Solutions

Technology

Resources

Company

Get Early Access →

Overview

Investment Firms

(Neo) Banks

Law Firms

soon

Solutions

Technology

Resources

Company

Overview

Investment Firms

(Neo) Banks

Law Firms

soon

Solutions

Technology

Resources

Company

Solutions

Technology

Resources

Company

Get Early Access →

Data Processing Agreement

NETRA TECHNOLOGIES CORP. DATA PROCESSING AGREEMENT


Effective Date: January 1st, 2025


This Data Processing Agreement (“DPA”) is entered into between any of Netra Technologies Inc.’s customers, pilot members, or other parties eligible to use Netra Technologies Inc.’s software products (“Customer”) and Netra Technologies Inc. (“Netra”, “we”, “us”, or “our”) and forms an integral part of the Agreement between the parties (the “Agreement”). In the event of any conflict between this DPA and the Agreement, the provisions of this DPA shall govern with respect to Netra’s Processing of Personal Data on behalf of Customer.


1. DEFINITIONS

For the purposes of this DPA, the following terms have the meanings set forth below. Capitalized terms not otherwise defined herein shall have the meanings given to them in the Agreement.

1.1 “Agreement” means the contract(s) between Customer and Netra governing the provision of Netra’s products and/or services, including without limitation any Master Agreement, Order Form(s), or any other related documents that expressly incorporate this DPA.

1.2 “Data Protection Legislation” means all applicable data protection and privacy laws, regulations, and guidance (including, where applicable, the EU General Data Protection Regulation (GDPR) and US State Privacy Laws) that relate to the Processing of Personal Data under this DPA.

1.3 “Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data. Customer is the Data Controller with respect to the Personal Data provided to Netra under the Agreement.

1.4 “Data Processor” means the entity that processes Personal Data on behalf of the Data Controller. Netra is the Data Processor.

1.5 “Personal Data” means any information relating to an identified or identifiable natural person that is processed in connection with the services provided by Netra, including any such data provided by Customer pursuant to the Agreement.

1.6 “Processing” or “Process” means any operation or set of operations performed on Personal Data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.

1.7 “Subprocessor” means any third party engaged by Netra to Process Personal Data on behalf of Customer.

1.8 “Security Incident” means any unauthorized or accidental access to, disclosure, alteration, loss, or destruction of Personal Data.

1.9 “Service” means the products, software, and/or services provided by Netra as described in the Agreement, including any Network AI for KYC, KYB, due diligence, fraud analytics, or related services.



2. DATA PROCESSING & INSTRUCTIONS

2.1 Processing in Accordance with Customer Instructions.

Netra shall Process Personal Data only in accordance with the written instructions of Customer as set forth in the Agreement or as otherwise provided in writing by an authorized representative of Customer. If Netra, in its reasonable opinion, believes that any instruction infringes applicable Data Protection Legislation, Netra shall promptly notify Customer and, if required, suspend Processing until Customer provides instructions that are compliant with such legislation.

2.2 Purpose and Scope.

The subject matter, nature, and purpose of the Processing is solely to provide the Service to the Customer. Netra shall Process Personal Data only for the purposes necessary to deliver the Service and in accordance with Customer’s documented instructions.

2.3 Categories of Personal Data.

For the purposes of this DPA, the following types or categories of Personal Data may be processed by Netra in connection with its Service:

  • Basic Identification Data: Full name and any known aliases, Government-issued identifiers (e.g., passport numbers, national identification numbers, driver’s license numbers), Date of birth, Contact Information, Postal or residential addresses, Email addresses, Telephone numbers

  • Professional and Employment Information: Job titles and roles, Company affiliation and employment details Professional background information relevant for risk assessments and due diligence

  • Financial Information (as applicable): Banking and payment information, Transaction histories and related financial data

  • Digital Identifiers and Online Data: IP addresses and device identifiers, Online behavioral data (e.g., cookies or other usage data) collected during interactions with the Service, Biometric Data (if applicable), Facial recognition data or other biometric identifiers used for enhanced identity verification (subject to applicable legal requirements)

  • Publicly Available and Third-Party Data: Data obtained from public records (e.g., corporate registries, official filings, news articles), Aggregated or derived data compiled from multiple sources for network intelligence and risk assessment


Data Subjects under this DPA may include, but are not limited to, individuals such as customers, beneficial owners, directors, officers, employees, and other representatives of legal entities that are subject to screening and due diligence processes by banks, law firms, or similar organizations.



