PRIVACY POLICY

1.1. This Policy governs the processing of personal data collected from Users who visit, access, or interact with the Website in any manner whatsoever, including personal data collected directly in digital form or initially in non- digital form and subsequently digitized. This Policy extends to all processing activities conducted by the Company in connection with the operation of the Website, and to processing activities conducted outside India insofar as they are connected to the provision of information or services to Users within India or to members of the global Gujarati diaspora and other audiences reached through the Website.

1.2. This Policy does not apply to the privacy practices of third-party websites, applications, platforms, or services that the Company does not own, operate, or control. The Website may contain links to such third-party properties, and the Company expressly disclaims all responsibility for their privacy practices. Users are strongly advised to read and evaluate the privacy policies of any third-party website before disclosing any personal data to such third parties.

1.3. You shall not access or use the Website by means of any mechanism, tool, or technology that masks, conceals, or misrepresents Your actual geo-location or provides incorrect details of Your location, including but not limited to virtual private networks (VPNs), proxy servers, anonymizing browsers, or any similar circumvention technology.

1.4. The Company shall not, under any circumstances, be responsible or liable for any collection, storage, unauthorized access, or processing of Your personal data if You use any such technology or mechanism to access the Website.

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below, and such meanings shall apply equally to both the singular and plural forms of such terms:

2.1. “Personal Data” means any data about an individual who is identifiable by or in relation to such data, including but not limited to name, email address, mobile number, IP address, location data, device identifiers, and any other information that can, alone or in combination with other information, reasonably be used to identify or single out a specific individual. For the avoidance of doubt, an IP address shall be treated as personal data under this Policy.

2.2. “Sensitive Personal Data or Information” or “SPDI” means such categories of personal data as may be designated as sensitive under applicable law from time to time, including but not limited to passwords and authentication credentials, financial information (including bank account, credit card, or debit card details), physical or mental health data, sexual orientation, biometric data, and any other data specified as sensitive under the SPDI Rules or any successor legislation.

2.3. “Processing” means any wholly or partly automated operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.

2.4. “Data Principal” means the individual to whom the personal data relates, i.e., the User. References to “You” or “Your” throughout this Policy refer to the Data Principal.

2.5. “Data Fiduciary” means the Company, which alone or in conjunction with other persons determines the purpose and means of processing of personal data.

2.6. “Data Processor” means any person or entity that processes personal data on behalf of the Company, in accordance with the Company’s instructions and this Policy.

2.7. “Cookies” means small electronic text files placed on Your device by the Website’s server that collect and store information about Your browsing session, preferences, and activity on the Website, for the purposes described in this Policy.

2.8. “Consent” means a freely given, specific, informed, unambiguous, and revocable indication of the Data Principal’s agreement to the processing of their personal data, as required under Applicable Data Protection Laws.

The Company endeavours to collect only such personal data as is reasonably necessary and proportionate to operate the Website effectively, provide You with the information and services You request, and fulfil the legitimate purposes described in this Policy. The categories of personal data We may collect, receive, and process are set out below.

3.1. Personal data that You provide to Us directly: When You interact with any feature, form, or interactive element on the Website, You may provide Us with identity information including Your full name, designation, and organization name; contact information including Your email address and mobile number; information submitted through contact forms, partnership inquiry forms, career and internship application forms, investor relations inquiry forms, newsletter subscription forms, feedback forms, or any other interactive feature available on the Website from time to time; professional background and employment details submitted in the context of a career application; content, ideas, pitches, or other creative or commercial submissions that You voluntarily transmit to the Company through the Website; and personal correspondence sent to Us by email, letter, or through any contact feature on the Website, including the content, subject matter, and metadata of such correspondence.

3.2. Personal data collected automatically: When You access, browse, or use the Website, the Company may automatically collect and record certain technical and usage data, including but not limited to Your device’s IP address, browser type and version, operating system, device identifiers, and screen resolution; information about Your visit to the Website including the referring or exit pages, pages viewed, time spent on each page, search queries entered, clickstream data, and Website navigation paths; geographical location data, to the extent inferable from Your IP address or device settings; server log files and session data generated automatically during Your visit; and data collected through cookies, web beacons, pixel tags, scripts, and other tracking technologies, as further described in Clause 10 of this Policy.

3.3. Personal data received from third parties: The Company may also receive personal data about You from third-party sources, including analytics providers, advertising networks, social media platforms, and identity or authentication service providers. Where You use any third-party identity provider, to interact with any feature or section of the Website, the Company may receive certain personal data from such provider — including Your name, email address, and profile information — subject to Your account settings with that provider and that provider’s own privacy policy.

