TYPES OF INFORMATION COLLECTED BY THE COMPANY

The Company collects and processes the following categories of information to deliver services across Physical, Mental, Financial, and Cyber Health, improve user experience, and comply with applicable laws:

Policy & Insurance Related Information:

The following policy-related data fields may be shared with the Large Language Model (LLM) for processing and are securely stored in our database for reference, handling, servicing, and analytics purposes. For processing purposes only, the following information may be extracted from your uploaded policy document and shared securely with the LLM:

• Name of previous insurer
• Type of policy (e.g., motor, health, life)
• Insurance product category
• Policy number
• Name of the policyholder
• Name of the current insurance provider
• Policy start and end dates
• Premium paid at policy inception
• Sum insured or coverage amount
• Current premium paid
• Amount claimed under previous policies
• Name of the insurance individual(s)
• Mode of premium payment (e.g., monthly, annually)

Contact & Location Information:

• Residential address
• City and State of residence
• Insurance branch location
• Intermediary & Third-Party Details:
• Name of insurance intermediary or agent
• Name of other intermediaries involved
• Name and website of Third-Party Administrator (TPA)

Policy Features:

• List of exclusions (what is not covered)
• List of coverages (what is covered)
• Personal Accident (PA) coverage status

Vehicle Information (for motor insurance):

• Vehicle registration number
• Vehicle make, model, and specifications
• Engine and chassis numbers
• Cubic capacity (CC)
• Year of manufacture
• Seating capacity
• Insured Declared Value (IDV)
• Type of fuel used
• Third-party coverage details
•  

Additional Information:

• Names of insured members (for group or family policies)
• Customer support toll-free number.

Pawned Password Check:

• Password hashes
• Associated account identifiers
• Check history

        i. Date

       ii. Time

      iii. Result Status

Personal Wellness Assessment Data

• Selected mental wellness focus area(s):

         i. Depression

         ii. Stress

        iii. Anxiety

        iv. Sleep Disorders

• Self-reported frequency of symptoms
• Preferred daily wellness time commitment

Engagement & Activity Data

• Wellness streak
• League/ Tier
• Active time per session
• Challenges completed
• Community leaderboard position

Implicit Data

• User ID or account details
• Timestamp of activities
• Device information
• Engagement metrics

Personal Information:

• Email Address
• Phone Number
• PAN Number
• Aadhaar Number
• Tax Invoice Number
• GST Registration Number
• Any other personal information present within the policy document

Communication Information: 

Communication Information refers to information shared, recorded, or generated during interactions between the End User and the Company. This includes:

• Customer service interactions through email, chat, or in-app messaging
• AI chat messaging
• Recorded telephonic or online conversations with relationship manager or company representatives
• Feedback, grievances, complaints, or suggestions submitted by the End User
• Responses to surveys, polls, or research conducted to improve services
• Correspondence exchanged through notices, legal communications, and other official communications in writing or electronically.

Non-Personal Information:

• Non-personal information means information that does not specifically identify an individual or business, but includes:
• information from you, such as your browser type, the URL of the previous Applications you visited
• your internet service provider (ISP), operating system & version and your internet protocol (IP) address
• device location, information about your mobile device including hardware model, preferred language, unique device identifier,
• your profession, field of work, information you provide us when you contact Us for help;
• information you enter into our system when using the Application, such as while asking doubts, participating in discussions and taking tests and any other information you may give on and through the Application.
• how many people visit the Application, the pages you visit, how long you visited our Application, and the date and time you used the Application.
• Any information that you voluntarily provide, such as information included in response to a questionnaire, or a survey conducted by the Company.

Usage Information:

Usage Information refers to information automatically collected when a user accesses or uses the Application. This includes:

• All data and information collected automatically through the Application (or through the third-party analytics service providers),
• By use and access of the Application in the nature of system administrative data,
• Statistical and demographical data, and operational information and data generated by or characterizing use of the Application Non-Personal Information,
• Cookies, your search queries,
• Timestamps of logins, logouts, and activity trails,
• Comments, search results selected,
• Number of clicks, pages viewed and the order of those pages, error logs,
• Application traffic, time spent on the Application, number of visits to the Application
• Similar information and behaviour indicating the mode and manner of use of the Application.
• Personal Information, Insurance-related Information, Communication Information, Non-Personal Information and Usage Information (hereinafter shall be referred to as “Information”, collectively). The Company limits the collection of Information which is necessary for its intended purpose.
• For the purposes of this Policy, the categories of Information described above shall include not only the specific items listed, but also any associated, incidental, supplementary, derivative, or related information that may reasonably be collected, generated, stored, processed, or disclosed in connection with the user’s utilisation of the insurance services, compliant with applicable laws and regulations, or performance of contractual obligations. The examples provided under each category are illustrative and not exhaustive.

