🎉 Get Free Consultation and $100 OFF➜


This Data Processing Addendum (“DPA”) supplements the Terms of Use and the Privacy Policy between Wishup Technology Pvt. Ltd. (Wishup) and the user of services of Wishup. This DPA is to be read in consonance with the Terms of Use and the Privacy Policy except to the extent of inconsistency where the provisions of this DPA will prevail. This DPA is prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), and more specifically in compliance with Article 28 and 29.


The definitions of “personal data”, “processor” and “controller” shall have the same meaning as prescribed in the GDPR.

This DPA applies when Wishup processes the User’s data for offering remote Virtual Assistants, Contractors or Consultants who provide help with technical, non-technical and/ or specialised professional services for entrepreneurs, businesses and professionals (“Service(s)”). For the purposes of this DPA, the User shall be termed as the controller and Wishup shall be considered as the processor.


(i) Purpose: Wishup confirms that while processing the User’s data it shall only act in accordance with the instructions received from the controller and as may be necessary for the purposes of providing Services to the User.

(ii) Duration: The duration for which the data shall be processed by the processor would be limited to the User’s subscription of Wishup’s services and shall be determined by the User.

(iii) Nature of Processing: The nature of data processing by the controller shall be in accordance with the Privacy Policy and the Terms of Use.

(iv) Type of personal data and categories of data subjects: The processor has access to the personal data as specified in the Privacy Policy, particularly under Clause 2 of the Privacy Policy. The categories of data subjects could include the User’s representatives, users, and any other individuals identified or identifiable by the User’s personal data and information

(v) Obligations and rights of the controller: The rights and obligations of the controller are provided under this DPA.

(vi) Confidentiality: As the processor, Wishup will not access, use or disclose to any third party except to the extent that may be necessary to provide the Services, and in accordance with Wishup’s Privacy Policy. Wishup may share the User’s information with its Virtual Assistants or Employees who are under an obligation to maintain confidentiality and have signed a Non-Disclosure Agreement with Wishup. The access to User’s data by such Virtual Assistants or Employees would be limited to the extent necessary for the provision of Services and with consent of the User. Wishup may be under an obligation to disclose User’s data to comply with law or an order of a governmental body, in which case Wishup will provide reasonable notice to the User for the same


Wishup uses commercially reasonable physical, administrative and technological safeguards and security measures to protect against unauthorised access to all information that it collects and processes. These security measures include and are not limited to the following:

(a) the pseudonymisation and encryption of personal data;
(b) ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) restoring the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(d) periodical testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

In the event that any information under Wishup’s control is compromised as a result of a breach of security, Wishup will take reasonable steps to investigate the situation and, where appropriate, notify the data subjects if the data is compromised and undertake appropriate measures as available in law.

In case the Users wish to audit and verify the security measures adopted by the Wishup, they may do so by making a written request to Wishup clearly stating the reasons and the objective of making the request. Upon being satisfied of the reasonableness and bona fides of the request for audit or verification, Wishup may allow the Users an opportunity to carry out the security audit and verification.


By using Wishup’s Services, the User authorises Wishup to sub-contract its data Processing obligations under this DPA to third-party vendors and other service providers as needed to fulfill the User’s Service requests or to perform services on behalf of Wishup such as billing, emailing, payment processing, hosting, and record-keeping services. As on the date of this DPA, the following sub-processors are engaged by Wishup:

i. Algolia Inc. – For internal app searches
ii. Zapier Inc. – For operational processes
iii. Zoho Corporation Pvt. Ltd. – For billing related services
iv. Facebook Inc. – For advertisements
v. Mailchimp – For sending newsletters to Users
vi. Pipedrive Inc. - Customer Relationship Management
vii. Amazon Web Services (AWS) – Server

Wishup warrants that the same data protection obligations as set out in this DPA also apply to its sub-processors, to the extent applicable to the nature of the Services provided by such Sub-processor. Any copies of the agreement with a sub-processor would be provided to the User only upon a request being made by the User. If a User has any objection to the appointment of a sub-processor, the same shall be made in writing to Wishup. In the event that Wishup appoints new or additional sub-processors, the same shall be notified to the Users within 30 days of appointing such sub-processor.


In case of termination or expiry of the Terms of Use and the User’s subscription with Wishup, the personal data available with Wishup pertaining to the User shall either be deleted or made available to the User for retrieval. This shall be subject to any legal obligations that Wishup may have to retain certain personal data.


Wishup shall, to the extent permitted by law, notify the User of any breach of security or security incident within a period of 48 hours of becoming aware of the security incident. The notification for security incident shall include details and particulars about the nature of the incident, data and time of the incident taking place, number of Users affected, categories of data involved, measures taken to address the incident and mitigate the possible adverse effects, the name and contact details of the data protection officer or other contact, and a description of the likely consequences of the incident.


Users agree that any dispute or difference arising out of or in connection with this DPA shall be resolved by a sole arbitrator mutually appointed under the Arbitration and Conciliation Act, 1996, as amended from time to time. The decision of the arbitrator shall be final and binding. The juridical seat of arbitration would be in New Delhi, India. Courts at New Delhi, India would have exclusive jurisdiction over any dispute or legal proceedings arising out of or in connection with this DPA.


This DPA together with any amendments, the Terms of Use, the Privacy Policy and any additional agreements the User may enter into with Wishup in connection with the Services, shall constitute the entire agreement between the User and Wishup concerning the Services. If any provision of this DPA is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of the DPA and the provisions contained in the Terms of Use or the Privacy Policy.

This DPA was last updated on 20th of June, 2020.