Logo
Back to Home
Legal Document

Data Processing Agreement

This Data Processing Agreement forms part of the agreement between RINS.AI Pvt Ltd ("Processor") and the customer ("Controller") who subscribes to RINS.AI services, where RINS.AI processes personal data on behalf of the customer in the context of GDPR or similar laws.

Last Updated: December 9, 2025

1. Subject Matter and Duration

The subject matter of processing is the personal data submitted or connected to RINS.AI services for privacy, governance and ESG assessments. The duration of processing is the term of the main service agreement, unless otherwise required by law.

2. Nature and Purpose of Processing

RINS.AI processes personal data only to provide the contracted services, including analysis, reporting, storage, and related support, in accordance with the customer's instructions.

3. Types of Personal Data and Data Subjects

Types of personal data may include names, contact details, identifiers, user account data and other information contained in evidence or systems connected by the customer. Data subjects may include employees, customers, suppliers and other individuals whose data is processed by the customer.

4. Processor Obligations

RINS.AI shall:

  • 1Process personal data only on documented instructions from the customer.
  • 2Ensure persons authorized to process data are bound by confidentiality.
  • 3Implement appropriate technical and organizational security measures.
  • 4Assist the customer with data subject requests where feasible.
  • 5Assist with data protection impact assessments where relevant.
  • 6Notify the customer without undue delay of personal data breaches.
  • 7Maintain records of processing activities where required by law.

5. Subprocessors

The customer authorizes RINS.AI to engage subprocessors for hosting, infrastructure, analytics and related functions, provided that RINS.AI enters into written data protection terms with such subprocessors. A list of current subprocessors is available upon request.

6. International Transfers

Where personal data is transferred outside the EEA or other relevant regions, RINS.AI will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms.

7. Data Subject Requests

Taking into account the nature of processing, RINS.AI will assist the customer in responding to requests from data subjects to exercise their rights under applicable data protection laws, where feasible and subject to agreed terms.

8. Data Breach Notification

In the event of a personal data breach, RINS.AI will notify the customer without undue delay after becoming aware of the breach and provide reasonable cooperation and information to support the customer's obligations.

9. Data Deletion or Return

Upon termination of the services, RINS.AI will, at the customer's choice, delete or return personal data, unless retention is required by law. Certain backups may be retained for a limited period before being overwritten.

10. Audits

RINS.AI will make available information necessary to demonstrate compliance with this DPA and will allow for audits or inspections by the customer or an appointed auditor, subject to reasonable notice, scope and confidentiality.

11. Priority

In the event of conflict between this DPA and the main service agreement with respect to data protection, this DPA shall prevail to the extent of the conflict.