गोपनीयता नीति | Green SM

1.1 Personal Data: means any data about an individual who is identifiable by or in relation to such data, in digital form. For the purposes of this Policy, Personal Data includes any information that directly or indirectly identifies a natural person, whether collected directly from such individual or generated, recorded, or otherwise processed on the Platform in the course of the Company’s operations, in accordance with the applicable laws. 1.2 Data Principal: means the individual who accesses, registers on, or uses the Platform or who accesses the Company website, driver application, services to whom the Personal Data relates, including for the purpose of booking or availing taxi or transport services through the Platform or who registers on the driver application for engaging with the company as a driver for providing transportation services to the end-user through the Platform. All those subject to this policy is referred to as “users”/ “you”/ “your” for purposes of this Policy. 1.3 Processing of Personal Data: means a wholly or partly automated operation or set of operations performed on Personal Data through or in connection with the Platform, and includes operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available for the purpose of enabling the provision of services through the Platform, restriction, erasure or destruction (“Processing”/ “Processed”). 1.4 This Policy may be updated, amended, supplemented, or replaced by the Company from time to time. If we make significant changes, we will notify you in advance of the changes through the Platform or through other means, such as email. You may regularly access and review the Company’s official website to stay informed of the latest changes. If you do not agree with any amendment, supplement, or replacement of this Policy, you may withdraw consent to this Policy and/or terminate any transaction/agreement/contract entered into with the Company by written notice to the Company. Your continued use of our Services after any modification to this Privacy Policy will constitute your acceptance of such modification. 1.5 The Company undertakes to comply with the following principles when Processing Personal Data: (i). The Company shall process and protect Personal Data in accordance with applicable laws and fully comply with all contracts, agreements, and other instruments established with you; (ii). The Company shall collect Personal Data for specific, clear, and lawful purposes, within the scope of the purposes set out in Section 3 of this Policy and in compliance with the applicable laws; (iii). The Company shall always apply and update appropriate technical measures in accordance with the applicable laws to ensure the security of Personal Data, including measures to protect against unauthorized access and/or destruction, loss, or damage to Personal Data; (iv). The Company shall store Personal Data appropriately and within the necessary scope to process such data in compliance with applicable laws.

To enable the Company to process Personal Data for the purposes specified in Section 3 of this Policy, the Company may process the following types of Personal Data: (i) The Personal Data you provide: a) User profile: The Company collect information when you create an account on the Platform. This may include your name, email, phone number, login name, address, payment method or banking information (including related payment verification information), government identification numbers for drivers such as driver’s license or passport if required by law, birth date, photo and signature. This also includes vehicle or insurance information of drivers. This also includes the preferences and settings that you enable for your account that you maintain on the Platform. For driver partners, we may also collect background check information if the driver onboards on the Company’s Platform as a driver. This information may be collected by a vendor on Company’s s behalf. b) Identity verification information. This refers to the data that we collect to verify your account or identity. This may include biometric data that allows you to be identified based on your physical or biological characteristics. For example, biometric data is generated when we use facial verification technology to confirm that your account is not being used by anyone other than you, your age, or to prevent creation of fraudulent accounts. c) Demographic data: We may collect demographic information about you, such as age, gender, including through surveys. (ii) Information created when you use our services/Platform/website. a) User content: We may collect information that you submit when you contact Company’s customer support, provide ratings or compliments for other users, drivers or otherwise contact the Company. b) Location data: If you request a ride, we track your driver’s location during your trip and link that data to your account. This allows us to display where you are on your trip. We also determine your approximate location and can determine your precise location if you allow us to do so through the settings on your phone. If permitted by you, we will collect your precise location from the time you request a ride until the ride is finished. We also collect such data when you have the Platform or the app open on your phone’s screen. If you are a driver or partner, the Company collects location information when the application is running in the foreground (app open and on-screen) or background (app open but not on screen) of your device. c) Transaction Information: We collect transaction details related to your use of our services, including the type of services you requested or provided, your trip details, date and time the services were provided, amount charged, distance traveled, and payment method. Additionally, if someone uses your promotion code, we may associate your name with that person. d) Device Information: We may collect information about the devices you use to access our services, including the hardware models, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information. e) Communications data: We enable users to communicate with each other through the Platform, apps, websites, and other services. For example, we enable drivers and riders or partners and recipients, to call or text (optional) each other without disclosing their telephone numbers to each other. To provide this service, the Company receives some information regarding the calls or texts, including the date and time of the call/text, and the content of the communications. The Company may also use this information for customer support services (including to resolve disputes between users), for safety and security purposes, to improve our products and services and for analytics. f) In-Vehicle Recordings. To ensure safety and security, we may collect videos of you taken by in-cabin cameras. We may also collect audio recordings, such as when you contact the Company during a trip for customer support purposes. g) The Company may collect information automatically recorded from connections, including: - Cookies, pixel tags, and similar technologies; - Any technology capable of tracking individual activities across devices or websites; - Other data provided by a device; h) Data from other sources: These include data collected from marketing partners, advertisers and third-party service provider, service providers who help us identify or detect fraud on the Platform.