3.4. Certain areas and features of the Website are accessible without You being required to provide any personal data. However, other features, including but not limited to contact forms, career application portals, investor inquiry portals, newsletter subscriptions, and partner communication channels, require You to provide personal data in order to receive the requested service or information. Failure to provide the requisite personal data may limit or entirely prevent Your access to those specific features.

3.5. Before disclosing to the Company the personal data of any other individual on their behalf, You are solely and irrevocably obligated to obtain that individual’s prior, explicit, and informed consent to both the disclosure and the processing of their personal data in accordance with this Policy. In the event of any dispute, claim, liability, legal proceedings, regulatory action, or penalty arising from or in connection with any such on-behalf disclosure made without the requisite consent of the individual concerned, You shall be solely responsible and liable, and You unconditionally undertake to indemnify, defend, and hold harmless the Company and its Associates from and against all such claims, losses, damages, costs, and expenses arising therefrom.

The Company processes personal data only where it is lawfully authorised to do so under Applicable Data Protection Laws. The Company relies on one or more of the following lawful bases for the processing of Your personal data:

4.1. Consent: Where You have provided Your explicit, informed, and freely given consent to the processing of Your personal data for one or more specific purposes. You may withdraw such consent at any time in the manner described in Clause 9 of this Policy, without affecting the lawfulness of processing carried out prior to withdrawal.

4.2. Contractual Necessity: Where processing is necessary for the performance of a contract to which You are a party, or in order to take steps at Your request prior to entering into a contract with the Company.

4.3. Legal Obligation: Where processing is necessary for compliance with a legal or regulatory obligation to which the Company is subject under applicable Indian law or any order of a court or competent authority.

4.4. Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by Your interests, fundamental rights, or freedoms that require the protection of personal data. The Company’s legitimate interests include operating and improving the Website, protecting the Company and its Users from fraud and unlawful activity, and communicating with Users about the Company’s services and developments.

4.5. Prevention and Detection of Offences: Where processing is necessary for the prevention, detection, investigation, or prosecution of offences, fraud, cyber incidents, or other unlawful activities.

4.6. State Functions and Compliance with Law: Where processing is necessary for compliance with any order or direction issued under any law in force in India, or for the performance of any function of the State as defined under Applicable Data Protection Laws.

The Company collects, processes, and uses Your personal data exclusively for the following legitimate purposes (collectively referred to as “the Purpose”). Processing of Your personal data for any purpose incompatible with those listed below will not be undertaken without Your prior consent:

5.1. To operate, maintain, administer, secure, improve, personalize, and optimize the Website and the user experience thereon, including conducting technical testing, debugging, error detection, and performance monitoring;

5.2. To receive, process, and respond to Your inquiries, requests, feedback, comments, career applications, partnership proposals, investor queries, or any other submissions made by You through the Website;

5.3. To send You administrative notices, transactional communications, operational updates, status notifications, service alerts, newsletter content, press releases, investor communications, corporate announcements, and other information relevant to Your interaction with the Website or the Company;

5.4. To assess, evaluate, and process Your candidature for employment, internship, consultancy, or other professional opportunities that You apply for through the Website, and to retain Your application data for future relevant opportunities subject to Your consent;

5.5. To receive, evaluate, and respond to ideas, pitches, concepts, content, or other voluntary creative or commercial submissions transmitted to the Company through the Website;

5.6. For market research, business planning, troubleshooting, and detection, prevention, and investigation of errors, fraud, security breaches, unauthorized access, and other unlawful activities;

5.7. To conduct data analytics, user behaviour analysis, and site performance analytics for the purpose of improving the Website’s content, structure, functionality, and overall user experience, including through third-party analytics platforms;

5.8. To manage, audit, and improve the Company’s internal and external business operations, including for legal, financial, compliance, and information security purposes;

5.9. To enforce the Company’s Terms and Conditions, this Policy, and any other applicable policies in connection with the Website;

5.10. For legal and regulatory compliance, including compliance with applicable laws, court orders, regulatory requirements, and statutory obligations, and for the initiation, conduct, or defense of legal claims, proceedings, or investigations to which the Company may be a party;

5.11. To serve You with promotional, informational, or advertising materials regarding the Company, its subsidiaries, verticals, services, events, partnerships, and developments, to the extent that You have consented to receive such communications or where the Company has a legitimate interest in doing so;

5.12. To carry out obligations arising from any contract or arrangement entered into between You and the Company, including providing services, information, or other benefits agreed between the parties;

5.13. To verify Your identity and authenticate Your access to any restricted area or feature of the Website;

5.14. To notify You of changes, updates, or material developments in relation to the Website, the Company’s structure, operations, policies, or services;

5.15. To fulfil any other purpose as disclosed to You at the time of collection of Your personal data, or for any purpose that is reasonably compatible with and ancillary to the purposes listed herein.

