PRIVACY NOTICE

Last Updated on: 09th October, 2024.

This privacy notice (hereinafter, “Privacy Notice” or “Notice”) for UO Tech Private Limited (hereinafter, “Company”, “We”, “Us” or “Our”), trading as UO.app (hereinafter, “Platform”) through the website accessible at https://www.uo.app (hereinafter, “Website”), describes Our policies and procedures on the collection, use and disclosure of information in relation to the use of Our Website and Platform.

Users, visitors and any other individual or entity engaging with the Website or Platform directly or indirectly (hereinafter, “You”, “Your” or “User”) are advised to peruse this Privacy Notice prior to their usage of the Website or Platform. This Notice transparently explains Our privacy practices and informs the User of their rights under applicable law. By using Our Website and/or Platform, the User agrees to the collection, usage and disclosure of their personal information in accordance with this Notice. In case You do not agree with any of the terms included within this Privacy Notice, You are expressly prohibited from interacting with the Website or Platform in any manner.

TABLE OF CONTENTS

1. DEFINITIONS AND INTERPRETATIONS        2

2. SUMMARY OF KEY POINTS        5

3. COLLECTION OF PERSONAL DATA        6

4. PROCESSING ACTIVITIES        12

5. SHARING AND DISCLOSURE OF PERSONAL DATA        16

6. THIRD-PARTY WEBSITES        20

7. CROSS-BORDER DATA TRANSFERS        20

8. DATA RETENTION        21

9. DATA SECURITY        21

10. YOUR RIGHTS AND DUTIES AS A DATA PRINCIPAL        22

11. ACCESS REQUESTS        23

12. DIRECT MARKETING        23

13. CHILDREN’S PERSONAL DATA        24

14. UPDATES TO THIS NOTICE        24

15. GRIEVANCE REDRESSAL        25

16. CONTACT US        25

1. DEFINITIONS AND INTERPRETATIONS

1. Unless otherwise defined herein and context otherwise requires, the capitalised terms used in this Notice shall have the meaning set out below:

1. “Consent” means a freely given, specific, informed and unambiguous indication of will.
2. “Cookies” are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
3. “Data” means a representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or Processing (as defined hereinafter) by human beings or by automated means.
4. “Data Breach Incident” means an incident involving any unauthorised Processing of Personal Data (as defined hereinafter) or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to Personal Data, that compromises the confidentiality, integrity or availability of Personal Data.
5. “Data Fiduciary” refers to any person, entity or organisation who alone or in conjunction with others determines the purpose and means of processing of Personal Data. For the purpose of this Notice, the Company is referred to as the Data Fiduciary.
6. “Data Principal” refers to all individuals to which the Personal Data relates. In case of a child, it includes their parents or legal guardian; and in case of a person with disability, it includes their lawful guardian, acting on their behalf.
7. “Data Processor” refers to each of the entities or organisations involved in the processing of Data on behalf of the Data Fiduciary. It refers to third-party companies or individuals employed by the Data Fiduciary to facilitate the Website and the Platform, to provide the Website and the Platform on behalf of the Data Fiduciary, to perform services related to the Website and the Platform or to assist the Data Fiduciary in analysing how the Website and Platform are used.
8. "Device" means any device that can access the Website or Platform such as a computer, a cell phone or a digital tablet.
9. “Personal Data” means any Data about an individual who is identifiable by or in relation to such Data.
10. “Processing” in relation to Personal Data, means a wholly or partly automated operation or set of operations performed on digital Personal Data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.
11. “Sensitive Personal Data” of a person means such Personal Data which consists of information relating to:

1. Passwords;
2. Financial information such as details of bank account, credit card, debit card or other payment instruments;
3. Physical, psychological and mental conditions;
4. Sexual orientation;
5. Medical records and history;
6. Biometric information; and
7. Any details relating to the above as provided to body corporates for providing services.

12. “User Account” means a unique account created for the User to access Our Platform or parts of Our Platform.