Personal Data may be processed for one or more of the following purposes: 3.1. Assessing the ability to provide products, services and/or enter into contracts (i) Identifying and verifying your information for the purpose of enabling access to and use of the Company’s Platform and services; Verifying that you are who you say you are by using the account information you provide during signup (such as name, contact information, date of birth or payment information) alongside insights from identity and fraud prevention third-party databases. Verifying your age and that your account is being used by you and not by someone else. (ii) Collecting your ID number and/or a photo of your ID, and completing a verification to confirm that the ID is valid, unaltered and that no other account is associated with that document. (iii) Evaluating, reviewing, and approving the provision of products and services based on your registration documents, applications, and contracts; (iv) Conducting background verification for drivers who engage with the Company to provide transportation services (v) Considering the provision or continuation of any products or services of the Company to you. 3.2. Performing obligations under contracts, agreements, terms, conditions, and other instruments between the Company You, and supporting you, including but not limited to the following purposes: (i) Fulfilling contractual obligations and providing products and services to you; (ii) Updating and processing your information; (iii) Handling complaints and disputes by or related to you; (iv) Using and transferring Personal Data and related information to partners for identifying and resolving product or service issues; (v) For contacting and notifying you; (vi) Implementing promotional programs, gift exchanges, awards, and delivery of gifts; (vii) Performing other customer care and support activities; (viii) For safety and security reasons; (ix) Providing live support during your trips. 3.3. Improving the quality of the Company’s products and services, including but not limited to: (i) Providing information upon request or when deemed useful by the Company; (ii) Enhancing technology, website interface, social media platforms, and applications to ensure your convenience; (iii) Managing your accounts and/or customers and loyalty programs; (iv) Compiling statistics and analyzing data for research, development, and improvement of products and services; enhancing your experience; (v) Developing and offering new products and services personalized to your needs; (vi) Introducing and providing promotional programs and incentives for the Company’s products and services and those offered in cooperation with partners; (vii) Recommending products and services that you may be interested in based on preference identification of you and/or customers. (viii) Use your Personal Data to understand your interests, preferences, or characteristics about you, and personalize ads we show you; (ix) Send push notifications suggesting your favorite destinations or merchants, or in-app messages offering discounts or promotions for products or merchants similar to those you’ve previously ordered; (x) Providing customer support for investigating and addressing user concerns, including investigating user reported misconduct (such as inappropriate messages or fraud), monitoring and improving our customer support responses and processes, and identifying potential participants in research studies relating to customer support issues. (xi) Providing customer support for investigating and addressing concerns raised by the drivers, including investigating user reported misconduct (such as inappropriate messages or fraud), monitoring and improving our customer/driver support responses and processes, and identifying potential participants in research studies relating to customer support issues. (xii) Display personalized ads on the Platform. 3.4. Supporting the Company’s business operations, management, and development, including but not limited to fulfilling reporting, financial, accounting, and tax obligations, audit purposes, compliance activities, human resource development, work quality improvement, and other related activities serving the Company’s lawful business operations as deemed necessary. 3.5. Restructuring or transferring projects/businesses: During business operations, the Company may sell or purchase businesses, restructure, or transfer projects or other services in accordance with the law. Accordingly, Personal Data and general information usage rights shall be among the assets transferred. In all cases, the transfer and Processing of Personal Data shall be carried out by the parties in compliance with the law and this Policy. 3.6. Developing marketing, advertising, and trade promotion campaigns, including campaigns based on your preferences. 3.7. Prevention, control, investigation, and detection of acts in violation of the Company’s regulations and applicable laws. 3.8. Safeguarding public order and safety, and protecting your lawful rights and interests, the Company, and other related parties. 3.9. Compliance with applicable laws and international treaties to which the Company is a party, including but not limited to investigate or address claims or disputes relating to use of the services; to satisfy requirements under and/or for purposes of compliance with, applicable laws, regulations, operating licenses, agreements or insurance policies; or pursuant to legal process or governmental request, including from law enforcement. 3.10. Other purposes subject to your consent.

