Article 28 processing terms
PRAMAAN processes personal data only on documented customer instructions for identity, worker-badge, consent, DSR, billing, and support workflows.
GDPR Article 28 · template · 22 May 2026
Data Processing Addendum
Enterprise customers may attach this template to their PRAMAAN order form or master services agreement. It documents PRAMAAN processor commitments for GDPR, DPDP, security, sub-processors, DSR assistance, and deletion.
Download DPA template PDFConfidentiality and access control
Personnel and automation agents receive least-privilege access. Production access is logged, reviewed, and limited to India-region systems unless a customer contract says otherwise.
Sub-processors
PRAMAAN maintains a public sub-processor register, gives notice before material changes, and keeps onward-processing terms aligned to customer DPAs.
Security measures
Controls include TLS, hardened HTTP headers, encrypted storage, rate limits, PII-safe logging, backup retention, and launch-gate security review evidence.
Data subject rights
PRAMAAN assists with access, correction, erasure, nomination, consent withdrawal, and grievance requests through public DSR and grievance channels.
Deletion and return
At contract end, PRAMAAN deletes or returns customer personal data subject to statutory retention, fraud-prevention holds, backup windows, and written customer instructions.
Legal-review note
This is the launch-ready operating template. Customer-specific DPAs and negotiated enterprise contracts should still be reviewed by counsel before signature.