PURPOSE

The purpose of aPrivacy Policy is to inform users about how their personal information iscollected, used, stored, and protected by a website, app, or service. Itoutlines the types of data collected, the reasons for collecting it, how itwill be used, and who it might be shared with.

Thank you for choosing to work with WissenInfotech (“Wissen Infotech”, “we”, “us”, or “our”). We are committed toprotecting your personal information and your right to privacy.  We understand the sensitivity of the data wehandle and prioritize compliance with all applicable data protectionregulations. If you have any questions or concerns about this policy, or ourpractices regarding your personal information, please contact us at [dpo@wisseninfotech.com].

SCOPE

This privacy policy applies to the personalinformation we process in the context of providing our services to ourclients.  It is important to understandthat Wissen Infotech primarily acts as a data processor, meaning we processpersonal information on behalf of our clients and according to theirinstructions.  We generally do notcollect personal information directly from individuals unless they are ouremployees or direct contacts for business purposes.

CLAUSES COVERED UNDER POLICY

What information do we process?

We process personal information (PII) as necessary tofulfill our contractual obligations to our clients.  This data is typically provided to us by ourclients or resides within their systems. We do not download or retain data onlocal machines beyond what is strictly required for project execution.

The specific types of personal information we processdepend entirely on the nature of the projects we undertake for our clients.Based on the type of project and scope of work, this may include, but is notlimited to:

·        Identification Data: Names, addresses, email addresses,phone numbers, usernames, employee IDs, etc.

·        Financial Data: Payment information, bank account details,transaction history (if relevant to the client's project).

·        Demographic Data: Age, gender, location, nationality(if relevant to the client's project).

·        Sensitive Personal Information: In some cases, and only whenexplicitly required by the client's project and permitted by law, we mayprocess sensitive data such as health information, racial or ethnic origin,religious beliefs, or biometric data.  Thisis always done with appropriate safeguards and in compliance with relevantregulations (e.g., GDPR, HIPAA, CCPA).

·        Technical Data: IP addresses, device identifiers, browserinformation, log data (collected within the client's environment fortroubleshooting and performance monitoring).

·        Client provided Data: Any other client provided data, as applicablefor project.

Crucially, we emphasize:

·        Data Minimization: We only process the minimum amountof personal information necessary for specific projects.

·        Client-Controlled Environment: In most cases, the personalinformation we process remains within the client's systems or within secure,designated environments in the respective country where the data originates.

·        No Unauthorized Download: We have strict internal policiesprohibiting the unauthorized download or storage of client data on personaldevices or local machines.

·        No Data Retention: We have strict internal policies notto retain data for any other purpose except the explicit purpose of processingdata for a project.

How do we process your information?

We process yourinformation solely to fulfil our contractual obligations to our clients,providing software services as directed by them.  We act as a data processor, not a datacontroller (except for limited internal business data).

We processpersonal information for the following purposes, as directed by our clients:

·        Software Development and Testing: Developing, testing, and deployingsoftware solutions according to client specifications.

·        System Integration: Integrating software systems andensuring data flows correctly between them.

·        Data Analysis and Reporting: Analyzing data to provide insightsand reports to our clients (within the client's secure environment).

·        Technical Support and Maintenance: Providing ongoing supportand maintenance for the software solutions we deliver.

·        Quality Assurance: Ensuring the quality and security ofthe software and data processing activities.

·        Compliance: Adhering to all applicable legal and regulatory requirementsrelated to data processing.

We do not usepersonal information for:

·        Marketing or Advertising: We do not use client data for ourown marketing purposes.

·        Profiling or Automated Decision-Making: We do not engage inprofiling or automated decision-making based on client data unless explicitlyinstructed to do so by the client, and only in compliance with applicable laws.

·        Sale or Unauthorized Sharing: We do not sell or share client datawith third parties without the client's explicit consent, except as outlinedbelow.

Legal basis for processing(Where Applicable)

Our primary legal basis for processing personal information is theperformance of our contract with our clients. In some cases, we may rely on other legal bases, such as compliance withlegal obligations.

Where we are acting as a data processor, the legal basis forprocessing personal information is determined by our client (the datacontroller).  We process data accordingto their instructions and in accordance with their legal obligations.

For the limited personal information, we process as a datacontroller (e.g., contact details of client representatives, employee data), werely on the following legal bases, as applicable:

·        Performance of a Contract: To fulfil our contractualobligations to our clients and employees.

·        Legitimate Interests: For necessary business operations,such as internal administration, security, and communication with clients.

·        Legal Obligations: To comply with applicable laws andregulations.

·        Consent: In specific cases where consent is required, we will obtainexplicit consent before processing personal information.