3. SECURITY MEASURES

3.1 Technical and Organizational Measures.

Netra shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures shall be consistent with industry standards and Netra’s internal security policies, and at a minimum shall include:

  • Encryption of data in transit and at rest.

  • Role-based access control (RBAC) with least privilege principles.

  • Continuous monitoring and logging of system activity.

  • Data Anonymization & Request Separation when using 3rd party APIs including:

    • Data providers for data enrichment

    • AI-powered solution providers

  • Regular vulnerability assessments and security audits.


3.2 Modifications.

Netra may update its security measures from time to time, provided that any modifications do not materially reduce the overall level of protection afforded to the Personal Data.

4. SUBPROCESSORS

4.1 Use of Subprocessors.

Netra may engage Subprocessors to assist in providing the Service, provided that Netra remains fully liable for any acts or omissions of such Subprocessors with respect to the Processing of Personal Data. This is the current list of Subprocessors we’re working with: 

  • Microsoft Corporation: Cloud infrastructure, data storage, and hosting services for application and database operations

  • Retool, Inc.: Providing a web application platform for building and hosting user interfaces to facilitate data management and interaction.

  • Vespia: Enriching company and personal data provided by customers to improve data quality and insights.

  • Google LLC (Google Cloud): Providing cloud infrastructure,  and AI/ML services through Vertex AI platform, including large language models (LLMs) for text processing, content generation, and AI-powered analytics. 


4.2 Notification and Objection.

Netra will notify Customer at least thirty (30) days before adding any new Subprocessor to the list. Customer may object in writing to the addition of a new Subprocessor by providing a reasonable justification for the objection. In the event of a valid and substantiated objection, the parties shall work in good faith to either modify the arrangement or, if necessary, Customer may exercise its termination rights under the Agreement without liability.


5. INTERNATIONAL DATA TRANSFERS

5.1 Transfers Outside of the United States of America.
Customer acknowledges that Personal Data may be transferred to and processed in countries outside of e.g., the European Economic Area (EEA), including in the United States. Netra shall ensure that any such transfers comply with applicable Data Protection Legislation by implementing appropriate safeguards. These safeguards may include the EU Standard Contractual Clauses (SCCs) or other approved data transfer mechanisms.

Upon request, Netra will provide a separate SCC agreement for execution to facilitate lawful international data transfers.



6. ASSISTANCE WITH DATA SUBJECT REQUESTS AND REGULATORY INQUIRIES

6.1 Data Subject Requests.

Netra shall promptly notify Customer of any requests received directly from Data Subjects (including requests for access, rectification, erasure, restriction, or portability of Personal Data) and shall provide reasonable assistance to Customer in complying with such requests, provided that Customer remains responsible for responding to the Data Subjects in accordance with applicable Data Protection Legislation.

6.2 Regulatory Inquiries and Audits.

Netra shall provide reasonable assistance to Customer in responding to any investigation or inquiry by a supervisory authority or other governmental body relating to Netra’s Processing of Personal Data. Customer’s audit rights, if any, shall be exercised in accordance with the procedures set forth in the Agreement and subject to reasonable confidentiality obligations.


7. DATA BREACH NOTIFICATION

7.1 Notification Obligation.

In the event of a Security Incident affecting Personal Data, Netra shall notify Customer without undue delay and in any event within 24 hours after becoming aware of the incident, unless prohibited by applicable law. The notification shall include, at a minimum:

A description of the nature of the Security Incident.

The categories and approximate number of Data Subjects affected.

The likely consequences of the Security Incident.

The measures taken or proposed to address the Security Incident and mitigate its effects.

7.2 Cooperation.

Following a Security Incident, Netra shall cooperate with Customer and provide any additional information and assistance reasonably required by Customer to comply with its obligations under Data Protection Legislation.



