Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the agreement between Serq, a SaaS-based service management platform operated by Querycode Techno Pvt. Ltd. ("Data Processor", "Serq", "we", "us"), and the customer or business entity using Serq services ("Data Controller", "Customer", "you"). This DPA governs the processing of personal data in connection with Serq services and supplements our Terms & Conditions, Privacy Policy, and Subscription Policy.

1. Definitions

  • "Applicable Data Protection Laws": Includes the Information Technology Act, 2000, Digital Personal Data Protection Act, 2023 (India), GDPR (EU), and other applicable privacy laws.
  • "Personal Data": Any information relating to an identified or identifiable individual.
  • "Processing": Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • "Data Subject": Individual whose personal data is processed.

2. Scope & Purpose of Processing

Serq processes personal data only on documented instructions of the Data Controller for the purpose of:

  • Providing SaaS platform access
  • Account management
  • Service booking & workflow automation
  • Communication (email, SMS, WhatsApp, notifications)
  • Payment and subscription management
  • Technical support and system security

Serq shall not process data for any purpose outside this scope.

3. Categories of Data & Data Subjects

3.1 Data Subjects

  • Customers' end users
  • Service providers/vendors
  • Employees or agents
  • Administrators

3.2 Types of Personal Data

  • Name, phone number, email
  • Address and location (if enabled)
  • Booking and transaction data
  • Login and usage logs
  • Device and IP data

Sensitive personal data is processed only if explicitly enabled by the Controller.

4. Roles & Responsibilities

4.1 Data Controller

  • Determines the purpose and means of processing
  • Ensures lawful basis for data collection
  • Obtains consent from data subjects where required
  • Handles data subject requests

4.2 Data Processor (Serq)

  • Processes data strictly as per instructions
  • Implements appropriate security measures
  • Assists the Controller in compliance
  • Ensures confidentiality

5. Data Security Measures

Serq implements industry-standard safeguards including:

  • SSL/TLS encryption
  • Secure cloud infrastructure
  • Role-based access control
  • Regular security monitoring
  • Limited internal access on a need-to-know basis

No system guarantees absolute security; however, Serq follows best-practice standards.

6. Sub-Processors

Serq may engage sub-processors such as:

  • Cloud hosting providers
  • Payment gateways
  • SMS, Email, WhatsApp API providers
  • Analytics and monitoring tools

All sub-processors are bound by confidentiality and data protection obligations consistent with this DPA.

7. International Data Transfers

Where data is transferred outside India:

  • Transfers are conducted in compliance with applicable laws
  • Adequate safeguards are ensured
  • Data may be stored in secure cloud regions

By using Serq, the Controller authorizes such transfers where required.

8. Data Subject Rights Assistance

Serq will assist the Controller, where technically feasible, in responding to:

  • Access requests
  • Correction or deletion requests
  • Consent withdrawal
  • Data portability (where applicable)

Requests must be submitted via official support channels.

9. Data Breach Notification

In the event of a personal data breach:

  • Serq will notify the Controller without undue delay
  • Details will include nature of breach, affected data, and mitigation steps

Serq will cooperate fully in remediation

10. Data Retention & Deletion

  • Data is retained only for the duration of the active subscription or as required by law
  • Upon termination, data may be deleted or anonymized within a reasonable period
  • Backup data may persist temporarily as part of standard retention cycles

11. Audits & Compliance

  • Serq may provide reasonable information to demonstrate compliance
  • Physical audits are not permitted unless legally mandated
  • Enterprise customers may request compliance documentation

12. Confidentiality

All personal data and business data processed under this DPA are treated as confidential information.

Serq ensures that authorized personnel are contractually bound to confidentiality obligations.

13. Liability & Indemnity

  • Each party is responsible for its own compliance obligations
  • Serq is not liable for unlawful data collected or uploaded by the Controller
  • Liability is limited as defined in the Terms & Conditions

14. Term & Termination

This DPA remains in effect for the duration of data processing activities under the main agreement.

Termination of the main agreement results in termination of this DPA.

15. Governing Law & Jurisdiction

This DPA is governed by the laws of India.

Jurisdiction shall lie exclusively with courts in Patna, Bihar.

16. Contact Information

For data protection and privacy queries:

Querycode Techno Pvt. Ltd.

📧 Email: info@codequery.in

🌐 Website: https://serq.in

Book a Demo
Book Demo
Chat on WhatsApp
Talk to Sales