PRIVACY POLICY

Last Updated on: 05^th May 2025

This Privacy Policy constitute a legally binding contract between CS-HUB (a company incorporated under the Companies Act, 2013 having its registered address at 502, Avishkar Prashant CHS, Vinayak Ramchandra Bhide Marg, Dadar West, Mumbai, Maharashtra, 400028 and having its corporate office at 304, 3rd Floor, Hind Services Industrial Premises CHSL, Jambhekar Maharaj Road, Shivaji Park, Dadar (West), Mumbai – 400 028 (“CS-HUB”, “Service Provider”, “we”, “us”, or “our”), and you, a user of the services, or any legal entity that avails services on behalf of end-users (“you” or “Customer”). This Privacy Policy forms the essential part of the Primary Document of Terms and Conditions of the website or platform of CS-Hub and it should be read in connection with such Terms and Conditions.

The purpose of this Privacy Policy is to ensure that there is a framework to collect, use and protect any personal and/or sensitive data collected by us. This Policy defines our procedure for collection, usage, processing, disclosure and protection of any information obtained by Service Provider through the Platform.

The objective of this privacy policy is to ensure that a framework exists for the collection, use, storage and protection of any sensitive or personal information of our esteemed customers which we may obtain via the Platform of CS-Hub. This Policy outlines our process for gathering, using, processing, disclosing, and safeguarding any data that is provided by the customer, which enables us to render society management services to our customers.

1. DISCLAIMER:

1.1. Please be advised that any Information (as defined below) procured by us, shall be:

a. processed equitably and lawfully for rendering the Services;

b. obtained only for specified and lawful purposes, and not be used in any manner which is against the law or policy in force (“Applicable Law”);

c. adequate, relevant and not excessive in relation to the purpose for which it is required.

d. able to be reviewed and modified by the User from time to time; and

e. not kept longer than for the time which it is required or the purpose for which it is required or as required by the applicable law.

1.2. By using the Product, User explicitly accepts, without limitation or qualification, the collection, use and transfer of the data in the manner described herein.

1.3. Please read this privacy policy carefully as it affects User's rights and liabilities under law

2. USERS CONSENT AND PURPOSE OF USE OF DATA

2.1. Please be advised that by providing the information (as listed below), the Customer gives the Service Provider, the permission to collect, use, and disclose the information for business and research purposes, as specified in this privacy statement and the terms and conditions, and as allowed or required by applicable law. Additionally, the Customer acknowledges and agrees that this information may be shared with any third-party for the purpose of offering services through the platform or with any third-party for the provision of services, jointly developed or marketed services, payment processing, order fulfillment, customer services, data analysis, information technology services, and any other services that allow the service provider to offer services through the platform.

2.2. The enforcement of this privacy statement will follow the same rules as any other written contract. Users who visit or use the Platform and voluntarily give information (including personal data) to the Service Provider agree to the use of that information by the Service Provider in line with this Privacy Policy. If the user disagrees with this privacy statement, they can opt not to give the service provider any personal information, or they can refuse or withdraw their consent at any time. It may be impossible for the service provider to provide services in such a situation.

2.3. Such an intimation to withdraw User's consent can be sent on the email address provided in Clause 15 below and the appropriate action shall be taken owing to these circumstances.

2.4. The data collected from the Customers shall be used only for the performance of services and improving the experience of the Customers using the products and services through our platform as agreed in the Agreement. The data collected shall be used only for limited purposes such as mentioned hereinbelow:

a. rendering services

b. remembering the basic information provided by you for effective access

c. maintaining platform and interactions of the customer on the platform.

d. resolving complaints of the customer

e. training of the personnel of the service provider.

f. notifying changes made in the terms of service or usage of platform

g. diagnosing and addressing any technical or operational issues

h. developing the business of the service provider.

i. compliance of legal and regulatory obligations

3. TYPES OF INFORMATION COLLECTED BY THE SERVICE PROVIDER

3.1. "Personal Information" refers to any information pertaining to a customer who is an individual or any authorized person acting on behalf of the customer entity. Typical examples of this type of information include the customer's/authorised person’s name, contact information, email address, gender, date of birth and any other information required and related to business and processing of information in the context of using this platform, which is significant to us so that we can provide our customers with uninterrupted and efficient services. This term also includes information obtained as a result of the usage of services. It will also cover the user's caretaker's details.

3.2. "Technical Information" refers to and encompasses any data collected by a variety of technologies, including those that use cookies or comparable technologies to automatically gather specific data from a user's device when they use the platform. The user's Internet Protocol (IP) address, device or browser type, Internet service provider (ISP), exit or referring sites, clickstream data, and operating system are a few examples of this technical information. User statistics and usage data are included in this data.