CONSENT TO PROCESSING

• By mere use of the Application, you expressly consent to the Company’s use, access, processing and disclosure of your Information and third-party information in accordance with this Policy. If you do not agree with the terms of this Policy, you shall not use this Application.
• In case you wish to avail any or all of the Services provided on the Application, the Company shall provide a method for sign-up and login, which may include username and password, mobile number and OTP based login, or any other mechanism as may be available on the Application (“Login Credentials”) as set out in the Terms of Use. You may be required to fill in the Information/onboarding form on the Application including full name, email address, mobile number and/or a one-time password sent on your mobile number and such other information as requested on the registration page/on-boarding form to set up your account on the Application.
• You hereby explicitly agree that your use and access of the Login Credentials shall be governed by the EULA and Terms of Use read with the terms of this Policy and any other agreement that you may enter into with the Company. You should not share your Login Credentials, one-time password or other security information for your account with anyone. If We receive instructions using your Login Credentials, We will consider that you have authorized the instructions.
• Your acceptance of this Policy signifies your acceptance and consent to the processing of your Information by the Company and forms a valid and binding agreement between you and the Application/Company for Information processing by the user as per the terms of this Policy (as per Section 6 (1) of the Digital Personal Data Protection Act, 2023).

COLLECTION OF INFORMATION

• The Company may collect Information from you when you (a) register on the Application; (b) update or change personal details in your account; (c) use the Application for any of the Services being offered thereon; (d) voluntarily participate in campaigns conducted by the Company on the Application or respond to questionnaires published by the Company on the Application (if any); (e) voluntarily complete a customer survey or provide feedback on any of our message boards or via email or via third-party service provider in relation to the products and Services provided on the Application; (f) when you carry out transactions on the Application.
• In order to enhance certain features of the Application, such as uploading documents or accessing media content, Company may request access to photos and files stored on your device. This access is required to facilitate the functionality of the Application and provide you with a seamless user experience. Company will only access photos and files upon your explicit authorization and will not use this information for any purpose other than as described in this Privacy Policy.
• You hereby acknowledge and agree that all Information is provided by you to the Company voluntarily and the Information provided by you is not subject to any undue influence.
• The Company may use cookies to monitor the Application usage including, without limitation, to provide useful features to simplify your experience when you return to the Application, like remembering your Login Credentials, Information and to deliver relevant content based on your preferences, usage patterns and location.
• If you make a payment through the App, you may be asked to provide billing details and payment information. All payments are processed securely by authorised third‑party payment service providers. The Company does not collect or store your complete payment information, such as card numbers, CVV, or bank account details. This information is collected and stored directly by the payment service provider in accordance with its own privacy policy and applicable laws. The Company only receives limited transaction details and payment confirmations necessary to provide the service. For your convenience, the payment service provider may save masked or tokenized payment details or remember your payment preferences, subject to the provider’s terms and policies.
• The Company may also collect Non-Personal Information or Usage Information based on your browsing activity and in relation to your use or access to the Application which may or may not be publicly accessible.
• Information collected by the Company from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such information was collected.
• You may visit the Application without providing the Company any Information about yourself. However, you may not be able to access certain services of the Application in case you choose to do so.

LEGAL BASIS FOR PROCESSING

We process your Personal Information, Verification Information and Financial Information (“collectively referred to as the “Personal Data”) in accordance with applicable data protection laws and only where a valid legal basis exists. The primary grounds on which we rely include:

• Consent: Where you have provided explicit consent, we may process your Personal Data for purposes such as availing optional services, receiving marketing and promotional communications, participating in surveys, or allowing your information to be shared with third parties. You may withdraw your consent at any time, subject to applicable legal and contractual restrictions.
• Contractual Necessity: We process Personal Data where it is necessary to enter into, administer, and perform our service agreements with you, including enabling access to Physical, Mental, Financial, and Cyber Health services. This includes managing your bookings, processing payments, facilitating consultations, delivering medicines, scheduling diagnostic tests, providing mental wellness programs, monitoring cyber security alerts, and maintaining records of your participation in these services.
• Legal Obligation: We are required to process and retain certain categories of Personal Data in order to comply with statutory requirements and applicable laws, including but not limited to healthcare regulations, data protection laws such as the Digital Personal Data Protection Act, 2023, financial compliance obligations, and cybersecurity directives issued by competent authorities. This may include maintaining records of health services provided, diagnostic reports, payment transactions, and identity verification details as mandated under applicable legislation.
• Legitimate Interests: We may process your Personal Data where it is reasonably necessary for our legitimate business purposes, provided such processing does not unduly affect your rights and freedoms. Legitimate interests include fraud detection and prevention, ensuring the security and integrity of our systems, recovering dues and enforcing legal claims, improving our services, and conducting internal analytics and audits.