2. For the purpose of this Notice, unless the context otherwise requires, the following interpretations shall apply:

1. The headings are for convenience or reference only and shall not be used in and shall not affect the construction or interpretation of this Notice.
2. All terms indicating gender would include both masculine and feminine gender. Words importing the singular include the plural and vice versa where the context so requires.
3. Reference to days, months and years are to Gregorian days, months and calendar years respectively.
4. References to “Sections” and “Schedules” are references to sections and schedules of this Notice specifically.
5. Grammatical variations of defined terms shall have the corresponding meaning.
6. Words such as “includes”, “including” and “such as” are deemed to be followed by the phrase “without limitation”.
7. The terms “hereof”, “herein”, “hereby”, “hereto”, “hereunder”, “hereinunder" and derivative or similar words refer to this entire Notice or specified Section or Schedule of this Notice, as the case may be.
8. The word “will” shall be construed to have the same meaning and effect as the word “shall”.
9. Where the definition is not provided in this Section but set out in a particular Section or Schedule or there is any inconsistency between the definitions set out in this Section and the definitions set out in any Section or Schedule, then for the purposes of construing such Section or Schedule, the definitions set out in such Section or Schedule shall prevail.
10. Reference to applicable law or to any provision thereof shall include references to any such applicable laws as it may, after the date hereof, from time to time, be amended, supplemented or re-enacted, and any reference to any statutory provision shall include any subordinate legislation made from time to time under that provision.

2. SUMMARY OF KEY POINTS

1. This summary includes key points from Our Notice although it does not represent the entire Notice. Users are requested to consider this Section as a mere condensation of the actual Notice and are advised to peruse the entire Notice in addition to this Section.
2. Collection of Personal Data: When You visit, use or navigate Our Website or Platform, We may collect certain Personal Data depending on Your interaction with Our Company, Our Website and Our Platform, Your choices and preferences, and the products or features You use. More information regarding Our policies on “Collection of Personal Data” is available under Section 3 of the Notice.
3. Sensitive Personal Data: Although We do not generally process any Sensitive Personal Data, We may process such Data upon necessity, with Your Consent or as otherwise permitted by applicable law. More information regarding Our policies on collection and Processing of “Sensitive Personal Data” is available under Section 3.1.2.2 of the Notice.
4. Processing Activities: We process Your Personal Data to provide, improve and administer Our Website and Platform, to communicate with You, for security and fraud prevention, and to comply with the applicable law. Your Personal Data may also be processed for other purposes with Your Consent. Be that as it may, We do not process any of Your Personal Data without appropriate legal basis and lawful purpose. More information regarding Our policies on “Processing Activities” is available under Section 4 of the Notice.
5. Sharing and Disclosure of Your Personal Data: In Our business interests, We may share Your Personal Data in specific situations and with specific categories of third-parties. Again, under certain circumstances, We may be contractually bound or legally obligated to disclose Your Personal Data to third parties. More information regarding Our policies on “Sharing and Disclosure of Your Personal Data” is available under Section 5 of the Notice.
6. Data Security: Certain technical and organisational safeguards have been implemented by Us in order to protect Your Personal Data. However, in spite of adequate and reasonable safety procedures in effect, no electronic transmission over the internet or information storage technology can guarantee absolute protection. We thus cannot guarantee absolute protection against hackers, cybercriminals or other unauthorised third-parties from illegally collecting, accessing, stealing or otherwise modifying Your Personal Data. More information regarding Our policies on “Data Security” is available under Section 9 of the Notice.
7. Your rights and duties as a Data Principal: As a Data Principal, You enjoy certain rights and are expected to perform certain duties. More information regarding “Your rights and duties as a Data Principal” is available under Section 10 of the Notice.
8. Access Requests: The most convenient way to exercise any of the rights guaranteed to You as a Data Principal is by contacting Us using the contact information provided within this Notice. We carefully consider all requests and act upon them in accordance with applicable law. More information regarding “Access Requests” is available under Section 11 of the Notice.
9. Children’s Personal Data: Our Website and Platform are not intended to be used by any individual under the age of eighteen. More information regarding Our policies on Processing of “Children’s Personal Data” is available under Section 13 of the Notice.

