1. PURPOSE OF PROCESSING

Data is processed only for:

• Providing cybersecurity services

• Software testing & scanning

• System security enhancement

• Incident management

2. PROCESSING INSTRUCTIONS

Sojaru Corp shall process Personal Data only:

• On documented instructions of the Client

• Within agreed scope of services

• For lawful purposes only

3. SECURITY MEASURES

Processor shall implement:

Technical & organisational safeguards

Encryption & restricted access Regular audits & assessments

4. SUB-PROCESSORS

Sub-processors may be appointed only if:

• They are legally bound by NDA + DPA

• They meet GDPR & DPDP standards

• Client is informed (upon request)

5. DATA SUBJECT RIGHTS ASSISTANCE

Sojaru Corp will assist the Client in fulfilling:

• Data access requests

• Deletion requests

• Compliance obligations

6. DATA DELETION / RETURN

Upon termination of services:

All data will be deleted or returned

Certificates of deletion may be issued

Logs are wiped unless legally required

7. AUDIT & COMPLIANCE

Client may request:

• Compliance documentation

• Security policies (under NDA)

Sojaru Corp reserves right to deny sensitive internal architecture disclosure.

8. LIABILITY 

Sojaru Corp’s liability shall be limited as per the main agreement.

9. GOVERNING LAW

This Addendum shall be governed by the laws of India and subject to Kolkata jurisdiction & Arbitration clause.