1 Introduction

This Privacy and Data Protection Policy (“Policy”) specifies the Privacy Principles followed by Kevnit Digital Solutions Private Limited and its employees with regards to the collection, use, transfer, storage and destruction of personal information/personally identifiable information.

2 Purpose

This Policy aims to facilitate “Privacy-by-Design” principles in implementation of systems and processes by Kevnit.

3 Scope

This policy document applies to Kevnit’s a) Information, b) Information Systems, c) Employees and d) Third-Party Staff.

4.1 Fair and Lawful Processing

• Notice: Provide timely and appropriate notice to Data Subjects about data processing practices.

• Choice: Not provide personal information to third parties without giving Data Subjects an opportunity to choose.

• Consent: Process personal information only with an individual’s consent.

4.2 Limitations on Collection

• Collect personal information only for specific and legitimate business purposes.

• Data Minimization: Limit processing to what is necessary.

• Onward Transfer: Provide adequate protection when transferring data to third parties or other countries.

4.3 Management of Information

• Accuracy/Integrity: Ensure personal information is accurate and reliable for its intended use.

• Access: Give Data Subjects reasonable access to correct or delete information.

• Security: Proportional measures to protect data from loss, misuse, and unauthorized access.

• Retention: Keep identification no longer than necessary.