6.1. By accessing the Website and submitting Your contact information through any feature thereof, You specifically, explicitly, and irrevocably provide Your consent to the Company to send You transactional communications, service-explicit communications, and service-implicit communications that are essential to the provision of the information or services You have requested, including but not limited to acknowledgment communications, status updates, verification messages, and other necessary operational notifications. This consent applies irrespective of Your registration under any Do Not Disturb (DND) list with the Telecom Regulatory Authority of India (TRAI), the Department of Telecommunications (DoT), or any other appropriate regulatory or governmental authority.

6.2. You further provide Your explicit and unconditional consent for the Company to communicate with You through Your registered email address and mobile number via all available electronic communication channels, including but not limited to email, SMS, and instant messaging platforms such as WhatsApp, Telegram, and any other communication platforms as may be integrated with the Website or the Company’s operations in the future. The Company’s right to communicate with You under this Clause shall survive any withdrawal of consent by You with respect to promotional or marketing communications, as service-essential communications shall continue to be transmitted as necessary.

7.1. The Company does not sell, lease, or otherwise commercially transfer Your personal data to any third party for their independent commercial use. The Company may, however, disclose, share, or transfer Your personal data in the following circumstances and to the following categories of recipients, in each case strictly on a need-to-know basis and subject to appropriate confidentiality and data protection safeguards:

7.2. Disclosure within the JOJO Group: The Company may share Your personal data with any member of the JOJO group of companies, including its direct and indirect subsidiaries, affiliates, holding companies, joint ventures, and associated entities (collectively, the “JOJO Group”), as reasonably necessary for the purposes set out in this Policy. All entities within the JOJO Group that receive Your personal data shall be bound by data protection standards no less stringent than those set out in this Policy.

7.3. Disclosure to Third-Party Service Providers: The Company engages carefully selected third-party service providers and Data Processors to assist with the operation, maintenance, and improvement of the Website and the Company’s business operations. These service providers process Your personal data solely on the Company’s behalf, in accordance with the Company’s instructions, and under data processing agreements that impose confidentiality and data protection obligations no less stringent than those set out in this Policy. The Company requires its prior written authorization before any such service provider may sub-delegate processing responsibility to any further third party. Categories of such service providers include, but are not limited to: information technology and cloud hosting service providers; website analytics and user behavior intelligence platforms, including Google Analytics, Google Tag Manager, and similar tools; digital marketing, content delivery, and advertising networks; email, SMS, and push notification communication service providers; identity verification, authentication, and fraud prevention agencies; payment collection service providers and payment gateway operators, to the extent relevant to any transactional feature on the Website; customer relationship management platform providers; legal, financial, and professional advisory service providers; and any other service provider strictly required to fulfil the Purpose on a need-to-know basis.

7.4. Disclosure for Legal and Regulatory Compliance: The Company may disclose Your personal data to courts of law, law enforcement agencies, statutory or regulatory authorities, government bodies, or other competent public authorities where such disclosure is required or compelled by applicable law, a court order, a regulatory direction, or a lawful government request; where disclosure is necessary to prevent, detect, investigate, or prosecute offences, fraud, cyber incidents, or unlawful activity; where disclosure is necessary to initiate, conduct, or defend legal claims, proceedings, or arbitral processes to which the Company is a party or in which the Company has a legitimate interest; or where disclosure is necessary to protect the rights, property, safety, or legitimate interests of the Company, its Users, its Associates, or the general public.

7.5. Disclosure in the Context of Business Transactions: In the event that the Company is involved in a merger, acquisition, corporate restructuring, sale of all or a material portion of its assets, assignment, joint venture, or any similar corporate transaction, Your personal data may, subject to appropriate confidentiality undertakings, be disclosed to the Company’s legal, financial, and other advisors, to prospective purchasers, investors, or counterparties, and to their respective advisors, strictly for the purposes of evaluating or completing the relevant transaction. Following the completion of any such transaction, Your personal data may be transferred to and processed by the new entity, owners, or investors. In the event of any material change in the ownership or control of Your personal data, the Company will, to the extent practicable, notify You via a notice on the Website or by communication to Your registered email address.

7.6. Disclosure of Aggregated and Anonymised Data: The Company may generate, process, and distribute data in anonymized, aggregated, or de- identified form that does not identify any specific individual and cannot reasonably be used to re-identify any person. Such anonymized or aggregated data may be shared with business partners, research organizations, advertisers, or other third parties without restriction, including for the purposes of producing data analytics, industry reports, and market intelligence.