3. COLLECTION OF PERSONAL DATA

1. Personal Data disclosed by You: 

1. We collect Personal Data that You voluntarily provide to Us when You register on the Platform, express an interest in obtaining information about Us or Our Platform, when You participate in activities on the Platform, or otherwise when You contact Us through Our Website. The Personal Data that We collect depends on the context of Your interactions with Us and the Platform, the choices You make, and the products or features You use.
2. The Personal Data We collect may include the following:

1. Identifiers: While using Our Platform, We may ask You to provide Us with certain personally identifiable information (“PII”) that can be used to identify You or establish contact with You. PII may include, without limitation:

1. Email address;
2. First and last name;
3. Job titles;
4. Phone number;
5. Address, State, Province, ZIP/PIN/Postal Code, City, Country;
6. Government identifiers; and
7. Photographic images (particularly of the face or other identifying characteristics)

2. Sensitive Personal Data: We generally do not process any type of Data which can be classified as Sensitive Personal Data under the applicable law. However, upon necessity, with Your Consent or as otherwise permitted by applicable law, We may process certain categories of Sensitive Personal Data with appropriate notice to You.
3. Payment Data:

1. We offer certain paid products/services through Our Platform. In case You opt to make any purchase orders with Us for any products or services offered through the Platform, We may use third-party service providers for the purposes of facilitating and Processing Your payment.
2. Please note that We do not directly collect, store or process any of Your financial Data. Your payment Data is provided directly to the third-party Data Processors and their use of Your Personal Data is governed by their respective privacy policies.
3. In order to ensure the security of Your financial Data, We collaborate with third-parties that adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment Data. Additionally, We opt to collaborate with Data Processors which are compliant to relevant privacy standards such as the ISO/IEC 27001, ISO/IEC 27701, SOC 2 and similar other frameworks.

4. Social Media Login Data:

1. Our Platform offers You the ability to register and log in using Your third-party social media account details (such as Your Google login). If You choose to opt for this feature, We will receive certain profile information about You from Your social media provider.
2. The profile information We receive may vary depending on the social media provider concerned, but will often include Your name, email address, contacts, and profile picture, as well as other information You choose to make public on such a social media platform. You may choose to grant or deny Us access to each individual permission.
3. We will use the information We receive only for the purposes that are described in this Notice or that are otherwise made clear to You through the Platform. Please note that We do not control, and are not responsible for, other uses of Your Personal Data by Your third-party social media provider. We recommend that You review their privacy notice to understand how they collect, use and share Your Data, and how You can set Your privacy preferences on their sites and apps.

5. Application Data: If You are a User of Our mobile/tablet application(s), We also may collect certain Personal Data if You choose to provide Us with the necessary access or permission. This Data is primarily needed to maintain the security and operation of Our application(s), for troubleshooting, and for Our internal analytics and reporting purposes, and it includes:

1. Geolocation Information. We may request access or permission to track location-based information from Your mobile Device, either continuously or while You are using Our mobile application(s), to provide certain location-based services. If You wish to change Our access or permissions, You may do so through Your Device's settings.
2. Mobile Device Access. We may request access or permission to certain features from Your mobile Device, including Your mobile Device's bluetooth, calendar, camera, own, and other features. If You wish to change Our access or permissions, You may do so through Your Device's settings.
3. Mobile Device Data. We automatically collect Device information (such as Your mobile Device ID, model, and manufacturer), operating system, version information and system configuration information, Device and application identification numbers, browser type and version, hardware model, internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If You are using Our application(s), We may also collect information about the phone network associated with Your mobile Device, Your mobile Device’s operating system or platform, the type of mobile Device You use, Your mobile Device’s unique Device ID, and information about the features of Our application(s) You accessed.
4. Security Notifications. In the interest of the security and integrity of Your Account, We send You crucial security notifications regarding unidentified log-in requests, unrecognised User Account usage behaviours and patterns, suspected fraud or any noticeable changes to Your User Account. Due to their sensitive nature, these notifications may not be turned off by the User.
5. Account Activity Notifications. Certain actions performed on Our Platform warrant an automatic notification to be sent to You. In case You wish to opt out from receiving such notifications, You may turn them off through Your Device’s settings.
6. Push Notifications. We may request to send You push notifications regarding Your User Account or certain features of the application(s). If You wish to opt out from receiving these types of communications, You may turn them off through Your Device's settings.

3. All Personal Data that You provide to Us must be true, complete, and accurate, and You must notify Us of any changes to such Personal Data.

