Parties and roles
This Data Processing Agreement ("DPA") is entered into between the customer organisation ("Controller") and SHATAK Infotech Pvt. Ltd. ("Processor"). It governs the processing of personal data carried out by the Processor when operating Byld360 on the Controller's behalf.
Subject matter and duration
The subject matter is the provision of Byld360 as a service. The duration of processing corresponds to the duration of the underlying subscription, plus any retention windows required by law.
Purpose and nature of processing
- Authenticating users and managing role-based access.
- Storing and retrieving operational records and evidence.
- Generating reports, audit trails and notifications.
- Operating support, diagnostics and incident response.
Categories of data and data subjects
- Data subjects — Controller's employees, subcontractor staff, vendors and other individuals named in operational records.
- Data categories — contact details, role, authentication metadata, work performed, attendance markers, location tags on captured evidence.
Controller obligations
The Controller is responsible for ensuring it has a lawful basis to process personal data uploaded to the Service, for providing notice to data subjects, and for managing role assignments within the Service.
Processor obligations
- Process personal data only on documented Controller instructions.
- Ensure personnel are bound by appropriate confidentiality obligations.
- Implement and maintain the security measures described below.
- Assist the Controller with data-subject requests and impact assessments.
- Notify the Controller of personal-data breaches without undue delay.
Confidentiality
Personnel authorised to process personal data are bound by confidentiality undertakings. Access is granted on a least-privilege basis and reviewed periodically.
Security measures
Technical and organisational controls include TLS in transit, encryption at rest, isolated environments, network segmentation, access logs, change management, dependency scanning and incident response. The full list lives on the Security page.
Breach notification
On becoming aware of a personal-data breach affecting Controller data, the Processor will notify the Controller without undue delay and in any event within 72 hours, with sufficient information for the Controller to meet its own notification obligations.
Subprocessors
The Processor uses the subprocessors listed on the Subprocessors page. The Controller is notified of material changes with reasonable notice and may object on reasonable grounds.
International transfers
Where personal data is transferred outside India, the Processor ensures appropriate safeguards under applicable law, including contractual clauses with the subprocessor concerned.
Retention and deletion
On termination of the underlying subscription, the Processor will delete Controller personal data within 90 days, except where retention is required by law. Backups are overwritten on a defined rotation.
Audit rights
The Processor will, on reasonable notice, make available the information necessary for the Controller to verify compliance with this DPA, including summaries of independent assessments and responses to security questionnaires.
Liability
Liability under this DPA follows the limitations set out in the underlying Terms of Service.
Contact
DPA execution and questions: contact@shatakinfotech.com.
Byld360 is a software product and venture of SHATAK Infotech Pvt. Ltd.. For questions about this document, contact contact@shatakinfotech.com.
