PRIVACY POLICY & DISCLAIMER

1.INTRODUCTION Checkmate Challengers:

Owns and operates www.checkmatechallengers.com (“Website”) and Checkmate Challengers respects your privacy (“Checkmate” or “We”). We understand the importance of protecting your privacy. We are committed to safeguarding the privacy of the sensitive personal data or information that We collect, possess, use, process, record, store, transfer, disclose, deal, handle and receive, by and on behalf of our clients/customers including the sensitive personal data or information of their clients/customers, while rendering services to our clients/customers in connection with our businesses. Accordingly, following is our Privacy Policy setting out how We intend to safeguard such sensitive personal data or information received and used by us as aforesaid. This follows the prevailing Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 made thereunder (“IT Act”).

2.SCOPE AND APPLICABILITY OF THIS POLICY:

This Privacy Policy (the “Policy”) is effective from 1stJuly 2020 as amended from time to time and applies to Checkmate, its affiliates and its subsidiary companies, its employees, staff and team members who collect, possess, use, process, record, store, transfer, disclose, deal, handle and receive, the sensitive personal data or information by and on behalf of CHECKMATE’s clients/customers (“Client(s)”) including the sensitive personal data or information of the clients/customers of such Clients (“Client Contacts”) which has been given to CHECKMATE by such Clients and/or the Client Contacts (“You” or “Your”) while rendering services to them and third parties in India or overseas including but not limited to any consultants, contractors, advisors, accountants, agents, person, representatives of CHECKMATE and/or service providers etc who provide services to or on CHECKMATE’s behalf in connection with its business (“Third Party”). This Policy summarizes what type of Sensitive Personal Data or Information (as defined hereinafter) We collect about You, purpose of collection, storage and usage of such data or information, to whom such data or information may be disclosed/transferred and how We protect Your privacy.

3.TYPES OF SENSITIVE PERSONAL DATA OR INFORMATION WE COLLECT:

The term “Sensitive Personal Data or Information” in this Policy refers to personal information which does and/or can identify You as an individual. The types of Sensitive Personal Data or Information that We may collect consist of following personal information relating to You:

Name, gender, home address, telephone number, date of birth, marital status, email address, emergency contacts or other contact information (including the gender,
age, nationality and passport information of any relatives and beneficiaries).

Photographs; racial or ethnic origin, nationality, and passport information; religious or philosophical beliefs

Financial information such as bank account/credit card/debit card or other payment instrument details; taxpayer identification number.

Physical, physiological, and mental health condition; sexual orientation

Medical and health records and history; biometric information.

Affiliations, interests, work history, technical skills, educational background, professional certifications and registrations, language capabilities, training courses
attended.

Voicemails, e-mails, password, correspondence, and communications.

About the pages You visit/access, the links you click on our Website, the number of times you access the page, items bought by You, loyalty points, pre-nomination,
notification, Opinions of features on our Website.

The results of credit and criminal background checks, screening, health certifications, driving licence number, vehicle registration and driving history.

Information required to comply with laws, statutory obligations, the requests and directions of law enforcement authorities or court orders.

Acknowledgements regarding CHECKMATE policies, including ethics and/or conflicts of interest policies and computer and other corporate resource usage policies.

Any detail relating to the above clauses as provided to CHECKMATE

Any of the information received under above clauses by CHECKMATE for collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing,
handling, and disclosing under lawful contract or otherwise

Most of the Sensitive Personal Data or Information We collect is the data or information that is will fully and knowingly provided to us by You. However, in some instances, We collect Sensitive Personal Data or Information about You, based on our inferences about You, from other information provided to us by You or on our interactions with You or on such personal information about You that We receive from a third party with Your knowledge.

This Policy does not apply to any information that You may disclose publicly and which is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force and such information shall not be regarded as Sensitive Personal Data or Information for the purposes of this Policy. Further, the Sensitive Personal Data or Information of You shall not be disclosed to any third person unless the said third person is required to have the Sensitive Personal Data or Information of You to provide required services to You and/or with your permission and/or to help investigate, prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person, violations of www.croma.com terms of use or to defend against legal claims and special circumstances such as compliance with the rules of any stock exchange, subpoenas, court orders, requests/order from legal authorities or law enforcement agencies requiring such disclosure. We share your information with advertisers on an aggregate basis only.