NOTIFICATION PREFERENCES

• By using the Application, you have the option to enable notifications to receive updates, alerts, and relevant information from the Company. By enabling notifications, you agree to receive notifications from Company through the Application or other communication channels as specified by Company, including but not limited to SMS, email, WhatsApp, and push notifications.
• Notifications may include, but are not limited to:

1. Reminders for scheduled services such as doctor appointments, diagnostic tests, medication deliveries, and mental wellness sessions;
2. Important announcements relating to health services, cybersecurity alerts, and financial wellness updates;
3. Regulatory or compliance-related alerts concerning healthcare, data protection, and cybersecurity obligations;
4. Promotional offers for wellness programs, fitness plans, mental health workshops, and security tools;
5. Other relevant information connected with the services provided by the Company and/or its authorized representatives.

• Company will determine the frequency and delivery method of notifications, which may vary based on the type of information being communicated and your notification preferences. Company will make reasonable efforts to ensure that notifications are timely, relevant, and delivered in accordance with your preferences.
• You have the option to opt out of receiving notifications at any time by adjusting the notification settings within the mobile or contacting the Company directly. Please note that opting out of notifications may affect your ability to receive important updates and information from the Company. Certain categories of notifications, such as payment reminders, compliance alerts, and security-related updates, are essential for the proper functioning of the Application and cannot be opted out of.
• By enabling notifications, you grant Company permission to send notifications to your device and access necessary information to deliver notifications effectively. This may include accessing device identifiers, notification preferences, and other relevant data as required.

PURPOSE AND USE OF INFORMATION

• The Company uses the Information you provide to:
• manage your account and profile and verify your identity and eligibility;
• Enable access to services across Physical, Mental, Financial, and Cyber Health, including booking appointments, scheduling diagnostic tests, delivering medicines, and facilitating wellness programs;
• digitize insurance policies and offer advisory content
• Manage and store documents securely, including prescriptions, diagnostic reports, and uploaded policy documents;
• fulfil your requests for insurance services offered on the Application, including purchase of policies and managing documents;
• fulfil your requests for services offered on the Application, including healthcare consultations, mental wellness sessions, cyber security checks, and financial wellness support;
• respond to your inquiries about insurance policies and other services available on the Application;
• provide you with information about products and services available on the Application and offer you other services such as cybersecurity, healthcare, insurance, financial, and mental health, education, new offerings, and related services that the Company believes may be of interest to you;
• resolve any technical glitches or issues on the Application, including addressing downtime, errors, or payment-related problems;
• improve the services and content on the Application and your experience of navigating through the Application and carrying out transactions on the Application;
• administer and operate the Application, including maintaining security, fraud detection, and compliance checks;
• learn about each user’s learning patterns, interaction patterns and movements around the Application;
• manage the Company’s relationship with users, insurance houses, reinsurers and other stakeholders;
• conduct research, data analytics, and internal audits to enhance offerings, improve efficiency, and ensure compliance with applicable laws and regulations; and
• for any other lawful purpose reasonably necessary for insurance operations.
• The Company may use the Information to monitor your use of the Application and may review and analyse the Information to provide you with customized service.
• The Company may use your Non-Personal Information or Usage Information for internal business purposes, such as data analysis, research, developing new products and/or features, enhancing and improving existing products and services and identifying usage trends.
• Subject to and in accordance with applicable laws, the Company has the right to use your Information for the purpose of conducting promotional/marketing related activities on the Application, including but not limited to, using your Personal Information for making posters/banners to promote the services of the Company.
• When you send an email message or otherwise contact the Company through its Application, the Company may use the Information provided by you to respond to your communication. The Company may also archive such Information and/or use it for future communications with you to inform you regarding updates, newsletters, offers, new services and promotions.

