Privacy
Policy.

1.1 CompliEZ (collectively, "we", "us", or "our") is engaged in the provision of legal technology and compliance automation services. At CompliEZ, we are committed to respecting the privacy and protecting the personal data of our users, clients, staff, and other third parties ("you").

1.2 In order to engage with you or provide services, CompliEZ needs to process personal data about you. This Privacy Notice ("Notice") outlines our practices in relation to the processing of your personal data that may be accessed by us or you may have chosen to share with us when you engage with us or visit our platform available at https://www.compliez.com ("Platform").

1.3 Please read this Notice carefully to understand our practices regarding your personal data and how we will treat it. This Notice sets out the basis on which any personal data we collect from you, we collect about you, or that you provide to us, will be processed by us as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDPA").

2.1 We collect or obtain data relating to you in a variety of ways, as described below. Such data may include personal data or information, that is, information relating to an identified or identifiable natural person. We may collect or receive the following categories of data about you:

2.2 We are required to collect your personal data to engage with you or provide you with our services. If you fail to provide us that data as and when requested by us, we may not be able to engage with you or provide our services.

3.1 We use different methods, as permitted under applicable laws, to process personal data about you. This includes:

4.1 We will only use your personal data in accordance with applicable laws. Most commonly, we will use your personal data to provide legal-tech solutions or where we need to comply with a legal obligation.

4.2 Specifically, we use your personal data for the following purposes:

• To register you as a new user/client.
• To generate requested legal documents and compliance reports.
• To manage our relationship with you, including notifying you of changes to services or terms.
• To administer and protect our business and the Platform (troubleshooting, data analysis).
• To use data analytics to improve our website, products/services, and customer experience.
• To comply with legal or regulatory obligations.
• To detect and prevent fraud or cybersecurity incidents.
• To send you updates about relevant legal changes (where you have opted in).

4.3 Legal Bases for Processing: We rely on the following grounds under DPDPA 2023:

• Consent: Where you have explicitly agreed to the processing of your data for a specific purpose.
• Legitimate Uses: As per Section 7 of the Act, for purposes such as fulfilling your voluntary request for service, employment-related purposes, or compliance with law.

5.1 You hereby agree and acknowledge that any and all information pertaining to you may be shared by us with third parties in accordance with your consent where required under applicable laws.

5.2 We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5.3 You agree and acknowledge that we may share data where we are required by law, any court, government agency, or authority to disclose such information. Such disclosures are made in good faith and belief that it is reasonably necessary to do so for enforcing this Policy, or in order to comply with any applicable laws and regulations.

6.1 CompliEZ is a digital-first platform. We utilize secure, industry-leading cloud infrastructure providers to host our services. Your data is securely hosted and processed on servers provided by:

• — Amazon Web Services (AWS)
• — Microsoft Azure

These providers act as Data Processors under strict contractual confidentiality and security obligations.

6.2 We do not transfer your personal data to other entities for marketing purposes without your explicit consent.

7.1 We have put in place appropriate security measures to prevent your personal data being accidently lost, used, or accessed in an unauthorised way, altered, or disclosed.

7.2 We have put in place procedures to deal with any actual or suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

8.2 Upon completion of the retention period for each category of personal data, we shall delete or destroy, to the extent technically possible, personal data in our possession or control, or render the personal data into anonymised data, so that it no longer constitutes personal data.

9.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. Subject to the data protection laws that apply to you, you may have the right to:

9.2 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

9.3 We try to respond to all legitimate requests within one month.

9.4 If you wish to exercise any of the rights set out above, please write an email to the Grievance Officer, Whose details are mentioned in Section 14.

10.1 The personal data that we process may be transferred to countries other than where you are based. We undertake such transfers in accordance with applicable laws.

11.1 Cookies are small data files that are stored on your device. We use cookies and other tracking technologies to distinguish you from other users of the Platform and to remember your preferences.

11.2 We identify you by way of using cookies. The data collected by way of cookies will allow us to provide you with a tailored and user-friendly experience.

11.3 Additionally, you may encounter cookies or other similar technologies on certain pages of the Platform that are placed by third parties. We do not control the use of cookies by such third parties.

13.1 We keep our Policy under regular review and may amend it from time to time, at our sole discretion.

13.2 The terms of this Policy may change and if they do, these changes will be posted on this page and, where required by applicable laws, notified to you.