only to necessary data
  • Sub-processors are subject to equivalent data protection obligations
  • Confidentiality is maintained throughout processing

5.3 Sub-processing

CapEngage may engage sub-processors (cloud providers, communication APIs) with equivalent data protection obligations. You will be notified of any new sub-processors and may object within 30 days.

6. Data Subject Rights

CapEngage assists you in fulfilling data subject rights:

  • Access: Provide copies of personal data upon your request
  • Correction: Update or correct inaccurate data
  • Deletion: Delete data when requested or retention period expires
  • Portability: Export data in machine-readable format
  • Objection: Restrict processing when requested

Data subject requests should be directed to you as Data Controller. CapEngage will provide technical assistance to fulfill these requests.

7. Data Retention and Deletion

CapEngage retains personal data according to:

  • Your instructions and retention settings
  • Applicable legal requirements (tax, audit, regulatory)
  • Service agreement terms

Upon termination or your request, CapEngage will:

  • Delete or return all personal data
  • Securely erase backup copies within 30 days
  • Certify deletion upon request

8. Data Transfers

International data transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by European Commission
  • Adequacy decisions from relevant authorities
  • Compliance with GDPR cross-border transfer requirements
  • Binding Corporate Rules where applicable

CapEngage maintains data centers in India, EU, US, and Singapore to support regional data residency requirements.

9. Breach Notification

In the event of a personal data breach:

  • CapEngage will notify you without undue delay (within 72 hours of discovery)
  • Notification will include nature, scope, consequences, and remedial measures
  • CapEngage will cooperate with your breach response efforts
  • You are responsible for notifying data subjects and supervisory authorities

10. Audit and Compliance

CapEngage maintains compliance through:

  • Annual security audits (SOC 2 Type II)
  • ISO 27001 certification
  • Regular penetration testing
  • Compliance monitoring and documentation

You may request audit reports subject to reasonable notice and confidentiality obligations.

11. Contact Information

DPO Contact: dpo@capengage.com

Legal: legal@capengage.com

Address: Building No 4B, Flat No 304, Olympeo Riverside PH Karjat, Avasare, Raigad, Maharashtra, India - 410101

Company Information

CAPENGAGE TECHNOLOGY SOLUTIONS PRIVATE LIMITED

Building No 4B, Flat No 304, Olympeo Riverside PH Karjat,
Avasare, Raigad, Maharashtra, India - 410101