Data Processing Agreement (DPA)

One2One Meet

Effective Date: 2026-04-01
Last Updated: 2026-04-01

This Data Processing Agreement (“Agreement”)

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Terms”) between:

  • Client (“Data Controller”)
    and
  • One2One Meet (“Data Processor”)

(each a “Party” and collectively the “Parties”).

This Agreement governs the processing of Personal Data by One2One Meet on behalf of the Client in connection with the provision of the One2One Meet platform and services.

1. Definitions

For the purposes of this Agreement:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • “Data Controller” means the entity that determines the purposes and means of processing Personal Data.
  • “Data Processor” means the entity that processes Personal Data on behalf of the Controller.
  • “Data Subject” means the individual to whom Personal Data relates.
  • “Sub-processor” means any third party engaged by the Processor to process Personal Data.
  • “Applicable Data Protection Laws” means all relevant laws governing the processing of Personal Data, including but not limited to GDPR (where applicable), and other regional regulations.

2. Scope and Purpose of Processing

One2One Meet shall process Personal Data only for the purposes of:

  • Providing event networking and meeting services
  • Enabling scheduling, communication, and attendee engagement
  • Supporting platform functionality and operations
  • Providing analytics, reporting, and insights
  • Delivering white-label and SaaS services

Processing shall be carried out strictly in accordance with:

  • Documented instructions from the Client
  • This Agreement
  • Applicable laws and regulations

3. Nature and Categories of Data

3.1 Types of Personal Data Processed

Personal Data may include, but is not limited to:

  • Identification data (name, email address, phone number)
  • Professional data (company, job title, designation)
  • Profile data (bio, interests, preferences)
  • Event-related data (registrations, attendance, meeting schedules)
  • Communication data (messages, notes, interactions)
  • Technical data (IP address, device information, logs, usage data)

3.2 Categories of Data Subjects

Personal Data may relate to:

  • Event attendees and participants
  • Platform users
  • Client employees and representatives
  • Sponsors, partners, and vendors

4. Obligations of the Data Processor (One2One Meet)

One2One Meet shall:

4.1 Processing Instructions

  • Process Personal Data only on documented instructions from the Client
  • Not process data for its own purposes unless permitted by law

4.2 Confidentiality

  • Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations
  • Limit access to data strictly on a need-to-know basis

4.3 Security Measures

  • Implement appropriate technical and organizational measures to ensure data security (see Section 6)

4.4 Assistance to Controller

Assist the Client in fulfilling obligations related to:

  • Data Subject rights requests
  • Data protection impact assessments (DPIA), where applicable
  • Regulatory compliance

4.5 Data Breach Notification

  • Notify the Client without undue delay upon becoming aware of a Personal Data breach
  • Provide relevant details to assist in investigation and compliance

4.6 Data Deletion or Return

  • Upon termination, delete or return Personal Data as instructed by the Client
  • Retain data only where required by law

5. Obligations of the Data Controller (Client)

The Client shall:

5.1 Lawful Processing

  • Ensure that Personal Data is collected and processed lawfully
  • Establish a valid legal basis (e.g., consent, contract)

5.2 Transparency and Notice

  • Provide appropriate privacy notices to Data Subjects
  • Inform users of data processing activities

5.3 Data Subject Rights

  • Respond to requests from Data Subjects
  • Ensure timely handling of access, correction, or deletion requests

5.4 Instructions to Processor

  • Provide clear and lawful instructions to One2One Meet
  • Ensure that such instructions comply with Applicable Data Protection Laws

6. Security Measures

One2One Meet shall implement industry-standard security measures, including:

  • Encryption of data in transit (HTTPS/SSL)
  • Encryption of data at rest where applicable
  • Secure authentication and role-based access controls
  • Network and infrastructure security controls
  • Regular vulnerability assessments and monitoring
  • Incident detection and response mechanisms

These measures are designed to ensure the confidentiality, integrity, and availability of Personal Data.

7. Sub-processors

7.1 Engagement of Sub-processors

One2One Meet may engage Sub-processors to support service delivery, including: Cloud infrastructure providers, Analytics services, and Communication/messaging services.

7.2 Sub-processor Obligations

  • Enter into written agreements with Sub-processors
  • Ensure Sub-processors provide equivalent data protection obligations
  • Remain fully responsible for Sub-processor performance

7.3 Transparency

  • Clients may request a list of current Sub-processors
  • Clients will be informed of significant changes where applicable

8. International Data Transfers

Personal Data may be transferred to and processed in countries outside the Client’s jurisdiction. One2One Meet shall ensure appropriate safeguards are implemented, transfers comply with Applicable Data Protection Laws, and mechanisms such as Standard Contractual Clauses (SCCs) are used where required.

9. Data Subject Rights

One2One Meet shall assist the Client, where reasonably possible, in fulfilling Data Subject rights (Access, Rectification, Erasure, Restriction, and Portability). The Client remains responsible for responding to such requests.

10. Data Breach Notification

In the event of a Personal Data breach, One2One Meet shall notify the Client without undue delay, providing details regarding the nature of the breach, affected data categories, likely consequences, and measures taken. We will take appropriate steps to mitigate and remediate the breach.

11. Data Retention and Deletion

  • Personal Data shall be retained only as long as necessary for service delivery.
  • Upon termination: Data will be deleted or returned as instructed; backup retention may apply for a limited period; data may be retained if required by law.

12. Audit and Compliance

The Client may request reasonable evidence of compliance. One2One Meet may provide documentation or allow audits subject to reasonable prior notice, confidentiality obligations, and operational feasibility.

13. Confidentiality

Both Parties agree to maintain confidentiality of Personal Data, prevent unauthorized disclosure, and ensure employees adhere to these obligations. These obligations survive termination.

14. Liability

Each Party shall be responsible for its own compliance with Applicable Data Protection Laws and any damages resulting from its breach of this Agreement. Liability is subject to the limitations set forth in the Terms of Service.

15. Term and Termination

This Agreement remains in effect for the duration of the Services. Termination occurs upon termination of the underlying Services agreement or written notice by either Party.

16. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of: Nepal

17. Contact Information

Final Statement

This Data Processing Agreement ensures that One2One Meet processes Personal Data in a secure, lawful, and transparent manner. Both Parties agree to uphold high standards of data protection while enabling efficient event networking services.