2. We collect Personal Information from you in a variety of ways when you interact with us through our services, such as:

• Installing, accessing or using our Services
• Creating an account on our Services
• Requesting customer service or contacting us
• Conducting a transaction where we collect Personal Information, including when required by law and regulations
• Submitting a testimonial, rating, or review or other user-generated content
• Otherwise submitting Personal Information to us along with any related content of the communication

Users/Customers

• (a) Personal identifying information such as name, address and phone numbers; email ID, age, personal description, profile photograph, etc. and delivery address.
• (b) Payment information.
• (c) Location information.
• (d) Device information (if provided).
• (e) IP address.
• (f) Name, addresses and phone numbers, e-mail IDs of contacts.
• (g) Content of reviews and emails to us.
• (h) Voice recordings when you call us.
• (i) Images, videos and other content collected or stored in connection with our Services.
• (j) Login details, device log files, etc., while using our Network.

Business partners

• (a) Personal identifying information such as name, address and phone numbers; email ID, age, personal description, profile photograph, marital status, etc.
• (b) Payment Information.
• (c) Location information.
• (d) Device information (if provided).
• (e) IP address.
• (f) Name, addresses and phone numbers, e-mail IDs of contacts.
• (g) Content of reviews and emails to us.
• (h) Voice recordings when you call us.
• (i) Images, videos and other content collected or stored in connection with our Services.
• (j) Information and officially valid documents (KYC) regarding identity and address information.
• (k) Credit usage.
• (l) Corporate and financial information.
• (m) Device log files and other information.

Automatic information

• (a) IP address of your device is connected to our Network.
• (b) Login details, email address, and passwords; device log files, etc.
• (c) Location of device/computer.
• (d) Content interaction information, downloads, streaming of data, network details, etc.
• (e) Device readings, application usage, connectivity data, and any errors or event failures.
• (f) Our Services metrics, any technical errors, interactions with our service tools or features, settings preferences and backup information, location of device, file name, dates, time, etc. while using our service.
• (g) Content use history.
• (h) URLs including date and time; products and content viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, etc.
• (i) Phone numbers used to call us.
• (j) Images/videos while interacting with our Network.
• (k) Device identifiers, cookies, browsing history, usage history, and other technical information.

Information from other sources

• (a) Updated delivery and address information from our carriers or third parties.
• (b) Account information, purchase or redeeming information and page-view information from some merchants/partners for which we provide technical services.
• (c) Information about your interactions with partners while interacting via the Sygence channel.
• (d) Search results and links.
• (e) Internet-connected device details.

Officials/Employees/Resellers etc.

• (a) Personal identifying information such as name, address and phone numbers; email ID, age, personal description, profile photograph, etc.
• (b) Information and officially valid documents (KYC) regarding identity and address information.
• (c) Payment information.
• (d) Location information.
• (e) Device information (if provided).
• (f) IP address.
• (g) Content of reviews and emails to us.
• (h) Voice recordings when you call us.
• (i) Login details, device log files, etc., while using our Network.

Third party information

• (a) Corporate and financial information about our co-branded partners, delivery partners and other third parties associated with us.
• (b) CIN number.
• (c) PAN number.
• (d) GST number etc.
• (e) Location information.
• (f) Device information (if provided).
• (g) IP address.
• (h) Internet-connected device details.
• (i) Identity and address information, etc.

We use your Personal Data to:

• Deliver products and support or carry out transactions you have requested.
• Establish a unique account for you to access our solutions.
• Fulfill your requests for products and services.
• Provide functionality, analyze performance, fix errors and improve the usability and effectiveness of our Services.
• Recommend features, products and services that might be of interest to you, identify your preferences and personalize your experience.
• Operate, provide, develop and improve the products and services that we offer our customers.
• Enhance the overall performance, efficiency and intelligence of our Network, improve user experience and generate insights that help us make informed recommendations for future transactions and scenarios.
• Display interest-based ads for features, products and services that might be of interest to you.
• Prevent and detect fraud and abuse in order to protect the security of our customers, Sygence and others.
• Contact you for promoting services.
• Send inventory threshold notifications to bridge demand-supply gaps.
• For accounting and billing purposes.
• Send communications to you, such as your transaction status (e.g., order confirmations), information about our products and services, event announcements, important product notices including those announcing changes to our terms or policies, information about particular programs in which you have chosen to participate, surveys, promotional offers and other related communications.
• For legal purposes by Sygence in legal proceedings at stages leading to possible legal action arising from improper use of Sygence Services.
• For operation and maintenance purposes.
• In certain cases, we collect and use your Personal Information to comply with laws.

• Your consent: Where you have provided your consent, including through this Privacy Policy, Terms and Conditions of Use, our Website or Cookie Policy.
• Performance of a contract: Where the processing is necessary to fulfill our contractual obligations to you, such as those under the Network Agreements.
• Legal obligations: Where we are required to process your data in order to comply with applicable laws and regulations.
• Vital interests: Where processing is necessary to protect the vital interests of you or another natural person, such as in emergency situations.
• Legitimate interests: Where processing is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. These interests include, but are not limited to:

• Ensuring security and preventing fraud or other threats;
• Conducting business operations, including quality control and customer support;
• Managing corporate transactions;
• Improving our Services and understanding customer needs.

