Effective Date: May 2025

Sannam S4 Group / Acumen (part of Sannam S4 Group) ("Company", "we", "our", or "us") is committed to protecting your personal data in accordance with the India Digital Personal Data Protection Act (DPDPA) 2023. This Consent Notice informs you about how we collect, use, store, disclose, and process your personal data, and seeks your informed consent to such processing.

By providing consent, you acknowledge that you have read, understood, and agreed to the terms outlined in this notice.

This notice and request for consent ("Notice") will inform you about how the Company proposes to collect, handle, store, use, disclose and transfer ("Process") your personal data in connection with ("Other Products").

OTHER PRODUCTS

Other Product(s)” shall mean all products, services and/ or businesses of the Company:

1. Including of its subsidiaries, affiliates, associates or group companies of the Company (collectively, "Affiliates");
2. Of entities which the Company or Affiliates offer, distribute, resell, refer or where the Company or Affiliates act as agent.

PURPOSES OF PROCESSING PERSONAL DATA

Your personal data is processed for the following purposes:

1. Providing Services: We collect and process your data to deliver requested products and services efficiently. This includes managing transactions, enabling account access, and ensuring seamless business operations.
2. Regulatory Compliance: To adhere to legal and regulatory requirements, we process data for identity verification, Know Your Customer (KYC) checks. This helps prevent unlawful activities and ensures adherence to government regulations.
3. Security & Fraud Prevention: Your data is used to safeguard our systems, detect unauthorized access, and prevent fraudulent activities. We implement security measures and conduct risk assessments to protect users from cyber threats.
4. Marketing & Communication: We use collected data to share personalized offers, service updates, and important notifications via SMS, email, and other channels. This helps keep you informed about relevant promotions and service enhancements.
5. Customer Support: To provide efficient support, we collect data that allows us to respond to queries, troubleshoot issues, and enhance user experience. This ensures prompt assistance and improved customer satisfaction.
6. Data Analytics & Profiling: Your interaction with our services is analysed to understand user behaviour, personalize recommendations, and optimize decision-making. This enables us to enhance service delivery and improve user engagement.
7. Legal Obligations & Dispute Resolution: We may process data to enforce contractual agreements, handle disputes, and respond to legal claims. This ensures compliance with legal requests and protects the rights of all parties involved.

Note: We may undertake the above-mentioned activities either ourselves or through our affiliates or third parties such as vendors, service providers, other regulated agencies, etc., in accordance with our internal policies and applicable law.

TYPES OF PERSONAL DATA COLLECTED

The personal data we collect may include:

1. Identity & Contact Details: We collect and process essential personal identifiers such as your name, date of birth, government-issued IDs (Aadhaar, etc.), email, phone number, and residential address. This information is necessary for authentication, account management, and regulatory compliance.
2. Employment & Business Information: Your occupation, employer details, and business-related data (if applicable) help us assess financial profiles, verify professional credentials, and provide tailored services such as loans or business accounts.
3. Online Identifiers & Technical Data: We collect technical data such as IP addresses, device details, browser activity, geolocation, cookies, and login credentials to enhance security, optimize user experience, and prevent unauthorized access.
4. Communication & Support Records: Customer interactions, including emails, call logs, chat records, and grievance reports, are stored to ensure efficient service resolution, improve support quality, and maintain a transparent record of communication.
5. Sensitive Personal Data: In certain cases, we may process sensitive data like biometric information and health records, but only when strictly necessary and with explicit consent, such as for identity verification or specific financial and insurance services.
6. Education & Qualification Details: We may need your educational and other qualification details for enlisting to various courses of the foreign universities.

DATA SHARING & DISCLOSURE

Your personal data may be shared with affiliates and subsidiaries to streamline business operations, enhance service delivery, and provide you with a seamless experience across our group entities. This includes internal data transfers necessary for customer support, and operational efficiency. By sharing your information within our network, we ensure that you receive integrated solutions, personalised product offerings, and consistent service standards. These transfers are conducted in compliance with applicable data protection laws, ensuring that your information remains secure and is processed only for legitimate business purposes.

We may also engage service providers and vendors who assist in various operational functions such as IT infrastructure management, payment processing, data analytics, cloud storage, and marketing. These third-party service providers operate under strict confidentiality agreements and process data only for specified purposes. For example, marketing partners enable us to share relevant offers and updates. Any sharing of data is governed by contractual obligations to maintain security, prevent misuse, and comply with applicable regulations.