INFORMATION SHARING

• The Company maintains your Information in electronic form on its servers, systems, and secure cloud storage facilities. Such Information is made accessible only to the Company’s employees, authorized agents, auditors, service providers, guarantors, and other third parties engaged by the Company, strictly on a need-to-know basis and solely for the purposes of operating, managing, and administering the Application in compliance with applicable laws.
• As part of the Company’s policy digitization and AI-based analysis workflow, certain data extracted from the uploaded insurance policy documents may be securely shared with a Large Language Model (LLM), such as OpenAI, to accurately interpret, structure, and analyze policy details. This includes both structured policy data and limited Personal Data as outlined in our Privacy Policy.
• For regulatory and legal compliance, your Information may be disclosed to government departments or agencies, statutory authorities, auditors, legal advisors, courts, tribunals, regulatory bodies, and law enforcement agencies, where disclosure is mandated under applicable law or pursuant to valid legal process.
• In addition, for the purpose of business operations, continuity of services, and quality assurance, your Information may be shared with the Company’s group entities, technology and infrastructure service providers, communication partners, and other authorized third parties who act on behalf of or under instructions from the Company.
• The Company does not rent, sell, or share Personal Data with third parties or with other non-affiliated entities, except with your consent.
• The Company may disclose and/or transfer Information to an investor, acquirer, assignee or other successor entity in connection with a sale, merger, or reorganization of all or substantially all of the equity, business or assets of the Company.
• The Company may engage third party vendors and/or contractors to perform certain services such as advertising companies, and email marketing providers, who may have limited access to Information.
• To process transactions, the Company may direct you to a payment gateway service provider of its own choice, which may have access to the Information provided by you while making such payment.
• The Company may share Information with government authorities in response to subpoenas, court orders and/or other legal processes, to establish or exercise legal rights; to defend against legal claims; and/or as otherwise required by law. This may be done in response to a law enforcement agency’s request.
• All third parties with whom your data is shared are bound by strict confidentiality agreements. Data sharing is limited to specified, legitimate purposes only, and we conduct regular audits to ensure compliance by these third parties. Furthermore, we do not share your data for third-party marketing without your explicit consent and will not transfer your data outside India without providing adequate protection and obtaining your explicit consent.

THIRD PARTY SERVICE PROVIDERS

• The Company may engage third party vendors and/or contractors to perform certain support services for the Company, including, without limitation, software maintenance services, advertising and marketing services, web hosting services and such other related services which are required by the Company to provide its services efficiently. These third parties may have limited access to Information. If they do, this limited access is provided so that they may perform these tasks for the Company and they are not authorized by the Company to otherwise use or disclose Information, except to the extent required by law.
• Payments made through the Application are processed via secure third-party payment gateways and banking channels. These providers operate under their own independent privacy policies and compliance standards. Notwithstanding the provisions of Clause 4.5, the Company does not store or retain complete payment card details on its own systems.
• The Company does not make any representations concerning the privacy practices or policies or terms of use of such platforms/third parties, nor does it control or guarantee the accuracy, integrity, or quality of the information, data, text, software,
• music, sound, photographs, graphics, videos, messages or other materials available on and with such platforms/third parties.

RECORDING PRACTICES

• Call Recording. All customer service calls may be recorded by the Company. Such recordings shall be used solely for quality assurance, service monitoring, training, and dispute resolution purposes. Recordings shall be stored securely with access restricted to authorized personnel only and shall be retained strictly in accordance with the Company’s data retention policies.

DATA RETENTION AND DELETION

• The Company shall store your Information at least for such period as may be required and permitted by law or for a period necessary to satisfy the purpose for which the Information has been collected. These periods vary depending on the nature of the Information and your interactions with the Company.
• You agree that you will not submit any false Information or any illegal or damaging content to the Application. The Company reserves the right to terminate access to or the ability to interact with the Application in response to any concerns the Company may have about false, illegal, or damaging content submitted by you, or for any other reason, in its sole discretion.
• The Company shall retain your Information only for as long as is reasonably necessary to fulfill the purposes for which it was collected, or as required under applicable law. Without prejudice to the foregoing:
• Health Records (Physical and Mental): Information relating to appointments, diagnostic reports, prescriptions, assessments, and progress logs shall be retained for a period consistent with healthcare regulations and professional standards.
• Electronic Health Records (EHR): Retained until the Data Principal exercises the right to erasure, subject to statutory exceptions.
• Financial Information: Payment history, transaction records, and Know Your Customer (KYC) documentation shall be retained in accordance with applicable financial laws and regulatory requirements.
• Cybersecurity Data: Security logs, breach monitoring data, and related information shall be retained for a reasonable duration necessary for audit, compliance, and risk management purposes.
• Communication Records: Call recordings and chat transcripts shall be retained for a reasonable duration to facilitate quality assurance, training, and resolution of disputes.
• Marketing and Promotional Data: Retained until the Data Principal withdraws consent or opts out of such communications.
• Transaction Records: Retained in compliance with statutory and regulatory requirements.
• Upon expiry of the applicable retention period, the Company shall delete or permanently destroy the Information in a secure manner, using industry-standard data erasure or destruction methods.
• Deletion of Information shall be undertaken only where the user has no ongoing association with the Company, and subject always to any overriding legal or regulatory obligations.
• The Company may retain anonymized or aggregated data, which does not identify any individual, for the purposes of analytics, research, service improvement, or statistical reporting.

