SSeedicon Events
Discover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
English
EnglishEspañolFrançaisDeutsch日本語
Discover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
Language

Data Processing Agreement (DPA)

Seedicon Events & Seedicon CRM | Effective Date: 1 June 2026 | Version 1.0

This Data Processing Agreement ('DPA') forms part of the Terms of Service between Seedicon Technologies Private Limited ('Processor', 'Company') and the user ('Controller') and governs the processing of personal data of third-party contacts (individuals whose data the Controller uploads, scans, or imports into the Platform). This DPA complies with GDPR Article 28, the DPDP Act 2023, and applicable data protection law.

1. Definitions

  • 'Controller': the user (organiser or CRM user) who determines the purposes and means of processing contact data
  • 'Processor': Seedicon Technologies Private Limited, which processes data on behalf of the Controller
  • 'Data Subject': any individual whose personal data is processed via the Platform (e.g., scanned business card owner, event attendee)
  • 'Personal Data': any information relating to an identified or identifiable natural person
  • 'Processing': any operation performed on personal data

2. Subject Matter and Duration

The Processor will process personal data submitted by the Controller through the Platform's CRM, business card scanning, event registration, and marketing features. Processing shall continue for the duration of the Controller's active subscription or account, and thereafter in accordance with the Data Retention Policy.

3. Nature and Purpose of Processing

  • Storage and retrieval of contact records
  • OCR extraction from business card images
  • Voice note transcription and attachment to contact records
  • Geo-tagging and event context association
  • Email and WhatsApp campaign delivery on the Controller's instruction
  • Follow-up reminder generation

4. Categories of Data Subjects and Personal Data

Data Subjects: business contacts, event attendees, and any individuals whose data the Controller imports.

Personal Data categories: names, email addresses, phone numbers, company and job title, geolocation, voice recordings and transcriptions, event context, and notes added by the Controller.

5. Obligations of the Processor

The Processor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure all personnel authorised to process personal data are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures as described in the Information Security Policy
  • Not engage sub-processors without prior written authorisation (general authorisation is granted for sub-processors listed in Schedule A)
  • Assist the Controller in fulfilling data subject rights requests within required timeframes
  • Assist the Controller with data protection impact assessments where required
  • Delete or return all personal data upon termination of services, as directed
  • Provide all information necessary to demonstrate compliance with this DPA
  • Notify the Controller within 72 hours of becoming aware of a personal data breach affecting Controller data

6. Obligations of the Controller

The Controller shall:

  • Ensure a valid legal basis exists for processing each data subject's personal data
  • Obtain necessary consents before uploading or importing third-party contact data
  • Ensure personal data submitted is accurate and lawfully obtained
  • Comply with applicable data protection laws as the data controller
  • Not instruct the Processor to process data in a manner that violates applicable law
  • Ensure that marketing communications are sent only to data subjects who have provided opt-in consent

7. Sub-processors

The Controller grants general authorisation for the Processor to engage sub-processors. The current list of sub-processors is maintained at seedicon.com/sub-processors and includes:

  • Razorpay Financial Solutions Pvt Ltd (payment processing)
  • Amazon Web Services / Google Cloud Platform (infrastructure hosting)
  • Google Cloud Vision / AWS Textract (OCR processing)
  • OpenAI / Deepgram (voice transcription)
  • Twilio / WhatsApp Business API provider (messaging)

The Processor will provide 30 days' notice before engaging new sub-processors. The Controller may object in writing within that period.

8. International Data Transfers

Where personal data is transferred outside India or the EEA, the Processor shall ensure adequate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms as required by applicable law.

9. Data Subject Rights

The Processor will assist the Controller in responding to data subject rights requests (access, correction, erasure, portability, restriction) within required timeframes. The Controller remains responsible for determining whether requests are valid and for communicating with data subjects.

10. Security Measures

The Processor maintains the security measures described in the Information Security Policy, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access controls, regular penetration testing, and SOC 2-aligned controls.

11. Data Breach Notification

The Processor will notify the Controller within 72 hours of becoming aware of a personal data breach affecting the Controller's data. Notification will include: nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed.

12. Termination and Data Return

Upon termination of the Controller's account, the Processor will, at the Controller's election, delete or return all personal data within 30 days, except where retention is required by law.

13. Governing Law

This DPA is governed by the laws of India. For EU/EEA Controllers, the Standard Contractual Clauses (Module Two: Controller to Processor) are incorporated by reference.

ProductDiscover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
LegalTerms of ServicePrivacy PolicyRefund & Cancellation PolicyAcceptable Use PolicyDisclaimerCommunity GuidelinesAnti-Spam Policy
Data & SecurityData Processing AgreementData Retention PolicyInformation Security PolicyContact Data Usage PolicyBusiness Card Processing Policy
EventsEvent Organizer TermsEvent Attendee Terms
Download App
App Store badgeGoogle Play badge
Scan to download Seedicon Events
Scan to download
iOS & Android
SSeedicon Events
Born in Bengaluru • © 2026 Seedicon Events Inc. All rights reserved.