Data Processing Agreement (DPA)

Last Updated: 27 April 2026

This Data Processing Agreement ("DPA") forms part of the agreement between Luit Infotech Pvt. Ltd. ("Luit Infotech", "LuitBiz", "Processor") and the customer organization ("Customer", "Controller") that uses LuitBiz products and services.

This DPA outlines the responsibilities, obligations, and commitments relating to the processing of personal data in connection with the provision of LuitBiz software and services.

This DPA should be read together with:

 

Purpose of this Agreement

The purpose of this DPA is to establish a transparent framework governing:

  • Processing of personal data
  • Data protection responsibilities
  • Security measures
  • Confidentiality obligations
  • International data transfers
  • Data subject rights
  • Compliance with applicable privacy laws

Definitions

  • Customer (Controller)
    The organization that determines the purposes and means of processing personal data using LuitBiz products and services.
  • Luit Infotech (Processor)
    The service provider that processes personal data on behalf of the Customer for the purpose of delivering LuitBiz products and services.
  • Personal Data
    Any information relating to an identified or identifiable natural person.
  • Processing
    Any operation performed on personal data including collection, storage, organization, retrieval, use, transmission, modification, or deletion.

Scope of Processing

Luit Infotech processes personal data solely for the purpose of:

  • Delivering subscribed services
  • Hosting customer environments
  • Providing technical support
  • Maintaining system security
  • Performing backups and disaster recovery
  • Monitoring service performance
  • Fulfilling contractual obligations

Luit Infotech does not process personal data for unrelated purposes without authorization from the Customer.

Categories of Data Processed

Depending on customer usage, personal data may include:

 

User Information

  • Name
  • Email address
  • Job title
  • Department
  • Employee ID

Customer Information

  • Contact details
  • Business records
  • Account information

System Information

  • Login records
  • Access logs
  • Audit trails
  • Activity records

Documents & Records

Data uploaded by customers into:

Customers remain responsible for determining what data is stored within the system.

 

Processor Obligations

Luit Infotech agrees to:

Process Data Only on Instructions
Process personal data solely according to documented instructions from the Customer unless otherwise required by law.

Maintain Confidentiality
Ensure that personnel with access to personal data are bound by confidentiality obligations.

Implement Security Measures
Maintain reasonable administrative, technical, and organizational safeguards designed to protect customer data.

Assist the Customer
Provide reasonable assistance in responding to:

  • Data subject requests
  • Regulatory inquiries
  • Security investigations
  • Compliance reviews

 

Security Measures

Luit Infotech maintains security controls designed to protect customer data against unauthorized access, disclosure, alteration, or destruction.

Security controls may include:

  • Role-based access control
  • User authentication
  • Audit logging
  • Data backup procedures
  • Access monitoring
  • Network security controls
  • Infrastructure security
  • Disaster recovery procedures
  • Change management controls

Security practices are reviewed periodically to address evolving threats and business requirements.

Data Hosting & Infrastructure

LuitBiz cloud environments are hosted on enterprise-grade infrastructure designed to provide:

  • High availability
  • Data resilience
  • Security monitoring
  • Backup capabilities
  • Disaster recovery support

Customer data may be processed within approved infrastructure locations necessary for service delivery.

 

Subprocessors

Luit Infotech may engage trusted third-party service providers ("Subprocessors") to support service delivery.

Examples may include:

  • Cloud infrastructure providers
  • Backup service providers
  • Email delivery providers
  • Customer support platforms
  • Security monitoring providers

Luit Infotech remains responsible for ensuring that subprocessors maintain appropriate data protection obligations.

International Data Transfers

Where personal data is transferred across jurisdictions, Luit Infotech will implement reasonable safeguards designed to support applicable privacy and data protection requirements.

Such safeguards may include:

  • Contractual protections
  • Technical controls
  • Security measures
  • Regulatory compliance mechanisms

 

Data Subject Rights

Where applicable, Luit Infotech will provide reasonable assistance to Customers in responding to requests relating to:

  • Access requests
  • Correction requests
  • Deletion requests
  • Restriction requests
  • Portability requests
  • Objection requests

Customers remain responsible for managing and responding to requests from their users and data subjects.

Data Breach Notification

In the event of a confirmed security incident affecting customer personal data, Luit Infotech will:

  • Investigate the incident
  • Take reasonable remediation measures
  • Notify affected customers without undue delay where legally required
  • Provide relevant information reasonably available at the time

Notification timing may vary depending on the nature and severity of the incident.

 

Data Retention & Deletion

Customer data will be retained only as necessary to:

  • Provide services
  • Meet contractual obligations
  • Comply with legal requirements
  • Support disaster recovery and backup processes

Upon termination of services and subject to applicable agreements:

  • Customer data may be returned to the customer where technically feasible
  • Data may be securely deleted according to established retention schedules
  • Certain records may be retained where required by law

Audits & Compliance Reviews

Customers may request information reasonably necessary to evaluate:

  • Security controls
  • Data protection practices
  • Compliance commitments

Luit Infotech may satisfy such requests through:

  • Documentation
  • Security questionnaires
  • Compliance information
  • Vendor review processes

 

Customer Responsibilities

Customers are responsible for:

  • Determining lawful grounds for processing
  • Obtaining required consents
  • Managing user permissions
  • Configuring data retention settings
  • Ensuring compliance with applicable laws
  • Responding to data subject requests

Luit Infotech cannot determine the legality of customer data processing activities.

Changes to this DPA

Luit Infotech may update this DPA periodically to reflect:

  • Changes in legal requirements
  • Product enhancements
  • Security improvements
  • Operational changes

Updated versions will be published on this page with a revised effective date.

 

Limitation of Liability

Liability relating to data processing activities shall be governed by applicable contractual agreements, Terms of Service, and applicable laws.

Nothing in this DPA expands liability beyond limitations otherwise agreed between the parties.

Contact Information

For questions regarding data processing, privacy, security, or compliance matters, please contact:

Luit Infotech Pvt. Ltd.

Email: sales[AT]luitinfotech.com

Website: https://www.luitbiz.com

 

Our Commitment

Luit Infotech is committed to responsible data stewardship, strong security practices, and transparent processing activities. This Data Processing Agreement reflects our commitment to helping customers meet privacy, security, governance, and compliance obligations while using LuitBiz products and services.

Back To Legal Center

Need Data Protection or Compliance Information?

Our team can assist customers, procurement teams, auditors, privacy officers, legal reviewers, and compliance professionals with information regarding data processing, privacy controls, and security practices.

Schedule a Product Demonstration    Speak with our Team

Frequently Asked Questions

What is a Data Processing Agreement?

A Data Processing Agreement defines how a service provider processes and protects personal data on behalf of customers.

Who is the Controller and who is the Processor?

The Customer acts as the Controller and determines how personal data is used. Luit Infotech acts as the Processor and processes data according to customer instructions.

Does Luit Infotech sell customer data?

No. Luit Infotech does not sell customer personal data.

Does Luit Infotech support GDPR-related requirements?

Yes. Luit Infotech follows privacy and data protection practices designed to support GDPR-related obligations and modern privacy principles.

How does Luit Infotech protect customer data?

Luit Infotech utilizes access controls, authentication, audit logging, backups, monitoring, and security practices designed to protect customer information.

LuitBiz Business Applications Software