Personal Data Processing Agreement
WappBlaster - AI-Powered WhatsApp Business Automation
Last Updated: January 2025
Data Processing Agreement: This agreement governs how WappBlaster processes personal data for all our services. We are committed to protecting your privacy and complying with applicable data protection laws. All legal matters are subject to the exclusive jurisdiction of Bikaner Court, Rajasthan, India.
1. Definitions and Parties
1.1 Parties to this Agreement
- Data Controller: You (the customer) who determines the purposes and means of processing personal data
- Data Processor: WappBlaster, who processes personal data on behalf of the Data Controller
- Data Subject: The individual whose personal data is being processed
1.2 Key Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure
- Special Categories: Sensitive personal data requiring enhanced protection
- Data Breach: Unauthorized access, disclosure, or loss of personal data
- Retention Period: The time period for which personal data is stored
1.3 Scope of Agreement
This agreement applies to all personal data processing activities conducted through WappBlaster services, including:
- Auto WhatsApp Marketing automation
- Auto Dialer and call management
- Call logs and lead management systems
- Customer reminder and notification services
- Employee attendance and location tracking
- Field team monitoring and management
- Personal reminder and task management
- Digital catalogue and review management
- File management and document storage
- WhatsApp Business API services
2. Categories of Personal Data
2.1 Customer and Contact Data
| Data Category | Data Types | Purpose | Retention |
|---|---|---|---|
| Contact Information | Names, phone numbers, emails | Service provision, communication | Account lifetime + 2 years |
| Communication Records | WhatsApp messages, call logs, SMS | Automation, analytics, compliance | 24 months |
| Business Information | Company details, industry, size | Service customization, support | Account lifetime + 5 years |
| Transaction Data | Payment details, billing history | Billing, compliance, fraud prevention | 7 years (legal requirement) |
2.2 Employee and Location Data
| Data Category | Data Types | Purpose | Retention |
|---|---|---|---|
| Biometric Data | Selfie photos for attendance | Identity verification, attendance tracking | 3 years |
| Location Data | GPS coordinates, timestamps | Attendance verification, field tracking | 3 years |
| Work Records | Attendance logs, task completion | Performance tracking, payroll | 7 years |
| Device Information | Device ID, app usage, system info | Security, performance optimization | 2 years |
2.3 Special Categories of Data
Enhanced Protection Required: The following data categories require explicit consent and enhanced security measures:
- Biometric Data: Selfie photos used for attendance verification
- Location Data: Precise GPS coordinates for employee tracking
- Health Data: Medical appointment reminders (if used)
- Financial Data: Payment information and billing details
3. Lawful Basis for Processing
3.1 Legal Bases Under Indian Law
Primary Legal Bases:
- Contract Performance: Processing necessary for service delivery
- Legitimate Interest: Business operations, security, fraud prevention
- Consent: Explicit consent for special categories of data
- Legal Obligation: Compliance with Indian laws and regulations
- Vital Interest: Emergency situations requiring immediate action
3.2 Specific Processing Purposes
| Processing Activity | Legal Basis | Data Categories | Retention |
|---|---|---|---|
| WhatsApp Message Automation | Contract Performance | Contact info, message content | 24 months |
| Call Log Management | Contract Performance | Phone numbers, call duration | 24 months |
| Attendance Tracking | Consent + Employment Law | Biometric, location data | 3 years |
| Payment Processing | Contract + Legal Obligation | Financial information | 7 years |
| Customer Support | Legitimate Interest | Contact info, support tickets | 3 years |
| Analytics and Improvement | Legitimate Interest | Usage data, performance metrics | 2 years |
3.3 Consent Management
- Explicit Consent: Required for biometric and location data processing
- Informed Consent: Clear information about processing purposes
- Withdrawable Consent: Right to withdraw consent at any time
- Granular Consent: Separate consent for different processing activities
- Consent Records: Maintained records of all consent given
4. Governing Law and Dispute Resolution
4.1 Governing Law
This Data Processing Agreement is governed by the laws of India, specifically:
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices) Rules, 2011
- Personal Data Protection Bill (when enacted)
- Other applicable Indian data protection laws
4.2 Jurisdiction
Exclusive Jurisdiction: All disputes arising from this agreement shall be subject to the exclusive jurisdiction of the courts in Bikaner, Rajasthan, India.
4.3 Dispute Resolution Process
- Direct negotiation: Good faith negotiations between parties
- Mediation: Mediation through qualified data protection mediator
- Arbitration: Binding arbitration if mediation fails
- Court proceedings: Final resort to court proceedings
5. Contact Information
WappBlaster Privacy Team
- Email: [email protected]
- Phone: +91 737-5092-569
- WhatsApp: +91 737-5092-569
- Address: 11/346 Mukta Prasad Colony, Bikaner, Raj. IN
Response Times:
- Data subject rights requests: 30 days
- Security incidents: 24 hours
- General inquiries: 48 hours
Effective Date and Amendments
This Personal Data Processing Agreement is effective as of January 2025 and applies to all data processing activities conducted after this date.
By using WappBlaster services, you acknowledge that you have read, understood, and agree to be bound by this Personal Data Processing Agreement.