2. Personal Data collected automatically: 

1. Certain Data is automatically collected upon Your visit, usage or navigation of Our Website or the Platform. This type of Data does not specifically identify You but may be capable of identifying You when supplemented by other information. This Data is primarily needed to maintain the security and operation of Our Platform, and for Our internal analytics and reporting purposes. These include the following:

1. Log and Usage Data: Certain service-related, diagnostic, usage, and performance-based Data is automatically collected by Our servers when You access or use Our Website or Platform and which We record in the form of log files. Depending on Your interaction with Us, this log Data may include Your Internet Protocol (IP) address, Device information, browser type and version, and settings and information about Your activity in the Website or Platform (such as the date/time stamps associated with Your overall usage, pages and files viewed, features used, searches, and similar other actions), Device event information (such as system activity, error reports, and crash dumps), and hardware settings.
2. Device Data: We collect Device Data such as information about Your computer, phone, tablet, or other Device You use to access the Website or Platform. Depending on the Device used, this Device Data may include information such as Your Internet Protocol (IP) address (or proxy server), Device and application identification numbers, location, browser type and version, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.
3. Location Data: We collect location Data such as information about Your Device's location, which can be either precise or imprecise. How much information We collect depends on the type and settings of the Device You use to access the Website or Platform. For example, We may use GPS and other technologies to collect geolocation Data that tells Us Your current location (based on Your IP address). You can opt out of allowing Us to collect this information either by refusing access to the information or by disabling Your location setting on Your Device. However, certain features of the Website or Platform may be inaccessible or unusable to You in case You choose to opt out.
4. Cookie Data: We use Cookies and similar tracking technologies to track the activity on Our Website and Platform to store certain information. Tracking technologies used are beacons, pixels, tags, and scripts to collect and track information and to improve and analyse Our Website and Platform. Any Data that we derive from the use of such Cookies or tracking technologies is covered under this category of Personal Data. Specific information about how We use such technologies and how You can refuse certain Cookies is set out in Our Cookie Policy accessible at Cookie Policy

3. Data collected from other sources: 

1. In order to enhance Our ability to provide relevant marketing, offers, and services to You and update Our records, We may obtain information about You from other sources, such as public databases, joint marketing partners, affiliate programs, Data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent Data (or User behaviour Data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion.
2. If You interact with Us on a social media platform using Your social media account, We receive Personal Data about You such as Your name, email address, and gender. Any Personal Data that we collect from Your social media account depends on Your social media account's privacy settings.

4. PROCESSING ACTIVITIES

1. Purposes for Processing: We process Your Personal Data for a variety of reasons (“Lawful Purposes”), depending upon how You interact with Our Website and Platform, including the following:

1. To facilitate the creation, authentication and management of User Accounts. We may process Your Personal Data so You may create and log in to Your User Account and access the several functionalities of the Platform which are available to registered Users, as well as to keep Your User Account in a working condition.
2. To fulfil contractual obligations. We may process Your Personal Data to deliver and facilitate delivery of any requested products or services and to ensure the development, compliance and undertaking of purchase contracts.
3. To respond to User inquiries/offer support to Users. Your Personal Data may be processed by Us to respond to Your inquiries and resolve any potential issues You might have with regards to any of the features of Our Platform or in relation to any of the products or services offered through Our Platform.
4. To send administrative information to the User. Your Personal Data may be processed to communicate details about Our products and services, changes to Our terms and policies, and other similar information.
5. To fulfil and manage purchase orders. We may process Your Personal Data to fulfil and manage Your purchase orders, payments, returns, and exchanges made through the Platform.
6. To enable User-to-User communications. We may process Your Personal Data if You choose to use any of Our offerings that allow for communication with another User.
7. To request User feedback. We may process Your Personal Data when necessary to request feedback and to contact You about Your use of Our Website and Platform.
8. To send Users marketing and promotional communications. We may process the Personal Data You send to Us for Our marketing purposes, if this is in accordance with Your marketing preferences. You can opt out of Our marketing emails at any time.
9. To deliver targeted advertising to Users. Unless You have opted out of such communications, We may process Your Personal Data to develop and display special offers, general information about Our products or services, events, personalised content and advertisements tailored to Your interests, based on Your location, previous purchases and enquiries.
10. To protect the Platform. We may process Your Personal Data as part of Our efforts to keep Our Platform safe and secure, including fraud monitoring and prevention.
11. To identify usage trends. We may process Data about how You use Our Website and Platform to better understand how they are being used so We may attempt necessary improvements.
12. To determine the effectiveness of Our marketing and promotional campaigns. We may process Your Personal Data to better understand Your preferences and determine the most relevant marketing and promotional campaigns.
13. To save or protect an individual's vital interest. We may process Your Personal Data upon necessity to save or protect an individual’s vital interest, such as to prevent harm.
14. To facilitate business transfers. We may use Your Personal Data to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about Our Platform’s Users is among the assets transferred. In such a situation, Your Consent to such Processing shall be refreshed and You shall have the right to withdraw Your Consent to such Processing.
15. To comply with legal obligations. Your Personal Data may be processed where We are obligated by any legal requirements, which may include, compliance to a judgement, decree or directive passed by a court of competent jurisdiction; cooperation with any law enforcement authorities or regulatory bodies with respect to investigations and reporting requirements; and in case of any litigation upon Us.