DUTIES OF USERS

• Each of the users of the Application is bound by certain obligations while sharing their Information as per the provisions of the Digital Personal Data Protection Act, 2023 and such obligations include (apart from the obligations prescribed under the End User License Agreement and Terms of Use of the Application):
• comply with the provisions of all applicable laws for the time being in force while exercising rights under the provisions of the Digital Personal Data Protection Act, 2023;
• to ensure not to impersonate another person while providing their own Personal Data for a specified purpose;
• to ensure not to suppress any material information while providing their Personal Data for any document, unique identifier, proof of identity or proof of address issued by the State or any of its instrumentalities;
• to ensure not to register a false or frivolous grievance or complaint with the Company or the Data Protection Board of India; and
• to furnish only such information as is verifiably authentic, while exercising the right to correction or erasure under the provisions of Digital Personal Data Protection Act, 2023.

COMPLIANCE WITH THE DATA PROTECTION LAWS

• The Company is fully committed to complying with all provisions of the Digital Personal Data Protection Act, 2023 (may be referred to as the “DPDP Act” or “DPDPA”) and any rules or regulations framed thereunder. To that end, the Company has adopted the following compliance framework:
• Lawful Processing and Consent

1. Prior to collecting Personal Data, the Company shall provide clear, accessible, and unambiguous notices explaining the nature, purpose, and extent of data Consent shall be obtained in a free, specific, informed, and unambiguous manner for each distinct processing purpose;
2. Records of consent, including the timestamp, scope, and stated purpose, shall be securely maintained;
3. Mechanisms shall be provided to enable easy withdrawal of consent at any time, without affecting prior lawful processing; and
4. Separate and independent consent shall be sought for optional services, marketing communications, and third-party sharing.

Purpose Limitation

1. Personal Data shall be processed strictly for the lawful, specific, and limited purposes communicated at the time of collection;
2. Any processing for a new or additional purpose shall be undertaken only upon obtaining fresh consent;
3. A clear distinction shall be made between mandatory information required for service delivery and optional information provided voluntarily; and
4. Under no circumstances shall data be used beyond the purposes explicitly stated and agreed to.

Data Minimization

1. Only such Personal Data as is necessary for the identified purposes shall be collected;
2. Periodic reviews shall be conducted to prevent excessive or redundant data collection;
3. Optional data fields shall be clearly marked as non-mandatory; and
4. Systems shall be designed to automatically purge unnecessary or outdated information.

Data Accuracy

1. User shall be provided with simple mechanisms to review and update their Data;
2. The Company shall send annual reminders to users to verify the accuracy of their information;
3. Verification processes shall be implemented for critical data changes such as KYC;
4. Audit trails shall be maintained for all material modifications to user records.

Storage Limitation

1. Defined retention periods shall apply for each category of Personal Data, consistent with statutory and contractual requirements;
2. Personal Data shall be automatically deleted or securely destroyed upon expiry of the applicable retention period;
3. Legal hold procedures shall be implemented where retention is required to comply with regulatory or legal obligations; and
4. Secure disposal methods, both physical and digital, shall be employed to ensure permanent deletion of Personal Data.

