Cybros Infotech Pvt. Ltd.
Last Updated: 05 Jan 2026
This Data Processing Agreement (“DPA”) forms part of the agreement between Cybros Infotech Pvt. Ltd. (“Cybros”, “Company”, “Processor”, “we”, “our”, or “us”) and the customer or organization using Cybros services (“Customer”, “Controller”).
This DPA governs the processing of Personal Data by Cybros on behalf of the Customer in connection with the use of Cybros products, services, platforms, and infrastructure.
This agreement is intended to ensure compliance with applicable data protection laws including the General Data Protection Regulation (GDPR) and other relevant privacy regulations.
For the purposes of this Agreement:
Personal Data
Any information relating to an identified or identifiable individual.
Processing
Any operation performed on personal data including collection, storage, organization, retrieval, use, disclosure, or deletion.
Controller
The entity that determines the purposes and means of processing personal data.
Processor
The entity that processes personal data on behalf of the Controller.
Data Subject
The individual whose personal data is processed.
Sub-processor
A third-party entity engaged by Cybros to process personal data on behalf of the Controller.
Cybros processes personal data only as necessary to provide services requested by the Customer.
These services may include:
SaaS applications and software platforms
cloud hosting and infrastructure services
ERP, CRM, and enterprise systems
application hosting and database services
email and communication services
technical support and system monitoring
Processing activities may include:
storage of customer data
system operations and maintenance
secure data transmission
data backups
system logging and monitoring
The Customer acts as the Data Controller and is responsible for:
determining the purpose of data processing
ensuring lawful collection of personal data
providing necessary privacy notices to data subjects
obtaining required user consents
The Customer must ensure that personal data provided to Cybros complies with applicable data protection laws.
Cybros acts as the Data Processor and processes personal data solely on behalf of the Customer.
Cybros agrees to:
process personal data only according to documented instructions from the Customer
maintain confidentiality of personal data
implement appropriate technical and organizational security measures
ensure employees and contractors handling data are bound by confidentiality obligations
Cybros will not use personal data for purposes other than delivering contracted services.
Depending on the services used, Cybros may process the following categories of personal data:
name and contact information
email addresses
phone numbers
billing and payment details
user account information
system usage logs
application data stored by customers
The categories of data processed depend on the services used by the Customer.
Personal data processed under this agreement may relate to:
customers and end users of the Customer
employees or staff of the Customer
suppliers and business partners
website visitors and application users
Cybros implements appropriate technical and organizational measures designed to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Security measures include but are not limited to:
encrypted data transmission (HTTPS / TLS)
network firewalls and intrusion protection
secure authentication mechanisms
role-based access controls
infrastructure monitoring and logging
vulnerability management and patching
secure cloud infrastructure environments
Cybros continuously reviews and improves its security practices to protect customer data.
Cybros may engage trusted third-party service providers (“Sub-processors”) to support service delivery.
Examples may include providers of:
cloud infrastructure services
payment processing
email delivery services
analytics tools
security monitoring services
Cybros ensures that all Sub-processors are contractually obligated to implement appropriate data protection measures.
Cybros remains responsible for the performance of its Sub-processors under this agreement.
Cybros may process or store data in data centers located in different geographic regions depending on service infrastructure.
When personal data is transferred outside the European Economic Area (EEA), Cybros implements appropriate safeguards including:
standard contractual clauses (SCCs)
secure cloud infrastructure providers
contractual obligations with service providers
industry-standard data protection practices
These safeguards ensure that personal data receives an adequate level of protection.
To assist Customers in complying with applicable privacy laws, Cybros will provide reasonable support in responding to requests from data subjects.
These requests may include:
access to personal data
correction of inaccurate data
deletion of personal data
restriction of data processing
data portability requests
Cybros will respond to such requests in accordance with applicable laws and contractual obligations.
In the event of a confirmed personal data breach affecting Customer data, Cybros will:
notify the Customer without undue delay
provide relevant details regarding the incident
cooperate in investigating and mitigating the breach
assist the Customer in meeting regulatory notification requirements if necessary
Cybros will take appropriate steps to prevent further unauthorized access.
Cybros will retain personal data only for the duration necessary to provide services.
Upon termination of services, Cybros will:
delete or anonymize personal data
return data to the Customer if requested and technically feasible
Retention may continue where required for legal, regulatory, or operational purposes.
Cybros ensures that personnel involved in data processing are subject to strict confidentiality obligations.
Access to personal data is limited to authorized personnel who require such access to perform their duties.
Upon reasonable request, Cybros may provide information necessary to demonstrate compliance with applicable data protection obligations.
Where required, Cybros may cooperate with reasonable security assessments or compliance reviews relevant to the services provided.
This Data Processing Agreement remains in effect for as long as Cybros processes personal data on behalf of the Customer.
Upon termination of services, data processing activities will cease in accordance with the data retention and deletion provisions described in this Agreement.
This Data Processing Agreement shall be governed by the laws applicable to the jurisdiction where Cybros Infotech Pvt. Ltd. is registered, unless otherwise agreed in writing between the parties.
Cybros may update this Data Processing Agreement to reflect:
regulatory changes
improvements in security practices
operational updates to services
Updated versions will be made available on the Cybros website.
For questions regarding this Data Processing Agreement or data protection matters, please contact:
Cybros Infotech Pvt. Ltd.
Website: https://cybrosinfotech.com
Email: admin@cybrosinfotech.com
Cybros Infotech Pvt. Ltd.
Technology | Cloud | SaaS | Digital Transformation