1. INTRODUCTION

This Privacy Statement explains what we do with your personal information when you visit our platform, website, or landing page, when your organisation registers as a member of our platform, and when we provide services to your organisation through our platform, website, and landing page. It covers how we collect, use, and process your personal information, and how we comply with our legal obligations to you in doing so. Your right to privacy is essential to us, and we are dedicated to protecting and securing it. In order to comply with the Sensitive Information Rules, this Privacy Policy describes the SPDI we may need to gather from you (including the purpose of the collection, the intended recipients of it and associated contact details). Please contact Abacus Capita ([email protected]) if you have any issues regarding this Privacy Statement or if you would like to discuss anything. If you consent to the collection and use of SPDI as described, please offer your consent by electronically acknowledging the terms of this Privacy Policy and Abacus Capita's Borrower Consent. Abacus Capita may not be in a position to execute your loan application if you decline to offer your consent. This Privacy Policy may be updated from time to time. Please frequent this page if you wish to remain current, as any updates will be posted here. If you are unsatisfied with any aspect of our Privacy Statement, you may have legal rights, which we have outlined where applicable below.

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

If your organisation registers to utilise the Services offered on our platform, we must collect and use information about you or individuals at your organisation in connection with your loan application in order to provide you with our Services. This data may contain sensitive personal data or information (SPDI) as defined by the Sensitive Information Rules. Depending on the circumstances, we may collect some or all of the following information for this purpose:Names of your organization's directors, executives, or founders; the business activities of your organization's directors, executives, or founders Login information; The GDPR goes into effect on May 25, 2018, and all references to it should include any national legislation adopting it. Your name; Your phone number; Your email address; Your IP address; KYC documents; Income tax returns; Goods and services tax (GST) returns; Financial accounts; Bank statements; and Bureau score (if available).

HOW DO WE GATHER YOUR PERSONAL INFORMATION?

We acquire your personal information in three ways:

• Personal data that you provide; Personal data that we obtain from other sources; and Automatically gathered personal data. Personal data you give to us


• Where your company registers on our platform; or Where your company adds information about itself. We receive personal information from external sources.


• We may obtain additional information about your company from other sources, typically as part of due diligence or other market intelligence, including study and analysis of your company's filed financial statements. Personal data we collect automatically

When you visit our site, we gather your Internet protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.

WHY DO WE USE YOUR PERSONAL INFORMATION?

We gather and utilise your personal information for the following reasons:

• To fulfil our commitments to you under any contract we've entered into with you or your organisation.


• To give the requested analyses and reports to you or your organisation.


• Verify your identity to guarantee you are authorised to access the platform and to prevent unauthorised use and access.


• To better comprehend your preferences so that we may give you with a superior level of service and customised recommendations for your lending or finance requirements.


• To enhance your experience when using our platform, for example by analysing your recent search criteria to assist us provide you with the most pertinent content.


• To inform you of changes to the products and services we provide and to market these products and services directly to you. We may periodically send promotional emails about new goods, special deals, or other information we believe you may find interesting to the specified email address.


• To contact you via email, fax, phone, or text message in order to provide the requested services or information.


• To operate our platform for internal operations, including troubleshooting, data analysis, testing, research, and survey and statistical reasons.


• To assist you in determining your loan application's suitability, specifically to: conduct a credit assessment on you; comply with Abacus Capita's Know-Your-Client ("KYC") procedures; comply with any potential lender's KYC procedures; and comply with any potential lender's documentation requirements in relation to loan approval.

We may also use your information to contact you occasionally for market research purposes. We may communicate with you via email, phone, fax, or mail. We may use the information to tailor the platform or website to your specific preferences.

2. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We will exchange your personal information to ensure that you receive the most efficient and effective services possible. Unless you instruct us otherwise, we may share your information with the following organisations: Lenders who can access our platform to download reports on your business; Lenders willing to evaluate your loan application; Borrowers, who may be given the contact information of an individual at the lending institution; Any members of our group firm where necessary to complete Abacus Capita's credit analysis and processes, and in accordance with data transfer rules; Any members of our group company if necessary and in line with applicable data transfer legislation; Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, in response to a tax authority's request or in anticipation of litigation); Third party service providers who perform functions on our behalf (including external consultants and professional advisers such as auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our behalf); Abacus Capita may share your personal information with a subsequent owner if we merge with or are bought by another firm (and provide you with notice of this disclosure).

HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We are committed to protecting your data. In order to prevent unauthorised access to and exploitation of your personal information, we have implemented the necessary safeguards. We are committed to taking all reasonable and acceptable precautions to secure your personal information from abuse, loss, and unauthorised access. We achieve this by implementing a variety of technical and organisational safeguards, such as encryption measures and disaster recovery strategies. Please contact us immediately if you suspect any misuse, loss, or unauthorised access to your personal information. Please submit your issue to [email protected] in the first instance; we will investigate the situation and keep you apprised of the future steps as soon as possible.

3. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

We will not retain your personal information longer than necessary for the reasons for which it was collected, unless we feel the law or other regulation requires us to do so (for example, because of a request by a tax authority or in connection with any anticipated litigation). We will remove your personal information from our systems when it is no longer necessary to keep it. While we will make every effort to permanently delete your personal data once its retention period expires, some of your personal data may still reside in our systems, for instance if it is awaiting overwriting. This data has been rendered unusable for our purposes, meaning that, despite its continued existence in the electronic ether, our staff will no longer have access to it or utilise it.

What are my legal rights?

You have a variety of rights about the data we save on you. We have listed them below. To contact us regarding any of these rights, please send an email to [email protected]. We will attempt to respond to your inquiry without undue delay, and in any case within one month (subject to any extensions to which we are lawfully entitled). Please be aware that we may keep a record of your communications to assist us in resolving any concerns you raise.

Freedom to object;

This right allows you to object when we process your personal data for one of the following reasons:

Because it is in our legitimate interests to do so, so we can fulfil a task in the public interest or exercise official authority, so we can send you direct marketing materials, or for scientific, historical, research, or statistical objectives.

Right to revoke consent;

Where we have obtained your consent to process your personal data for specific activities (such as marketing), you may at any time withdraw this consent, and we will cease using your data for that purpose, unless we determine that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.

Data Subject Access Requests;

You may at any time request a copy of the information we maintain about you, or request that we amend, update, or delete such information. If you request access to the information we maintain about you, we will not charge a fee unless required by law. If you request further copies of this information, we reserve the right to charge you an administrative fee. Where permitted by law, we reserve the right to deny your request. If we deny your request, we will always explain the reasons why.

Right to oblivion;

Under some conditions, you have the right to request that we "delete" your personal information. Typically, the information must satisfy one of the following standards: The data are no longer required; you have revoked your authorization for us to use your data, and there is no other legal reason for us to continue;

The data has been unlawfully processed;

It is required for us to erase your data in order to comply with our legal responsibilities; or You object to our processing and we cannot demonstrate compelling legitimate grounds for continuing; or We would only be permitted to decline to comply with your request for erasure under specific conditions, and we will always explain why. When complying with a valid request for the deletion of data, we will take all efforts that are practically possible to remove the data in question.

The right to limit processing;

You have the right to request that we restrict our processing of your personal data under specific conditions, such as if you contest the correctness of the personal data we hold about you or if you object to our processing of your personal data for our legitimate reasons. If we have shared your personal information with third parties, we shall inform them of the processing restriction, unless doing so is impracticable or requires disproportionate effort. Before lifting any restriction on the processing of your personal data, we shall notify you.

Right to correction;

You have the right to request correction of any inaccurate or incomplete personal information we maintain about you. If we have shared this personal information with third parties, we shall inform them of the correction, unless doing so is impractical or would require disproportionate effort. You may also request information regarding the third parties to whom we shared inaccurate or incomplete personal information. Where we believe it is acceptable not to comply with your request, we will provide an explanation for our decision.

