1. Roles
| Role |
Responsibility |
| Client |
Data Controller — determines purpose and means of processing |
| GFAM |
Data Processor — processes data on behalf of the controller |
2. Responsibilities of GFAM (Processor)
- Processes data securely and only as instructed by the client
- Does not sell or rent personal data to third parties
- Implements appropriate technical and organizational security measures
- Assists clients in responding to data subject requests
- Notifies clients of confirmed data breaches within reasonable time
3. Responsibilities of Client (Controller)
- Ensures lawful collection of personal data with proper consent
- Maintains valid user consent for messaging and data processing
- Provides clear privacy notices to end users
- Has the sole authority to determine processing purposes
4. Subprocessors
GFAM may engage subprocessors to provide services:
- Meta (WhatsApp): For WhatsApp Business API functionality
- Cloud Providers: For secure hosting and infrastructure
- Messaging APIs: For message delivery and automation
All subprocessors are bound by written agreements ensuring data protection standards.
5. Data Breach Notification
If a data breach occurs:
- GFAM will notify affected clients within 72 hours of confirmation
- Clients are responsible for notifying relevant authorities and users as required by law
- GFAM will provide reasonable assistance in breach investigation and remediation
6. International Data Transfers
Data may be processed outside India through WhatsApp (Meta) infrastructure. By using our services, you acknowledge that data may be transferred to and processed in countries where Meta operates data centers.
7. Data Subject Rights
GFAM assists clients in fulfilling data subject requests (access, correction, deletion, portability) under GDPR and India's DPDP Act, 2023.