Resources
Data Processing Addendum (DPA)
This addendum applies when Liulum, a sole proprietorship operated by Rahul Rishi processes personal data on your behalf.
Roles and scope
- You are the Controller for your customer data.
- Liulum, a sole proprietorship operated by Rahul Rishi is the Processor for data processed through Liulum services.
- Processing is limited to operating Liulum Care (website monitoring, maintenance, and repair), related automations, reporting, and support workflows.
- This addendum is read consistent with India's Digital Personal Data Protection (DPDP) Act, 2023 and, where applicable, the EU/UK GDPR.
Processing commitments
- Process data only on documented customer instructions.
- Apply appropriate technical and organizational security controls.
- Assist with data subject requests where reasonably possible.
- Notify customers of material personal-data incidents without undue delay, and report breaches in line with DPDP Act timelines.
- Maintain access logging and audit records of actions taken on your systems.
- Never access, copy, store, or process your system secrets, credentials, or your end-customers' payment-card data beyond what a contracted task strictly requires; we do not run destructive database operations.
- Encrypt stored data, redact secrets from any retained site memory, and honour one-click consent withdrawal and data wipe.
Subprocessors
Liulum uses subprocessors (for example: hosting, payments, email, and voice infrastructure) only to deliver contracted services. Current processor list is reflected in our Privacy Policy.
International transfers
Where personal data is transferred across borders, Liulum relies on a lawful transfer mechanism appropriate to the destination — including the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA) where the UK GDPR applies, and equivalent contractual safeguards under India's data-protection regime — together with provider security controls suited to the service context. A copy of the operative clauses is available on request.
Deletion and return
On termination, customer data is deleted or returned according to legal retention obligations and documented export/deletion requests.
Questions
For contract-specific DPA requests, contact us via Support.