Contact Info

Line

Hello! Let’s get started. What’s on your mind?

Data Processing Addendum:

This Data Processing Addendum (DPA) contains GDPR clauses to be followed by the parties who signed the Subscription Services with Bharat Payroll, a Product of Pranathi Software Services Pvt, Ltd (subsidiary of Software Programming Group, USA) The agreement is BETWEEN THE PARTIES: Customer/Partner (Hereinafter referred to as Data Controller) & Bharat Payroll Technologies Private Limited with a place of business at Block III, White House, Begumpet, Hyderabad, 500016 (“Bharat Payroll” or “Company”) (Hereinafter referred to as the “Data Processor”). In consideration of the mutual obligations set out in this GDPR Addendum, the parties agree as follows: This agreement details the roles of both parties set forth in GDPR Regulation (EU) 2016/679 under Articles 28, 32, and 82.

Definitions:

1.1 Personal Data

Personal Data means any information relating to an identified or identifiable natural person ('Data Subject'). The following data, often used for the express purpose of distinguishing individual identity, can be classified as Personal Data:

  • a. Name
  • b. Identification Number
  • c. Location data
  • d. An online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of a Natural Person.
  • e. IP Address
  • f. Cookie Identifiers
  • g. Radio Frequency ID (RF ID) tags

1.2 Natural Person/Data Subject

An identifiable Natural Person/Data Subject is one who can be identified, directly or indirectly, by reference to his/her Personal Data.

1.3 Processing

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data by automated means, such as:

  • a. Collection
  • b. Recording
  • c. Organisation
  • d. Structuring
  • e. Storage
  • f. Adaptation or alteration
  • g. Retrieval/Downloading data
  • h. Consultation
  • i. Use
  • j. Disclosure by transmission
  • h. Dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

1.4 Data Controller

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

1.5 Data Processor

Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.

1.6 Data Sub-Processor

Data Sub-Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of Data Processor.

1.7 GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of Personal Data of individuals within the European Union (EU).

1.8 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.

1.9 Personal Data Breach

Personal Data Breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

1.10 Consent

Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to the Data Subject.

1.11 Data Protection Impact Assessment (DPIA)

This activity is carried out to enhance compliance with GDPR where processing operations are likely to result in a high risk to the rights and freedoms of Data Subjects.

1.12 Security Breach

Means (i) any actual or reasonably suspected unauthorized use of, loss of, access to, or disclosure of, Subscriber Data.

1.13 Supervisory Authority

Supervisory authority means an independent public authority established by an EU member state.

Applicability:

This DPA applies under the following conditions:

  • a. If the Data Controller entity signing this Addendum is a party to the MSA, this DPA is an addendum to and forms part of the MSA.
  • b. If the Data Controller has executed an Order Form with Bharat Payroll, this DPA applies to such Order Form and its renewals.
  • c. If the Data Controller is not a party to an Order Form or MSA, this DPA is not valid.
  • d. If the Data Controller is engaging Bharat Payroll through a reseller, this DPA is not valid.
  • e. Both parties warrant compliance with GDPR under this Addendum.

Scope:

  • a. Bharat Payroll processes personal data limited to Name, Phone, E-Mail, and Job Title for business notifications.
  • b. Bharat Payroll ensures user consent is obtained without disrupting operations.
  • c. Bharat Payroll may use cloud services to store personal data.
  • d. Bharat Payroll retains personal data if necessary to track alerts sent to the Data Subject.
  • e. Data Controller is responsible for obtaining consent from its employees for data processing.
  • f. Bharat Payroll will notify the Data Controller in case of a Personal Data Breach.
  • g. Bharat Payroll shall not process Personal Data beyond what is specified in the Agreement.

Warranty by Bharat Payroll:

  • a. Compliance with GDPR obligations.
  • b. Adequate data protection measures throughout the agreement.
  • c. Immediate notification of any complaints, data access requests, or regulatory inquiries related to Personal Data.
  • d. Maintenance of security controls for data protection.

Representation by Bharat Payroll:

  • a. Implement technical and organizational security measures.
  • b. Ensure Data Sub-Processors comply with GDPR.
  • c. Limit data collection to what is necessary.
  • d. Maintain a public list of Sub-Processors on their website.
  • e. Provide all requested compliance information.
  • f. Assist the Data Controller in GDPR compliance and breach notifications.
  • g. Ensure proper training on data privacy and security.

Audit:

Bharat Payroll is ready to undergoe third-party audits for security compliance (ISO 27001, SOC 2, GDPR). Compliance documentation is available upon request

Right to Terminate:

The Data Controller may terminate this DPA if Bharat Payroll fails to comply with security audit requirements.

Mechanism of Data Transfers:

Data transfers outside the EEA will be based on lawful mechanisms such as Standard Contractual Clauses.

Data Incident Management:

Bharat Payroll will notify the Data Controller without undue delay upon discovering a Data Breach.

Return and Erasure of Data Controller Data:

Bharat Payroll provides data retrieval and ensures deletion per retention policies.

Data Protection Officer:

Bharat Payroll has appointed a Data Protection Officer (DPO) as required by GDPR, reachable at enquiry@bharatpayroll.com.

General:

  • 1. Bharat Payroll remains responsible for its own GDPR compliance.
  • 2. This agreement is governed by the law of the Member State in which data processing occurs.
  • 3. Bharat Payroll conducts periodic DPIAs to assess processing risks.

Empowering Your Business with Seamless Payroll Services, HR Software, and Solutions.

Our Services

Our Solutions

Products

Resources

Contact

Our address:

Suite No 413 to 416, West Wing, White House Block- III, Kundanbagh, Begumpet, Hyderabad, TS, India - 500016.

040-69030355

enquiry@bharatpayroll.com

© Copyright 2025 Bharatpayroll (Product of Pranathi Software Services Private Limited) All Rights Reserved.