2. Legal bases for Processing: We only process Your Personal Data when We believe it is necessary and when We have a valid legal reason (“Legal Basis”) to do so under applicable law. Such legal bases may include the following:

1. Consent. With Your explicit permission (or Consent), We may process Personal Data which You have voluntarily provided to Us for a specific purpose. For each category of such Personal Data, the Processing activities shall be restricted to the purposes mentioned within this Notice. You are entitled to withdraw or revoke Your Consent at any time.
2. Certain legitimate uses. We rely on certain legitimate uses as a basis for Processing of Your Personal Data. These uses include the following:

1. Contractual Obligations: We may process Your Personal Data when we believe it is necessary to fulfil Our contractual obligations to You, including providing any products or services through Our Platform, or at Your request prior to entering into a contract with You.
2. Legitimate Interests: We may process Your Personal Data when We believe it is reasonably necessary for Us to achieve Our legitimate business interests and those interests do not outweigh Your interests, fundamental rights and freedom.
3. Legal Obligations: We may process Your Personal Data where We believe it is necessary to exercise or defend Our legal rights, adduce Your Personal Data as evidence for the purpose of any litigation in which We are involved, or for compliance with Our legal obligations, such as to comply to a judgement, decree or directive passed by any competent court of law or to cooperate with law enforcement authorities and regulatory bodies.
4. Vital Interests: We may process Your information where We believe it is necessary to protect Your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

3. Summary of Processing Activities:

Serial No.	Lawful Purpose for Processing	Categories of Personal Data	Legal Basis for Processing
1.	To facilitate the creation, authentication and management of User Accounts	- Identifiers - Social Media Login Data	Consent
2.	To fulfil contractual obligations	- Identifiers	Contractual Obligation (Legitimate Use)
3.	To respond to User inquiries or offer support to Users	- Identifiers	Legitimate Interest (Legitimate Use)
4.	To send administrative information to the User	- Identifiers - Application Data	Legal Obligation (Legitimate Use)
5.	To fulfil and manage purchase orders	- Identifiers	Contractual Obligation (Legitimate Use)
6.	To enable User-to-User communications	- Identifiers - Application Data	Consent
7.	To request User feedback	- Identifiers	Legitimate Interest (Legitimate Use)
8.	To send Users marketing and promotional communications	- Identifiers - Application Data	Legitimate Interest (Legitimate Use)
9.	To deliver targeted advertising to Users	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	Legitimate Interest (Legitimate Use)
10.	To protect the Platform	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data	Legitimate Interest (Legitimate Use)
11.	To identify usage trends	- Identifiers - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	Legitimate Interest (Legitimate Use)
12.	To determine the effectiveness of Our marketing and promotional campaigns	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	Legitimate Interest (Legitimate Use)
13.	To save or protect an individual's vital interest	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data	Vital Interest (Legitimate Use)
14.	To facilitate business transfers	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data	Consent
15.	To comply with legal obligations	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data	Legal Obligation (Legitimate Use)

5. SHARING AND DISCLOSURE OF PERSONAL DATA

1. Sharing of Your Personal Data: We may share Your Personal Data with third-parties in specific situations described in this Section and/or with the following categories of third parties:

