Data Processing Agreement
Last Updated: July 28, 2025
This Data Processing Agreement ("Agreement") forms part of the Principal Agreement between:
Data Controller: Client of ZekoAI
(the "Controller")
and
Data Processor: MyWays Life Layouts Private Limited (operating under the brand name ZekoAI)
H-294, Plot 2A, First Floor, Kehar Singh Estate, Saidulajab, Lane No. 2, New Delhi, India - 110030
(the "Processor")
(together referred to as the "Parties").
1. DEFINITIONS
1.1 "Agreement" means this Data Processing Agreement and all Schedules.
1.2 "Company Personal Data" means any Personal Data Processed by the Processor on behalf of the Controller pursuant to or in connection with the Principal Agreement.
1.3 "Data Protection Laws" means all applicable laws relating to the processing of personal data and privacy, including the GDPR.
1.4 "GDPR" means EU General Data Protection Regulation 2016/679.
1.5 "Subprocessor" means any third party appointed by the Processor to process personal data on behalf of the Controller.
1.6 "Data Transfer" means a transfer of Personal Data from the Controller to the Processor or to any Subprocessor, subject to restrictions under applicable law.
1.7 "Services" means the services provided by the Processor, including resume screening, scheduling, AI interviews, and candidate evaluation.
1.8 "DPO" means Data Protection Officer, appointed by the Processor.
1.9 Terms like "Controller", "Processor", "Data Subject", "Personal Data", and "Processing" have the meaning given under the GDPR.
2. PROCESSING OF PERSONAL DATA
2.1 The Processor shall:
Only process personal data on the documented instructions of the Controller.
Ensure compliance with all applicable Data Protection Laws.
2.2 The Controller instructs the Processor to process personal data solely for the purposes of delivering the agreed Services.
3. PERSONNEL
Processor shall ensure that any personnel authorized to process personal data are bound by confidentiality obligations and have received appropriate data protection training.
4. SECURITY
Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of GDPR.
5. SUBPROCESSING
5.1 The Processor may engage Subprocessors to process personal data.
5.2 The current list of Subprocessors is:
Subprocessor | Purpose | Location |
Amazon Web Services | Cloud storage (e.g., videos, resumes) | India Region |
Microsoft Azure | Cloud compute / backup | India & US Region |
MongoDB Atlas | Databases | India Region |
GitHub (Private Repos) | Code collaboration (internal) | Global CDN |
5.3 The Processor shall notify the Controller of any changes to subprocessors and provide the opportunity to object on reasonable grounds.
6. DATA SUBJECT RIGHTS
6.1 Processor shall assist the Controller in fulfilling Data Subject requests (access, rectification, erasure, restriction, etc.) under Data Protection Laws.
6.2 Processor shall not respond to any such request unless authorized by the Controller, unless required by law.
7. PERSONAL DATA BREACH
Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach, and shall assist in mitigation and remediation as reasonably directed by the Controller.
8. DATA PROTECTION IMPACT ASSESSMENT
Processor shall provide necessary assistance to the Controller in conducting Data Protection Impact Assessments or prior consultations with Supervisory Authorities, in accordance with Articles 35 and 36 of GDPR.
9. DELETION OR RETURN OF PERSONAL DATA
Upon termination of Services, the Processor shall delete or return all personal data within 10 business days, unless retention is required by applicable law.
10. AUDIT RIGHTS
10.1 Processor shall make available all information necessary to demonstrate compliance and allow audits by the Controller or a third-party auditor mandated by the Controller.
10.2 Audit requests must be provided with reasonable notice and be subject to confidentiality and security terms.
11. DATA TRANSFER
Processor shall not transfer personal data outside the EEA unless adequate safeguards (e.g., Standard Contractual Clauses) are in place or with the prior written consent of the Controller.
12. GENERAL TERMS
12.1 Confidentiality: Both parties agree to keep all information obtained during the Agreement confidential.
12.2 Notices: All legal notices under this Agreement must be in writing and sent to the registered addresses or email addresses of the Parties.
12.3 DPO Contact:
Name: Samyak Jain
Email: samyak@zeko.ai
13. GOVERNING LAW AND JURISDICTION
13.1 This Agreement is governed by the laws of India.
13.2 Any disputes will be subject to the exclusive jurisdiction of the courts of New Delhi, India.
Frequently asked questions
For any unanswered questions, reach out to our support team via email. We'll respond as soon as possible to assist you.
