PRIVACY_POLICY_Website

TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 PRIVACY POLICY 1. Introduction This Privacy Policy (“Policy”) is issued by Tivor Private Limited (“Company”, “we”, “our”, or “us”) in compliance with the applicable provisions of the Information Technology Act, 2000 , the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”), along with a ny other applicable laws, rules, and regulations in force in India. This Policy sets out the manner in which the Company collects, receives, accesses, stores, uses, processes, handles, shares, transfers, and protects personal data and sensitive personal da ta or information of users (“User”, “you”, or “your”) who access, browse, register on, or otherwise use the Company’s website, mobile application, or any related digital platform (collectively referred to as the “Platform”). The Company is committed to ens uring the privacy, confidentiality, and security of your personal data and to processing such data in a lawful, fair, and transparent manner, strictly for legitimate and specified purposes. By accessing, browsing, or using the Platform, or by providing you r information to the Company, you expressly acknowledge that you have read, understood, and agreed to the terms of this Policy, and you hereby provide your free, specific, informed, and unambiguous consent to the collection and processing of your personal data in accordance with the provisions of this Policy and applicable law. Where required under applicable law, the Company shall seek explicit consent prior to collecting or processing sensitive personal data or information. You retain the right to withdra w your consent at any time, subject to applicable legal or contractual restrictions. If you do not agree with the terms of this Policy, you are advised not to access or use the Platform. 2. Definitions For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them hereinbelow. Words used but not defined herein shall have the meanings ascribed to them under applicable law: www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 1. “Applicable Law” shall mean and include the provisions of the Information Technology Act, 2000, th e Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, and all other applicable statutes, rules, regulations, notifications, guidelines , and amendments thereto, as may be in force in India from time to time. 2. “Company” / “We” / “Us” / “Our” shall mean Tivor Private Limited , including its affiliates, group companies, subsidiaries, associates, successors, and permitted assigns. 3. “User” / “You ” / “Your” shall mean any natural person who accesses, browses, registers on, or uses the Platform, and shall, where the context so requires, include any legal entity represented by such individual. 4. “Platform” shall mean the Company’s website, mobile appli cation, and/or any other digital platform, interface, or medium operated, managed, or made available by the Company. 5. “Personal Data” shall mean any data about an individual who is identifiable by or in relation to such data, whether directly or indirectly, including but not limited to identifiers such as name, contact details, identification numbers, online identifiers, or any other in formation classified as personal data under the DPDP Act. 6. “Sensitive Personal Data or Information (SPDI)” shall have the meaning assigned under Rule 3 of the SPDI Rules and shall include, without limitation: a) Passwords b) Financial information such as bank acc ount, credit card, debit card, or other payment instrument details c) Physical, physiological, and mental health conditions d) Sexual orientation e) Medical records and history f) Biometric information g) Any detail relating to the above as provided to the Company for pr oviding services h) Any information received under the above categories by the Company for processing or storage 7. “Data Principal” shall mean the individual to whom the personal data relates, and where such individual is a child or a person with disability, in cludes their lawful guardian, as defined under the DPDP Act. www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 8. “Child” shall mean an individual who has not completed the age of eighteen (18) years, or such other age as may be prescribed under applicable law. 9. “Processing” shall mean a wholly or partly auto mated operation or set of operations performed on personal data, including but not limited to collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restric tion, erasure, or destruction. 10. “Consent” shall mean any freely given, specific, informed, unconditional, and unambiguous indication of the User’s agreement to the processing of their personal data for a specified purpose, through a clear affirmative action , in accordance with the DPDP Act. 11. “Data Fiduciary” shall mean the Company, which alone or jointly with others determines the purpose and means of processing personal data. 12. “Data Processor” shall mean any person or entity that processes personal data on be half of the Company pursuant to a valid contract or legal arrangement. 13. “Third Party” shall mean any natural or legal person, public authority, agency, or body other than the User, the Company, and persons authorised to process personal data under the direct authority of the Company. 14. “Personal Data Breach” shall mean any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to personal data that compromises its confidentiality, integrity, or availability. 