4.YOUR CONSENT:

We will obtain Your permission in writing through a letter or fax or email (“Consent”) before collecting Your Sensitive Personal Data or Information with respect to the purpose of usage of such data or information. If You give Your Consent, it means You have done so freely and voluntarily and agree to this Policy. You always have the right to refuse or withdraw Your Consent for the Sensitive Personal Data or Information sought to be collected or withdraw Your Consent given earlier to us. We will always respect such a refusal or withdrawal, but it might mean that We are unable to perform all services, arrangements, or contracts with You and will have the option to discontinue the same. We will inform You of these inabilities if they occur. However, we reserve the right to retain such Sensitive Personal Data or Information as may be necessary for providing our pending services to You and in accordance with this Policy. We will while collecting Sensitive Personal Data or Information directly from You take such reasonable steps to ensure that You are aware of the –

Sensitive Personal Data or Information will be collected, received, possessed, used, processed, recorded, stored, transferred, dealt, handled and disclosed in
compliance with the local laws/regulations in the territory where those activities occur including IT Act

Sensitive Personal Data or Information will be collected for specified, legal and legitimate purposes and shall be used for the purpose for which it has been collected.

Sensitive Personal Data or Information will be relevant/necessary to/for the purposes for which it is collected and used.

Sensitive Personal Data or Information will be current and accurate with reasonable steps taken to rectify or delete inaccurate Sensitive Personal Data or Information.

Sensitive Personal Data or Information will be kept only if necessary, for the purposes for which it was collected and processed

Appropriate measures will be taken to prevent unauthorized access or use, unlawful processing, and unauthorized or accidental loss, destruction, or damage to such
Sensitive Personal Data or Information.

5.PURPOSES FOR COLLECTION, STORAGE AND/OR USE OF SENSITIVE PERSONAL DATA OR INFORMATION:

The primary purposes for collection, storage and/or use of Sensitive Personal Data or Information is for

Our business processes, operations and management including but not limited to performance of the business, operation of the services, entering into or performing
any contract, maintaining quality of the services, providing support to the products or services You have obtained from us, managing company assets

Processing Your order, corresponding with You, fulfilling Your transaction requests, and delivering the programs, products, information, and services requested by You
or other services related inquiries.

Managing Client Contacts profiles including but not limited to the business relationship between the Clients and Client Contacts, administering and developing our
business relationship with You, providing You with information, products or services that You request from us or which We feel may interest You, record keeping and
other general administrative and services related processes;

Ensuring the safety and protection of the rights or property of CHECKMATE or its business

Complying with applicable legal requirements including but not limited to governmental reporting, etc and fulfilling statutory/legal obligations as a service provider
under applicable laws, adhering to judicial or administrative orders, compliance with laws.

Contacting You via surveys to conduct research about Your opinion of current services or of potential new services that may be offered by us.

Monitoring or recording of certain calls, chats and other interactions relating to the online transactions which may involve You calling us or us calling You and online
chats for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction;

While conducting daily business/operations such Sensitive Personal Data or Information may be provided to affiliates and associate companies, employees/staff of
CHECKMATE and Third Party’s for the purpose of processing such Sensitive Personal Data or Information for or on our behalf including but not limited to helping us to
perform statistical analysis, send You email or postal mail, provide customer support/support services, arrange for deliveries of programs, products, information, and
services etc;

Direct marketing and promotional purposes.

Operating Website, improving the content of our Website to offer You better products and/or services and to ensure that content from our Website is presented in the
most effective manner for You; and

In connection with the business of CHECKMATE.

6.DATA COLLECTION DEVICES :

