Data Processing Agreement

This Data Processing Agreement (“DPA”) applies to Clients who share personal data with Nexordr as part of using our Platform. It is essential for Clients targeting EU, UK, or global markets and defines how Client data is processed securely and in compliance with applicable laws.

 

  1. Our Role
  • Nexordr is a technology provider only and acts as a Data Processor.
  • The Client acts as the Data Controller and is responsible for the personal data they collect from their customers.
  • Nexordr processes data only on the Client’s instructions and for the purpose of delivering our services.
  1. What Data We Process
  • Client business data
  • End-user order and transaction data
  • Contact and billing information
  • Technical and usage data
  1. How We Process Data
  • Data is processed only to provide and maintain Nexordr’s services.
  • We do not use Client data for any purpose beyond what is agreed.
  • We do not sell or share Client data with unauthorised third parties.
  1. Data Security
  • We apply industry-standard security measures including encryption, secure servers, and restricted access.
  • All personnel handling data are bound by confidentiality obligations.
  • We notify Clients of any data breach within a reasonable timeframe as required by law.
  1. GDPR Compliance (EU & UK Clients)
  • For Clients in the EU or UK, this DPA complies with the General Data Protection Regulation (GDPR).
  • Clients have the right to:
    • Access their data
    • Request data deletion
    • Restrict processing
    • Data portability
  • Nexordr supports Clients in fulfilling these rights upon written request.
  1. India Compliance
  • For Clients in India, data is processed in accordance with the Digital Personal Data Protection Act (DPDP) 2023.
  • Data is stored and processed responsibly with appropriate safeguards.
  1. International Data Transfers
  • Data may be transferred and processed in regions outside the Client’s home country.
  • All international transfers comply with applicable data protection laws including GDPR and DPDP Act 2023.
  1. Sub-Processors
  • Nexordr may engage trusted sub-processors such as hosting providers, payment gateways, and analytics tools.
  • All sub-processors are bound by data protection obligations equivalent to this DPA.
  • Clients will be informed of any significant changes to sub-processors.
  1. Data Retention & Deletion
  • Data is retained for as long as necessary to deliver services.
  • Upon termination, data is retained for 30 days and then permanently deleted.
  • Clients may request early deletion in writing before the retention period expires.
  1. Contact for Data Requests

For any data processing queries or requests:

  • Email: sales@nexordr.com
  • Company: Nexordr