8. RETENTION AND DELETION

8.1 Retention.

Netra shall retain Personal Data only for as long as is necessary to provide the Service in accordance with the Agreement or as otherwise required by applicable law.

8.2 Return or Deletion.

Upon termination or expiration of the Agreement, and at the Customer’s written request, Netra shall, at Customer’s option, either return or securely delete all Personal Data processed on Customer’s behalf, unless retention is required by applicable law. Any returned data shall be in a structured, commonly used, and machine-readable format.


9. LIABILITY AND INDEMNIFICATION

9.1 Liability.

Netra’s liability with respect to its obligations under this DPA shall be governed by the terms of the Agreement. Nothing in this DPA shall limit or exclude either party’s liability as provided in the Agreement or as required by applicable law.

9.2 Indemnification.

Each party shall indemnify, defend, and hold harmless the other party from and against any claims, losses, or damages arising out of or in connection with a breach of its obligations under this DPA, to the extent permitted by applicable law.



10. TERM AND TERMINATION

10.1 Term.

This DPA shall remain in effect for the duration of the Agreement, unless terminated earlier in accordance with the terms hereof.

10.2 Termination for Non-Compliance.

If Netra fails to comply with its obligations under this DPA or applicable Data Protection Legislation, Customer may terminate the Agreement or this DPA (or exercise any other rights available under the Agreement) without prejudice to any other remedies available at law or in equity.


11. MISCELLANEOU

11.1 Amendments.

Any amendments to this DPA shall be made in writing and signed by both parties.

11.2 Governing Law and Jurisdiction.

This DPA shall be governed by and construed in accordance with the laws of Delaware, USA. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts located in Delaware.

11.3 Notices.

Any notice required or permitted under this DPA shall be in writing and shall be deemed duly given when delivered to the address specified in the Agreement or by any other method agreed to in writing by the parties.

11.4 Severability.

If any provision of this DPA is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

11.5 Future Regulations on Artificial Intelligence.

In the event that new legislation or regulations are enacted specifically governing the use of artificial intelligence or similar technologies, the parties agree to meet in good faith to review and, if necessary, amend this DPA to ensure continued compliance. If such amendments require material changes to the terms of this DPA that cannot be agreed upon, either party may terminate the Agreement upon providing reasonable notice.



NETRA TECHNOLOGIES CORP. DATA PROCESSING AGREEMENT


Effective Date: January 1st, 2025


This Data Processing Agreement (“DPA”) is entered into between any of Netra Technologies Inc.’s customers, pilot members, or other parties eligible to use Netra Technologies Inc.’s software products (“Customer”) and Netra Technologies Inc. (“Netra”, “we”, “us”, or “our”) and forms an integral part of the Agreement between the parties (the “Agreement”). In the event of any conflict between this DPA and the Agreement, the provisions of this DPA shall govern with respect to Netra’s Processing of Personal Data on behalf of Customer.


1. DEFINITIONS

For the purposes of this DPA, the following terms have the meanings set forth below. Capitalized terms not otherwise defined herein shall have the meanings given to them in the Agreement.

1.1 “Agreement” means the contract(s) between Customer and Netra governing the provision of Netra’s products and/or services, including without limitation any Master Agreement, Order Form(s), or any other related documents that expressly incorporate this DPA.

1.2 “Data Protection Legislation” means all applicable data protection and privacy laws, regulations, and guidance (including, where applicable, the EU General Data Protection Regulation (GDPR) and US State Privacy Laws) that relate to the Processing of Personal Data under this DPA.

1.3 “Data Controller” means the entity that determines the purposes and means of the Processing of Personal Data. Customer is the Data Controller with respect to the Personal Data provided to Netra under the Agreement.

1.4 “Data Processor” means the entity that processes Personal Data on behalf of the Data Controller. Netra is the Data Processor.

1.5 “Personal Data” means any information relating to an identified or identifiable natural person that is processed in connection with the services provided by Netra, including any such data provided by Customer pursuant to the Agreement.

1.6 “Processing” or “Process” means any operation or set of operations performed on Personal Data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction.

1.7 “Subprocessor” means any third party engaged by Netra to Process Personal Data on behalf of Customer.