15. “Grievance Officer” shall mean the person appointed by the Company in accordance with the SPDI Rules to address complaints and grievances of Users relating to processing of their person al data. 16. “Significant Data Fiduciary” shall mean such Data Fiduciary as may be notified by the Central Government under the DPDP Act, based on factors such as volume and sensitivity of personal data processed, risk to rights of Data Principals, and impact on sovereignty and integrity of India. 17. “Cross - Border Transfer” shall mean the transfer of personal data by the Company to any entity located outside the territorial boundaries of India. 18. “Automated Means” shall mean any equipment or system capable of proces sing data automatically in response to instructions given for that purpose. www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 3. Information We Collect The Company may collect, receive, access, or otherwise process various categories of personal data and information from Users, either directly or through automated means or third - party sources, in connection with the use of the Platform and the services provided thereunder. Such information may include, without limitation, the following: 3.1 Personal Information The Company may collect personal information that identifies or can be used to identify an individual, including but not limited to: a) Full name b) Email address c) Mobile number and contact details d) Residential or business address e) Location information f) Company name, designation, and professional details g) Any other identifiers voluntarily provided by the User 3.2 Sensitive Personal Data or Information (SPDI) In accordance with the SPDI Rules, the Company may collect and process sensitive personal data or information, including: a) Passwords and authentication cred entials b) Financial information such as bank account details, credit/debit card details, UPI or other payment instrument information c) Health - related information, where relevant d) Biometric information, if required for authentication or verification e) Any informat ion falling within the scope of SPDI as defined under applicable law Such data shall be collected and processed only in accordance with applicable law and with explicit consent, wherever required. 3.3 Business and Transactional Information The Company may collect information relating to the User’s business or transactions, including: www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 a) Business - related data, documents, and records b) Transaction history and service usage details c) Billing information, invoices, and payment records d) Any information necessary for pro viding services or delivering outcomes for the User’s business 3.4 Account and Registration Information Where Users create an account on the Platform, the Company may collect: a) Login credentials such as username and password b) Account preferences and settings c) Communication preferences 3.5 Technical and Usage Data The Company may automatically collect certain technical and usage - related information when Users access or interact with the Platform, including: a) IP address b) Device type, operating system, and browser type c) Unique device identifiers d) Internet service provider details e) Pages visited, time spent, clickstream data, and navigation paths f) Date and time of access 3.6 Cookies and Tracking Technologies The Company may use cookies, web beacons, pixels, and similar tracking technologies to: a) Enhance user experience b) Analyse usage patterns c) Store user preferences d) Deliver personalized content and advertisements Users may control or disable cookies through their browser settings, subject to certain limitations in functiona lity. 3.7 User - Generated and Uploaded Content www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 The Company may collect and process any information, data, documents, or content uploaded, submitted, or otherwise shared by Users on or through the Platform, including: a) Files, documents, or records b) Communicati ons or correspondence c) Feedback, reviews, or queries 3.8 Information from Third Parties The Company may obtain information about Users from third - party sources, including: a) Payment gateway providers b) Analytics and marketing service providers c) Social media platforms (where integration is enabled) d) Business partners and affiliates e) Publicly available sources Such information shall be processed in accordance with applicable law. 3.9 Voluntary and Optional Information Users may, at their discretion, provide addit ional information to the Company for the purpose of availing specific services, participating in surveys, promotions, or communications. Provision of such information is voluntary. 3.10 Accuracy of Information The User represents and warrants that all info rmation provided to the Company is true, accurate, complete, and up to date. The Company shall not be responsible for any inaccuracies or deficiencies in the information provided by the User. 4. Legal Basis for Processing The Company processes personal dat a of Users strictly in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and other applicable laws. The lawful bases for such processing include the following: 4.1 Consent of the Data Principal www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 The Company may process persona l data on the basis of consent provided by the User (Data Principal), which shall be: a) Free, specific, informed, unconditional, and unambiguous b) Provided through a clear affirmative action Such consent shall be obtained prior to or at the time of collection of personal data, along with a notice specifying the purpose of processing. The User shall have the right to withdraw consent at any time, with effect for future processing, by contacting the Company through the details provided in this Policy. 