1. What data do we collect?

1.1 Personal Information

While using our OS1 Platform, we may ask you to provide us with certain personally identifiable information (also known as PII or Personal Information) that can be used to contact or identify you. Personally Identifiable Information may include, but is not limited to:

• Email address
• First name and last name
• Phone numbers
• Username
• Country of residence
• Geographical location
• Financial information

If you provide us any personal information of another data subject, you must ensure that you are authorised to do so and that such person is informed about this Privacy Policy.

You can choose not to provide any personal information that we may request of you, but, in general, the personal information we request is required to provide you with access to and use of the OS1 Platform, and the lack of such information may prevent us from doing so and impact the service capability and access to certain features of the OS1 Platform.

We may ask you to provide certain additional information about yourself on a case-to-case basis in relation to our Services. It is clarified that any data which does not reveal your specific identity, does not relate to an identified or identifiable individual, information that is publicly available, information about software and hardware usage, or any anonymised or aggregated data ("Other Information") is not considered as PII or Personal Information.

1.2 Usage Data

We may collect information that your browser sends whenever you visit our OS1 Platform.

This usage data may include information such as your computer's internet protocol address (e.g., IP address), browser type, browser version, the pages of our OS1 Platform that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

1.3 Cookies Data

Our OS1 Platform may use cookies and similar tracking technologies to track the activity on our platform and hold certain information. For instance, cookies help us learn which areas of the OS1 Platform are useful to you and which areas need improvement.

Cookies are a standard feature consisting of small data files which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our OS1 Platform.

You can choose whether to accept the use of cookies and similar technologies in general by changing the settings on your browser. However, if you disable cookies, your experience of our OS1 Platform may be diminished, and some features may not work as intended.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Secure Cookies for security purposes.

We use this information for analytical and statistical purposes and to help us make our OS1 Platform more useful. To view our Cookie Policy, please click here.

2. When & how do we collect your data?

We may collect certain user information (including personal information) in the following ways:

• When you visit our OS1 platform or create an account with us: We collect the information you provide directly to us including when you visit our website, register with us, and use our OS1 Platform. If you choose to interact with us for additional services, we may collect information such as your company name, business email address, role within your team or enterprise, tax and other financial details.
• When you communicate with us: We collect personal information from you such as email address or mailing address when you request information about our OS1 Platform, solutions and products, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.
• Surveys and feedback: We may contact you to participate in surveys and collect feedback from you on your usage of the OS1 Platform. If you decide to participate, you may be asked to provide certain information which may include personal information.
• Interactive Features: We may offer interactive features such as community forums, blogs, and social media pages. We and others who use our website or services may collect the information you submit or make available through these interactive features. Any content you provide via the public sections of these features will be considered "public" and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the personal information provided by you may be viewed and used by third parties for their own purposes.

3. Why do we collect your data?

We use the collected data for the specific purpose of providing, developing, and improving our OS1 Platform and related functionality and as permitted by applicable laws. The data may be used for some of the following purposes:

• Provide, operate, and maintain the OS1 Platform including any related functionality and services
• Enabling you to create an account, access and use the different services on theOS1 Platform
• Sending you technical notices, support and administrative messages, and updates to the OS1 Platform as necessary
• Provide you technical support for use of the OS1 Platform
• Respond to your comments, questions, and requests
• Reach out to you in relation to service availability, any planned downtime, or new product launches
• To create an individual profile for you so that we can understand and respect your preferences
• To conduct polls and surveys and periodically reach out to you via phone, email, or chat to understand your experience in using our OS1 Platform and collect your feedback. You may choose to not participate in such surveys by opting out when we reach out to you
• Keep you informed of any developments in relation to the OS1 Platform our solutions / products and related services and functionalities
• Pursuing legitimate interests such as, network and information security and fraud prevention
• In furtherance to fulfilment of a lawful contract
• In interests deemed to protect the vital interest of a data subject
• In order to maintain compliance with legal obligations to which we are subject to and all other lawful purposes related to the OS1 Platform

Our primary goal is to provide you a safe, efficient, smooth, and customized experience when you use our OS1 Platform. The personal information collected allows us to provide you the OS1 Platform in a way that optimally meets your requirements. More importantly, while doing so, we collect personal information from you that we consider necessary for achieving the above-mentioned purposes. Personal information collected by the OS1 Platform is used only for the intended purpose stated at the time that information is collected or for the purposes stated above. We do not sell, rent, or lease personal data which includes any sharing or disclosing of personal information to another party for monetary or other valuable consideration.

