DATA PRIVACY & PROTECTION POLICY

Effective date – 10.07.2025 Date of last change – 10.07.2025

Document Statistics

Document History

Table of Contents

1) Scope

2) Objective

3) Document Responsibilities

4) Compliance

5) Exceptions

6) Review

7) Collection, Use, and Protection of Personal Data

• Safeguarding Your Privacy
• Purpose of Data Collection
• Methods and Technologies Used
• Types of Personal Data Collected

8) Information sharing & disclosure

9) Data Security

9.1 Data Masking

• Data Masking Techniques/Procedures
• Access Control

10) How we use your personal information?

• Your Rights Under the DPDPA

11) Change/ Modification

1. Scope

This Policy applies to all Signatureglobal employees, entities, and third parties involved in the collection, processing, or storage of personal data. It covers all personal data related to customers, employees, vendors, and partners across all business functions, systems, and locations.

2. Objective

Signature Global (India) Limited (as used herein, the name "Signature Global"/ “We”/ “Us”/ “Group” includes Signature Global India Limited, its sister concerns, affiliates and all companies wholly or partially owned by it) is responsible for maintaining and protecting the personal information under our control. We take your privacy seriously in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and are committed to safeguarding your personal information. We value our customer, respect their privacy and are committed to protecting it through our compliance with this Policy. As an ISO 27001:2022 certified organization, Signatureglobal is dedicated to the ongoing and effective implementation of this Policy. We expect all employees and third-party partners to uphold and support this commitment.

Please note that this Policy does not apply to information collected through any other means, including any website operated by any third party.

Please read the following privacy policy to better understand how your personal information (Personal Information means and includes name, email address, phone number, nationality, details of enquiry) may be collected and used as you access various areas of our website.

3. Document Responsibilities

The Chief Information Officer (CIO) shall be responsible for implementation, incident response and approving all policies, including any subsequent updates or modifications. The CIO shall also ensure that policies remain up to date, aligned with organizational requirements, and supported by appropriate standards, procedures, and defined roles for the management of IT applications and infrastructure.

Relevant department heads shall be accountable for the appropriate dissemination of these policies on a need-to-know basis and for ensuring their implementation and compliance within their respective areas of responsibility.

All individuals granted access to the organization's systems, data, or resources are expected to be aware of, understand, and comply with the applicable policies.

4 Compliance

Employees shall comply with the policies and any failure to abide by the Policies by any employee may result in disciplinary action.

5 Exceptions

Any exception shall require explicit written approval of the CIO, including but not limited to legal/ regulatory/ statutory compliances.

6 Review

The Policies shall be formally reviewed by CIO or a designated member of the IT or compliance team. A review shall also be triggered in the event of significant changes in legal or regulatory requirements, organizational structure, business processes, or data handling practices.

7 Collection, Use, and Protection of Personal Data

7.1 Safeguarding Your Privacy

We are committed to protecting the personal information of all individuals whose data we collect. Personal data is collected, used, and retained only for legitimate business purposes in a secure manner. We adhere to all applicable privacy laws and regulations, and where required, obtain appropriate consent before collecting personally identifiable information (PII).

7.2 Purpose of Data Collection

We collect personal data to deliver services, improve user experience, and offer additional options that may be relevant to your needs. The purpose for which data is collected will be clearly defined before or at the time of collection.

In some cases, the purpose of data collection may be obvious, and consent may be implied for example, when you provide your name and address to complete a transaction.

7.3 Methods and Technologies Used

We may use various technologies to collect personal data, including:

• Cookies
• Flash cookies
• Web beacons

These tools help us recognize users when they visit our website, track user behavior, enhance navigation, and determine if you are logged in.

7.4 Types of Personal Data Collected

The types of PII that may be collected include, but are not limited to:

• Name, gender, residential and correspondence address, telephone number, date of birth, marital status, details of spouse, email address, or other contact details.
• PAN, Aadhaar number, KYC status, signature, photograph, and records of visits to the Company’s premises.