We may share your information, including Customer Information, Transaction Information and Personal Information, with:

• Our affiliated companies and businesses with whom we are under common corporate control.
• Third-party service providers and their respective subcontractors, affiliates or downstream partners (including but not limited to fourth-party providers and any other associated external parties) who perform services on our behalf.
• Business partners and other stakeholders.
• Government agencies when required by law.
• A third party in connection with a merger, sale or acquisition, or a bankruptcy.

Enforcement of our rights:

We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, spam filtering, investigating any suspected illegal activity, enforcing our Agreements or Policies, or protecting the safety of our users.

Use of other user's information:

If you use the Network, your email address and certain other information you choose to add to your profile may be accessible to other users. By using the Network, you agree that, with respect to other user's information you obtain through your use of the Network, you will only use such information for:

• Communications related to the Network that are not unsolicited commercial messages.
• Any other purpose that such user expressly agrees to after adequate disclosure of such purpose.

Under no circumstances may you disclose information of another user to any third-party without our consent and the consent of such other user.

Third party communications:

When you are involved in a transaction as a result of your use or access of the Network, each party involved in said transaction may obtain access to the other party's name, email address, phone number and other contact and shipping information. We cannot guarantee the privacy or security of your information when you deal with such third parties.

Transaction history:

NexNet operates using a Single Version of Truth (SVOT) architecture designed to preserve data ownership and minimise unnecessary duplication of information.

Where a buyer initiates a transaction, the transaction record remains stored within the buyer's environment. Where a supplier contributes information, documents or data to that transaction, such contributed information remains stored within the supplier's environment and is not copied, replicated or transferred into the buyer's database.

The Platform enables authorised participants to view relevant information within a transaction workflow in accordance with permissions granted by the data owner. Such visibility does not constitute a transfer of ownership, possession or control of the underlying data.

No customer data is shared beyond the scope of the transaction workflow or the permissions expressly granted by the owning party. Sygence maintains the technical infrastructure required to facilitate this visibility while preserving the ownership and location of the underlying data.

Inventory threshold notifications:

Sygence includes network intelligence capabilities designed to proactively address supply-demand imbalances. When the inventory level of a particular item within a supplier's environment falls below a predefined threshold, the Platform may use this information to generate a Network-wide notification. This notification is automatically shared with all relevant customers and suppliers connected to that specific supply chain, enabling them to anticipate potential demand and adjust their production, procurement or inventory strategies accordingly. These alerts optimize network efficiency, prevent stockouts and reduce excess inventory across the ecosystem. While the signal originates from a specific supplier's data, no explicit inventory numbers, commercially sensitive figures or identifiable information will be disclosed. By using the Platform, all participants acknowledge and consent to Sygence's use of such inventory threshold signals for Network optimization purposes. Sygence maintains industry-standard security protocols but shall not be held liable for any business or operational decisions made by participants based on such notifications.

You have the following rights with respect to your Personal Data:

• The right to request a copy of the data that Sygence possesses.
• The right to request that Sygence corrects your Personal Data if inaccurate or out of date.
• The right to request that your Personal Data is deleted when it is no longer necessary for Sygence to retain such data.
• The right to withdraw any consent to Personal Data processing at any time. For example, your consent to receive e-marketing communications.
• The right to access, review, add, rectify, modify, correct, delete or update your Customer Information or other Personal Information at any time.
• The right to object to the processing of your Personal Information.

Sygence retains your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including to comply with legal obligations, resolve disputes, enforce agreements or defend against legal claims. We may retain your data for an extended period where:

• Required by applicable laws or regulations.
• It is necessary to establish, exercise, or defend legal rights or claims.

The provisions of this Privacy Policy shall apply not only to the primary registered individual of the organization but to every individual who has been granted access to the Sygence Platform by the organization, whether directly or indirectly, including:

• All employees or individuals on the organization's payroll;
• Any third parties who have been voluntarily given access to the platform by the organization;
• Any individual who has obtained access illegally or through circumvention of legal or technical processes.

1. Security Measures

Sygence is committed to protecting the security, confidentiality and integrity of Personal Information entrusted to us. We maintain appropriate technical, organisational, administrative and physical safeguards designed to protect Personal Information against unauthorised access, use, disclosure, alteration, loss or destruction.

Our security measures are designed to support compliance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and other applicable data protection laws. These measures are regularly reviewed, tested and enhanced as part of Sygence's ongoing information security and compliance programme.

Access to Personal Information is restricted to authorised personnel, service providers and contractors who require such access for legitimate business purposes and who are subject to appropriate confidentiality and security obligations.

