Data Processing Agreement (DPA)
Sets out how Praathee Technologies Pvt Ltd processes personal data on behalf of Customer, in accordance with Article 28 of the GDPR and other applicable data protection laws.
Effective Date: October 7, 2025 • Last Updated: October 7, 2025
This Data Processing Agreement ("DPA") is part of the Terms of Service between PraDocs.com (Praathee Technologies Pvt Ltd) ("Processor", "we", "our", or "us") and the Customer ("Controller", "you", or "your"). This DPA reflects the parties' agreement with respect to the processing of personal data in accordance with Article 28 of the GDPR and other applicable data protection laws.
On this page
1. Definitions
- "Controller" means the party responsible for deciding the purpose and use of personal data.
- "Processor" means the entity that processes the personal data on behalf of the Controller.
- "Data Subject" means the individual to whom the personal data is related.
- "Personal Data" means any information related to an identified or identifiable natural person.
- "Sub-Processor" means any third party appointed by PraDocs to process personal data on behalf of the Controller.
2. Subject Matter & Duration
This DPA governs PraDocs's processing of personal data on behalf of the Customer. Processing continues for the duration of the Customer's subscription or until termination of services.
3. Nature & Purpose of Processing
PraDocs processes personal data solely for the following purposes:
- Provide, maintain, and improve the PraDocs SaaS platform.
- Secure storage and retrieval of documents and files.
- Manage customer accounts, billing, and authentication.
- Provide technical and customer support.
- Ensure compliance with applicable laws and regulations.
4. Obligations of PraDocs (Processor)
PraDocs shall:
- Process personal data only on documented instructions from the Customer.
- Ensure confidentiality and security of personal data.
- Implement appropriate technical and organizational measures in accordance with Article 32 GDPR.
- Ensure that persons authorized to process personal data are subject to confidentiality.
- Notify the Customer without undue delay after becoming aware of a personal data breach.
- Assist the Customer in responding to data subject requests under Articles 15–22 GDPR.
- Assist with data protection impact assessments (DPIA) where applicable.
- Delete or return personal data upon termination of services, unless legally required to retain it.
5. Obligations of the Customer (Controller)
The Customer shall:
- Ensure they have a lawful basis for processing personal data through PraDocs.
- Provide clear instructions to PraDocs for processing.
- Remain responsible for the accuracy, quality, and legality of personal data.
- Comply with GDPR and other applicable data protection laws.
6. Sub-Processors
PraDocs may engage Sub-Processors to support service delivery. The current list of approved Sub-Processors is available at our Sub-Processor List.
For a countersigned copy of this DPA, contact support@pradocs.com.