In addition to Sensitive Personal Data or Information, we may use data collection devices such as “cookies” or other technology to obtain certain types of information when Your web browser accesses our Website. Cookies are small files containing a string of characters to identify Your browser. Cookies allow the Website to remember important data or information that will make Your visit to the Website more useful. Our Website may use cookies and other technology to store pertinent user information during a session to speed navigation and keep track of items and to collect anonymous traffic data that We may use to enhance our Website and for marketing and promotional purposes. You can reset Your browser to refuse cookies or warn You when they are being sent. Please note that by turning cookies off, you may not have access to all features available on our Website. We also use logging systems on our internal network to register the use of your computer systems. This is done for the purpose of ensuring the performance, integrity, and security of these systems. We have also contracted with third parties to track and analyse anonymous usage and volume statistical information from our visitors and members for research purposes. Such information is shared externally only on an anonymous, aggregated basis. Such third parties use persistent cookies to help us to improve the visitor experience, to manage our Website content, and to track visitor behaviour. All data or information collected by such third party on our behalf is used solely by or on behalf of CHECKMATE and is shared externally only on an anonymous, aggregated basis. We will make best efforts to do so but do not warrant that any of the websites or any affiliate site(s) or network system linked to our Website is free of any operational errors nor do We warrant that our Website will be free of any virus, computer contaminant, worm, or other harmful components. Our Website contains links to other sites which are not owned or operated by CHECKMATE. CHECKMATE is not responsible and makes no guaranty for the privacy practices or the content of such websites. These links are provided only as a convenience to You. Neither, CHECKMATE nor any of its affiliates are responsible for the availability of such third-party websites or their contents. CHECKMATE will not be liable for Your Sensitive Personal Data or Information transmitted over networks accessed by You of the sites or otherwise connected with Your use of the services. You understand, acknowledges and agree that neither CHECKMATE nor any of its affiliates are responsible or liable, directly or indirectly, for any damage or loss of any sort caused in connection with your use of or reliance on any content of any such site or services available through any such site.You acknowledge that the services, content, site and/ or any software are provided on an “as is” and “as available” basis, without warranties of any kind, either express or implied, including, without limitation, implied warranties of merchantability, fitness for a particular purpose. Although CHECKMATE has taken adequate safeguard and in case of any breach CHECKMATE shall take action to remedy such breach. In addition to taking all the reasonable precautions as required under law, CHECKMATE expressly disclaims any and all warranties, express or implied, including, without limitation: (i) The services and/ or software will be free of all viruses and hacking. (ii) The software will work on all mobile phones, will be compatible with all mobile phone networks and/or will be available in all geographical areas. (iii) Any service will be uninterrupted, timely, secure or error-free for any reasons whatsoever including but not limited to overload / breakdown of receiving network, servers or applications; system failures out of the CHECKMATE’s control or due to heavy traffic on network”.

7.DISCLOSURES OR TRANSFER OF YOUR SENSITIVE PERSONAL DATA OR INFORMATION :

If CHECKMATE wishes or is required to disclose the Sensitive Personal Data or Information collected from You to any Third Party, We will ask for Your prior Consent except when such disclosure has been agreed in the contract between CHECKMATE and You or it is necessary to comply with a legal obligation or it is to be shared with Government agencies or to be disclosed to any third party by an order under law. CHECKMATE will transfer, with Your Consent, the Sensitive Personal Data or Information to any other Third Party in India or overseas, that ensures the same level of data protection that is adhered to by CHECKMATE as set out herein for fulfilling any contractual obligation. We will disclose or transfer Your Sensitive Personal Data or Information in accordance with this Policy and all applicable legal requirements. Your Sensitive Personal Data or Information will be disclosed or transferred, as may be required from time to time, as follows:

For Business Purposes:

The appropriate employees/staff/persons in our offices; (ii) our affiliates and associate companies; (iii) from one office within CHECKMATE to another office in India or overseas in accordance with the IT Act; (iv) to any third party, in the event of a proposed or actual business transfer; and (v) in connection with our business and services provided by CHECKMATE

To Third Party’s:

working with us or on our behalf in different industries and categories of business. We will disclose, share, transfer Your Sensitive Personal Data or Information to any Third Party or provide Your Sensitive Personal Data or Information to any Third Party in connection with our business requirements or for the purposes indicated herein. Such Third Parties are required to process Your Sensitive Personal Data or Information they receive from us in a lawful, safe and responsible manner in accordance with this Policy and the prevailing laws and take all appropriate security and confidentiality measures such that they do not use Your Sensitive Personal Data or Information for their own purposes or disclose Your Sensitive Personal Data or Information to others. Neither CHECKMATE nor any Third Party will publish Your Sensitive Personal Data or Information.

For Legal Requirement:

to any court of law and/or government agencies/entity as may be required under law and/or statutory authority, Reserve Bank of India and Credit Information Bureau India Ltd (“CIBIL”) or in response to a legal process, for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences and/or to any third party by an order under the applicable law or if We determine it is necessary or desirable to comply with any applicable law regulation, legal process or enforceable governmental request or to protect or defend our rights or property including compliance with accounting and tax rules and regulations or to investigate detect, prevent, or take action regarding illegal activities, suspected fraud, security or technical issues or situations involving potential threats to the physical safety of any person.

For Centralized Data Processing Activities:

We have centralized certain aspects of our data processing and administration to allow us to better manage our business. Such centralization may result in the transfer of Your Sensitive Personal Data or Information: (i) from one country to another; (ii) to our employees/staff of the affiliates/associate companies of CHECKMATE in other locations etc. However, whenever Your Sensitive Personal Data or Information is transferred within CHECKMATE, it will be processed in accordance with the terms and conditions of this Policy.