Data Security

1. Technical Measures: Personal Data shall be protected through 256-bit SSL encryption, secure storage, robust access controls, multi-factor authentication, intrusion detection, and firewalls;
2. Organizational Measures: Employees and agents shall undergo regular training on data protection obligations, and strict access policies shall be enforced;
3. Regular Assessments: The Company shall conduct periodic security audits, penetration tests, and vulnerability assessments to identify and mitigate risks; and
4. Compliance Standards: The Company is IEC/ISO 27001 certified

CONTROL OVER YOUR PERSONAL DATA

• Right to Withdraw Consent. You shall have the right to withdraw your consent to the processing of your Personal Data at any time. Upon receipt of such withdrawal, the Company shall cease further processing of your Personal Data for the purposes for which consent was withdrawn, provided that such withdrawal shall not affect the lawfulness of processing based on consent obtained prior to such withdrawal. You acknowledge that certain services may not be available to you following the withdrawal of consent, and that the Company may be required to retain certain categories of Personal Data in order to comply with legal or regulatory obligations.
• Right to Information. You shall have the right to know the categories of Personal Data collected and processed by the Company, to understand the purposes and processing activities undertaken with respect to such Personal Data, to access a summary of the categories of third parties with whom your Personal Data has been shared, and to review the applicable retention periods for such Personal Data.
• Right to Access. You shall have the right to obtain confirmation from the Company as to whether your Personal Data is being processed, to request a copy
• of such Personal Data, to receive such Personal Data in a commonly used, structured, and machine-readable format wherever technically feasible, and to access a record of the processing history maintained by the Company in accordance with applicable laws.
• Right to Correction and Erasure. You shall have the right to request correction of any inaccurate or incomplete Personal Data, to update any outdated or obsolete information, to request erasure of your Personal Data upon withdrawal of consent subject to the Company’s legal or regulatory obligations, and to require the Company to implement complete lifecycle management of such Personal Data in accordance with its retention and deletion policies.
• Right to Grievance Redressal. You shall have the right to file complaints with the Company’s designated Grievance Officer, to escalate unresolved complaints to the Data Protection Board of India in accordance with the DPDP Act, to track the status of grievances filed, and to receive resolution of such grievances within the timelines prescribed under this Policy or by applicable law.
• Right to Nominate. You shall have the right to nominate another individual to exercise your rights under this Policy in the event of your death or incapacity. The nomination process shall be facilitated through the Application, and the Company shall ensure that secure verification procedures are applied prior to the exercise of such nominee rights.
• The Company is not liable for the Information you share with third parties directly. Upon your request for withdrawal of consent, removal of Information, rectification of Information or otherwise, we will undertake such necessary actions in compliance of the Applicable Laws to the extent the Information is within the control of the Company. We are not responsible or liable for the Information that is in control or within the infrastructure of any third party.

EXERCISE OF RIGHTS

• Submission of Requests. You may exercise any of the rights set out in Clause 11 by submitting a request through one of the following channels:

1. by email to grievance@callmeooo.com;
2. by submitting a written request to the Company’s registered office at GUTENBERG IT Park, 3rd Floor, Kalajyothi Rd, Masjid Banda, Sai Pruthvi Enclave, Telangana 500084.

• Information Required. For the purpose of processing your request, the Company may require you to provide your user ID or account identifier, a clear description of the right you seek to exercise, such supporting details as may be necessary to process the request, and such identity verification documents as may be reasonably necessary to confirm your identity.
• Timelines. The Company shall acknowledge receipt of your request within forty-eight (48) hours, complete verification of your identity within seven (7) days, and resolve the request within thirty (30) days from the date of successful verification. In the event of complex requests requiring additional time, the Company shall provide written notice of such extension together with reasons for the delay.
• Fees. The first request submitted by you in any calendar year shall be processed without charge. Any subsequent requests may be subject to a nominal processing fee, which shall be communicated in advance.

COMPLIANCE WITH LAWS FOR USERS OUTSIDE INDIA

• While We strive to ensure compliance with applicable laws and regulations, it is not feasible for Us to address the specific laws of every region. However, We are committed to protecting the privacy and Personal Information of all Our users.
• Acceptance of Privacy Policy: By accessing and using Our Services, as a user outside India, you acknowledge and agree to the terms of this Policy and Our data practices.
• Data Subject Rights: As a user outside India, you may have certain rights regarding your Personal Information under the applicable laws of your region. While We strive to respect these rights to the extent required by law, please note that our ability to fully address specific legal requirements may be limited. We will, however, make reasonable efforts to assist you in exercising your rights as permitted by applicable laws.
• Compliance with Local Laws: While We endeavour to comply with applicable laws and regulations, including privacy and data protection laws, in all regions We operate, it is important to note that certain laws may have extraterritorial application. We encourage users outside India to familiarize themselves with the local laws that may apply to their Personal Information and to assess the risks associated with using Our Application and the Services therein.