1. Vendors, Consultants, and Other Third-Party Service Providers. We may share Your Personal Data with Our Data Processors such as third-party vendors, service providers, contractors, or agents who perform Processing services for Us or on Our behalf and require access to such information. We have established necessary contractual relations with such third parties, which are designed to help safeguard Your Personal Data. In other words, in the absence of specific directions or instructions from Us, Our Data Processors cannot utilise Your Personal Data beyond their scope of engagement. Data Processors are restricted from sharing Your Personal Data with any other organisation in the absence of specific instructions from Us or without Our Consent. Furthermore, they commit to protect the Data they hold on Our behalf and to retain it for the period we instruct. The details and categories of such third parties, the respective categories of Personal Data shared with them and the purpose for such sharing are indicated through the table below:

Serial No.	Category and Details of the Recipient(s) of Data	Categories of Personal Data Shared	Purpose for Sharing
1.	Website Hosting Service Providers GoDaddy Operating Company, LLC Privacy Notice: https://www.godaddy.com/en-in/legal/agreements/privacy-policy	- Log and Usage Data - Device Data - Location Data - Cookie Data	To display and facilitate interactions with Our Website
2.	Cloud Service Providers Amazon Web Services (EC2) Privacy Notice: https://aws.amazon.com/privacy/	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data	To store and manage Data, run applications, deliver content and provide various services through the Platform
3.	Data Analytics & Performance Monitoring Services Google Analytics Privacy Notice: https://policies.google.com/privacy	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	To monitor the usage and performance of Our Website and Platform
4.	Data Storage Service Providers	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	To store, retrieve and grant access to Our Data inventory while ensuring security, integrity and confidentiality
5.	Payment Processors Razorpay Privacy Notice: https://razorpay.com/privacy/	- Identifiers	To facilitate payments from Our Users through the Platform
6.	Social Networks	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	To integrate User activities across different Social Networks
7.	Communication Service Providers	- Identifiers	To establish communication with Our Users in relation to Our Website, Our Platform and any associated products and services
8.	Sales, Advertisement and Marketing Service Providers	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	To conduct sales activities and marketing campaigns in the interest of Our business
10.	Product Management & Maintenance Services	- Application Data - Log and Usage Data - Device Data - Cookie Data	To manage, update, maintain and monitor the steady functioning of Our Platform including the various features through it
11.	Finance & Accounting Tools	- Identifiers	To manage, update and maintain Our financial statements, books of accounts, tax forms, etc.
12.	Legal Consultants & Advisors	- Identifiers - Social Media Login Data - Application Data - Log and Usage Data - Device Data - Location Data - Cookie Data	To protect Our legal interests and carry out certain activities which require the engagement of experts and professionals

2. Other businesses in case of business transfer: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
3. Affiliates. We may share Your Personal Data with Our affiliates, in which case We will require those affiliates to honour this Privacy Notice. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
4. Business partners. We may share Your Personal Data with Our business partners to offer You certain products, services or promotions through the Platform.
5. Other Users. When You share Personal Data or otherwise interact in the public areas of Our Platform with other Users, such information may be viewed by all Users and may be publicly distributed outside of the Platform in perpetuity. If You interact with other Users of the Platform and register for the Platform through a social media provider (such as Google), Your contacts on the social network will see Your name, profile photo, and descriptions of Your activity. Similarly, other Users will be able to view descriptions of Your activity, communicate with You within Our Platform, and view Your profile.
6. Any other third-party, with Your Consent. With Your specific Consent, We may share Your Personal Data with any other third-party for any other purpose. In such a situation, the details of such third-party along with the purpose for sharing shall be communicated to You in advance.

2. Disclosure of Your Personal Data: In certain situations, We might be obligated to disclose Your Personal Data to third-parties, by virtue of any contractual or legal obligations. Such situations include:

1. Business transactions. If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. In such a situation, You shall be notified well in advance and prior to any actual transfer of Your Personal Data. It shall be noted that in such a situation, Your Personal Data shall be subject to and governed by different policies and practices. Your Consent to such new policies shall be refreshed.
2. Law enforcement. Under certain circumstances, the Company may be required by law to disclose Your Personal Data upon valid requests from law enforcement authorities, regulatory bodies, courts of law or governmental agencies. We impart Our most sincere consideration to such requests and We only disclose Your Personal Data when such a request, upon Our analysis, is determined to be genuine, valid and absolutely mandated by the law. Although We are not obligated to, We may notify You of any disclosure in connection to Your Personal Data.
3. Other legal requirements. We may disclose Your Personal Data in the good faith belief that such disclosure is necessary to:

1. Comply with a legal obligation;
2. Protect and defend the rights or property of the Company;
3. Prevent or investigate potentially illegal activities in connection to the Platform;
4. Protect the personal safety of the Users of Our Platform; and
5. Protect Ourselves against liabilities.