1.8 “Security Incident” means any unauthorized or accidental access to, disclosure, alteration, loss, or destruction of Personal Data.

1.9 “Service” means the products, software, and/or services provided by Netra as described in the Agreement, including any Network AI for KYC, KYB, due diligence, fraud analytics, or related services.



2. DATA PROCESSING & INSTRUCTIONS

2.1 Processing in Accordance with Customer Instructions.

Netra shall Process Personal Data only in accordance with the written instructions of Customer as set forth in the Agreement or as otherwise provided in writing by an authorized representative of Customer. If Netra, in its reasonable opinion, believes that any instruction infringes applicable Data Protection Legislation, Netra shall promptly notify Customer and, if required, suspend Processing until Customer provides instructions that are compliant with such legislation.

2.2 Purpose and Scope.

The subject matter, nature, and purpose of the Processing is solely to provide the Service to the Customer. Netra shall Process Personal Data only for the purposes necessary to deliver the Service and in accordance with Customer’s documented instructions.

2.3 Categories of Personal Data.

For the purposes of this DPA, the following types or categories of Personal Data may be processed by Netra in connection with its Service:

  • Basic Identification Data: Full name and any known aliases, Government-issued identifiers (e.g., passport numbers, national identification numbers, driver’s license numbers), Date of birth, Contact Information, Postal or residential addresses, Email addresses, Telephone numbers

  • Professional and Employment Information: Job titles and roles, Company affiliation and employment details Professional background information relevant for risk assessments and due diligence

  • Financial Information (as applicable): Banking and payment information, Transaction histories and related financial data

  • Digital Identifiers and Online Data: IP addresses and device identifiers, Online behavioral data (e.g., cookies or other usage data) collected during interactions with the Service, Biometric Data (if applicable), Facial recognition data or other biometric identifiers used for enhanced identity verification (subject to applicable legal requirements)

  • Publicly Available and Third-Party Data: Data obtained from public records (e.g., corporate registries, official filings, news articles), Aggregated or derived data compiled from multiple sources for network intelligence and risk assessment


Data Subjects under this DPA may include, but are not limited to, individuals such as customers, beneficial owners, directors, officers, employees, and other representatives of legal entities that are subject to screening and due diligence processes by banks, law firms, or similar organizations.



3. SECURITY MEASURES

3.1 Technical and Organizational Measures.

Netra shall implement and maintain appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures shall be consistent with industry standards and Netra’s internal security policies, and at a minimum shall include:

  • Encryption of data in transit and at rest.

  • Role-based access control (RBAC) with least privilege principles.

  • Continuous monitoring and logging of system activity.

  • Data Anonymization & Request Separation when using 3rd party APIs including:

    • Data providers for data enrichment

    • AI-powered solution providers

  • Regular vulnerability assessments and security audits.


3.2 Modifications.

Netra may update its security measures from time to time, provided that any modifications do not materially reduce the overall level of protection afforded to the Personal Data.

4. SUBPROCESSORS

4.1 Use of Subprocessors.

Netra may engage Subprocessors to assist in providing the Service, provided that Netra remains fully liable for any acts or omissions of such Subprocessors with respect to the Processing of Personal Data. This is the current list of Subprocessors we’re working with: 

  • Microsoft Corporation: Cloud infrastructure, data storage, and hosting services for application and database operations

  • Retool, Inc.: Providing a web application platform for building and hosting user interfaces to facilitate data management and interaction.

  • Vespia: Enriching company and personal data provided by customers to improve data quality and insights.

  • Google LLC (Google Cloud): Providing cloud infrastructure,  and AI/ML services through Vertex AI platform, including large language models (LLMs) for text processing, content generation, and AI-powered analytics. 


4.2 Notification and Objection.

Netra will notify Customer at least thirty (30) days before adding any new Subprocessor to the list. Customer may object in writing to the addition of a new Subprocessor by providing a reasonable justification for the objection. In the event of a valid and substantiated objection, the parties shall work in good faith to either modify the arrangement or, if necessary, Customer may exercise its termination rights under the Agreement without liability.