4.2 Processing for Legitimate Uses The Company may process personal data without explicit consent for certain legitimate uses , as permitted under the DPDP Act, including but not limited to: a) For the performance of any function under law or compliance with legal obligations b) For responding to medical emergencies involving a threat to life or health c) For taking measures to ensure safety or provide assistance during disasters or breakdown of public order d) For employment - related purposes or safeguarding the employer fr om loss or liability e) For such other purposes as may be notified under applicable law 4.3 Performance of Services and Contractual Necessity The Company may process personal data where such processing is necessary for: a) Providing access to the Platform and se rvices b) Delivering outcomes, solutions, or services requested by the User c) Managing user accounts and transactions d) Communicating with Users in relation to services 4.4 Compliance with Legal Obligations The Company may process personal data where necessary to : a) Comply with statutory, regulatory, or legal requirements b) Respond to lawful requests from government authorities or law enforcement agencies www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 c) Enforce legal rights, claims, or obligations 4.5 Purposes Related to Business Operations Subject to applicable law, the Company may process personal data for purposes reasonably necessary for its operations, including: a) Internal administration, auditing, and record - keeping b) Fraud detection, prevention, and security monitoring c) Service improvement, analytics, and resea rch d) Customer support and dispute resolution 4.6 Withdrawal of Consent and Consequences The User may withdraw their consent for processing of personal data at any time by providing written notice to the Company. However, the User acknowledges that withdrawa l of consent may: a) Affect the Company’s ability to provide certain services or functionalities b) Result in suspension or termination of access to the Platform, where processing is essential 4.7 Notice to Data Principal In accordance with the DPDP Act, the Com pany shall provide a clear and accessible notice to the User at the time of seeking consent, specifying: a) The personal data to be collected b) The purpose of processing c) The manner of exercising rights available under law 5. Purpose of Data Collection The Company collects, uses, processes, and stores personal data and sensitive personal data or information of Users solely for lawful, specific, and legitimate purposes connected with its business operations and the provision of services through the Platform. Such purposes include, without limitation, the following: 5.1 Provision of Services www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 a) To provide, operate, and maintain the Platform and services offered by the Company b) To deliver outcomes, solutions, or services requested by the User c) To enable onboarding, r egistration, and account management 5.2 Transaction Processing and Billing a) To process payments, transactions, and billing requests b) To generate invoices, maintain financial records, and manage subscriptions (if applicable) c) To facilitate secure payment processing through authorized third - party payment gateways 5.3 Communication and Support a) To communicate with Users regarding their accounts, transactions, or services b) To respond to queries, requests, or grievances c) To send service - related notifications, upd ates, and administrative communications 5.4 Personalization and User Experience a) To customize and enhance the User experience on the Platform b) To remember User preferences and settings c) To provide tailored content, recommendations, and features 5.5 Marketing and Promotional Activities a) To send promotional communications, newsletters, offers, or updates relating to the Company’s services b) To conduct marketing campaigns and outreach activities Provided that such communications are sent in accordance with applicable law and, where required, based on the User’s consent, with an option to opt - out. 5.6 Analytics and Improvement of Services a) To analyse usage patterns, trends, and user behaviour b) To improve the functionality, performance, and security of the Platf orm c) To conduct internal research, testing, and development 5.7 Security and Fraud Prevention www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 a) To detect, prevent, and investigate fraud, unauthorized access, or misuse of the Platform b) To ensure network and information security c) To enforce the Company’s terms , policies, and contractual rights 5.8 Legal and Regulatory Compliance a) To comply with applicable laws, regulations, and legal processes b) To respond to lawful requests from government authorities, courts, or law enforcement agencies c) To establish, exercise, or defend legal claims 5.9 Business Operations and Administration a) To carry out internal business functions such as auditing, data analysis, record - keeping, and risk management b) To manage business relationships with Users, vendors, and partners 5.10 Any Othe r Lawful Purpose To process personal data for any other purpose that is: i. Disclosed to the User at the time of collection, or ii. Permitted under applicable law, including the DPDP Act 6. Consent The Company processes personal data of Users on the basis of vali