8.REASONABLE SECURITY PRACTICES AND PROCEDURES AND Audits :

We seek to ensure compliance with the requirements of the IT Act to ensure the protection and preservation of Your privacy, therefore We take appropriate security measures to protect Your Sensitive Personal Data or Information against unauthorized access, alteration, disclosure or destruction. We have a number of physical, electronic, and procedural safeguards/measures in place to actively protect the confidentiality, security, and integrity of Your Sensitive Personal Data or Information, including a comprehensively documented information security programme and a strict security policy that contains managerial, technical, operational and physical security control measures for protecting such data or information. We have implemented standard or code of best practices for data or information protection. We limit access to Your Sensitive Personal Data or Information to members of our team/employees of CHECKMATE/Third Parties who We believe reasonably need to come into contact with that information for the purpose of performing their duties. We have strict confidentiality obligations that apply to such members/employees of CHECKMATE/Third Parties. Failure to meet these obligations may result in disciplinary and other actions, including dissolution of a contract, termination of employment and criminal prosecution. We conduct training to authorized users regarding the lawful and intended purposes of processing Your Sensitive Personal Data or Information, the need to protect and keep information accurate and up-to-date and the need to maintain the confidentiality of the data or information to which such authorized users have access. Authorized users will comply with this Policy, and We will take appropriate disciplinary actions, in accordance with applicable laws, if Your Sensitive Personal Data or Information is accessed, processed, or used in any way that is inconsistent with the requirements of this Policy.To further ensure enforcement of this Policy, the standard or code of best practices will be audited for compliance with this Policy and IT Act. For this purpose, We engage an independent auditor duly approved by the Central Government, to conduct the audit at least once a year or when We undertake significant upgradation of our process and computer resources and take such corrective action if necessary to address any issues or problems that such audit reveals.

9.RETENTION OF YOUR SENSITIVE PERSONAL DATA OR Information :

We are aware of the importance of timely destruction of Sensitive Personal Data or Information. We ensure that Your Sensitive Personal Data or Information is not stored/retained for a longer period than necessary for the purpose for which it was collected, used or processed or as provided in our contracts except when there is a legal obligation to do so under any law. It is our practice to destroy Your Sensitive Personal Data or Information as soon as possible after it is no longer necessary for the purpose for which it was collected, used, or processed save and except as stated hereinabove.

10.UPDATING OR REVIEWING YOUR SENSITIVE PERSONAL DATAORINFORMATION/ QUESTIONS :

Complaints You may by a written request review the Sensitive Personal Data or Information provided by You. We will ensure that any Sensitive Personal Data or Information about You which is found to be inaccurate or deficient shall be corrected or amended as may be feasible. You expressly state that Sensitive Personal Data or Information provided by You to us is correct and complete in all respects and does not contain any false, distorted, manipulated, fraudulent or misleading facts. We expressly disclaim any liability arising out of the said data or information provided by You to us. Further, You expressly agree that We are not responsible for the accuracy and authenticity of such data or information provided by You to us and You agree to indemnify CHECKMATE for all losses incurred by CHECKMATE due to any false, distorted, manipulated, defamatory, libellous, vulgar, obscene, fraudulent or misleading facts made by You to CHECKMATE. In case of any discrepancies or grievances with regard to the processing of Your Sensitive Personal Data or Information, please contact Mr. Naresh Popat at +919819674746. Further on receipt of any concerns or complaints the Grievance Officer will employ all commercially reasonable efforts to address the same within one (1) month of receipt of same.

11.ENFORCEMENT RIGHTS All CHECKMATE:

