API Explorer - Islamic Open Finance™

1. Introduction

This Data Processing Agreement (“DPA”) forms part of the Agreement between Islamic Open Finance™ (“Processor”) and Customer (“Controller”) for the provision of Platform services.

2. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on Personal Data.

3. Scope of Processing

Processor shall process Personal Data only on documented instructions from Controller, including transfers to third countries, unless required by law.

4. Processor Obligations

Processor shall ensure authorized personnel are bound by confidentiality, implement appropriate security measures, assist Controller in responding to data subject requests, and delete or return Personal Data upon termination.

5. Security Measures

Processor maintains security measures including encryption, access controls, regular security assessments, incident response procedures, and SOC 2 Type II / ISO 27001 certification.

6. Data Breach Notification

Processor shall notify Controller without undue delay (within 72 hours) upon becoming aware of a Personal Data breach.

7. Governing Law

This DPA is governed by the same law as the Agreement. For GDPR purposes, the competent supervisory authority is determined by the Controller's establishment.