d consent obtained in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and other applicable laws. 6.1 Nature of Consent By accessing, browsing, or using the Platform, or by voluntarily providing personal data, the User hereby provides their free, specific, informed, unconditional, and unambiguous consent to the collection, use, processing, storage, and disclosure of their p ersonal data in accordance with this Privacy Policy and for the purposes set out herein. Consent shall be obtained through a clear affirmative action, including but not limited to: www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 a) Acceptance of this Privacy Policy b) Registration or creation of an account c) Submission of information through forms or interfaces on the Platform 6.2 Consent for Sensitive Personal Data In relation to Sensitive Personal Data or Information (SPDI) , the Company shall obtain explicit consent from the User prior to collection and proc essing, in accordance with the SPDI Rules. Such consent shall be obtained through appropriate mechanisms, including secure forms or consent declarations, as may be applicable. 6.3 Informed Consent and Notice At the time of obtaining consent, the Company sh all provide the User with a clear and accessible notice specifying: a) The categories of personal data being collected b) The purposes of processing c) The manner in which the User may exercise their rights 6.4 Withdrawal of Consent The User shall have the right to withdraw their consent at any time by providing written notice to the Company or by using such mechanisms as may be made available on the Platform. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. H owever, the User acknowledges that withdrawal of consent may: a) Impact the Company’s ability to provide services b) Result in restriction, suspension, or termination of access to the Platform, where such processing is necessary 6.5 Granular and Purpose - Specific Consent Where required under applicable law, the Company shall obtain purpose - specific consent for different categories of processing, including but not limited to: www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 a) Marketing and promotional communications b) Use of cookies and tracking technologies c) Processi ng of sensitive personal dat a 6.6 Consent for Communications The User expressly consents to receiving communications from the Company through various modes, including but not limited to email, SMS, phone calls, or notifications, for service - related and, wh ere applicable, promotional purposes. The User shall have the option to opt out of non - essential communications at any time. 6.7 Consent for Third - Party Sharing The User acknowledges and consents that their personal data may be shared with third parties in accordance with this Policy, for purposes including service delivery, payment processing, analytics, and legal compliance. 7. Data Sharing & Disclosure The Company may share, disclose, or transfer personal data and sensitive personal data or information o f Users to third parties strictly on a need - to - know basis, for lawful purposes, and in accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 and the SPDI Rules, 2011. Such sharing shall be subject to appropriate safeguar ds, contractual obligations, and confidentiality requirements. 7.1 Service Providers and Data Processors The Company may share personal data with third - party service providers and data processors engaged for the purpose of facilitating its business operati ons and service delivery, including but not limited to: a) Cloud hosting and IT infrastructure providers b) Payment gateway and financial service providers c) Analytics and data processing service providers d) Customer support and communication service providers www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 Such entities shall process personal data only on behalf of the Company and in accordance with its instructions, and shall be bound by appropriate data protection and confidentiality obligations. 7.2 Business Partners and Affiliates The Company may share person al data with its affiliates, group companies, partners, or collaborators for purposes including: a) Provision of integrated or allied services b) Business operations and administration c) Customer relationship management 7.3 Legal and Regulatory Disclosures The Company may disclose personal data where such disclosure is necessary: a) To comply with applicable laws, regulations, or legal processes b) To respond to lawful requests from courts, government authorities, or law enforcement agencies c) To enforce its legal right s, terms, or agreements d) To prevent or investigate fraud, security breaches, or unlawful activities 7.4 Business Transfers In the event of any merger, acquisition, restructuring, sale of assets, or similar transaction, the Company may transfer or disclose p ersonal data to the relevant third party, subject to appropriate confidentiality and data protection safeguards. 7.5 With User Consent The Company may share personal data with third parties where explicit consent has been obtained from the User for such di sclosure. 7.6 Cross - Border Transfers The Company may transfer personal data to entities located outside India, subject to compliance with applicable laws, and provided that: a) Such transfers are made to jurisdictions permitted under applicable law, and www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 b) Adequate safeguards are implemented to ensure protection of personal data 7.7 Anonymised and Aggregated Data The Company may share anonymised, de - identified, or aggregated data that does not identify any individual, for purposes including analytics, resear ch, and business improvement. 