Data portability right;

You have the option to transmit your personal information between service providers. This effectively allows you to transmit the information we maintain on you to a third party. In order to facilitate this, we will provide you with machine-readable versions of your data so that you can transfer them. Alternatively, we can transmit the data directly for you.

Freedom to complain;

You also have the option to file a complaint with your local regulatory agency. Additionally, you can file a complaint with Abacus Capita at: Dolly Gala is the Grievance Officer. She may be reached at +91 9354229412 or at [email protected].

WHO IS LIABLE FOR PROCESSING YOUR PERSONAL INFORMATION?

Abacus Capita is accountable for the processing of your personal information. Abacus Capita is a private limited business with offices at 1107. Pragati Tower. Rajendra place. Abacus Capita and/or its connected technology partners will store your information in a secure database. Please email us if you have any complaints or recommendations regarding our Privacy Statement.By email: [email protected]

We take privacy very seriously and will respond as quickly as possible.

4. HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?

The information that we gather from you will be transported to and kept at locations both within and outside of India and the European Economic Area (EEA). We want to ensure that your personal information is securely stored and sent. Therefore, we will only send data outside of India if it complies with data privacy laws and the method of transfer offers suitable protections for your data. For instance, this might be:

• By use of an intra-group agreement containing the current standard contractual provisions published by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions lacking acceptable data protection regulations;


• By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or By transferring your data to an entity that has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the European Union to entities in the United States.


• If we send your personal information outside of India to a country or territory that does not maintain acceptable data protection regulations, we will take all reasonable measures to ensure that your information is treated securely and in line with this policy.

5. LEGAL BASES FOR US PROCESSING YOUR DATA

There are a variety of legal means through which we may process your personal information. We have listed them below. When processing your information serves our legitimate interests We are permitted to use your personal information where it is in our best interests to do so, and any possible disadvantage to you is outweighed by those interests. We believe that our use of your personal information is consistent with a variety of our legitimate interests, including but not limited to the following:

• To administrate our platform for internal operations, including troubleshooting, data analysis, testing, research, statistical analysis, and surveying.


• To better comprehend you and present you with better, more pertinent services.


• To ensure the proper operation of our systems.


• To assist us in maintaining system security and preventing unwanted access and cyberattacks.


• To drive commercial value.

We do not believe that any of the following activities will prejudice you in any way. You may, however, object to our processing of your personal information in this manner. In the "Access, Correction, and Inquiries" section below, we've outlined the steps you need to take to accomplish this. Where we have your permission to process your personal information We are permitted to use your personal information with your explicit consent. For your consent to be valid, you must: It must be given voluntarily, without us exerting any pressure; you must understand what you are consenting to, therefore we will provide you with sufficient information. You should only be asked to consent to one thing at a time; therefore, we avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and You must take positive and affirmative action in giving us your consent; for instance, we could provide a checkbox for you to select so that this requirement is met in a clear and unambiguous manner.

When you register to use our platform or website, we obtain your consent. Before giving your approval, you should read any accompanying information provided by us to ensure that you fully comprehend what you are agreeing to. You have the right to withdraw your consent at any time; instructions can be found in the section titled "Right to withdraw consent" above. When you register to use our platform or website, we obtain your consent. Before giving your approval, you should read any accompanying information provided by us to ensure that you fully comprehend what you are agreeing to. You have the right to withdraw your consent at any time; instructions can be found in the section titled "Right to withdraw consent" above. Where processing your personal data is necessary for us to fulfil our contractual commitments to you We are permitted to use your personal information when doing so is required for the fulfilment of our agreement with you. For instance, we require your email address in order to provide you requested reports and analyses. Please confirm that you have read and comprehended the terms of this Privacy Policy to indicate your permission to your information (including any SPDI) being collected for the purposes and in the manner outlined in this Privacy Policy.