Data Processing Addendum (DPA)
Munafe SaaS Platform | Autom8 Works
1. Data Protection Compliance
The Processor shall process all personal data in accordance with applicable data protection laws, including the Indian Information Technology Act, the Digital Personal Data Protection (DPDP) Act, and, where applicable, the principles of the General Data Protection Regulation (GDPR)[cite: 1].
2. Sub-processor Disclosure
The Controller acknowledges and agrees that the Processor uses the following sub-processors to provide the Munafe service[cite: 1]:
- Meta Platforms, Inc. (WhatsApp Business API): To facilitate end-customer communication and message delivery[cite: 1].
- Cloud Infrastructure Providers: For secure data hosting and backend automation workflows[cite: 1].
The Processor remains fully liable for the performance of these sub-processors' data protection obligations[cite: 1].
3. Details of Processing
| Subject Matter | Provision of WhatsApp-based automated ordering and POS integration[cite: 1]. |
|---|---|
| Nature of Processing | Collection, transmission, and synchronization of order data between WhatsApp and POS systems[cite: 1]. |
| Categories of Data | Names, mobile numbers, delivery addresses, and order specifics[cite: 1]. |
4. Data Breach Notification Procedures
In the event of a personal data breach, the Processor shall[cite: 1]:
- Notify the Controller without undue delay, and in any event within 72 hours of becoming aware of the breach[cite: 1].
- Provide sufficient information to allow the Controller to meet any obligations to report the breach to data protection authorities or subjects[cite: 1].
- Take immediate reasonable steps to mitigate the effects and minimize any damage resulting from the breach[cite: 1].
5. Deletion or Return of Data
Upon termination of the service, the Processor shall, at the choice of the Controller, delete or return all personal data, unless local law requires continued storage[cite: 1].