7.7. Notwithstanding the foregoing, the Company reserves the right, and You hereby irrevocably authorize the Company, to share or disclose Your personal data when the Company determines, in its sole and absolute discretion, that such disclosure is necessary or appropriate: as required or permitted by applicable law; when the Company believes in good faith that disclosure is necessary to protect its rights, protect Your safety or the safety of others, investigate fraud or prevent harm, or respond to a government or regulatory request; or in connection with any ongoing or prospective legal proceedings in which the Company is involved.

8.1. The Company takes the security of Your personal data seriously and implements reasonable, appropriate, and industry-standard technical and organisational measures, as prescribed under Applicable Data Protection Laws, to protect Your personal data from unauthorized access, unauthorized processing, accidental or unlawful disclosure, alteration, misuse, destruction, corruption, or loss.

8.2. The Company’s security measures include, without limitation: deployment of firewalls, and data encryption techniques, to maintain the security of online sessions and to prevent unauthorized access to the Company’s systems and infrastructure; physical and logical access controls on databases and servers to restrict access to personal data to authorized personnel on a strict need-to-know basis; encryption of all sensitive personal data transmitted through the Website, including any electronic financial or payment transactions; encryption of user authentication credentials such that passwords cannot be retrieved or recovered even by the Company’s own personnel; implementation of data minimization and purpose limitation principles in all processing activities; regular review, testing, and updating of the Company’s security policies, procedures, and technical controls to address evolving security risks and threats; and mandatory confidentiality and data protection obligations imposed on all employees, contractors, and third-party service providers with access to personal data. Further, the Company reserves the right to temporarily restrict, suspend, or block access to the Website in the event the Website receives more than 10 (ten) access requests, visits, or hits from the same source within a period of one second, or in the event of any excessive, abnormal, automated, suspicious, or unusually high-frequency activity, in order to protect the security, integrity, stability, and functionality of the Website and its underlying infrastructure.

8.3. You are advised and required to take all reasonable steps to protect the security of Your own device, browser, used in connection with the Website. You must immediately notify the Company’s Grievance Officer (as identified in Clause 12 of this Policy) in the event of any actual or suspected unauthorized access to Your account or personal data.

8.4. You acknowledge and accept that no method of transmission over the Internet and no method of electronic storage is entirely immune from security risks, and accordingly, no absolute guarantee of security can be given. While the Company employs commercially reasonable and legally compliant security measures, the Company cannot guarantee the absolute security of Your personal data. In the event of a personal data breach that is likely to result in a risk to Your rights and freedoms, the Company will notify the relevant authorities and, where required by applicable law, notify You in accordance with applicable legal requirements.

Subject to applicable law, and to the extent recognized under the Applicable Data Protection Laws, You have the following rights in connection with the personal data held by the Company. These rights may be exercised by contacting the Grievance Officer at the details provided in Clause 12 of this Policy. The Company may require You to furnish proof of identity before acting on any such request, and reserves the right to decline requests that are manifestly unfounded, excessive, or in conflict with applicable legal obligations:

9.1. Right to Access: You have the right to obtain from the Company, upon a verifiable request, a confirmation of whether the Company is processing Your personal data, and where it is, to receive a summary of the personal data held, the purposes for which it is being processed, the identities of all persons and entities with whom Your personal data has been shared or disclosed, and the description of the personal data so shared. The Company will respond to access requests within the timeframes prescribed under applicable law.

9.2. Right to Correction and Completion: You have the right to request that the Company correct any personal data about You that is inaccurate, misleading, or incomplete. Upon receipt of a valid correction request, the Company will promptly update or complete such personal data and will communicate the correction to any third parties to whom the personal data has been disclosed, where applicable and reasonably practicable.

9.3. Right to Erasure: You have the right to request that the Company erase Your personal data where: the personal data is no longer necessary for the purposes for which it was collected; You withdraw Your consent and there is no other lawful basis for processing; the personal data has been unlawfully processed; or erasure is required to comply with a legal obligation. The Company will honour erasure requests subject to any overriding statutory retention obligations, pending legal claims, regulatory requirements, or other legitimate interests that compel the Company to retain certain data for a longer period.

9.4. Right to Withdraw Consent: Where the processing of Your personal data is based on Your consent, You have the right to withdraw such consent at any time without detriment. Withdrawal of consent shall not affect the lawfulness of processing carried out by the Company on the basis of consent prior to such withdrawal. However, withdrawal of consent may result in the Company being unable to provide You with certain information, services, or features, and You shall be solely responsible for such consequences.

