VizibleLegal

Vizible Legal

Data Processing Addendum

Effective: 7 May 2026Version 1.0-draft

GDPR Article 28 controller–processor terms for B2B tenants.

This Data Processing Addendum ("DPA") forms part of the Terms of Service between FYNBIT TECH PRIVATE LIMITED ("Processor", "FYNBIT") and the Tenant ("Controller", "you") and applies to the extent FYNBIT processes Personal Data on the Tenant's behalf in delivering the Vizible platform. This DPA is designed to satisfy Article 28 of the GDPR and equivalent provisions of the UK GDPR, and to support compliance with India's DPDP Act, 2023.

1. Definitions

Capitalised terms not defined here have the meanings set out in the Terms of Service or in the GDPR/UK GDPR. "Personal Data", "Processing", "Controller", "Processor", "Sub-processor" and "Data Subject" have their meanings under the GDPR. Under the DPDP Act the corresponding terms are "Personal Data", "Data Fiduciary", "Data Processor" and "Data Principal".

2. Roles & scope

The Tenant is the Controller of Personal Data uploaded to its Workspace and FYNBIT is a Processor acting on the Tenant's documented instructions. The subject matter of the processing is the operation of the Vizible platform; the duration is the term of the Tenant's subscription plus any permitted post-termination retention; the nature and purpose are the provision of CRM, commerce, and communications services; the categories of Data Subjects and Personal Data are described in our Privacy Policy.

3. Tenant instructions

FYNBIT will process Personal Data only (a) to provide and improve the Services, (b) on the Tenant's documented instructions (including those given through configuration of the platform), (c) as necessary for billing, support and security, and (d) as required by law. If FYNBIT believes an instruction infringes applicable data-protection law, FYNBIT will inform the Tenant.

4. Confidentiality

FYNBIT will ensure that personnel authorised to process Personal Data are bound by appropriate confidentiality obligations.

5. Security measures

FYNBIT will implement and maintain appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The current measures are described at /legal/security and may be updated from time to time provided that the security level is not materially diminished.

6. Sub-processors

6.1 General authorisation

The Tenant authorises FYNBIT to engage Sub-processors listed at /legal/sub-processors. FYNBIT will give the Tenant at least thirty (30) days' prior written notice (which may be by email or in-app notification) of any addition or replacement of a Sub-processor.

6.2 Objection rights

The Tenant may object on reasonable data-protection grounds within thirty (30) days of notice. FYNBIT will work with the Tenant in good faith to resolve the objection. If no resolution is found, the Tenant may terminate the affected Services with a pro-rata refund for prepaid amounts.

6.3 Sub-processor obligations

FYNBIT will impose data-protection obligations on each Sub-processor that are no less protective than those in this DPA, and remains liable for any breach of this DPA by its Sub-processors.

7. Data Subject requests

Taking into account the nature of the processing, FYNBIT will provide the Tenant with reasonable assistance (including by appropriate technical and organisational measures, in so far as this is possible) to enable the Tenant to respond to requests from Data Subjects exercising their rights under applicable data-protection law.

8. Personal-data breach notification

FYNBIT will notify the Tenant without undue delay after becoming aware of a Personal Data breach affecting the Tenant's Personal Data, and will provide the information reasonably necessary to enable the Tenant to comply with its own notification obligations to supervisory authorities and Data Subjects.

9. Data Protection Impact Assessments

FYNBIT will provide reasonable assistance to the Tenant for any DPIA required under Article 35 GDPR or equivalent (including the DPDP Act when its DPIA-style obligations come into force for Significant Data Fiduciaries), having regard to the nature of the processing and the information available to FYNBIT.

10. Audits & information rights

  • FYNBIT will make available to the Tenant the information reasonably necessary to demonstrate compliance with this DPA, including current security documentation and (when available) third-party audit reports.
  • The Tenant may, on at least thirty (30) days' written notice and not more than once per year (except where required by a regulator or following a Personal Data breach), conduct an audit through a mutually agreed independent auditor at the Tenant's expense.
  • Audits must be scheduled at reasonable times, must not unreasonably interfere with FYNBIT's operations, and are subject to confidentiality.

11. International transfers

11.1 EEA / UK / Switzerland

Where Personal Data originating in the EEA, the UK or Switzerland is transferred to a country that does not have an adequacy finding, the parties shall be deemed to have entered into the European Commission Standard Contractual Clauses (Module Two: Controller-to-Processor) or the UK International Data Transfer Addendum, as applicable. FYNBIT acts as the data importer.

11.2 India (DPDP Act)

FYNBIT will comply with §16 of the DPDP Act regarding cross-border transfers, including any restriction notified by the Central Government. The current hosting region is Mumbai, India.

12. Return or deletion on termination

On termination of the Services, FYNBIT will delete or, at the Tenant's written request, return Personal Data in line with the schedule and exceptions described in our Data Deletion policy.

13. Liability

The liability provisions of the Terms of Service apply to this DPA. Nothing in this DPA limits any rights or obligations that cannot be limited under applicable data-protection law.

14. Order of precedence

  1. Where there is a conflict between this DPA and the Terms of Service, this DPA prevails to the extent of the conflict.
  2. Where there is a conflict between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses prevail.

15. Contact for DPA matters

To execute a stand-alone DPA, request signed Standard Contractual Clauses or our security questionnaire, email privacy@vizible.in.

Questions about this policy? Email legal@vizible.in.

FYNBIT TECH PRIVATE LIMITED — operator of the Vizible platform at vizible.in.