← Back to Home
Last updated: March 2025
1. Introduction
This Data Processing Agreement ("DPA") forms part of the agreement between Green Vision Technical Services ("Data Processor") and the registered laboratory ("Data Controller") using SoilPro Cloud. It governs the processing of personal data in accordance with the Information Technology Act, 2000 and the Personal Data Protection Bill (PDPB) 2023.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person (e.g., farmer name, mobile number).
- Data Controller: The laboratory that determines purposes and means of processing (i.e., you, the subscriber).
- Data Processor: Green Vision Technical Services, which processes data on behalf of the Controller.
3. Nature of Processing
Green Vision Technical Services processes the following categories of data on behalf of laboratories:
- Farmer identifiers: name, mobile number, email address, village/location.
- Soil analysis data: sample references, nutrient values, pH, crop information.
- Report delivery records: WhatsApp delivery status, email send logs.
4. Data Controller Obligations
As Data Controller, the laboratory agrees to:
- Collect farmer personal data only with appropriate consent or legitimate purpose.
- Provide accurate data to the platform.
- Maintain records of data processing activities as required by applicable law.
- Notify Green Vision Technical Services of any data subject rights requests within 5 business days.
5. Data Processor Obligations
Green Vision Technical Services agrees to:
- Process personal data only on documented instructions from the Data Controller.
- Ensure all staff with access to personal data are bound by confidentiality obligations.
- Implement appropriate technical and organisational security measures.
- Assist the Data Controller in fulfilling data subject rights requests.
- Delete or return all personal data upon termination of the subscription.
- Notify the Data Controller within 72 hours of becoming aware of a personal data breach.
6. Sub-Processors
We use the following sub-processors. By accepting this DPA, you authorise their use:
☁️
Render.com (Infrastructure)
Application hosting and database storage. Servers located in India/Singapore region. Compliant with SOC 2 Type II.
💬
Meta Platforms (WhatsApp)
Used only when the WhatsApp delivery feature is activated by the laboratory. Governed by Meta's Business Messaging Terms.
7. Security Measures
- TLS 1.3 encryption for all data in transit.
- scrypt password hashing for all user credentials.
- Row-level database isolation between all tenants.
- Daily encrypted backups with 30-day retention.
- Comprehensive audit logging of all data access and modifications.
8. Data Retention & Deletion
Upon subscription termination, all personal data is retained for 30 days to allow export. After this period, all data is permanently and irreversibly deleted from our systems and backups within 60 days.
9. PDPB 2023 Compliance
We are committed to full compliance with the Personal Data Protection Bill 2023 once enacted. Our systems are designed to support the key rights of data principals including right to access, correction, erasure, and grievance redressal.
10. Governing Law
This DPA is governed by the laws of India. Disputes shall be subject to the jurisdiction of courts in Nashik, Maharashtra.