Personal Information may be stored and processed on systems operated by Sygence, its authorised service providers or secure cloud infrastructure providers engaged by Sygence, subject to appropriate contractual, technical and organisational safeguards.

2. Security Certification Programme

As part of its commitment to information security and privacy governance, Sygence is currently undertaking an information security and privacy compliance programme with Mitigata for certification against ISO/IEC 27001 and the Digital Personal Data Protection Act, 2023. Certification activities are expected to be completed within six (6) months, subject to audit and assessment outcomes. Information regarding this engagement may be made available upon reasonable request.

Following completion of the current programme, Sygence intends to pursue additional compliance and assurance frameworks, including GDPR and SOC 2.

3. Personal Data Breach Notification

In the event of a confirmed personal data breach affecting customer data, Sygence shall notify affected customers within seventy-two (72) hours of detection.

Such notification shall, to the extent reasonably available at the time, include:

• the nature of the breach;
• the categories of data affected;
• the likely consequences of the breach; and
• the corrective actions taken or proposed to address and mitigate the incident.

4. User Responsibilities

Users are responsible for maintaining the confidentiality of their account credentials and for implementing appropriate security measures within their own systems and environments. While Sygence is responsible for securing the Platform and infrastructure under its control, customers remain responsible for the management of their data, user permissions and access controls within their respective accounts.

5. Limitation

Although Sygence employs industry-standard security measures to protect Personal Information, no method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. Accordingly, while we strive to protect Personal Information, we cannot guarantee its absolute security.

Collection and use of application and inquiry information:

When you submit information through our Contact Us or Careers pages on our website, Sygence may collect, receive, store and process certain personal and professional information that you voluntarily provide. This may include, without limitation, your name, email address, phone number, company name, job title, LinkedIn profile, résumé or curriculum vitae (CV), portfolio links and any other information or documents that you choose to share with us. By submitting such information, you expressly consent to Sygence collecting, receiving, storing, processing and using this data for the following purposes:

• Responding to inquiries – to review and respond to your questions, business inquiries or requests for information about our services.
• Recruitment and employment consideration – to evaluate your profile, qualifications and suitability for any open or future positions at Sygence and to contact you regarding your application or related opportunities.
• Business communication – to communicate with you in the ordinary course of business, including through email, phone calls or messaging platforms.
• Legal compliance and protection – to comply with applicable legal obligations, respond to lawful requests from government or regulatory authorities and protect the rights, property, and safety of Sygence, its employees and users.

Data storage and security:

All information submitted by you will be stored securely in accordance with the provisions of the Information Technology Act, 2000, and the Information Technology Rules (reasonable security practices and procedures and sensitive personal data or information), and all other applicable laws. Appropriate technical and organizational measures will be taken to protect your personal data from unauthorized access, alteration, disclosure or destruction.

Data retention:

Sygence will retain the information you provide only for as long as necessary to fulfill the purposes mentioned above, unless a longer retention period is required by law or justified for legitimate business purposes (for example, maintaining candidate databases for future employment opportunities).

Disclosure to third parties:

Your information may be shared with:

• Internal personnel involved in recruitment or business development;
• Third-party service providers or partners assisting with recruitment management, data storage or communication services, who are bound by confidentiality and data protection obligations;
• Government authorities or regulators, when disclosure is mandated under applicable law.

Sygence does not sell, rent, or trade your personal data to third parties for marketing or commercial gain.

Limitation of liability:

While Sygence implements and maintains reasonable security practices and procedures as required under Indian Data Protection laws, Sygence shall not be liable for any loss, damage or unauthorized access, alteration, disclosure or destruction of Personal Information that occurs due to reasons beyond its reasonable control, including but not limited to:

• Acts of nature, fire, flood or other natural disasters;
• Unauthorized access to or interception of data during transmission over the Internet;
• Failures or breaches by third-party hosting, storage or communication service providers;
• Any other event that cannot reasonably be prevented by Sygence.

Further, Sygence shall not be responsible for the authenticity, accuracy or completeness of the information provided by you. Any liability arising from reliance on incorrect or false information submitted by users shall rest solely with the individual who provided such data.

To the fullest extent permitted by applicable laws, Sygence, its directors, employees and agents shall not be liable for any direct, indirect, incidental, consequential, or special damages (including loss of profits, data, goodwill, or reputation) resulting from or in connection with the collection, use, storage or disclosure of information provided by you or from your access or use of the Sygence website.

User consent and rights:

By consenting to the storage and processing of your Personal Information through the Contact Us or Careers pages, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, storage and processing of your data by Sygence for the purposes stated herein. Under applicable Indian Data Protection laws, you may request access, correction or deletion of your data, or withdraw your consent by contacting us at the email address specified in this Privacy Policy.

Cookies:

Cookies are small text files stored on a user's device by web browsers. These files enable site owners to recognize users who have previously interacted with the website. The Company uses cookies to identify returning visitors to the Site and users of the Network, as well as to collect information about their interactions with both. This data helps us enhance the user experience and improve the functionality of our services.