DPDP Act Cross-Border Data Transfer

If the Services involve digital personal data subject to the Digital Personal Data Protection Act, 2023, each party shall comply with its applicable obligations as Data Fiduciary, Data Processor, or equivalent role. Vendor shall process such personal data only on documented instructions, support Client's notice, consent, grievance, and data-principal request obligations where applicable, maintain reasonable security safeguards, and promptly notify Client of any personal data breach or suspected unauthorized processing. Vendor shall not transfer personal data to a jurisdiction or recipient prohibited by applicable law or by a written instruction from Client, and shall flow down materially equivalent obligations to approved sub-processors.