4.1 To the extent permitted by applicable law, You acknowledge that the Company may share Personal Data for the purposes stated in this Policy with the following organizations and individuals: (i) The Company’s parent company, subsidiaries, and affiliates; (ii) Service providers and/or entities cooperating with the Company, including but not limited to: agents, auditors, legal counsel, business partners, providers of IT solutions, software, applications, operational services, management, troubleshooting, infrastructure development, and services aimed at trade promotion; (iii) Any individual or organization acting as your representative or authorized party; (iv) Advertisement (“Ad”) and marketing partners and providers, including ad and marketing publishers (such as social media platforms), ad networks and advertisers, third-party data providers, ad technology vendors, measurement and analytics providers, and other service providers. (v) Ad intermediaries- We share data - including advertising or device identifier, hashed email address, approximate location, current trip or order information, and ad interaction data - with these intermediaries to enable their services and for such other purposes as are disclosed in their privacy notices. You may opt out from ad personalization. (vi) Cloud storage providers. (vii) Customer support platform and service providers. (viii) Third party navigation service providers, in connection with the use of maps in the Platform. (ix) Identity verification and risk solutions providers. (x) Payment service provider, gateways, processors and facilitators. (xi) Research partners, including those performing surveys or research projects in partnership with the Company or on Company’s behalf. (xii) Social media companies, in connection with the Company’s use of their tools in the Platform and websites. (xiii) Service providers that assist the Company to enhance the safety and security of the Platform and services. (xiv) Service providers that provide us with artificial intelligence and machine learning tools and services. (xv) For conducting background verification of the information/documents provided by You to be engaged as driver with the Company. 4.2 Data sharing shall be carried out in accordance with the proper procedures, methods, and applicable laws. Recipients of Personal Data shall be obligated to maintain confidentiality in compliance with this Policy, the Company’s internal regulations, standards for Personal Data protection, and applicable laws. 4.3 The Company may be required to share Personal Data with competent state authorities as prescribed by law. The Company may share your data if it’s required by applicable law, regulation, operating license or agreement, or governmental request, insurance policy, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing data with law enforcement officials, public health officials, other government authorities, insurance companies, third-party fleet partners, or other third parties as necessary to enforce our terms and conditions, user agreements, or other policies; to protect the Company’s rights or property or the rights, safety or property of others; or in the event of a claim or dispute relating to the use of our services.

Personal Data is stored for as long as you maintain an account with the Platform. The details such as transactions, location, usage and other information is stored and retained for a period as required under applicable laws. The retention period for Personal Data is determined based on the purposes of use as stated in this Policy and in compliance with applicable laws.

6.1 The Company shall not sell Personal Data to any party. The Company applies necessary security measures to ensure that the transfer/sharing of Personal Data is safe. Personal Data may be shared as set out in Clause 4 above or other cases as permitted by applicable laws. 6.2 If the recipient of Personal Data is located outside the territory of India, when providing/transferring Personal Data abroad (including but not limited to using cyberspace, devices, electronic means, or other forms to transfer Personal Data outside India, the Company shall require the recipient to ensure the safety and confidentiality of the Personal Data provided/transferred. The Company undertakes to fully comply with the requirements of applicable laws to protect the security of Personal Data.

Personal Data is analyzed based on the Company’s internal processes, data confidentiality principles, and information security standards for IT systems.

When necessary, Personal Data collected shall be encrypted in accordance with appropriate encryption standards during storage, transfer, and processing to ensure that data is always protected.

9.1. When the contractual relationship terminates or when the use of the Company’s products or services ends, or upon a valid request from you, the Company shall delete the stored Personal Data except in the following cases: (i) The applicable law prohibits deletion or requires mandatory retention of data; (ii) Personal Data is processed by competent state authorities for the purpose of serving state operations in accordance with the law; (iii) Personal Data has been lawfully disclosed under applicable laws; (iv) Personal Data is processed for legal requirements, scientific research, or statistical purposes in accordance with the law; (v) In cases of national defense or security emergencies, public order and safety, major disasters, dangerous epidemics; when there is a threat to national security or defense but not to the extent of declaring a state of emergency; prevention and control of riots, terrorism, crime, and legal violations. 9.2. Throughout the entire process of Personal Data Processing, confidentiality is the Company’s highest priority. The Company applies appropriate technical measures to prevent unauthorized access or use of Personal Data. The Company also regularly cooperates with security experts to update the latest cybersecurity techniques to ensure the safety of Personal Data. Your Payment card data issued by financial institutions is protected under the principle that critical card data (card number, cardholder name, CVV) is not recorded in the Company’s systems. Your payment transactions are carried out on the relevant bank’s system.

