Legal

Data Processing Agreement

Effective date: April 11, 2026. This DPA outlines data protection obligations where INFOC ONE processes personal data on behalf of customers.

1. Roles

Customer acts as Data Controller. INFOCHOLA SOLUTIONS PTE. LTD. acts as Data Processor for the scope of services defined in the commercial agreement.

2. Processing Scope

Processing includes hosting, storage, retrieval, support operations, and security monitoring strictly for service delivery and contractual obligations.

3. Security Measures

Processor maintains appropriate technical and organizational measures including access controls, least-privilege principles, and security monitoring.

4. Sub-processors

Processor may engage approved sub-processors for infrastructure and operational services, with contractual data protection obligations and ongoing oversight.

5. International Transfers

Where data is transferred outside Singapore, Processor will apply appropriate safeguards consistent with PDPA requirements and customer contractual terms.

6. Data Subject Requests

Processor will assist Customer in responding to requests for access, correction, deletion, or objection, where such assistance is reasonable and legally required.

7. Incident Notification

Processor will notify Customer without undue delay upon becoming aware of a personal data breach affecting customer-controlled data.

8. Return and Deletion

Upon termination or expiry, Processor will return or securely delete customer personal data in accordance with contractual obligations and lawful retention requirements.

9. Contact

For DPA and data handling questions, email solutions@infoc.one.

This page is provided for operational readiness and should be reviewed by legal counsel before production legal sign-off.