9.5. Right to Opt-Out of Marketing Communications: You have the right to opt out of receiving promotional, marketing, or advertising communications from the Company at any time, without providing any reason, by following the unsubscribe instructions included in each such communication or by contacting the Grievance Officer directly. Opting out of marketing communications will not affect the Company’s right to send You transactional, operational, or service-essential communications that are necessary for the ongoing provision of services You have requested.

9.6. Right to Grievance Redressal: You have the right to raise a complaint, concern, or grievance regarding the processing of Your personal data with the Company’s Grievance Officer as identified in Clause 12 of this Policy. The Grievance Officer is obligated to acknowledge Your complaint within 48 (forty - eight) hours and to endeavour to resolve it within 15 (fifteen) days from the date of receipt. If You are not satisfied with the resolution provided, You may escalate the matter to the relevant statutory authority under Applicable Data Protection Laws.

9.7. Right to Nominate: You have the right to nominate, in writing, another individual to exercise Your data protection rights on Your behalf in the event of Your death or legal incapacity. Such nomination shall be revocable at any time during Your lifetime.

9.8. Right to Restrict Processing: To the extent recognized under Applicable Data Protection Laws, You may have the right to request that the Company restrict the processing of Your personal data in certain circumstances, including while a correction request is under review, or where You contest the lawful basis for processing.

10.1. The Website uses cookies and a range of related tracking technologies, including web beacons, pixel tags, embedded scripts, session replay tools, and similar mechanisms (collectively referred to as “Tracking Technologies”), to enhance the functionality and user experience of the Website, to analyze patterns of usage and navigation, and to support the Company’s marketing, analytics, and advertising activities. Some cookies are session-based and cease to exist once You close Your browser, while persistent cookies remain on Your device for a defined period and enable the Website to recognize You and personalize Your experience upon Your return.

10.2. The Company, in conjunction with its partner entities, affiliates, analytics providers, and advertising service providers — including but not limited to Google Analytics, Google AdSense, Google Tag Manager, and similar third-party platforms — uses Tracking Technologies for the following purposes: analyzing user trends, traffic patterns, and engagement behavior on the Website in aggregate and, where applicable, at the individual level; administering, testing, and troubleshooting the Website’s technical infrastructure; tracking user navigation across pages and features of the Website; gathering demographic and interest-based information about the Website’s user base; personalizing Website content, layout, and recommendations based on Your browsing history and preferences; supporting behavioral targeting and interest-based advertising, including re-targeting of Users across third-party websites and platforms; and measuring the effectiveness of the Company’s marketing, advertising, and content distribution campaigns.

10.3. The Company may partner with third-party advertising networks to display targeted advertising on the Website or to manage the Company’s advertising presence on external websites and platforms. Such third-party advertising partners may use cookies or similar tracking technologies to collect information about Your activities on the Website and across other websites in order to serve You with advertising tailored to Your interests, preferences, and online behavior. The Company does not control the data collection and use practices of such third-party advertising networks, and Users are advised to review the relevant privacy and cookie policies of such third parties.

10.4. You have the right to control the use of cookies through Your individual browser settings. Most browsers allow You to view, manage, block, or delete cookies. If You choose to refuse or disable cookies, You may continue to access and use the Website, but Your ability to use certain features, functionalities, or personalized aspects of the Website may be limited or impaired. Unless You have adjusted Your browser settings to refuse cookies prior to visiting the Website, Our systems will issue and utilize cookies as described in this Policy from the moment You access the Website.

10.5. The Website may also incorporate social media integration features such as “Like”, “Share”, “Follow”, or similar buttons operated by third-party social media platforms. If You use such features, information about Your interaction with them, including the pages You have visited on the Website, may be shared with the relevant social media platform and may appear on Your social media profile or newsfeed, subject to Your privacy settings on that platform. Such social media platforms independently collect and process information about Your visits to the Website in accordance with their own privacy policies, for which the Company bears no responsibility.

11.1. The Company retains Your personal data for no longer than is reasonably necessary to fulfil the purposes for which it was collected, as set out in this Policy, or as required or expressly permitted under Applicable Data Protection Laws, whichever period is the longer. The determination of the appropriate retention period for each category of personal data is made on a case-by-case basis, taking into account the following factors: the amount, nature, and sensitivity of the personal data in question; the potential risk of harm to the Data Principal from unauthorized use, access, or disclosure of such data; whether the purposes of processing can reasonably be achieved through other, less intrusive means; and the applicable legal requirements, including relevant statutes of limitation, regulatory retention mandates, and evidentiary obligations.

