Vedhunt InfoTech may process data solely for the following business purposes:

• Website & App development services
• Automation, Analytics, and Reporting (SQL, Power BI, Python, BI tools)
• Digital Marketing and Lead Management (Google, Meta, LinkedIn, etc.)
• Accounting & Financial MIS Automation
• Healthcare and Insurance Vendor Analytics (non-clinical data)
• Any additional service explicitly defined in the client’s project scope

Vedhunt shall not process or use the Client’s data for any purpose other than what is contractually agreed.

4.1 Client (Data Controller)

The Client determines:

• The categories of data processed.
• The lawful basis for processing.
• Instructions provided to Vedhunt InfoTech.

The Client ensures data shared is obtained lawfully and does not violate any third-party rights.

4.2 Vedhunt InfoTech (Data Processor)

Vedhunt agrees to:

• Process data only on documented instructions from the Client.
• Implement technical and organizational measures to protect data.
• Ensure confidentiality of all personnel with access to data.
• Not engage any sub-processor without written consent.
• Assist the Client in ensuring compliance with applicable laws.

Depending on the service, Vedhunt may process:

• Contact details (name, email, phone, company info)
• Project data and reports
• Transaction or performance data
• System or log data (e.g., Power BI logs, SQL transactions)
• Non-clinical healthcare data (member IDs, claim reference IDs — anonymized)

Sensitive Personal Data (if applicable):
In limited cases (e.g., healthcare vendors), only pseudonymized or masked data is used, ensuring no direct identifiers are accessible.

Vedhunt may use third-party service providers (e.g., AWS, Azure, Google Cloud, Microsoft Power BI, Sendinblue, or Zoho) to perform specific functions.

Vedhunt ensures that:

• Sub-processors are bound by written contracts ensuring equivalent data protection.
• Clients are informed and may object to specific sub-processors.

Data transfers comply with international standards (Standard Contractual Clauses or similar).

Vedhunt InfoTech implements reasonable security practices under Indian IT Rules and industry-standard measures, including:

• SSL/TLS encryption for all transmissions
• Encrypted storage for client files and databases
• Role-based access control (RBAC)
• Regular security audits and firewall protection
• Daily backups and disaster recovery systems
• 2FA and VPN-based access for internal operations

If a data breach occurs, Vedhunt will promptly notify the Client (within 72 hours) with full details and corrective actions.

• All data, project information, and deliverables are treated as confidential.
• Employees, contractors, and partners are bound by NDAs.
• Confidentiality obligations remain effective even after contract termination.

Vedhunt retains client data only as long as necessary for the project or as required by law.

Upon completion or termination of the engagement:

• All personal data will be securely deleted, anonymized, or returned to the Client.
• Backup copies will be purged within 30 to 60 days unless required for legal compliance.

Vedhunt assists the Client in fulfilling requests from data subjects, including:

• Access, correction, or deletion of their personal data.
• Restriction or objection to processing.
• Data portability (where applicable).

Vedhunt shall not respond directly to such requests without prior approval from the Client.

If data is transferred outside India (e.g., hosting or cloud services), Vedhunt ensures:

• The transfer complies with applicable legal safeguards.
• Only GDPR-compliant cloud providers (e.g., AWS, Azure, GCP) are used.
• Data remains encrypted during and after transfer.

• Vedhunt will make available all information necessary to demonstrate compliance.
• The Client may, upon reasonable notice, audit Vedhunt’s data handling procedures (once per year).
• Vedhunt will cooperate fully and correct any non-compliance promptly.

In the event of an actual or suspected breach:

1. Vedhunt will notify the Client within 72 hours.
2. The notice will include:
   • Nature and scope of the breach.
   • Data affected.
   • Steps taken to mitigate risks.
3. Vedhunt will work closely with the Client to contain and remediate the issue.

Vedhunt InfoTech’s total liability arising out of data processing shall not exceed the total amount paid by the Client under the service contract during the 6-month period preceding the claim, unless caused by gross negligence or willful misconduct.

This DPA remains in effect:

• For as long as Vedhunt processes data on behalf of the Client; or
• Until the termination of all service agreements.

Upon termination:

• Vedhunt will delete or return all client data (as per Section 9).
• Any surviving confidentiality and security obligations remain binding.

This Agreement shall be governed by and construed under the laws of India.
All disputes shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra, India.

For data protection inquiries or concerns:

📧 Email: privacy@vedhunt.com
📞 Phone: +91 86524 10289
🏢 Address: Vedhunt InfoTech, Pune, Maharashtra, India

By signing a Service Agreement or engaging Vedhunt InfoTech’s services, the Client acknowledges that:

• They have reviewed and accepted this Data Processing Agreement.
• This DPA forms part of the binding contractual relationship between Vedhunt and the Client.