5. INTERNATIONAL DATA TRANSFERS

5.1 Transfers Outside of the United States of America.
Customer acknowledges that Personal Data may be transferred to and processed in countries outside of e.g., the European Economic Area (EEA), including in the United States. Netra shall ensure that any such transfers comply with applicable Data Protection Legislation by implementing appropriate safeguards. These safeguards may include the EU Standard Contractual Clauses (SCCs) or other approved data transfer mechanisms.

Upon request, Netra will provide a separate SCC agreement for execution to facilitate lawful international data transfers.



6. ASSISTANCE WITH DATA SUBJECT REQUESTS AND REGULATORY INQUIRIES

6.1 Data Subject Requests.

Netra shall promptly notify Customer of any requests received directly from Data Subjects (including requests for access, rectification, erasure, restriction, or portability of Personal Data) and shall provide reasonable assistance to Customer in complying with such requests, provided that Customer remains responsible for responding to the Data Subjects in accordance with applicable Data Protection Legislation.

6.2 Regulatory Inquiries and Audits.

Netra shall provide reasonable assistance to Customer in responding to any investigation or inquiry by a supervisory authority or other governmental body relating to Netra’s Processing of Personal Data. Customer’s audit rights, if any, shall be exercised in accordance with the procedures set forth in the Agreement and subject to reasonable confidentiality obligations.


7. DATA BREACH NOTIFICATION

7.1 Notification Obligation.

In the event of a Security Incident affecting Personal Data, Netra shall notify Customer without undue delay and in any event within 24 hours after becoming aware of the incident, unless prohibited by applicable law. The notification shall include, at a minimum:

A description of the nature of the Security Incident.

The categories and approximate number of Data Subjects affected.

The likely consequences of the Security Incident.

The measures taken or proposed to address the Security Incident and mitigate its effects.

7.2 Cooperation.

Following a Security Incident, Netra shall cooperate with Customer and provide any additional information and assistance reasonably required by Customer to comply with its obligations under Data Protection Legislation.



8. RETENTION AND DELETION

8.1 Retention.

Netra shall retain Personal Data only for as long as is necessary to provide the Service in accordance with the Agreement or as otherwise required by applicable law.

8.2 Return or Deletion.

Upon termination or expiration of the Agreement, and at the Customer’s written request, Netra shall, at Customer’s option, either return or securely delete all Personal Data processed on Customer’s behalf, unless retention is required by applicable law. Any returned data shall be in a structured, commonly used, and machine-readable format.


9. LIABILITY AND INDEMNIFICATION

9.1 Liability.

Netra’s liability with respect to its obligations under this DPA shall be governed by the terms of the Agreement. Nothing in this DPA shall limit or exclude either party’s liability as provided in the Agreement or as required by applicable law.

9.2 Indemnification.

Each party shall indemnify, defend, and hold harmless the other party from and against any claims, losses, or damages arising out of or in connection with a breach of its obligations under this DPA, to the extent permitted by applicable law.



10. TERM AND TERMINATION

10.1 Term.

This DPA shall remain in effect for the duration of the Agreement, unless terminated earlier in accordance with the terms hereof.

10.2 Termination for Non-Compliance.

If Netra fails to comply with its obligations under this DPA or applicable Data Protection Legislation, Customer may terminate the Agreement or this DPA (or exercise any other rights available under the Agreement) without prejudice to any other remedies available at law or in equity.


11. MISCELLANEOU

11.1 Amendments.

Any amendments to this DPA shall be made in writing and signed by both parties.

11.2 Governing Law and Jurisdiction.

This DPA shall be governed by and construed in accordance with the laws of Delaware, USA. Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts located in Delaware.

11.3 Notices.

Any notice required or permitted under this DPA shall be in writing and shall be deemed duly given when delivered to the address specified in the Agreement or by any other method agreed to in writing by the parties.

11.4 Severability.

If any provision of this DPA is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

11.5 Future Regulations on Artificial Intelligence.

In the event that new legislation or regulations are enacted specifically governing the use of artificial intelligence or similar technologies, the parties agree to meet in good faith to review and, if necessary, amend this DPA to ensure continued compliance. If such amendments require material changes to the terms of this DPA that cannot be agreed upon, either party may terminate the Agreement upon providing reasonable notice.