7.8 Limitation of Disclosure The Company shall ensure that personal data is disclosed only to the extent necessary for the purposes specified in this Policy and shall take reasonable steps to ensure that third parties receiving such data maintain its confidentiality and security. 8. Cross - Border Data Transfer The Company may transfer, store, or process personal data of Users in jurisdictions outside India, in connection with the provision of services, operation of the P latform, or engagement of third - party service providers. 8.1 Permitted Transfers Cross - border transfer of personal data shall be undertaken only in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and other applicable laws. The Company shall ensure that such transfers are made only to countries or territories that are not restricted or prohibited by the Central Government of India for the purposes of personal data processing. 8.2 Adequate Safeguards Where personal data is tra nsferred outside India, the Company shall implement reasonable and appropriate safeguards to ensure that such data is protected in a manner consistent with applicable Indian laws, including: a) Entering into contractual arrangements with recipients to ensure confidentiality and data protection b) Ensuring that such recipients maintain adequate security practices and procedures c) Limiting access to personal data on a need - to - know basis www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 8.3 Processing by Third Parties Personal data may be processed by third - party service providers located outside India, including but not limited to cloud storage providers, analytics service providers, and payment processors. Such processing shall be carried out strictly in accordance with the Company’s instructions and subject to c ontractual obligations requiring compliance with applicable data protection standards. 8.4 User Acknowledgement By using the Platform and providing personal data, the User acknowledges and consents to the transfer, storage, and processing of their personal data outside India in accordance with this Policy and applicable laws. 8.5 Continued Protection of Data The Company shall take all reasonable steps to ensure that personal data transferred outside India continues to receive a level of protection that is c omparable to the protections afforded under applicable Indian data protection laws. 9. Data Retention The Company shall retain personal data and sensitive personal data or information of Users only for as long as is necessary to fulfil the purposes for whi ch such data was collected, or as required under applicable law. 9.1 Retention Based on Purpose Personal data shall be retained for the duration necessary to: a) Provide services and operate the Platform b) Fulfil contractual obligations with the User c) Achieve the purposes outlined in this Privacy Policy Upon completion of such purposes, the Company shall cease to retain such personal data, unless retention is required under applicable law. 9.2 Retention for Legal and Regulatory Compliance www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 Notwithstanding the ab ove, the Company may retain personal data for a longer duration where such retention is necessary: a) To comply with applicable laws, regulations, or legal obligations b) For accounting, tax, and financial reporting requirements c) For the establishment, exercise, or defence of legal claims d) To enforce agreements and resolve disputes 9.3 Retention of Sensitive Personal Data Sensitive Personal Data or Information shall be retained only for as long as is strictly necessary for the purpose for which it is collected, and shall be subject to enhanced security measures in accordance with the SPDI Rules. 9.4 Deletion and Erasure The Company shall take reasonable steps to delete, erase, anonymise, or de - identify personal data when: a) The purpose for which such data was collected has been fulfilled b) The User withdraws consent (where applicable), unless retention is required by law c) Retention is no longer necessary under applicable legal or business requirements 9.5 Data Minimisation The Company shall ensure that personal da ta retained is limited to what is necessary in relation to the purposes for which it is processed, in accordance with the principle of data minimisation under applicable law. 9.6 Residual Data Notwithstanding deletion or erasure requests, certain data may continue to be retained in backup systems or archival records for a limited period, subject to appropriate safeguards and access restrictions. 9.7 Anonymised Data The Company may retain anonymised or aggregated data, which does not identify any individual, for analytical, statistical, or business purposes, without limitation. www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 10. Security Practices The Company is committed to ensuring the security and confidentiality of personal data and sensitive personal data or information and has implemented reasonable security practices and procedures in accordance with Rule 8 of the SPDI Rules, 2011 and applicable provisions of the Information Technology Act, 2000. 10.1 Reasonable Security Practices The Company adopts and maintains reasonable security practices and pro cedures designed to protect personal data from unauthorised access, use, disclosure, alteration, or destruction. Such practices are commensurate with the nature of the information being protected and the risks associated with its processing. 