Article 28 Compliant Framework
Formalizing the contractual relationship between Explyra (Processor) and our customers (Controllers) for secure data handling.
This Data Processing Addendum ("DPA") applies to the processing of personal data by Explyra on behalf of our customers in the course of providing the Explyra Suite services. This DPA is incorporated into and forms part of the Terms of Service between Explyra and the Customer.
The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Data Controller and Explyra is the Data Processor. Each party will comply with the obligations applicable to it under Data Protection Laws (including GDPR and CCPA/CPRA).
Explyra shall process personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country. The Customer's instructions for the processing of personal data shall comply with Data Protection Laws.
Explyra ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. We conduct regular background checks and security training for all personnel with access to production data.
Customer provides a general authorization to Explyra to engage sub-processors. Explyra shall inform the Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Customer the opportunity to object to such changes. We maintain a current list of all sub-processors on our Sub-processors Page.
Explyra has implemented and will maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption of personal data, the ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems.
Explyra shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.
This DPA is automatically effective for all customers using the Explyra platform. If your organization requires a signed version of this DPA, please contact our legal team:
📧 Legal Team: [email protected]
🏢 Legal & Compliance Office · Explyra
📍 New Delhi, India