Will your information be sharedwith anyone?

We only share information with the client's explicit consent or asrequired by law. We may use subcontractors, but they are bound by strictconfidentiality and data protection agreements.

We may share personal information in the following limitedcircumstances:

·        With the Client: This is inherent in our role as a data processor. Weprovide access to the processed data to the client, as per our agreement.

·        With Subcontractors: We may engage carefully vetted subcontractors to assist with specifictasks (e.g., specialized development skills). These subcontractors are bound by strict data processing agreements thatmirror our obligations to our clients and ensure compliance with all applicableregulations.  We remain responsible forthe actions of our subcontractors. We keep our customers informed and get thenecessary approval before engaging any individual or an organization on acontract for such works.

·        Legal Requirements: We may disclose personal informationif required to do so by law, legal process, or government request (e.g., courtorder, subpoena).  We will always striveto inform the client of such requests, unless prohibited by law.

·        Business Transfers: In the event of a merger,acquisition, or sale of all or a portion of our assets, personal informationmay be transferred to the acquiring entity, subject to continued compliancewith this privacy policy.

We do not sharepersonal information with third parties for marketing or any other purposewithout the client's explicit consent.

Do we use cookies and other trackingtechnologies?

We may use cookies on our own website for essential functionalityand analytics. We do not use cookies or tracking technologies within clientsystems unless specifically requested and authorized by the client.

Our website:

Our corporate website (www.wissen.com)may use cookies and similar                                  technologiesto:

·      Provide essential website functionality (e.g., sessionmanagement, security).

·      Analyze website traffic and usage patterns (using aggregated,anonymized data).

·      Improve website performance and user experience.

·      Ensure that we do not track users across websites or usetheir data for any personalized advertising.

·      Allow users to manage their cookie preferences through theirbrowser settings.

Client Systems: We do not deploy cookiesor tracking technologies within client systems unless explicitly instructed todo so by the client, and only in compliance with their privacy policies andapplicable laws.

Is your information transferredinternationally?

We primarilystore and process data within the client's designated country or region.  Any international data transfers areconducted in compliance with applicable laws and with appropriate safeguards.

·      Data Localization: Our default practice is to processand store personal information within the country or region where the dataoriginates and/or as specified by the client. This minimizes the need for international data transfers.

·      Client-Provided Systems: When working within client-providedsystems, the location of data processing is determined by the client'sinfrastructure.

·      International Transfers (When Necessary): If internationaldata transfer is required for a specific project, we will:

o  Obtain the client's explicitconsent.

o  Comply with all applicable datatransfer regulations (e.g., GDPR, CCPA, other national laws). Implementappropriate safeguards, such as:

§  Standard ContractualClauses (SCCs) approved by the European Commission.

§  Binding Corporate Rules(BCRs) (if applicable).

§  Adequacy decisions byrelevant authorities.

§  Other legally recognizedtransfer mechanisms.

·       Subcontractor Locations: Weensure that any subcontractors involved in international data transfers arealso subject to appropriate contractual safeguards and compliance requirements.

How Long Do We Retain YourInformation?

We retainpersonal information only for as long as necessary to fulfill the client'sinstructions and comply with legal obligations. We do not retain data beyondthe project's completion without the client's explicit consent.

·      Client Instructions: Our data retention periods areprimarily determined by our contractual agreements with our clients. We followtheir instructions regarding data retention and deletion.

·      Project Completion: Upon completion of a project, wesecurely delete or return all personal information to the client, unlessotherwise agreed in writing.

·      Legal Requirements: We may retain certain data for longerperiods if required by law (e.g., tax records, audit trails).  This retention is limited to the specificdata and duration required by law.

·      Secure Deletion: We use secure methods to delete or anonymize personalinformation when it is no longer needed.

How do we keep your informationsafe?

We implementrobust technical and organizational security measures to protect personalinformation from unauthorized access, use, disclosure, alteration, ordestruction.

We maintain acomprehensive information security program that includes:

·      Access Controls: Strict access controls limit access to personalinformation to authorized personnel only, based on the principle of leastprivilege.

·      Data Encryption: We use encryption to protect data both in transit andat rest, where appropriate and feasible.

·      Network Security: We implement firewalls, intrusiondetection systems, and other network security measures to protect our systemsand client environments.

·      Vulnerability Management: We regularly scan for and addresssecurity vulnerabilities in our systems and software.

·      Data Loss Prevention (DLP): We employ DLP measures to preventunauthorized data exfiltration.

·      Regular Security Audits: We conduct regular internal andexternal security audits to assess and improve our security posture.

·      Employee Training: All employees receive regulartraining on data protection, privacy, and security best practices.

