Standard Contractual Clauses (SCCs)

Controller → Processor (Module 2)

Commission Implementing Decision (EU) 2021/914 of 4 June 2021

Introductory Note

These Standard Contractual Clauses (SCCs) are incorporated into the EasyOTP Data Processing & Compliance Agreement. They apply where Vendor (the Data Exporter, acting as Controller) transfers personal data to EasyOTP, operated by Braintech Corporation Private Limited (the Data Importer, acting as Processor), and such data is subject to the General Data Protection Regulation (GDPR) of the European Union.

These clauses ensure appropriate safeguards for cross-border transfers of personal data in compliance with Article 46 GDPR.

Standard Contractual Clauses – Module 2 (Controller → Processor)

The full and unmodified text of Module 2 of the European Commission Standard Contractual Clauses, as adopted under Commission Implementing Decision (EU) 2021/914 of 4 June 2021, is hereby incorporated by reference.

For ease of access, the complete official text is available at the European Commission website:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914

Annex I – List of Parties

Data Exporter (Vendor)

Name: [Vendor Legal Entity Name]
Address: [Vendor Address]
Contact person’s name, position and contact details: [Vendor Contact Details]
Role: Controller

Data Importer (EasyOTP)

Name: Braintech Corporation Private Limited
Address: 2nd Floor, No.153, HUDA Complex, Sirsa, Haryana – 125055, India
Contact: contact@easyotp.com
Role: Processor

Annex II – Technical and Organisational Measures

EasyOTP implements the following security measures:
- Encryption of data in transit and at rest.
- Data residency by region (EU, US, India, Singapore).
- Access controls and role-based authorisation.
- SOC 2 / ISO 27001 aligned operational practices.
- Incident response and breach notification procedures.
- Logging and monitoring of system access.
- Vendor notification via webhook/email in case of consent withdrawal by end-users.

Annex III – Sub-Processors

EasyOTP engages sub-processors to support the delivery of its services, including but not limited to:
- Amazon Web Services (AWS) – cloud infrastructure.
- Firebase/Google Cloud – messaging and analytics.
- [Additional providers as listed in EasyOTP’s Subprocessor List].

The up-to-date list of sub-processors is maintained at: https://easyotp.com/legal/subprocessors

Execution & Acceptance

By accepting the EasyOTP Data Processing & Compliance Agreement through electronic onboarding, the Vendor (Data Exporter) and EasyOTP (Data Importer) are deemed to have executed these SCCs.

Such acceptance constitutes a legally binding electronic signature under:
- ESIGN Act (U.S.)
- UETA (U.S.)
- eIDAS Regulation (EU)
- Information Technology Act, 2000 (India)
- Other applicable e-signature frameworks.

🔣 OTP

One-time passwords delivered Securely, Instantly & Globally

🔗 Magic Link

Login with a single tap—no password needed.

QR Code

Scan and go: No Usernames, No Passwords to remember.

Fintech & Banking

Healthcare (HIPAA Compliant)

Media & OTT

EdTech

eCommerce

Retail

Hospitality & Travel

Logistics

Government & Citizen Services

Ticketing

Crypto

Enterprise

🧠 Creative & Emerging Use Cases

Magic Logins for Families

One-Tap B2B Approvals

IoT Device Verification

Standard Contractual Clauses (SCCs)

Standard Contractual Clauses (SCCs)