6. THIRD-PARTY WEBSITES

1. Certain parts of Our Website and Our Platform may include links to third-party websites, online services, or mobile applications and/or contain advertisements from third parties which may link to other websites, services, or applications. Such third-parties are not affiliated to Us in any way, and thus, We do not assume any liability for any loss or damage caused by Your use of such third-party websites, services or applications.
2. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by Us. We cannot guarantee the safety and privacy of any Personal Data You provide to any third parties. Furthermore, We are not responsible towards the privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Website or the Platform. Any Data collected by a third-party is not governed by this Notice. It is advisable for You to review and enquire upon the policies of such third parties prior to sharing any of Your Personal Data with them.

7. CROSS-BORDER DATA TRANSFERS

1. Our servers are located in India. If You are accessing Our Website or Our Platform from outside India, please be aware that Your Personal Data may be transferred to, stored, and processed by Us in Our facilities and by Our Data Processors, located in India, United States, and other countries.
2. The Company takes reasonable steps to ensure that Your Data is treated securely and in accordance with this Notice by Our Data Processors. No transfer of Your Personal Data shall take place to an organisation or country that exhibits a lack of adequate controls or Data protection framework. We do not transfer Your Personal Data to any country or territory to which the transfer of Personal Data is restricted by the applicable law.

8. DATA RETENTION

1. We shall only retain Your Personal Data for as long as it is necessary to fulfil the purposes set out in this Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). We may also retain Your Personal Data to resolve disputes, comply with the applicable law, or enforce Our legal agreements and policies.
2. When We have no ongoing legitimate business need to process Your Personal Data, we will either delete or anonymize such information, or, if this is not possible (for example, if Your Personal Data has been stored in backup archives), then We will securely store Your Personal Data and isolate it from any further Processing until deletion is possible.
3. Upon the deletion of Your User Account on Our Platform, most of Your Personal Data is automatically deleted although some of them may be retained until 180 (One Hundred and Eighty) days from the date of deletion of Your User Account for the purposes of fraud prevention, troubleshooting, investigations, enforcement of Our legal rights, and/or compliance with applicable law. Additionally, some specific categories of Your Personal Data may be retained even beyond the aforementioned time-frame, in order to comply with legal obligations.

9. DATA SECURITY

1. We have implemented appropriate and reasonable technical and organisational safeguards designed to protect the security of any Personal Data We process. However, despite Our safeguards and best efforts to secure Your Personal Data, no electronic transmission over the internet or information storage technology can offer absolute security. We thus cannot guarantee absolute protection against hackers, cybercriminals or other unauthorised third-parties from illegally collecting, accessing, stealing or otherwise modifying Your Personal Data. In the event of any such Data Breach Incident involving Your Personal Data, We shall notify You about such an incident in the form and manner prescribed by applicable law.
2. Although We employ Our best efforts to protect Your Personal Data, transmission of Personal Data to and from Our Platform is at Your own risk. You are advised to access the Platform through a secure environment only.

10. YOUR RIGHTS AND DUTIES AS A DATA PRINCIPAL

1. We recognize Your rights as a Data Principal, as guaranteed by the applicable law. The following rights are available for You to be enforced at any time.

1. Right to Access: As a Data Principal, You shall have the right to access Your Personal Data and obtain specific information relating to Our Processing activities.
2. Right to Correction/Rectification: You have the right to correct or rectify any incorrect or inaccurate Personal Data relating to You.
3. Right to Erasure (Right to be Forgotten): You are guaranteed a right to deletion of Your Personal Data as and when requested by You. Please note that some extent of Your Personal Data may still be retained in anonymized form beyond the scope of Processing in order to comply with legal obligations and for defence of claims.
4. Right to Nominate: You shall have the right to nominate Your rights to another person who may, in the event of Your death or incapacity, exercise the rights guaranteed to You on Your behalf.
5. Right to Grievance Redressal: In case You are not satisfied with any of Our Data protection practices, You also have the right to seek redressal of Your grievances directly with Us. Kindly refer to Section 15 of this Notice titled “Grievance Redressal” to know about the complete redressal mechanism.