10.1 Subject to applicable laws, the Data Principal shall have the following rights in relation to the Processing of Personal Data by the Company: (i) the right to obtain confirmation from the Company regarding whether Personal Data relating to the Data Principal is being Processed and to access such Personal Data; (ii) the right to request correction, completion, updating, or erasure of Personal Data that is inaccurate, incomplete, or no longer necessary for the purposes for which it was Processed; (iii) the right to withdraw Consent to the Processing of Personal Data at any time, in accordance with the applicable laws; (iv) the right to obtain information regarding: a) the purposes for which Personal Data is being Processed; and b) the identities of Data Fiduciaries and Data Processors with whom Personal Data has been shared. (v) the right to have grievances redressed in relation to the Processing of Personal Data by the Company; and (vi) such other rights as may be expressly provided under the applicable laws. 10.2 Exercise of Rights: (i) You may exercise the rights set out in this Section 10.1 by submitting a request to the Company through the contact details notified by the Company for this purpose. (ii) For the purposes of processing any request, the Company may require you to verify their identity using reasonable and lawful means. (iii) The Company shall respond to and act upon lawful and valid requests from you within the timelines prescribed under the applicable laws. (iv) Where you request for the withdrawal of Consent or exercise of any right by you results in the Company being unable to continue providing certain products, services, or functionalities that are dependent on such processing, the Company may be required to discontinue or limit the provision of such products, services, or functionalities, in accordance with the applicable laws. 10.3 Grievance Redressal: (i) The Company shall establish and maintain an effective grievance redressal mechanism for addressing complaints or grievances raised by Data Principals in relation to the Processing of Personal Data. (ii) Any grievance raised by you shall be addressed by the Company within the timelines prescribed under the applicable laws. (iii) In the event, you are not satisfied with the resolution of a grievance by the Company, or where the Company fails to respond within the prescribed timelines, the Data Principal shall have the right to escalate such grievance as per applicable laws. 10.4 Limitations: (i) Your exercise of rights shall be subject to such limitations, conditions, and exemptions as may be prescribed under the applicable laws. (ii) The Company may refuse or restrict the fulfillment of a request where such refusal or restriction is permitted under the applicable laws, including where: (a) the request is manifestly unfounded or excessive; (b) compliance with the request would violate any law for the time being in force; or (c) retention or Processing of Personal Data is required for compliance with the applicable laws or any other legal obligation.

11.1 Protect their own Personal Data; request relevant organizations or individuals to protect their Personal Data. Promptly notify the Company upon discovering any errors, mistakes, leaks, or suspected breaches of Personal Data. 11.2 Respect and protect the Personal Data of others. 11.3 Provide complete and accurate Personal Data when consenting to its processing. If any information is incorrect, you shall bear all costs incurred if such information affects or limits their rights and interests. 11.4 Comply with legal provisions on Personal Data protection and participate in preventing and combating violations of Personal Data protection regulations. 11.5 Other responsibilities as prescribed by applicable laws.

12.1 The Company shall process children’s Personal Data in accordance with the principle of protecting the rights and ensuring the best interests of the child and in compliance with applicable laws. The Company shall only process children’s Personal Data and provide products and services to children if the parent or legal guardian consents to the child’s use of the Company’s products and services, consents to the Company’s processing of the child’s Personal Data, agrees to this Policy, and complies with all relevant legal requirements. In cases where a child aged eighteen (18) years or older uses the Company’s products or services, the Company shall only process the child’s Personal Data upon obtaining the child’s own consent. Parents or legal guardians shall be responsible for obtaining the child’s consent before providing the child’s Personal Data to the Company.

13.1 The Company implements various information security safeguards and technical measures such as firewalls, access control measures, and encryption to protect and prevent unauthorized access, use, or sharing of Personal Data. 13.2 The Company advises you to keep confidential all information related to account login credentials, One Time Password codes, and not to share such information with any other person. 13.3 You should be clearly aware that at any time when you disclose or publicly share your Personal Data, such data may be collected and used by others for purposes beyond your control and the Company. 13.4 The Company recommends that you use secure devices, networks and updated software systems (mobile phones, tablets, personal computers, etc.) while accessing the Company’s Platform. You should log out of your account when not in use. 13.5 In the event that the data storage server is attacked, resulting in loss or leakage of Personal Data, the Company shall be responsible for notifying the competent authorities for timely investigation and handling, and informing you in accordance with applicable law. 13.6 When transmitting Personal Data online, you should only use secure systems to access websites, applications, or devices. You are responsible for keeping your authentication credentials for each website, application, or device safe and confidential.

14.1 Personal Data shall be processed from the time the Company lawfully receives the Personal Data and has an appropriate legal basis to process such data in accordance with the applicable laws. 14.2 Personal Data shall be processed until the purposes of data processing have been fulfilled. 14.3 The Company may be required to retain Personal Data even after the termination of the contract between the parties to fulfill obligations under the law and/or at the request of competent state authorities.

The Platform may contain links to third-party websites or services (“External Resource”). Your browsing on and interaction with any External Resource, irrespective of whether the link to such External Resource originated on our Platform, is subject to the terms and privacy policies of such External Resource. We are not responsible for the functionality, privacy, or security measures of any other entity and this Privacy Policy will not govern your use and access of such website or service you are redirected to.