11.2. Specific retention periods applicable to different categories of personal data are as follows: personal data collected through career application forms will be retained for the period necessary to evaluate Your application and, with Your consent, for a reasonable period thereafter for consideration for future relevant opportunities; personal data collected through contact or inquiry forms will be retained for the period necessary to respond to and resolve Your inquiry and for a reasonable period thereafter for quality assurance and record-keeping purposes; personal data processed for legal or compliance purposes will be retained for the duration of the applicable statute of limitations or any mandatory regulatory retention period, whichever is longer; and personal data processed for analytics or marketing purposes will be retained in accordance with the retention policies of the relevant analytics or marketing platforms, subject to the overarching limits imposed by this Policy.

11.3. You may request the deletion or erasure of Your personal data by contacting the Grievance Officer at the details provided in Clause 12 of this Policy. The Company will honour such requests in accordance with Applicable Data Protection Laws, subject to any overriding statutory retention obligations, pending legal claims or proceedings, regulatory investigations, or other compelling legitimate interests that require the Company to retain certain data for a longer period. In the event that any personal data cannot be deleted entirely from the Company’s systems for technical reasons following the applicable retention period, the Company will implement appropriate technical and organizational measures to ensure that such data is quarantined and rendered inaccessible for any further processing.

11.4. You may choose not to share personal data with the Company or withdraw Your consent at any time, but doing so may limit or prevent the Company from being able to provide You with certain information, services, or features available through the Website. Personal data already shared with and processed by the Company in accordance with this Policy shall, notwithstanding such withdrawal, continue to be retained by the Company for as long as the Applicable Data Protection Laws require or permit, and for as long as is necessary to fulfil any outstanding legal or regulatory obligations of the Company.

12.1. In compliance with the Information Technology Act, 2000, the SPDI Rules, the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (to the extent in force), the Company has designated the following Grievance Officer to receive and address all complaints, concerns, queries, and requests from Data Principals regarding the collection, storage, processing, use, disclosure, or protection of their personal data:

12.2. Upon receipt of a complaint or request from a Data Principal, the Grievance Officer shall acknowledge the same within 48 (forty-eight) hours of receipt and shall use best efforts to resolve or address the complaint within 15 (fifteen) days from the date of receipt. In the event of a complex complaint that requires additional time to investigate, the Grievance Officer shall duly inform the complainant of the reasons for the delay and the expected timeline for resolution. The Grievance Officer shall maintain a register of all complaints received and actions taken thereon.

12.3. If You are not satisfied with the resolution provided by the Grievance Officer, You may escalate the matter to the relevant statutory authority or data protection board under Applicable Data Protection Laws. The Company shall cooperate fully with any investigation conducted by such authority in relation to a complaint.

13.1. Identity theft, phishing attacks, and other forms of social engineering are matters of serious concern to the Company, and safeguarding Your personal data against such threats is a top priority. The Company hereby unequivocally declares that it does not, has never, and will not at any time solicit or request Your credit card information, debit card details, net banking credentials, one-time passwords (OTPs), national identification numbers (such as Aadhaar or PAN), banking customer IDs or passwords, or any other sensitive personal data through unsolicited emails, telephone calls, text messages, or any other unsolicited communication channel.

13.2. If You receive any communication — whether by email, phone call, SMS, messaging application, or any other medium — that purports to be from the Company and requests any such sensitive information, or that directs You to a website that does not bear the Company’s official domain (https://jojolimited.com/), You should treat such communication as fraudulent and must not respond to it or provide any information whatsoever. You are urged to report any such suspected phishing, spoofing, or impersonation attempt to the Grievance Officer immediately at the contact details provided in Clause 12 of this Policy, so that appropriate action may be taken. The Company shall not, under any circumstances, be liable for any losses, damages, or harm suffered by You as a result of Your responding to or acting upon any fraudulent communication purporting to be from the Company.

14.1. The Website, its content, features, and all services offered through it are not directed at, designed for, marketed to, or intended for use by any person under the age of 18 (eighteen) years. The Company does not knowingly or intentionally collect, solicit, receive, store, or process personal data from minors. The Company does not engage in behavioral tracking, profiling, or targeted advertising directed at children, and does not permit minors to share personal data through any web form or interactive feature on the Website without verifiable consent from their parent or legal guardian.

14.2. If the Company discovers or is notified that it has inadvertently collected or received personal data from a minor without verified parental or guardian consent, the Company will take immediate and irrevocable steps to delete all such data from its systems and databases, and will terminate any processing activities based on such data with immediate effect. If You are a parent or legal guardian and have reason to believe that Your child, who is under the age of 18 years, has provided personal data to the Company through the Website without Your knowledge or consent, You must contact the Grievance Officer immediately at the details provided in Clause 12 of this Policy. Users below the age of 18 years are strictly advised and directed to access and use the Website exclusively under the active supervision and direct oversight of a parent or legal guardian, who shall be jointly and severally responsible for compliance with this Policy in respect of the minor’s use of the Website.

