Policy between Wishup Technology Pvt. Ltd. (Wishup) and the user of services of Wishup.
to the extent of inconsistency where the provisions of this DPA will prevail. This DPA is
prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and
of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (GDPR), and more specifically in compliance with Article 28 and 29.
1. DEFINITION AND SCOPE
The definitions of “personal data”, “processor” and “controller” shall have the same
meaning as prescribed in the GDPR.
This DPA applies when Wishup processes the User’s data for offering remote Virtual
Assistants, Contractors or Consultants who provide help with technical, non-technical and/ or
specialised professional services for entrepreneurs, businesses and professionals
(“Service(s)”). For the purposes of this DPA, the User shall be termed as the controller and
Wishup shall be considered as the processor.
2. DATA PROCESSING
(i) Purpose: Wishup confirms that while processing the User’s data it shall only act in
accordance with the instructions received from the controller and as may be
necessary for the purposes of providing Services to the User.
(ii) Duration: The duration for which the data shall be processed by the processor
would be limited to the User’s subscription of Wishup’s services and shall be
determined by the User.
(iii) Nature of Processing: The nature of data processing by the controller shall be in
(iv) Type of personal data and categories of data subjects: The processor has
User’s representatives, users, and any other individuals identified or identifiable by
the User’s personal data and information
(v) Obligations and rights of the controller: The rights and obligations of the
controller are provided under this DPA.
(vi) Confidentiality: As the processor, Wishup will not access, use or disclose to any
third party except to the extent that may be necessary to provide the Services, and
information with its Virtual Assistants or Employees who are under an obligation to
maintain confidentiality and have signed a Non-Disclosure Agreement with
Wishup. The access to User’s data by such Virtual Assistants or Employees would be limited to the extent necessary for the provision of Services and with consent of
the User. Wishup may be under an obligation to disclose User’s data to comply
with law or an order of a governmental body, in which case Wishup will provide
reasonable notice to the User for the same
3. SECURITY OF DATA
Wishup uses commercially reasonable physical, administrative and technological safeguards
and security measures to protect against unauthorised access to all information that it
collects and processes. These security measures include and are not limited to the following:
(a) the pseudonymisation and encryption of personal data;
(b) ensuring the ongoing confidentiality, integrity, availability and resilience of processing
systems and services;
(c) restoring the availability and access to personal data in a timely manner in the event of a
physical or technical incident; and
(d) periodical testing, assessing and evaluating the effectiveness of technical and
organisational measures for ensuring the security of the processing.
In the event that any information under Wishup’s control is compromised as a result of a
breach of security, Wishup will take reasonable steps to investigate the situation and, where
appropriate, notify the data subjects if the data is compromised and undertake appropriate
measures as available in law.
In case the Users wish to audit and verify the security measures adopted by the Wishup,
they may do so by making a written request to Wishup clearly stating the reasons and the
objective of making the request. Upon being satisfied of the reasonableness and bona fides
of the request for audit or verification, Wishup may allow the Users an opportunity to carry
out the security audit and verification.
By using Wishup’s Services, the User authorises Wishup to sub-contract its data Processing
obligations under this DPA to third-party vendors and other service providers as needed to
fulfill the User’s Service requests or to perform services on behalf of Wishup such as billing,
emailing, payment processing, hosting, and record-keeping services. As on the date of this
DPA, the following sub-processors are engaged by Wishup:
i. Algolia Inc. – For internal app searches
ii. Zapier Inc. – For operational processes
iii. Zoho Corporation Pvt. Ltd. – For billing related services
iv. Facebook Inc. – For advertisements
v. Mailchimp – For sending newsletters to Users
vi. Pipedrive Inc. - Customer Relationship Management
vii. Amazon Web Services (AWS) – Server
Wishup warrants that the same data protection obligations as set out in this DPA also apply
to its sub-processors, to the extent applicable to the nature of the Services provided by such
Sub-processor. Any copies of the agreement with a sub-processor would be provided to the
User only upon a request being made by the User. If a User has any objection to the
appointment of a sub-processor, the same shall be made in writing to Wishup. In the event
that Wishup appoints new or additional sub-processors, the same shall be notified to the
Users within 30 days of appointing such sub-processor.
5. TERMINATION AND DELETION OF DATA
the personal data available with Wishup pertaining to the User shall either be deleted or
made available to the User for retrieval. This shall be subject to any legal obligations that
Wishup may have to retain certain personal data.
6. SECURITY INCIDENT MANAGEMENT
Wishup shall, to the extent permitted by law, notify the User of any breach of security or
security incident within a period of 48 hours of becoming aware of the security incident. The
notification for security incident shall include details and particulars about the nature of the
incident, data and time of the incident taking place, number of Users affected, categories of
data involved, measures taken to address the incident and mitigate the possible adverse
effects, the name and contact details of the data protection officer or other contact, and a
description of the likely consequences of the incident.
7. DISPUTE RESOLUTION AND EXCLUSIVE JURISDICTION
Users agree that any dispute or difference arising out of or in connection with this DPA shall
be resolved by a sole arbitrator mutually appointed under the Arbitration and Conciliation
Act, 1996, as amended from time to time. The decision of the arbitrator shall be final and
binding. The juridical seat of arbitration would be in New Delhi, India. Courts at New Delhi,
India would have exclusive jurisdiction over any dispute or legal proceedings arising out of or
in connection with this DPA.
8. ENTIRE AGREEMENT/ SEVERABILITY
additional agreements the User may enter into with Wishup in connection with the Services,
shall constitute the entire agreement between the User and Wishup concerning the Services.
If any provision of this DPA is deemed invalid by a court of competent jurisdiction, the
invalidity of such provision shall not affect the validity of the remaining provisions of the DPA
This DPA was last updated on 20th of May, 2020.
Wishup takes care of all those tasks that keep you from achieving your goals. Give us your to-do list and make time for
things that truly matter to your business’ growth.