affiliates/group companies will ensure that this Policy is observed. All employees/staff of CHECKMATE and Third Parties who have access to Sensitive Personal Data or Information are required to comply with this Policy. In some countries, violations of data protection regulations may lead to penalties and/or claims for damages from the individuals who are adversely affected. All Third Parties shall only process the Sensitive Personal Data or Information in accordance with CHECKMATE’s instructions or make decisions regarding such data or information as part of the delivery of their services. In either instance, CHECKMATE will select reliable Third Parties who undertake, by contract or other legally binding and permissible means, to put in place appropriate technical and organizational security measures to ensure an adequate level of protection of such data or information. CHECKMATE will require Third Parties to comply with this Policy or to guarantee the same levels of data protection that is adhered to by CHECKMATE when handling/processing such data or information. Such selected Third Parties will have access to such data or information solely for the purposes of performing the services specified in the applicable service contract and are legally and contractually bound to maintain the privacy of such data or information shared with them and will not disclose it further. If CHECKMATE concludes that a Third Party is not complying with these obligations, it will promptly take appropriate actions to remedy such non-compliance or implement necessary sanctions. Additionally, our team members/employees/staff are bound by internal confidentiality policies. Any team member/employee/staff found to have violated this Policy or any other policies will be subject to disciplinary action, up to and including termination of employment including penalties under applicable laws.All Third Parties and our team members/employees/staff do hereby specifically agree that he/she/it shall, at all times, comply with the requirements of the IT Act, while collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing Sensitive Personal Data or Information. The said Third Parties and team members/employees/staff do further unequivocally declare that in case he/she/it violates any provisions of the IT Act, he/she/it shall alone be responsible for all his/her/its acts, deeds and things and that he/she/it alone shall be liable for civil and criminal liability there under or under any other law for the time being in force.

11.MODIFICATIONS TO THE POLICYCHECKMATE:

Reserves the right to update, change or modify this Policy, from time to time, without prior notification. The policy shall come into effect from the date of such update, change or modification. We will inform You regarding any such changes by updating this Policy and will post all changes to the Policy on relevant internal and external websites. Effective with the implementation of this Policy, applicable CHECKMATE privacy guidelines or practices relating to the processing of Sensitive Personal Data or Information will be superseded by the terms of this Policy and modified accordingly. All parties to any such agreements will be notified of the effective date of implementation of the Policy.If any of the terms or definitions used in this Policy are ambiguous, the definitions established under the IT Act shall apply.

Disclaimer

Checkmate Challengers (“Company”) does not in any manner endorses, warrants, and/ or guarantees the authenticity, quality, delivery, safety, and benefits of the offers and/or Products and/or services advertised herein in any manner whatsoever. It may include inaccuracies and/or typographical errors. The contents published on www.checkmatechallengers.com (“Website”) are subject to changes and/or improvements periodically. During the process of up-gradation, repair, maintenance and/or improvements of contents/systems/programs/software may be suspended for any use. The Company shall not be liable for any inconvenience, loss, damage, cost, expenses which may be incurred by anybody due to unavailability of the Website for any use. Advertisement/advice (if any) received via the Website should not be relied upon for personal, legal, and/or financial decisions and you should consult an appropriate professional for specific advice tailored to your situation.

The Company cannot be held liable in any event, for any special, punitive, incidental, consequential loss and/or damages (direct and/or indirect) whatsoever including, without limitation, damages for loss of opportunity, business loss, loss of profit, revenue, loss and/or damage to any person and/or property arising out of or in connection with the use of and/or performance of the Website, with the delay and/or inability to use the Website/services and/or related services, the provision of or failure to provide services, and/or for any information, software, Products, services obtained through the Website/services, and/or otherwise arising out of the use of the Website/services, whether based on contract, tort, negligence, strict liability and/or otherwise, even if the Company has been advised of the possibility of damages. The Company does not endorse in anyway any advertisers/ contents of advertisers on its webpages. The User shall verify the veracity of all information on his/her own before undertaking reliance and acting thereupon. The Company shall not be responsible and/or liable for any consequential damages arising on account of the user reliance on the contents of the advertisement. Further, the Company shall not be responsible in any manner whatsoever for any third part action which results in the information provided by the User being exposed, misused and/or by such third party who accessed such information without any authorisation from the Company.

There may be delay in provision of services due to factors beyond the reasonable control of the Company and therefore the Company shall not be held responsible and liable for any delay and/or failure in performance of services by the Company due to such factors.

Except as specifically mentioned in specifications of any Product offered for sale on the Website, the Company does not make any representation, warranty and/or guaranty whatsoever as to the (a) availability, timelines, lack of viruses and/or other harmful components, accuracy, adequacy, reliability, completeness, suitability and/or applicability of the information to a particular situation; (b) that the service will be uninterrupted, timely, secure, and/or error-free; (c) all information, software, Products, services and related graphics are provided “as is” without warranty of any kind. The Company hereby disclaim all warranties and conditions regarding this information, software, Products, and services including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. (d) the images / pictures of Product published on the Website may be indicative and final Product may differ from the images / pictures published on croma.com relating to any Product.

This agreement is governed by the Laws of India. The User hereby irrevocably consent to the exclusive jurisdiction and venue of Courts in Mumbai in all disputes arising out of or relating to the use of the Website.