COOKIES

• To enhance your experience with the Application, many of the web/application pages use “cookies” and pixel tags and clear gifts on certain pages of the Application. Cookies are text files the Company places in your computer’s/mobile’s browser to maintain your log-in and session details. Company uses three types of cookies, necessary session cookies (including username, email ID, user access information) which enable Company to  recognise you and makes it easier for you to return to the Application and interact with the Company’s Services without signing in again, and/or preference cookies (including search and browsing history) which are stored for the maximum duration permitted by law, and/or statistics cookies (including Usage Information such as unique request ID, statistical data) which are stored for 24 hours or the maximum duration permitted by law (collectively referred to as the “Cookies”).
• Cookies, by themselves, do not tell the Company your e-mail address or other Personal Information unless you choose to provide this information to the Company by, for example, registering on the Application and/or by availing the Services provided on the Application. Cookies are designed to hold a marginal amount of data specific to a particular user and Application and can be accessed either by the web server or the user device. However, once you choose to furnish the Application with personally identifiable information (PII), this information may be linked to the data stored in the Cookies. Company uses Cookies to understand site usage and to improve the content and offerings on the Application. For example, Company may use Cookies to personalize your experience on the Application (e.g., to recognize you by name when you return to the Application). Company also may use Cookies to offer you products, programs, or services. Cookies may be placed on the Application by third-parties as well, the use of which the Company does not control. You are free to accept or refuse the use of Cookies via the cookie banner that appears when you open/access the Application.
• Cookies are retained in your browser unless specifically deleted, depending on the type of Cookies. If you decline the Cookies, you may be unable to use certain features on the Application and you may be required to re-enter your password frequently. By using or accessing the Application and/or the Services provided on the Application, you hereby explicitly authorise the Company and give your consent to the Company to store, use and access Cookies for the purposes outlined in this Policy. Most browsers allow you to control Cookies through their settings, which may be adapted to reflect your consent to the use of Cookies, and they may also enable you to review and erase Cookies.
• You can manage browser Cookies through your browser settings. The ‘Help’ feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive Cookies, how to disable Cookies, and when Cookies will expire. If you disable all Cookies on your browser, neither We nor third parties will transfer Cookies to
• your browser. If you do this, however, you may have to manually adjust some preferences every time you visit the Application and some features and services may not work.

PROTECTION OF INFORMATION

• The Company has taken adequate measures to protect the security of Information and to ensure that your choices for its intended use are honoured. The Company takes robust precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
• The Company shall adopt industry-standard technical safeguards to ensure the confidentiality, integrity, and availability of Personal Data. Such measures shall include, without limitation: the use of 256-bit SSL encryption for all data transmission; secure storage; multi-factor authentication for access to systems; periodic vulnerability assessments and penetration testing; strict access controls and maintenance of audit logs; deployment of firewalls and intrusion detection/prevention systems; and the use of secure APIs and data interfaces for integration with third-party services.
• The Company shall implement organizational safeguards designed to reduce security risks and protect against unauthorized access, misuse, or disclosure of Personal Data. Such safeguards shall include, without limitation: role-based access controls to restrict data access to authorized personnel only; regular training and awareness programs for employees and contractors on data protection practices; documented incident response procedures to promptly detect, respond to, and mitigate security events; business continuity and disaster recovery planning to ensure uninterrupted service; and regular backup procedures to safeguard against accidental loss or destruction of data.
• The Company considers the confidentiality and security of your information to be of utmost importance. It, therefore, uses industry standards, and physical, technical and administrative security measures to keep Information confidential and secure and the Company will not share your Information with third parties, except as otherwise provided in this Policy. Please be advised that, however, while the Company strives to protect Information and privacy, the Company cannot guarantee or warranty its absolute security when Information is transmitted over the internet into the Application. The Company will annually evaluate this necessity considering your privacy and our relation while keeping the applicable legislation in mind. Non-Personal Information will be retained indefinitely.
• Access to your online account on the Application is via. your Login Credentials which is password protected and this helps to secure your account information. You are solely responsible for maintaining the confidentiality of your Login Credentials. To ensure safety of your Information, you are advised against sharing your Login Credentials with anyone. If you suspect any unauthorized use of your account, you must immediately notify the Company by sending an email to grievance@callmeooo.com you shall be liable to indemnify the Company for any loss suffered by the Company due to such unauthorized use of your account.
• For any loss or theft of Information, due to unauthorized access to your device through which you use the Application or other reasons solely attributable to you, the Company shall not be held liable or responsible under any circumstance whatsoever. Further, the Company shall not be responsible for any breach of security or for any actions of any third parties/vendors or events that are beyond the Company’s reasonable control including but not limited to acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of internet service or telephone service of the user, etc.

