[email protected] +91 9128364254
Limited Offer Join 1800+ Indian businesses. Get 1-Year Full ERP Free! Claim Now
AccoNova Menu
Home

HRMS Modules

HRMS Payroll Attendance ESS Geo-Fencing Mobile App Features

Industries

Manufacturing IT & Services

Compare

Compare HR ERP Keka Alternative Tally vs AccoNova Top 10 HRMS
Pricing

Resources

Blog Free Tools Coupons
Login
Start Free

Connect with us

Back to Platform
B2B Processing Standards

Data Processing Agreement (DPA)

Table of Contents

1. Scope and Applicability

This Agreement applies to the processing of Personal Data by AccoNova as a Processor on behalf of the Client as a Controller. This processing is performed in connection with the provision of the AccoNova ERP Services as described in the Master Service Agreement (MSA).

The duration of the processing shall be for the term of the MSA. The nature and purpose of the processing is the provision of cloud-based HR, Payroll, and Statutory Compliance services. The types of personal data include employee names, contact details, identification numbers (PAN, Aadhaar), financial details (bank accounts, salary), and employment records.

2. Processor Obligations

AccoNova Solutions PVT LTD acts as a Processor and agrees to:

  • Documented Instructions: Process personal data only on documented instructions from the Controller, unless required by Indian law.
  • Confidentiality: Ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • Compliance Assistance: Assist the Controller in ensuring compliance with obligations regarding security of processing, notification of personal data breaches, and data protection impact assessments.

3. Technical & Organizational Measures

Processor shall maintain a high baseline of technical security, including:

  • Pseudonymization: Using unique UUIDs rather than PII for background database lookups and internal API traffic.
  • Encryption: Maintaining database-level encryption (AES-256) for sensitive salary components and bank identifiers.
  • Access Control: Implementing Role-Based Access Control (RBAC) to ensure only authorized personnel have access to specific data sets.
  • Resilience: Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Audit Trails: Maintaining immutable logs of all data access and modifications within the production environment.

4. Sub-Processing Framework

AccoNova uses a limited number of vetted third-party sub-processors to deliver the SaaS environment. The Controller provides a general authorization for the engagement of sub-processors from the following list:

  • Cloud Infrastructure: Amazon Web Services (AWS) or Microsoft Azure (Data Center Location: India).
  • Content Delivery: Cloudflare (DDoS protection and WAF).
  • Email Delivery: SendGrid or Amazon SES for transactional communications.
  • Backup Services: Backblaze B2 (Encrypted Off-site Backups).

AccoNova shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object to such changes.

5. Data Subject Rights

Taking into account the nature of the processing, AccoNova shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in the DPDPA 2023, including:

  • Right to access personal data.
  • Right to correction and erasure.
  • Right to withdraw consent.
  • Right to grievance redressal.

6. Personal Data Breach Protocol

In the event of a personal data breach, AccoNova shall notify the Controller without undue delay (and in any event within 48 hours) after becoming aware of a personal data breach. The notification shall include:

  • The nature of the breach and the categories of data affected.
  • The likely consequences of the breach.
  • The measures taken or proposed to be taken to address the breach and mitigate its effects.

7. Data Return & Disposal

Within 30 days of subscription termination, Processor shall provide the Controller with the ability to export their organizational data in a standard machine-readable format (CSV/JSON). After this period, any remaining data in the tenant instance will be securely overwritten as per our data disposal policy, unless Indian law requires storage of the personal data.

Special Offer Unlocked!

Get 100.00% OFF on
Aarambh HR (Yearly) (Aarambh HR).

FIRST50
Copied!

Wait! Don't leave empty-handed.

Stop struggling with spreadsheets. Join 1800+ Indian businesses and automate your entire HR with our 1-Year Free Premium HRMS.

  • Smart Payroll Engine
  • Attendance Tracking
  • Employee Self Service
  • 100% Tax Compliant
Start Free HRMS Journey No Credit Card Required • Setup in 2 minutes

AccoNova Assistant

Online

Hello! How can I assist you with AccoNova today?