·      Incident Response Plan: We have a documented incidentresponse plan to address data breaches or security incidents promptly andeffectively.

·      Physical Security: We maintain physical securitymeasures to protect our offices and data centers.

·      Compliance and Certification: We comply with industry standardsecurity and privacy requirements and obtain relevant certifications like ISO27001:2022.

Do we collect information from minors?

We do not knowingly process personal information fromminors. Our services are intended for businesses and professionals.

Our services are not directed to individuals under theage of 18 (or the applicable age of majority in their jurisdiction). We do notknowingly collect or process personal information from minors. If we becomeaware that we have inadvertently processed personal information from a minor,we will take steps to delete it promptly.

Your Privacy rights

Individuals whose data we process may havecertain privacy rights, depending on their location and applicable laws. Wewill cooperate with our clients to facilitate the exercise of these rights.

The specific privacy rights available toindividuals depend on the applicable data protection laws in theirjurisdiction. These rights may include:

·      Right to Access: The right to request access to their personalinformation.

·      Right to Rectification: The right to request correction ofinaccurate or incomplete personal information.

·      Right to Erasure ("Right to be Forgotten"): The right to requestdeletion of their personal information, subject to certain conditions.

·      Right to Restrict Processing: The right to request restriction ofprocessing of their personal information in certain circumstances.

·      Right to Data Portability: The right to receive their personalinformation in a structured, commonly used, and machine-readable format.

·      Right to Object: The right to object to the processing of theirpersonal information, in certain circumstances.

·      Rights Related to Automated Decision-Making and Profiling: Rights related toautomated decision-making and profiling, if applicable.

Exercising Your Rights:

·      If we are processing your data as a data processor on behalfof a client: You should direct your privacy rights requests to the client (thedata controller). We will cooperate fully with our clients to fulfil theserequests.

·      If we are processing your data as a data controller (limitedcircumstances): You can exercise your rights by contacting us directly usingthe contact information provided below. We will respond to your request withinthe timeframes required by applicable law.

Data Breach

We have procedures in place to detect,report, and investigate data breaches. We will notify affected clients andrelevant authorities as required by law.

We have implemented a comprehensive databreach response plan. In the event of a data breach involving personalinformation we process, we will:

·      Promptly Investigate: We will immediately investigate thebreach to determine its scope and impact.

·      Containment and Remediation: We will take steps to contain thebreach and remediate any vulnerabilities.

·      Notification: We will notify:

·      Affected clients without undue delay.

·      Relevant supervisory authorities (e.g., data protectionauthorities) as required by applicable law (e.g., within 72 hours under GDPR).

·      Affected individuals, if required by law and in consultationwith the client.

·      Cooperation: We will cooperate fully with our clients and relevantauthorities in investigating and responding to the breach.

Controls for Do-Not-Track features

We do not currently respondto Do-Not-Track signals.

Most web browsers and somemobile operating systems include a Do-Not-Track ("DNT") feature.  However, there is no universally acceptedstandard for interpreting and responding to DNT signals.  Therefore, we do not currently respond to DNTsignals.

Region-Specific Privacy Rights

We comply withregion-specific privacy laws, such as GDPR, CCPA, and others.

We are committed to complyingwith all applicable data protection laws, including:

·      European Economic Area (EEA) and UK: We comply with theGeneral Data Protection Regulation (GDPR) and the UK GDPR.

·      California: We comply with the California Consumer Privacy Act (CCPA)and the California Privacy Rights Act (CPRA).

·       Other Jurisdictions: We comply with other applicable dataprotection laws in the countries where we operate and process personalinformation.

·  Specific details about ourcompliance with these laws are available upon request.

Do we make updates to this policy?

Yes, we will update this policy asnecessary to stay compliant with relevant laws and reflect changes in ourpractices.

We may update this privacy policy from timeto time. The updated version will be indicated by an updated"Revised" date and will be effective as soon as it is accessible. Weencourage you to review this policy periodically to stay informed about ourdata handling practices.  We will alsonotify our clients of any material changes to this policy.

How Can You Contact Us AboutThis Policy?

You can contact us via email, phone, or mail.

If you have questions or comments about this policy, or if you wishto exercise your privacy rights, please contact our Data Protection Officer(DPO) at:

·      Email: dpo@wisseninfotech.com

·      Postal Address: Wissen Infotech Private Limited,

Survey No.64, Quadrant 3 (part),Quadrant 4 9th Floor, Cyber Towers, Hi-Tech City, Madhapur, Hyderabad,Telangana 500081

Attn: Data Protection Officer

We will respond to your inquiries and requests promptly and inaccordance with applicable law.

‍