We may use and disclose Other Information (defined above) and non-personal information for any purpose in accordance with applicable laws.

4. Why do we share your data and with whom?

As a rule, we do not transfer or share your personal information with any third party unless we are required to do so. We may share your personal information (where required and as an exception) in the following ways:

4.1.1 Group Companies of Delhivery

We may disclose your personal information with group companies for the purposes set out in this Privacy Policy, including:

• for optimizing our shared processes; and
• for other cross-affiliate initiatives.

4.1.2 Regulatory or Government Authorities **

We may disclose your personal information in good faith belief that such action is necessary to:

• comply with a legal obligation;
• comply with a request from any government, regulatory or public authority;
• protect and defend our rights;
• prevent or investigate possible wrongdoing in connection with our OS1 Platform; and
• protect the personal safety of users of our OS1 Platform or the public.

4.1.4 Google Analytics**

Our website uses Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google Analytics uses cookies that are stored on your computer and that enable your use of the website to be analyzed. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

Opt Out Process

You can opt-out of having your activity on our platform available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about your visits and activity. The add-on can be downloaded and installed from:[http://tools.google.com/dlpage/gaoptout?hl=de].However, we would like to point out that in this case you may not be able to use all functions of our platform to their full extent.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:[http://www.google.com/intl/en/policies/privacy/]

4.1.5 Third Party Vendors / Consultants / Marketers

We may disclose your personal information with third-party vendors and other service providers that we use to provide payment processing, support ticket portals, secure transfer software, cloud hosting, registration services, marketing agencies, collaboration and communication tools, data backup services, professional services and other services used in connection with our maintenance or provision of the OS1 Platform.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Before we engage any third-party vendor, we check their security practices and regularly conduct their security and privacy assessments.

These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose whatsoever. Also, we bind our third-party vendors in a contract to secure your data by putting monetary liabilities and surveillance practices and hence, ensuring a high level of security for your personal information.

4.1.6 Mergers / Acquisitions

As we aim to deliver a greater customer experience, we might sell or buy other service lines or business ventures. During any such transactions we may have to provide customer information. Any such disclosure shall of course be subject to the safeguards set out in this Privacy Policy.

4.1.7 To Comply with Legal Regulations

As required by law or a subpoena or if we reasonably believe that such action is necessary to comply with applicable law or the reasonable requests of law enforcement or to protect the security or integrity of our OS1 Platform, and/or to exercise or protect the rights, property, or personal safety of our customers, users, or others.

5. Marketing and Promotional Activities

As a company we provide a range of services in addition to our OS1 Platform including (without limitation) various delivery and logistics solutions through innovative technology and connected tools. We would like to send you information about our products and services and any new offers that we think you might benefit from. If you have agreed to receive this information while accessing our OS1 Platform or other services, you may always opt out later by using the "Opt-out" or "Unsubscribe" functionality when you receive our communication.

6. International Data Transfers

As a global platform, we cannot limit our processing of an individual's personal data to the country in which that individual is based. Your information, including personal information, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. No transfer of your personal information will take place to an organization or a country unless there are adequate security controls in place, including contracts, designed to help ensure your rights and protections.

If you are a resident of the European Economic Area, or the United Kingdom or Switzerland, and there is a transfer of your personal information from these countries to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we will use legal mechanisms, including wherever required, the European Commission-approved standard contractual data protection clauses.