Additionally, we may be legally obligated to share your personal data with regulatory authorities and law enforcement agencies when required for compliance, fraud prevention, national security, or legal proceedings. This includes disclosures necessary for Know Your Customer (KYC) verification, tax reporting, or responding to lawful requests from government agencies. In cases where legal action is necessary to protect our rights, prevent fraud, or ensure regulatory adherence, we may disclose specific information as mandated by law. Furthermore, with your explicit consent, we may share your data with third-party partners for co-branded products, and other value-added services. We take all necessary measures to ensure that data sharing is conducted with the highest level of security, under strict confidentiality agreements, and in full compliance with applicable data protection laws.

DATA RETENTION & STORAGE

We implement stringent data retention policies to ensure that your personal information is stored only for the duration necessary to achieve the purposes outlined in this notice or to comply with applicable legal, regulatory, and contractual obligations. The retention period varies depending on the nature of the data, legal requirements, and business needs. Once the retention period expires, we take appropriate measures to either securely delete the data or anonymize it, ensuring that it can no longer be linked to an individual. Our data disposal practices adhere to industry standards and regulatory guidelines, utilizing encryption, secure erasure techniques, and controlled access to prevent unauthorized retrieval or misuse.

RIGHTS OF DATA PRINCIPALS

Under the India DPDP Act 2023, you have the following rights:

1. Right to Access – Data subjects have the right to request access to their personal data held by organizations. This includes obtaining details about what data is collected, how it is being processed, and for what purposes. Organizations must provide this information in a clear and structured format within a reasonable timeframe.
2. Right to Correction & Erasure – Individuals can request corrections to inaccurate, incomplete, or outdated personal data. Additionally, they have the right to request the erasure of their personal data if it is no longer necessary for the purpose it was collected, if they withdraw their consent, or if the data has been unlawfully processed, subject to legal and regulatory obligations.
3. Right to Grievance Redressal – If an individual has concerns regarding the handling of their personal data, they have the right to lodge a complaint with the organisation. The organization must respond within a specified timeframe. If the issue remains unresolved, individuals can escalate the matter to the Data Protection Board for further resolution.
4. Right to Nominate – Individuals have the right to nominate another person who can exercise their rights under the DPDPA in case of their death or incapacity. This ensures continuity and protection of their data rights even when they are unable to act on their own behalf.

To exercise your rights, contact us at: dataprotection@sannams4.com

SECURITY MEASURES

We implement industry-standard security measures to safeguard your personal data against unauthorised access, loss, misuse, alteration, or disclosure. Our security framework includes advanced encryption protocols to protect data during transmission and storage, ensuring that sensitive information remains confidential and secure. We enforce strict access controls, allowing only authorized personnel to handle personal data based on role-specific permissions.

We are committed to maintaining compliance with applicable data protection regulations and continuously updating our security protocols to counter evolving cyber threats. In the unlikely event of a data breach, we have a robust incident response plan in place to take immediate corrective actions, minimize impact, and notify affected individuals and regulatory authorities as required by law.

WITHDRAWAL OF CONSENT

You have the right to withdraw your consent at any time by following the process outlined in the ‘Consent Withdrawal’ section of our Privacy Policy. This allows you to revoke permission for us to process your personal data for the purposes specified at the time of collection.

However, please note that any processing of your personal data that took place prior to the withdrawal of consent will remain valid and unaffected. Additionally, withdrawing consent for certain processing activities may impact our ability to continue providing specific services or products. If the processing of your data is essential for the operation, maintenance, or delivery of the requested product or service, its withdrawal may result in discontinuation, termination, or modification of the associated terms and conditions.

We strongly recommend that you carefully review the applicable terms and conditions related to the product or service you are using. This will help you understand the implications of withdrawing consent, including any obligations, restrictions, or consequences that may arise. If you require further clarification on how withdrawal of consent may affect your access to our services, please contact our support team for assistance.

a) Sending an email to dataprotection@sannams4.com with "Consent Withdrawal Request" in the subject line.

b) Using the opt-out feature available on our website or mobile app.

Withdrawal of consent may result in the discontinuation of services that require personal data processing.

Grievances: If you believe that you have any concerns regarding how we process your personal data, you have the right to let us know your grievances. Please contact us at the dataprotection@sannams4.com.

UPDATES TO THIS NOTICE

We may update this notice periodically to reflect changes in law, regulations, or business practices. Any updates will be communicated via our official channels. It is recommended that you keep visiting our website for any update to this notice.

CONSENT DECLARATION

By selecting the checkbox and/or signing below, you confirm that you have read, understood, and consent to the collection, processing, and sharing of your personal data as outlined in this notice.