Some of the reasons why we collect your personal information include:

• To register you for access to specific sections of the Signature Global website.
• To register you for the purpose of facilitating your subscription to our newsletters.
• To offer you a more personalized and meaningful experience on the Signature Global website. To address customer support inquiries and service requests, and to respond to your expression of interest, whether conveyed through an enquiry, social media platforms, WhatsApp, phone calls, participation in events, or through authorized third-party agents.

To enter or finalize a sale agreement or contractual arrangement:

• To solicit your feedback, address any concerns, and respond to any grievances you may have.
• To personalize your experience and provide information regarding our company’s services, including updates on the latest offers.
• To support and facilitate campaigns executed by our sales and marketing departments.
• To process your payments and safeguard against fraudulent transactions.
• To enhance our website and provide a superior service by enabling us to assess our audience size, store information about your preferences, customize the website experience, improve search functionality, and recognize you when you revisit our site. We occasionally employ other companies and individuals to perform functions on our behalf. Please note that we do not control the privacy practices of these external sites, and they are not covered by this Privacy Policy. For example, other companies and individuals may fulfil your orders from us, send you postal mail and e-mail, remove repetitive information from our customer lists, analyse our data, provide us with marketing assistance, and process credit card payments. These third-party service providers have access to personal information needed to perform their functions but may not use it for any other purpose whatsoever. We do not disseminate, sell, rent, share, or otherwise disclose personally identifiable information gathered from customers. We do not intend to disclose any personal information of yours without your consent to any third party who is not bound to act on our behalf unless such disclosure is required by law. We do not disclose any personal information to unaffiliated third parties.

8 Information sharing & disclosure:

We may disclose your personal information to any entity within Signature Global, including its subsidiaries, affiliates, and holding companies, to facilitate the provision of services, process payments, understand your preferences, complete a sale, and address any maintenance or service requests. We may also engage carefully selected third parties to perform services on our behalf or assist in providing the services to you.

Personal information may be shared with third parties, including regulators and law enforcement agencies, only where required or permitted by applicable law. We may disclose your information to government or regulatory authorities upon request to comply with any court order, law, or legal process.

We will retain your personal information for as long as reasonably necessary, considering the need to address queries, resolve issues, fulfill the purposes outlined above, or comply with legal obligations under applicable laws.

9 Data Security

We implement reasonable security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of data transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9.1 Data Masking

Data Masking Techniques/Procedures:

Data masking techniques is applied to protect sensitive data wherever technically feasible.

Sensitive data is protected using measures such as data masking, where feasible. We work towards strengthening our security practices.

Access Control:

Access to sensitive data shall be restricted based on the principle of least privilege.

10 How we use your personal information?

The security of your personal data is of utmost importance to us. We take extensive measures to ensure the secure transmission of your personal information from your electronic devices (such as computers and smartphones) to our servers. We employ industry-standard security protocols, including firewalls and Transport Layer Security, to protect the confidentiality and security of your personal information.

10.1) Your Rights Under the DPDPA:

Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:

• Right to Access: You may request access to your personal data that we hold.
• Right to Rectification: You can request to correct any inaccurate or incomplete personal data.
• Right to Erasure: You may request the deletion of your personal data, subject to certain conditions.
• Right to Object: You have the right to object to the processing of your personal data under certain circumstances.
• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: If processing is based on your consent, you can withdraw it at any time.

11) Change/ Modification:

The data privacy policy may be modified or amended time to time. In the event of any changes to this policy, we will publish the updated version on this page, ensuring that you are always informed about the information we collect, the manner in which we utilize such information, and whether or not we disclose it to third parties. Any material changes to our privacy policy will be prominently announced on our homepage. Should you disagree with any modifications to the policy, you may choose to discontinue accessing our website

If you have some queries/ suggestions; you may reach out to us at Infosec@signatureglobal.in