7. How long do we keep your Personal Information?

We store the personal information we receive as described in this Privacy Policy for as long as your account is active with us or you use our OS1 Platform, or as necessary to fulfil the purpose(s) for which it was collected, resolve disputes, conduct audits, enforce our agreements, and comply with applicable laws.

Please notify us of any changes to your personal information. We will take reasonable steps to ensure that your personal information is kept accurate and current.

We may retain Other Information, including non-personal information indefinitely or to the extent allowed by applicable law.

8. How do we secure your Personal Information?

We take information security very seriously and maintain reasonable administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Application, data, infrastructure, and network security are our key focus areas where data security practices are enforced. We also adhere to international standard certifications to complement the enforced practices. Considering "Right to Privacy" as a fundamental right of an individual, we have adopted various measures to protect privacy.

You play an important role in keeping your personal information secure. You should not share your username, password, or other security information for your account with anyone.

Links to Third Party Solutions

Some solutions may link you or enable you to obtain certain services from third parties, including for the purpose of making a payment or to share content through social media. When you do so, your personal information may be collected by those third parties, and not by us. We recommend that when you obtain such solutions from third parties, you review their privacy policy as the security of your data will be subject to their privacy terms rather than this Privacy Policy. We will not be responsible or liable in any manner with respect to how such third-party sites collect and/ or use your information.

9. Children

Our OS1 Platform and any related services are not directed or aimed towards individuals under 16 (or any prescribed legal age in the jurisdiction you are situated, for example anyone under the age of 13 in California or under the age of 14 in China). We do not provide any information on our OS1 Platform targeting children and we also do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without a parent or legal guardian's consent, please contact us at [privacy@OS1.com]. If we become aware that a child under 16 has provided us with personal information in violation of applicable law, we will take steps to delete such information.

10. What are your rights?

You have the right to enquire on:

• What personal information we hold about you
• The purposes of processing such personal information
• The recipients to whom the personal information has or will be disclosed to
• How long we intend to store your personal information
• The right to have incomplete or inaccurate data about you corrected or completed and the process for requesting the same
• The right to request erasure of personal information (where applicable) or to restrict processing in accordance with applicable data protection laws, as well as to object to any direct marketing from us
• The right to report any personal information breach at [privacy@getos1.com ].

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include contact information. We will only ask for the minimum data and only what is relevant in the given context.

You also have the right to not be discriminated against by us for exercising any of your privacy rights.

11. California Privacy Rights

If you reside in the State of California, United States, this section applies to you. The California Consumer Privacy Act of 2018 ("CCPA") requires businesses that collect personal information of California residents to make certain additional disclosures and accordingly we have provided the categories of personal information we have collected within the last twelve (12) months and the categories of third parties with whom we have shared that personal information for a specific business purpose:

As discussed in this Privacy Policy, our advertising and analytics providers may collect your IP address, cookie ID and other internet identifiers when you use our OS1 Platform. We may also provide information as set out in this Privacy Policy with our third-party vendors. However, it is not our intention to sell personal information to any third party as the terms "sale" or "sell" are defined under the CCPA.

12. Changes to this Privacy Policy

We may modify or update this Privacy Policy from time to time to reflect the changes in our practices and ensure we are being transparent regarding any updated practices. If we make any changes to this Privacy Policy, we will notify you by changing the "Last Updated" date above. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Your Consent

By accessing our OS1 Platform, you consent to our Privacy Policy. A link to our policies will be provided in the footer of our OS1 Platform. You will also be asked to review and consent to our Privacy Policy when you create an account with us.

14. Contact Us

At Delhivery, we have a dedicated Privacy Officer to address any concerns or questions you might have about how your personal information is handled or generally in relation to this Privacy Policy. You can always reach out to us at[privacy@getos1.com ] with your grievances or questions.

If you are in the EEA or Switzerland and feel we have not dealt with your concerns and that we are failing to meet our legal obligations, you can report this to your local supervisory authority, but we encourage you to first contact us with any questions or concerns as we take our obligations very seriously. Contact details for data protection authorities in the EEA are available [here], United Kingdom [here] and Switzerland[here].