Data processing addendum.
This DPA forms part of the agreement between HR assist Technologies Pvt. Ltd. ("Processor") and the Customer ("Controller"). It governs the processing of personal data on the Customer's behalf.
Effective date: 1 January 2026
1. Definitions
"Personal Data", "Data Subject", "Processing", "Controller", and "Processor" have the meanings given in the India DPDP Act 2023 and, where applicable, the GDPR.
2. Scope and roles
The Customer is the Controller of employee personal data stored in its workspace. HR Assist is the Processor and processes such data strictly on the Customer's documented instructions, as expressed through the use of the service.
3. Nature and purpose of processing
We process personal data to provide the HR Assist platform: storing records, running payroll, managing leave and attendance, handling recruitment and expenses, generating reports, and enabling administrator actions.
4. Categories of data subjects and data
- Data subjects: the Customer's employees, contractors, job applicants, and authorized workspace users.
- Data categories: identity data, contact data, employment data, salary and banking data, attendance records, leave records, documents uploaded by the Customer, and in limited cases sensitive data such as government IDs.
5. Sub-processors
HR Assist uses a limited number of sub-processors, each bound by contractual terms equivalent to this DPA:
- Cloud infrastructure provider — database, storage, compute (India region for Grove)
- Transactional email provider — for product emails and notifications
- Payment processor — billing only; never holds workspace data
- Error monitoring service — anonymized stack traces
A current list is available at info@hrassistconsulting.com. We give 30 days' notice of any change via email.
6. Security measures
HR Assist implements the technical and organizational measures described on our security page, including encryption in transit and at rest, row-level isolation, access control, audit logging, and regular backups.
7. Data subject rights
HR Assist will assist the Customer, at no additional cost, in responding to data subject requests for access, correction, erasure, or portability — via export tools in the product or on request.
8. Data transfers
Grove data is stored in India. Canopy customers may select alternative regions (EU, US, APAC). Where cross-border transfers occur, they are protected by appropriate safeguards under applicable law.
9. Breach notification
HR Assist will notify the Customer without undue delay, and in any case within 48 hours, of becoming aware of any personal data breach affecting the Customer's data, along with the information the Customer needs to meet its own notification obligations.
10. Audits
Canopy customers may request, once per calendar year, a summary of our most recent third-party security audit. On-site audits can be arranged for Canopy customers under mutually agreed NDA.
11. Deletion on termination
On termination, HR Assist deletes all Customer personal data within 30 days from active systems and 90 days from backups, unless retention is required by applicable law.
12. Contact
For all DPA matters, contact info@hrassistconsulting.com.