10.2 Technical and Organisational Measures The Company implements appropriate technical and organisational measures, including but not limited to: a) Encryption of sensitive data during transmission and storage, where applicable b) Secure servers and firewalls c) Access controls and authentication mechanisms d) Role - based access restrictions e) Regular monitoring and system audits f) Data backup and recovery mechanisms 10.3 Compliance with Standards The Company endeavours to follow industry - recognised security standards and frameworks, in cluding, where applicable, standards prescribed under applicable law or internationally accepted best practices such as ISO/IEC 27001 or equivalent. 10.4 Access Limitation Access to personal data is restricted to authorised personnel, agents, or service pr oviders who require such access for legitimate business purposes and who are bound by confidentiality obligations. www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 10.5 Third - Party Security Where personal data is shared with or processed by third parties, the Company shall take reasonable steps to ensure that such entities implement adequate security measures and comply with applicable data protection requirements. 10.6 Incident Management and Data Breach Response The Company maintains appropriate procedures to identify, investigate, and respond to data security incidents, including personal data breaches. In the event of a breach, the Company shall take necessary remedial actions and, where required under applicable law, notify relevant authorities and affected Users. 10.7 Limitation of Liability While t he Company adopts reasonable security practices and safeguards, the User acknowledges that no system is completely secure, and the Company does not guarantee absolute security of information transmitted or stored on the Platform. The Company shall not be h eld liable for any unauthorised access or disclosure of data that occurs despite the implementation of reasonable security measures. 10.8 User Responsibility Users are responsible for maintaining the confidentiality of their account credentials and for ens uring that their devices and systems are secure. The Company shall not be liable for any breach arising from the User’s failure to safeguard such information. 11. User Rights In accordance with the provisions of the Digital Personal Data Protection Act, 2023, Users, as Data Principals, are entitled to exercise certain rights in relation to their personal data processed by the Company. 11.1 Right to Access Information www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 The User shall have the right to obtain from the Company: a) Confirmation as to whether thei r personal data is being processed b) A summary of the personal data being processed c) Details of the processing activities undertaken d) Information regarding third parties with whom such data has been shared 11.2 Right to Correction and Erasure The User shall ha ve the right to: a) Request correction, completion, or updating of inaccurate or incomplete personal data b) Request erasure of personal data that is no longer necessary for the purposes for which it was collected Such requests shall be subject to applicable leg al and regulatory requirements. 11.3 Right to Withdraw Consent The User shall have the right to withdraw their consent for processing of personal data at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal but may impact the availability of certain services or functionalities on the Platform. 11.4 Right to Grievance Redressal The User shall have the right to seek redressal of any grievance relating to the processing of their personal data by contacting the Grievance Officer designated by the Company. The Company shall acknowledge and address such grievances within the timelines prescribed under applicable law. 11.5 Right to Nominate The User shall have the right to nominate any other individua l who shall, in the event of death or incapacity of the User, exercise the rights of the User in accordance with the DPDP Act. 11.6 Right to be Informed www.tivor.us TIVOR PRIVATE LIMITED CIN : U62010TN2026PTC188983 The User shall have the right to be informed about: a) The categories of personal data being collected b) The purposes of processing c) The manner in which such data is processed d) The rights available under applicable law 11.7 Manner of Exercising Rights Users may exercise their rights by submitting a request to the Company through the contact details provided in thi s Privacy Policy. The Company may take reasonable steps to verify the identity of the User before processing such requests and may refuse or limit requests where permitted under applicable law. 11.8 Limitations The exercise of the above rights shall be sub ject to: a) Applicable laws, regulations, and legal obligations b) The Company’s legitimate interests c) Technical feasibility and operational requirements 12. Grievance Officer In accordance with the provisions of Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Company has designated a Grievance Officer to address any complaints, concerns, or grievances relating to the processing of personal data and sensiti ve personal data or information. 12.1 Appointment of Grievance Officer The Company has appointed a Grievance Officer who shall be responsible for: a) Receiving and addressing grievances from Users b) Ensuring compliance with applicable data protection laws c) Coordinating with internal teams for resolution of complaints 12.2 Contact Details www.tivor.us