3.3. "Locational Information" refers to and encompasses data gathered via GPS or other methods, such as the user's geographic location.

3.4. “Non-Personal Information” refers to and encompasses any detail that does not reveal User's specific identity, such as, browser information, information collected through Cookies (as defined below), pixel tags and other technologies, demographic information, etc. Similar to most websites, which gather some information automatically when the Customer visits the Platform. The Service Provider may collect certain information about User's devices to evaluate and verify User's use of the Platform. For example, Service Provider may store environmental variables, such as browser type, operating system, speed of the central processing unit (CPU), referring or exit webpages, click patterns and the internet protocol (IP) address of User's computer. This information is collected generally without identifying any user individually. Non-Personal Information shall also include information which is shared with Service Provider to avail the Services, including, but not limited to conversation with Service Provider’s Personnels.

4. OWENERSHIP OF DATA

The ownership of any personal information or data provided to the service provider shall at all times remain with the Customer. Nothing contained in the policy shall vest the ownership rights of personal data of customer with the service provider.

5. RIGHTS OF THE CUSTOMERS

The Customers retains several rights in relation to his Personal Data as provided under applicable law. These may include the rights to:

a. access, verify, and review Personal Data which he may have provided;

b. correct or edit Personal Data that may be inaccurate or irrelevant;

c. deletion and erasure of his Personal Data from the publicly or privately available pages of the Platform;

d. receive Personal Data Service Provider holds about Customers in a portable format;

e. object to or restrict any form of processing Customers may find irrelevant or not be comfortable to share with us;

In order to exercise these rights, please contact Service Provider on the email address provided in Clause 15 below.

Kindly note that if the customer does not agree with the Privacy Policy or the customer intends to withdraw his consent anytime or alternatively choose not to provide Service Provider with any personal information and/or removes or deletes any relevant data from the platform for any reason whatsoever, the service provider may be unable to render the services, for which the Service provider shall not be held liable.

6. DISCLOSURE AND SHARING OF INFORMATION

6.1. The Service Provider does not rent, sell or disclose or share any Information that Service Provider collects from the Customer, with third parties, save and except

(a) in order to provide customer with the services in accordance with the product functionality while complying any procedure prescribed by law.

(b) permission is granted expressly in writing by the customer

Service Provider may share customer's Information without intimation to the customer in circumstances and for the purposes as specified hereunder:

(i) to satisfy any applicable law, regulation, governmental requests or legal process;

(ii) to protect the safety, rights, property or security of the Company, our Services, the Website or any third party;

(iii) to protect the safety of the public for any reason;

(iv) to detect, prevent or otherwise address fraud, security or technical issues; and /or

(v) to prevent or stop any activity we consider to be, or to pose a risk of being, an illegal, unethical activity.

(vi) Company’s service providers /business partners for service offerings

6.2. This Website may contain links which may lead you to other Websites. Please note that once you leave the Company’s Website you will be subjected to the privacy policy of the other website. The linked sites are not necessarily under the control of the Company. Please be aware that the Company is not responsible for the privacy practices of such other sites. The Company encourages you to read the privacy policies of each and every website that collects Personal Information. If you decide to access any of the third-party sites linked to the Website, you do this entirely at your own risk.

7. TRANSFER OF INFORMATION

7.1. The information that is collected from you may be transferred to, maintained and processed at the data centres located at any destination within India. By submitting information on the Website, you agree and consent to this transfer, storing and / or processing of your Personal Data.

7.2. The Service Provider will take such steps as it considers reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy. Moreover, no transfer shall take place to an organisation unless there are adequate controls in place including the security of your personal data.

8. DATA RETENTION

8.1. The Company shall not retain Personal Information longer than is necessary to fulfill the purposes for which it was collected and as permitted by applicable law.

8.2. Notwithstanding anything contained herein, Service Provider may retain data after account deletion or discontinuation of services for reasons including but limited to the following purposes:

a) if there is an unresolved issue relating to Customer's account, or an unresolved claim or dispute;

b) if Service Provider is required to by applicable law; and/or in aggregated and/or anonymized form;

c) if necessary for Service Providers legitimate business interests, such as fraud prevention and enhancing Users' safety and security.

9. DATA SECURITY

9.1. The Service Provider has put in place appropriate measures and managerial procedures to safeguard and secure Personal Information of the Customer. The Service Provider only processes Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the user.

