Data Processing Addendum
Last Updated: June 24, 2026
This Data Processing Addendum ("DPA") forms part of the agreement between you (the "Customer") and CXO India and governs the processing of personal data carried out by CXO India on the Customer's behalf. It is designed to support compliance with the EU/UK General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act, 2023 (DPDP Act), among other applicable laws.
1. Roles of the Parties
For personal data the Customer submits through the Platform, the Customer acts as the controller (or "Data Fiduciary" under the DPDP Act) and CXO India acts as the processor (or "Data Processor"). CXO India processes such data only on documented instructions from the Customer, including as set out in this DPA and the Terms of Service.
2. Nature and Purpose of Processing
CXO India processes personal data to provide the executive networking, hiring, mentoring, advisory, and AI-assisted features of the Platform, including account management, matching, messaging, analytics, and support.
3. Categories of Data and Data Subjects
- Data subjects: Customer's authorized users, candidates, and contacts.
- Identity & contact data: name, email, phone, professional title, company.
- Professional data: career history, education, skills, achievements, preferences.
- Usage data: log data, device data, and interactions with the Platform.
- CXO India does not seek to process special-category data and asks that you not submit it unless required and lawful.
4. Customer Obligations
The Customer warrants that it has a valid legal basis (including any required consent) to provide personal data to CXO India and to instruct the processing described here, and that its instructions will not cause CXO India to violate applicable law.
5. Confidentiality
CXO India ensures that personnel authorized to process personal data are bound by appropriate confidentiality obligations and are trained on data protection.
6. Security Measures
CXO India implements appropriate technical and organizational measures, including:
- Encryption of data in transit (TLS) and at rest;
- Role-based access controls and least-privilege access;
- End-to-end encryption for direct messaging;
- Network controls, rate limiting, and brute-force protection;
- Logging, monitoring, and regular backups;
- Secrets managed through a dedicated secret-management service.
7. Sub-processors
The Customer authorizes CXO India to engage sub-processors to support the Platform (for example, cloud hosting, payment processing, and AI model providers). CXO India imposes data-protection obligations on each sub-processor that are no less protective than this DPA and remains responsible for their performance. A current list of sub-processors is available on request, and CXO India will give notice of intended changes so the Customer may object on reasonable grounds.
8. International Transfers
Where personal data is transferred across borders, CXO India relies on an appropriate transfer mechanism, such as Standard Contractual Clauses or an equivalent safeguard recognized under applicable law.
9. Assistance to the Customer
Taking into account the nature of processing, CXO India provides reasonable assistance to the Customer in responding to data-subject requests (access, correction, erasure, portability, objection) and in meeting its obligations regarding security, breach notification, and data-protection impact assessments.
10. Personal Data Breach
CXO India notifies the Customer without undue delay after becoming aware of a personal data breach affecting Customer data, and provides information reasonably necessary for the Customer to meet its own notification obligations.
11. Audits
CXO India makes available information reasonably necessary to demonstrate compliance with this DPA and allows for audits, including inspections, on reasonable prior notice and subject to confidentiality, at a frequency and scope consistent with applicable law.
12. Return and Deletion
Upon termination of the services, CXO India will, at the Customer's choice, delete or return personal data, and delete existing copies unless retention is required by law. Account deletion can be requested at any time via account deletion.
13. Contact
Data protection enquiries may be sent to privacy@cxoindia.com. See also our Privacy Policy and AI Usage Policy.