Supplier Data Processing Agreement (DPA)Last Updated: February 2025
Part C — Supplier Data Processing Agreement (DPA)This Data Processing Agreement ("DPA") governs the processing of personal data by Suppliers on the Himalay.io Platform in connection with the services provided to Buyers.
1. DEFINITIONSFor the purposes of this DPA:
  • "Data Controller" means the Buyer who determines the purposes and means of processing personal data.
  • "Data Processor" means the Supplier who processes personal data on behalf of the Data Controller.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data, including collection, storage, use, and disclosure.
2. SCOPE AND PURPOSEThis DPA applies when Suppliers process personal data on behalf of Buyers in connection with orders, RFQs, communications, and other transactions facilitated through the Platform. Suppliers agree to process personal data only for the purposes specified by the Buyer and in accordance with applicable data protection laws.
3. OBLIGATIONS OF THE DATA PROCESSOR (SUPPLIER)Suppliers agree to:
  • Process personal data only in accordance with the Buyer's instructions
  • Implement appropriate technical and organizational measures to ensure security
  • Maintain confidentiality of personal data
  • Assist the Buyer in responding to data subject requests
  • Notify the Buyer promptly of any data breaches
  • Return or delete personal data upon termination of the agreement
4. DATA SECURITYSuppliers must implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. Such measures shall include encryption, access controls, regular security assessments, and staff training.
5. SUB-PROCESSORSSuppliers may engage sub-processors only with the Buyer's prior written consent. Suppliers remain fully liable for the acts and omissions of their sub-processors.
6. DATA SUBJECT RIGHTSSuppliers shall assist Buyers in responding to requests from data subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, and portability.
7. INTERNATIONAL TRANSFERSIf Suppliers transfer personal data outside the jurisdiction where it was collected, they must ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
8. AUDIT RIGHTSBuyers have the right to audit Suppliers' compliance with this DPA, subject to reasonable notice and confidentiality obligations.
9. TERM AND TERMINATIONThis DPA remains in effect for as long as Suppliers process personal data on behalf of Buyers. Upon termination, Suppliers must return or delete all personal data in accordance with the Buyer's instructions.
10. CONTACT INFORMATIONFor questions regarding this DPA, please contact us at [privacy@himalay.io]
Padamade Private LimitedHiranandani Estate, Patlipada, Off G.B Road, Thane West, Maharashtra, India, 400607
Our CompanyAbout UsTeam
LegalPrivacy PolicyCookie PolicyTerms of Use
Contact Us
+91 98204 74438info@himalay.io
Copyright © 2025 Himalay.io. All rights reserved.