9.2. The Company uses commercially reasonable precautions to preserve and protect the integrity and security of your personal information against loss, theft, unauthorized access, disclosure, reproduction, use or amendment.

9.3. In using the Platforms of the Service Provider, you accept the inherent security implications of data transmission over the internet. However, as effective these measures are, no security system is impenetrable. Therefore, the use of our Platforms will be at your own risk and we assume no liability for any disclosure of information due to errors in transmission, unauthorized third-party access or other acts of third parties, or acts or omissions beyond our reasonable control and you agree not to hold us responsible for any breach of security which been caused due any aforementioned reasons.

9.4. In the event the Service Provider becomes aware of any breach of the security of your personal information, we will promptly notify you and take appropriate action to the best of its ability to remedy such a breach.

9.5. The Service Provider shall not appoint any sub-contractor to process the personal data of the customer without his/her/their prior consent. The Service Provider shall be liable for the acts of error or omission of the subcontractor, only to the extent of the acts carried out by the sub-contractor within the Knowledge of the Service Provider.

10. COOKIES AND OTHER TECHNICAL INFORMATION

10.1. Our Platform may employ “cookies” and other Technical Information. “Cookies” are a small text file consisting of alphanumeric numbers used to collect the Information about Platform activity. The Technical Information helps Service Provider analyse web traffic and helps Customer by customizing the Platform to Customer 's preferences. A service provider cannot access a Customer's PC or mobile device by employing cookies. By altering the browser's settings, the Customer can block the installation of cookies, although doing so may prevent them from using the platform to its fullest potential.

10.2. The use of Cookies and Technical Information allows Service Provider to improve Platform and User's experience of Platform and Services. We may also analyse Technical Information that does not contain Personal Data for trends and statistics.

11. THIRD PARTY SERVICES

11.1. The Service Provider may send Customer promotional Information about third parties which, Service Provider thinks Customer may find interesting. Further, the Customer may be availing our Services by using third party mobile applications or websites which are not operated by us.

11.2. These other websites are not under our control and you acknowledge that we are not responsible or liable for the content, functions, accuracy, legality, appropriateness or any other aspect of such websites or mobile application or resources. You further acknowledge and agree that service provider shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services made available by any such third party. You are hereby strongly advised to review the Privacy policy or the Terms on the website of any such third party. Kindly note that you shall access and use the services of third party websites or platforms at your own risk.

12. MANAGEMENT OF PRIVACY BREACH AND NOTIFICATION

The Service Provider is required to:

12.1. Inform the Customer of any incident that has caused or is likely to cause a security breach within Twenty-Four (24) hours of learning about it; this includes any unintentional or illegal loss, theft, deletion, disclosure, or corruption of Personal Data, as well as any unauthorized use or access to Personal Data ("Security Incident");

12.2. Provide all assistance and information reasonably requested by Customer in respect of a Security Incident, within 48 hours of, the detection of the Security Incident by Service Provider including but not limited to:

i. full details of the Personal Data compromised, including the categories and approximate number of Personal Data records concerned;

ii. full details of the likely consequences of the Security Incident, if identifiable;

iii. full details of how the Security Incident is being investigated and remedial measures already put in place and to be put in place to protect further damage;

vi. full details of any regulatory or legal action taken against the cyber-criminal.

13. CHANGES AND UPDATES TO POLICY

13.1. The Service Provider may update or amend the Privacy Policy at any time, and in such cases, it will post the new version of the Policy on the Platform along with the date of revision to inform Customers of any changes.

13.2. The service provider will make an effort to regularly and routinely review, update, modify, amend, or correct the privacy policy, particularly whenever there is a considerable technological advancement.

13.3. For the latest and newest details on the privacy practices of the service provider, customers must frequently review the privacy policy. If a customer continues to use the platform and services upon revision of the privacy policy, their usage of the platform will be governed by the updated privacy policy.

14. MISCELLANEOUS

14.1. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy.

14.2. This Privacy Policy does not apply to any information other than the information collected by Service Provider through the Platform.

14.3. This Privacy Policy shall be inapplicable to any unsolicited information User provides Service Provider through the Platform or through any other means.

14.4. Every unsolicited information will be considered non-confidential, and the service provider will have unrestricted use and/or disclosure rights.

14.5. The rights and remedies granted by this policy are cumulative and not exclusive of those granted by law, and they may be used as frequently as needed.

14.6. Rights under this Policy may be waived only in writing. Any delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

15. CONTACT

15.1. Please feel free to reach out to Service Provider by e-mail at prafull.mhatre@cs-hub.in in case of any concerns, grievances, or questions relating to our privacy or data related practices.