2. By agreeing to the terms mentioned within this Notice, You represent and warrant that You shall respect and perform certain duties as a Data Principal, failing which, You expose Yourself against appropriate legal action as permissible under the applicable law. In fulfilment of such duties, You hereby agree to:

1. Comply to the provisions of all applicable laws while exercising Your rights;
2. Ensure not to impersonate another person while providing Personal Data for a specified purpose;
3. Avoid the suppression of any material information while providing Your Personal Data for any document, unique identifier, proof of identity or proof of address issued by the Government or any of its instrumentalities;
4. Refrain from registering a false or frivolous grievance or complaint with Us or any supervisory government authority (such as, the Data Protection Board of India); and
5. Furnish only such information as is verifiably authentic, while exercising the right to correction or erasure.

11. ACCESS REQUESTS

1. The easiest and most convenient way to exercise any of Your rights guaranteed under the applicable law or as mentioned within this Notice is by contacting Us using the contact information provided under Section 16 of this Notice titled “Contact Us”. Users of the Platform are requested to contact Us via email with the subject ‘Data Access Request’ and communicate their requirements and expectations in connection to their rights as a Data Principal.
2. We impart Our sincere consideration towards all access requests and act upon them in accordance with the applicable law.

12. DIRECT MARKETING

1. With Your Consent, We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may withdraw such Consent and opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
2. Upon withdrawal of Your Consent, although You will be removed from Our mailing and marketing lists, We may still continue to communicate with You, for example to send You service-related messages that are necessary for the administration and use of Your  User account, to respond to service requests, or for other non-marketing purposes.

13. CHILDREN’S PERSONAL DATA

1. Our Website and Platform are not meant to be used by individuals under the age of 18 (eighteen) years (hereinafter, “Child” or “Children”). We do not knowingly or intentionally solicit any Personal Data from or market to Children. By using the Platform, You represent that You are at least eighteen years of age, or that You are the parent or legal guardian of such a Child and Consent to such Child dependent’s use of the Platform.
2. In case it comes to Our attention that Personal Data from Users less than 18 years of age has been collected mistakenly or accidentally, We will deactivate the User Account and take reasonable measures to promptly delete such Personal Data from Our inventories and repositories. If You become aware of any Personal Data We may have collected from Children, please contact Us immediately.

14. UPDATES TO THIS NOTICE

1. We may update this Privacy Notice from time to time. The updated version will be indicated by an updated and revised date and the updated version will be effective as soon as it is accessible. If We make any material changes to this Notice, We may notify You either by prominently posting a notice of such changes or by directly sending You a notification. We encourage You to review this Privacy Notice frequently to be informed of how We are protecting Your Personal Data.

15. GRIEVANCE REDRESSAL

1. Any grievances, complaints or concerns regarding Our Data protection policies or practices shall be communicated to Our Nodal cum Grievance Officer.
2. In accordance to the Information Technology Act, 2000, including the rules made thereunder, as well as, the Digital Personal Data Protection Act, 2023, the name and contact details of the Nodal cum Grievance Officer are provided below:

Details of the Nodal cum Grievance Officer

Name: Mr. Chandrasekara Reddy
Designation: Director
Address: UO Tech Private Limited, Attn: Grievance Redressal Officer, WeWork Prestige Cube, Site No. 26 Laskar, Hosur Rd, Bangalore, Karnataka 560030.
Email: gro@uo.app

3. Please note that the grievance redressal mechanism is an escalation channel. We request You to kindly exhaust the option to contact Our customer support by using the information provided under Section 27 herein before opting for the grievance redressal procedure. The grievance redressal mechanism shall only be utilised in relation to any complaints, grievances or concerns that You feel are not appropriately addressed by Our customer support team. The procedure for grievance redressal may take up to 3-5 (three to five) working days, whereas, Our customer support team typically responds to Your queries within 24 hours.

16. CONTACT US

1. In case You have any queries in relation to Our Website or Our Platform, including this Privacy Notice, or if You wish to exercise any of Your rights as a Data Principal, We encourage You to contact Us at the following details:

Email: support@uo.app
Postal Address: UO Tech Private Limited, WeWork Prestige Cube, Site No. 26 Laskar, Hosur Rd, Bangalore, Karnataka 560030.