How Fininvo processes personal data on your behalf as your processor, with GDPR and DPDP safeguards.
June 22, 2026
July 22, 2026
3.0
This document is published by Fininvo, a trade name of Prashbi Global Services Pvt. Ltd., a company incorporated under the laws of India (CIN: U52100KA2020PTC133490), with its registered office at Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India. References to "Fininvo", "we", "us", or "our" in this document refer to Prashbi Global Services Pvt. Ltd..
This Data Processing Agreement (DPA) forms part of the Terms of Service and applies whenever Fininvo processes personal data on your behalf in providing the services. In that context you act as the controller (or, where you process on behalf of another, as a processor) and Fininvo acts as the processor (or sub-processor), as those terms are used in the GDPR and the DPDP Act.
The DPA applies automatically to all customers whenever you use the services to process personal data, regardless of which data protection law applies.
The parties agree that the Terms of Service and this DPA constitute your complete and documented instructions regarding our processing of your personal data. We process personal data only in accordance with those documented instructions, except where law requires otherwise, in which case we will inform you unless prohibited from doing so.
The services provide controls and security features that you can use to retrieve, correct, delete, export or restrict personal data. You are responsible for configuring and using those controls, and for the lawfulness of the personal data you provide and the instructions you give.
You authorise Fininvo to engage sub-processors to help deliver the services. Our current sub-processors are listed on the Sub-processors page, with their purpose and location.
30 day notice. Before we engage a new sub-processor that processes personal data, we update the Sub-processors page and provide a mechanism to receive notice at least 30 days in advance, so you may object on reasonable data protection grounds.
We remain responsible for our sub-processors' performance of their data protection obligations.
Where personal data is transferred across borders to a country without an adequacy decision, the transfer is governed by the European Commission Standard Contractual Clauses (SCCs), which are incorporated into this DPA by reference, together with the UK International Data Transfer Addendum and the Swiss addendum where those regimes apply. Transfers of Indian data principals' data occur only to countries not restricted under the DPDP Act.
Encryption in transit (TLS 1.3) and at rest (AES-256), role-based access, network controls, logging and regular testing.
We notify you without undue delay, and within 72 hours where required, of any personal data breach affecting your data, and assist you in meeting your own notification duties.
We ensure that personnel authorised to process personal data are bound by confidentiality.
We make available information reasonably necessary to demonstrate compliance with this DPA and, subject to confidentiality and reasonable notice, allow for audits. We assist you, taking into account the nature of processing, with data subject requests, data protection impact assessments and consultations with supervisory authorities.
On termination, you may export your personal data for 30 days. After that period, we delete or return the personal data we process on your behalf and delete existing copies, except where law requires continued retention. Backups are purged in line with our backup cycle.
Data Protection Officer
dpo@fininvo.comPrivacy Team
privacy@fininvo.comRegistered Office
Prashbi Global Services Pvt. Ltd.
Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony,
R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India
CIN: U52100KA2020PTC133490