15.1. The Website is operated from India, and personal data collected through the Website is primarily stored, processed, and maintained within India. However, to the extent necessary to fulfil the legitimate purposes set out in this Policy, including the engagement of third-party service providers and analytics platforms that operate internationally, personal data collected from or about You may be transferred to, stored in, and processed in countries other than the country in which You are located, including countries that may not provide the same level of data protection as the laws of India.

15.2. Where the Company transfers personal data outside India, it will ensure that such transfers are conducted in compliance with Applicable Data Protection Laws, including by implementing appropriate contractual safeguards, data processing agreements, and other protective mechanisms required by law. By accessing the Website and submitting Your personal data, You expressly, knowingly, and voluntarily consent to the transfer of Your personal data to countries outside India for the purposes described in this Policy, and You acknowledge and accept the risks associated with such international transfers.

15.3. If You are located outside India and choose to provide personal data to the Company through the Website, please be aware that such data will be transferred to and processed in India, and Your submission of such data constitutes Your agreement to such transfer and processing. The Company does not practice absolute data localization, as the Website operates independently of territorial boundaries and serves a global audience of the Gujarati diaspora and other interested parties.

16.1. As is standard practice for the operation and security of websites, the Company’s servers automatically gather certain technical information about each visit to the Website and store it in server log files. This automatically collected technical data may include, without limitation: the IP address of the device used to access the Website; the type and version of the internet browser used; the internet service provider (ISP) through which the User connects to the internet; the referring and exit pages i.e., the URLs of the websites from which the User arrived at and departed from the Website; the operating system and device type used; the date, time, and duration of each visit; and clickstream data reflecting the User’s navigation through the Website.

16.2. The Company may combine this automatically collected technical data with other personal data that the Company holds about a User in order to improve and personalize the services offered through the Website, to optimize the Website’s technical performance, to diagnose and resolve technical problems, to conduct analytics and improve marketing effectiveness, and to detect and prevent fraudulent or unauthorized activity. Such combined data will be processed in accordance with this Policy and the applicable lawful basis for processing.

17.1. The Company may use Your personal data to send You marketing communications, including newsletters, promotional materials, event invitations, corporate updates, and information about the Company’s subsidiaries, verticals, products, services, and initiatives, where You have consented to receive such communications or where the Company has a legitimate interest in contacting You. The Company may also aggregate personal data and disclose it to third-party partners for their marketing and promotional purposes, provided that such data is disclosed in anonymized or aggregated form that does not identify any specific individual.

17.2. The Company may use third-party service providers to assist in delivering marketing communications and managing marketing campaigns, including email service providers and digital advertising platforms. Contracts with such third-party service providers include appropriate restrictions on the use and handling of Your personal data, and prohibit such providers from using Your personal data for any purpose unrelated to the services they are providing to the Company.

17.3. You may opt out of receiving marketing communications from the Company at any time by following the unsubscribe link or instructions included in any marketing email or by contacting the Grievance Officer at the details in Clause 12 of this Policy. Opting out of marketing communications will not affect the Company’s right to send You transactional, operational, or service-essential communications as described in this Policy.

18.1. The Company may, from time to time, seek Your consent to publish testimonials, feedback, or other user-generated content on the Website. Where You have provided such consent, the Company may post Your testimonial or feedback along with Your name or other information as agreed. If You wish to have Your testimonial removed from the Website, please contact the Grievance Officer at the details in Clause 12 of this Policy, and the Company will use its best efforts to remove such content promptly.

18.2. If the Website offers a blog, forum, community feature, or other public communication channel, You acknowledge that any personal data or information You submit to or publish on such a forum may be read, collected, stored, shared, or used by other users of the Website and potentially by third parties. The Company is not responsible for any personal data or information You choose to voluntarily disclose through any such public feature. If You wish to request the removal of Your personal information from any blog or public forum hosted on the Website, please contact the Grievance Officer; however, the Company may not, in all cases, be technically able to remove all such information, in which case the Company will inform You of the constraints and alternative steps available.

18.3. Stock Price and Investor Information: The Website, including the Investor Relations section available at https://jojolimited.com/investors, may display stock price information, market updates, corporate disclosures, investor presentations, annual reports, financial statements, and other investor-related information for informational and regulatory purposes. The Company does not guarantee that any stock price information displayed on the Website is real-time, accurate, complete, or free from delay. Users and investors are advised to independently verify all stock market and investment-related information through the relevant stock exchanges and official regulatory filings before making any investment decisions. Nothing contained on the Website shall constitute investment advice, solicitation, recommendation, or an offer to purchase or deal in securities of the Company.