MINOR

THE COMPANY DOES NOT INTEND TO ATTRACT ANYONE UNDER THE RELEVANT AGE OF CONSENT TO ENTER INTO BINDING LEGAL CONTRACTS UNDER THE LAWS OF THEIR RESPECTIVE JURISDICTIONS. THE COMPANY DOES NOT INTENTIONALLY OR KNOWINGLY COLLECT PERSONAL DATA THROUGH THE APPLICATION FROM ANYONE UNDER THAT AGE. THE COMPANY ENCOURAGES PARENTS AND GUARDIANS TO BE INVOLVED IN THE ONLINE ACTIVITIES OF MINOR TO ENSURE THAT NO PERSONAL INFORMATION IS COLLECTED FROM A MINOR WITHOUT THEIR PRIOR CONSENT. IF YOU ARE USING THE APPLICATION ON BEHALF OF SOMEONE ELSE, INCLUDING BUT NOT LIMITED TO, ON BEHALF OF YOUR MINOR CHILD/CHILDREN/EMPLOYER, YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORISED BY SUCH PERSON TO ACCEPT THIS POLICY ON THEIR BEHALF AND TO CONSENT ON BEHALF OF SUCH PERSON TO THE COMPANY’S USE OF SUCH PERSON’S PERSONAL DATA AS DESCRIBED IN THIS POLICY.

DATA BREACH NOTIFICATION

• Commitment. The Company is committed to ensuring transparency and accountability in the event of a data breach. In accordance with the Digital Personal Data Protection Act, 2023 and other applicable laws, the Company shall: (a) notify the Data Protection Board of India within the prescribed time since becoming aware of a personal data breach; (b) notify affected users promptly where there is a risk of harm to their rights or interests; (c) take immediate remedial and containment measures to minimize the impact of the breach; and (d) maintain a breach register documenting the facts, effects, and remedial actions taken.
• User Notification. Where user notification is required, the communication shall clearly specify: (a) the nature and scope of the breach; (b) the categories of Personal Data affected; (c) the mitigation and corrective measures taken by the Company; and (d) any recommended steps or precautions that the user should adopt to safeguard their interests.

LIMITATION OF LIABILITY

• The Company shall not be liable to you for any loss of profit, anticipated savings, goodwill, reputation or business opportunities or any type of direct or indirect, incidental, economic, compensatory, punitive, exemplary or consequential losses arising out of performance or non-performance of its obligations under this Policy.
• The Company is not responsible for any actions or inactions of any third parties, that receive your Information.
• Notwithstanding anything contained in this Policy or elsewhere, the Company shall not be held responsible for any loss, damage or misuse of your Information, if such loss, damage or misuse is attributable to a Force Majeure Event and/or any third party. The term “Force Majeure Event” shall mean any event that is beyond the reasonable control of the Company and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, epidemic, pandemic or national/state lockdown due to any reason and any other similar events not within the control of the Company and which the Company is not able to overcome.

CHANGES TO THIS POLICY

The Company reserves the right to update, change or modify this Policy at any time. The Policy shall come to effect from the date of such update, change or modification. It is recommended that you regularly check this Policy to apprise yourself of any updates. Your continued use of the Application or provision of data or Information thereafter will imply your unconditional acceptance of such updates to this Policy.

GOVERNING LAW

Without reference to any conflict of laws principles this Policy shall be governed by and interpreted and construed in accordance with the laws of India. The place of jurisdiction shall exclusively be in Hyderabad, India. In the event of any dispute arising out of this Policy, the same shall be settled by binding arbitration conducted by a sole arbitrator, appointed jointly by both parties and governed by the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be Hyderabad, India.

GRIEVANCE REDRESSAL MECHANISM

In accordance with the Information Technology Act, 2000 and Rules made thereunder along with Section 13 of the Digital Personal Data Protection Act, 2023, you have the right to readily available means of grievance redressal in relation to your Information collected by the Application. Therefore, the Application/Company respects your rights and is hereby furnishing the name and contact details of the Grievance Officer, as provided below:

Name: Ram Patrudu

Address: GUTENBERG IT Park, 3rd Floor, Kalajyothi Rd, Masjid Banda, Sai Pruthvi Enclave, Telangana 500084

E-mail: grievance@callmeeooo.com

CONTACT DETAILS

If you have any questions or concerns about this Policy, you may contact the Company at grievance@callmeeooo.com