Privacy Policy Commitment

Azumary (along with its direct and indirect subsidiaries as well as foreign branch offices which together comprise “Azumary”), is committed to meeting legal and regulatory requirements regarding data protection and privacy where it conducts its business activities. This Privacy Policy (“Policy”) defines the minimum standards with respect to Azumary collecting, processing, or otherwise using personal data, including information that may be considered as sensitive Personal Data (“Personal Data”) about individuals including Azumary associates, business contacts, customers or vendors (“Individuals”).

Where Azumary controls other company entities, such other companies will be required to abide by the principles set in this Policy.

PRIVACY PRINCIPLES
Azumary will handle Personal Data in accordance with the following principles. Azumary ensures that its business partners and vendors comply with the principles of this Policy and applicable legal and regulatory compliance standards through appropriate contractual agreements.

Lawfulness of Processing
Azumary will collect, store, process, use, share, transfer, analyse or otherwise handle (“Process” or “Processing”) Personal Data in accordance with applicable legal requirements for legitimate business or compliance purpose or if individuals have provided consent to the Processing or any relevant basis as defined by the applicable laws or regulations.

Limit Collection and processing
Azumary will limit the Processing of Personal Data in terms of scope and duration, as is necessary for the intended purpose.

Transparency
In accordance with applicable legal requirements, Azumary will provide information to individuals that explains the scope and purpose of Processing, and whom to contact to seek clarifications about privacy or data protection.

Accuracy
Azumary will take all necessary measures, as required by applicable laws and regulations, to ensure that Personal Data processed are accurate for the intended purpose. Any inaccurate personal data, in the context of the purposes for which they are processed, will either be erased or rectified without delay. Accuracy of data may be subject to the data subject’s duty to notify and/or utilise the options as outlined in Privacy Notices.

Security and Confidentiality
Azumary aims to protect the security and confidentiality of individuals’ Personal Data and implement physical, technical and organizational measures against accidental, unlawful or unauthorized destruction, loss, alteration, disclosure or access. Azumary will ensure measures are appropriate to the risks represented by the Processing it carries out and the nature of those Personal Data.

Privacy by Design
Azumary incorporates the principles of Privacy by Design into all of its personal data processes executed using digital systems, technologies or manually. By default, privacy requirements are embedded into every standard, protocol and process followed by Azumary.

Disclosure
Azumary discloses, when required/asked, personal data to third parties only for the purposes identified in the privacy notice, with the consent of the individual, or as required for lawful purposes. Third parties refer to public authorities, Law Enforcement Agencies and similar authorities.

DATA SUBJECT RIGHTS
In accordance with applicable legal requirements, Azumary will provide opportunity to exercise data subject rights, which are available to the individuals in the context of their engagement with Azumary. Such rights may include the right to request access to their Personal Data, to correct inaccurate or incomplete Personal Data or to object to the Processing of their Personal Data. Each Data Subject Request is validated and tracked to closure. As per the applicable law, and the engagement of data subject with Azumary, there might be other rights available such as right to be forgotten, right to withdraw consent, right to data portability, etc. Azumary will ensure its compliance and deploy all required measures to help data subjects exercise their rights granted.

INTERNATIONAL DATA TRANSFERS
Azumary operates on a global level and from time to time it may be required to transfer Personal Data across countries. Azumary recognizes that Personal Data needs to be treated with care, including data transfer to countries, which may not have adequate data protection laws. If Azumary transfers Personal Data to such countries, it will protect these Personal Data as set out in this Policy and in accordance with the requirements of applicable law.

DATA RETENTION
Azumary will observe retention policies and procedures so that it deletes Personal Data after a reasonable time and the purposes are met. Exception applies if in the context of those purposes, it is necessary to keep the Personal Data indefinitely, or a law requires the Personal Data to be kept for a certain time. When Azumary no longer needs to keep Personal Data for the purposes, for which they are held, it will delete them as soon as practicable.

JURSIDICTION-SPECIFIC REQUIREMENTS AND IMPLEMENTATION
National data protection and privacy laws may impose additional requirements on Azumary for the Processing of Personal Data. Where required, Azumary will establish procedures and guidelines in order to supplement the principles of this Policy and engage with relevant regulatory/ supervisory authority, as required.

PRIVACY ORGANIZATION AND CONTACT
Azumary has set up a global Privacy Function, which is headed by the Head – Global Privacy Office of Azumary, and which is tasked with overseeing and implementing privacy and applicable data protection requirements. Specific data protection or privacy functions and roles may be added for individual countries or geographies. The privacy function is also responsible for deploying training and awareness programs and supporting the implementation of privacy principles into Azumary business operations and processes. If you have questions about this Policy, please contact us via Contact Us form available at www.Azumary.com.

DATA BREACH REPORTING
All known or suspected incidents involving Personal Data must be reported immediately upon discovery. This includes incidents notified to Azumary by any Azumary associate, client, third party service provider or other business partner. Azumary will provide education and awareness to its workforce regarding the procedures for reporting a suspected or confirmed incident. Each incident is investigated and tracked to closure. If the investigation leads to the conclusion that an illegal, improper or unethical act has been committed, appropriate disciplinary or corrective action will be initiated against the offender as per Azumary’ policy and legal provisions.

IMPLEMENTATION
Azumary has internal arrangements in place to communicate, ensure and verify compliance with this Policy, to protect data, allow effective exercise of individuals’ rights set out in this Policy and under applicable law, and to deal with any concerns from individuals or regulatory bodies that Azumary may not have complied with the Policy and/or applicable law. All individuals can leverage these arrangements and/or exercise their rights by contacting their local Data Protection Officer.

SECRUITY POLICY

Azumary has access to business-sensitive information (including personal information), the protection of which is crucial to Azumary and its clients’ business interests.

Our Security Vision is “To make Azumary reliable, resilient and immune to the existing and evolving volatile environment of constant changes, accidents, attacks and failures.”

This Security Policy reiterates our commitment to protect all the information and assets that we own or are responsible for; thus, ensuring an efficient, safe and secure working environment for Azumary and its customers.

Azumary will deploy a convergent security model to ensure:
Protection of information and assets against unauthorized access by deploying adequate security controls covering physical, logical and personnel security

Compliance to legal and statutory / regulatory requirements across its global operations

Continuity of operations in line with business requirements and obligations to its stakeholders

Inclusion of security responsibilities of various departments / individuals to adhere to this Policy

Adequate security awareness and competence among associates at all levels to fulfill these responsibilities

Avenues for associates and other stakeholders to report security weaknesses, violations or disruption of services

A robust response framework to handle security weaknesses, violations or disruption of services

Governance of security performance against appropriate targets and objectives, enabling continuous improvements

This Policy will be supported by Standards, Procedures and Guidelines (Security Management System) and will be made available to all stakeholders who are expected to contribute towards the effective implementation and deployment of these security norms.
The Security Management System will be periodically reviewed to ensure its continuing applicability and relevance to our operations and evolving stakeholder expectations.

This Policy will extend to Azumary globally and its wholly owned subsidiaries in all geographies, and will be applicable to all its associates, business associates and external parties having access and usage rights to its infrastructure, IT systems and/or Information resources. Consequences arising out of violations or contravention to any of the objectives of this Policy will be equally applicable to all associates of Azumary and its wholly owned subsidiaries globally and external parties.

CHANGES TO THE POLICY
Azumary may update this Policy from time to time and without prior notice to individuals to reflect changes in law or privacy practices. If you have questions about this Policy, please reach out to us via Contact Us form available at www.Azumary.com.