19.1. You shall not, under any circumstances, disclose to any other person or entity, whether directly or indirectly, any information of a confidential nature relating to the Company that You have obtained or accessed in the course of visiting or using the Website. Any breach of this obligation shall be deemed a serious and material breach of this Policy and the Company’s Terms and Conditions, and shall entitle the Company to pursue all available legal, equitable, and contractual remedies against You, without prejudice to any other rights the Company may have.

19.2. You are solely and exclusively responsible for maintaining the confidentiality, security, and proper use of any access codes associated with any restricted area, feature, or account on the Website. You must take all reasonable and necessary steps to ensure that such credentials are not disclosed to, shared with, or otherwise made accessible to any unauthorized third party. In the event that You become aware or have reason to suspect that Your credentials have been stolen, compromised, or otherwise made known to an unauthorized person, You must immediately notify the Grievance Officer at the details provided in Clause 12 of this Policy and take all necessary steps to secure Your account. The Company shall not, under any circumstances, be held responsible or liable for any unauthorized access to any account or feature of the Website arising from Your disclosure of credentials, Your failure to maintain the security of Your credentials, or from any violation by You of this Policy or the Company’s Terms and Conditions.

19.3. You acknowledge that You are responsible for the accuracy, completeness, and lawfulness of all personal data and other information that You submit to the Company through the Website, and that any submission of false, misleading, or unlawfully obtained information shall constitute a material breach of this Policy and applicable law.

20.1. All content, materials, text, graphics, images, logos, trademarks, service marks, trade names, design elements, software, source code, and other intellectual property made available on or through the Website (collectively, “Website Content”) are the exclusive property of JOJO Limited and/or its respective subsidiaries, affiliates, licensors, or content providers, and are protected by applicable intellectual property laws of India and internationally. All Intellectual Property Rights in and to the Website and its content, including registered and unregistered copyrights, trademarks, patents, and design rights, vest exclusively and in perpetuity in the Company.

20.2. You shall not, and shall not permit any third party to, copy, reproduce, modify, adapt, translate, distribute, re-distribute, transmit, broadcast, publicly perform, publish, display, create derivative works from, reverse engineer, disassemble, decompile, or in any other manner exploit any Website Content, the Company’s trademarks, registered marks, designs, innovations, or business ideas, outside of Your permitted personal, non- commercial use of the Website. Any unauthorized infringement, reproduction, copying, or theft of the Company’s intellectual property shall result in civil and/or criminal proceedings being initiated against You to the fullest extent permissible under applicable law, entirely at Your risk, cost, and consequences, and without prejudice to the Company’s right to seek all available remedies, including injunctive relief and damages.

21.1. The Company reserves the right to review, update, revise, supplement, or otherwise modify this Policy at any time and at its sole and absolute discretion, without prior notice to You, in order to reflect changes in the Company’s information practices, changes in Applicable Data Protection Laws, technological developments, changes in the nature or scope of the Website, or any other reason the Company deems appropriate. All such modifications shall be effective immediately upon being posted on the Website.

21.2. The Company will use reasonable efforts to notify Users of any material changes to this Policy, including by posting a prominent notice on the Website or by sending a notification to the email address associated with Your account or inquiry, where applicable. However, You are independently and solely responsible for regularly reviewing this Policy to ensure You are aware of the most current version. Your continued access to or use of the Website following the posting of any revised or updated Policy, whether or not You have read such changes, shall constitute Your conclusive, unconditional, and binding acceptance of the revised Policy in its entirety.

22.1. This Policy and all matters arising out of or relating to the collection, processing, use, disclosure, or protection of personal data under this Policy shall be governed by and construed in accordance with the laws of the Republic of India, including but not limited to the Information Technology Act, 2000, the SPDI Rules, the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, without regard to any conflict of law principles that would require the application of the law of any other jurisdiction.

22.2. Subject to any mandatory arbitration or dispute resolution mechanism prescribed under Applicable Data Protection Laws, the courts located at Ahmedabad, Gujarat, India shall have sole and exclusive jurisdiction with respect to any legal proceedings, claims, or disputes arising out of or in connection with this Policy or the processing of personal data thereunder. By accessing or using the Website, You irrevocably and unconditionally submit to the jurisdiction of such courts and agree not to challenge or contest the governing law and jurisdiction provisions set out in this Clause on the grounds of inconvenient forum, lack of jurisdiction, or otherwise.