HYPERION FUTURE TECH VENTURES PRIVACY POLICY

This privacy policy ("Policy") describes the commitment of Hyperion Future Tech Ventures Private Limited ("Hyperion" or "we" or "us" or "our") to respecting your privacy. We recognise the need for appropriate protection and management of any personal information you share with us. The words "User" or "you" or "your" or "yours" as used herein, refer to all individuals accessing, or using the Service Platform or Services (both, as defined hereinafter) for any reason.

By using or accessing the Services through our Service Platform or otherwise, whether through a mobile device, mobile Application, or any other device, you agree to be bound by the terms of use provided on the Service Platform (the "Terms") and the provisions of this Policy. You further consent to Hyperion's collection, retention, processing, use, disclosure, and protection of Personal Data (as defined hereinafter), when you create an account / login credentials to avail the Services.

This Policy (together with the Terms and any other document(s) referred to in the Terms) sets out to inform the User the following:

1. The kinds of Personal Data we may gather during your use of our Services;

2. Why we gather your information;

3. What we use or process your Personal Data for;

4. When we might disclose your Personal Data; and

5. How you can manage your Personal Data.

By signing up and/or accessing our Service Platform, you further represent that you are 18 (eighteen) years of age or older.

YOU AGREE TO PROVIDE YOUR CONSENT TO THE TERMS OF THIS PRIVACY POLICY BY TICKING THE BOX NEXT TO THE WORDS "I AGREE WITH THIS PRIVACY POLICY". IF YOU DO NOT AGREE TO THIS POLICY, PLEASE DO NOT PROCEED FURTHER TO USE OR ACCESS THE SERVICE PLATFORM AND/OR OUR SERVICES. YOU WILL HAVE THE OPTION TO NOT PROVIDE YOUR CONSENT, OR WITHDRAW ANY CONSENT GIVEN EARLIER, PROVIDED THAT THE DECISION TO NOT PROVIDE CONSENT/WITHDRAWAL OF THE CONSENT IS INTIMATED TO US IN WRITING. IF YOU DO NOT PROVIDE US PERSONAL DATA OR WITHDRAW THE CONSENT TO PROVIDE US WITH ANY OF YOUR PERSONAL DATA AT ANY POINT IN TIME, WE SHALL HAVE THE OPTION TO NOT PROVIDE THE SERVICES FOR THE PURPOSE OF WHICH THE SAID PERSONAL DATA WAS SOUGHT.

This Policy is incorporated into and subject to the provisions of the Terms and the terms not defined here, have the meanings ascribed to them in the Terms. This Policy and the Terms are effective upon your accessing or using the Service Platform and/or use of our Services. We encourage you to read the terms of the Policy and the Terms in their entirety before you visit the Service Platform or use our Services.

This Policy DOES NOT apply to information that you provide to, or that is collected by, any Third Party (as defined hereinafter), such as social media Application that you use which are not in connection with our Services. Hyperion encourages you to consult directly with such Third Parties about their privacy practices.

1. YOUR PRIVACY - OUR COMMITMENT

We are extremely proud of our commitment to protect your privacy. For the purposes of this policy, the following terms shall have the meaning set forth below:

"Account" means the account created and registered on the Service Platform by the User and which may comprise details pertaining to the Personal Data.

"Applicable Laws" shall mean any and all: (a) laws, statutes, constitutions, treaties, rules, regulations, ordinances, codes, guidance, and common law; and (b) all judicial, executive, legislative, administrative or military orders, directives, decrees, injunctions, judgments, permits, agreements, and other legal requirements, in each case, of, with, or adopted or imposed by any Governmental Authority (as defined hereinafter), now or hereafter in effect and, in each case, as amended from time to time.

"Data Protection Law" shall mean any data protection, data security or privacy law, including, without limitation, the Information Technology Act, 2000 including the rules thereunder ("IT Act and Rules"), the Digital Personal Data Protection Act, 2023, and any laws governing Personal Data or information from outbound telephone calls, transmission of electronic mail, transmission of facsimile messages and any other communication-related data protection, data security or privacy laws.

"Governmental Authority" means any government authority, statutory authority, regulatory authority, government department, agency, commission, board, tribunal or court or other law, rule or regulation making entity/ authority having or purporting to have jurisdiction on behalf of the Republic of India or any state or other subdivision thereof or any municipality, district, or other subdivision thereof.

"Intellectual Property" or "IP" includes ideas, concepts, creations, discoveries, inventions, improvements, know how, trade or business secrets; trademarks, service marks, designs, utility models, tools, devices, models, methods, procedures, processes, systems, principles, synthesis protocol, algorithms, works of authorship, flowcharts, drawings, books, papers, models, sketches, formulas, proprietary techniques, research projects, copyright, designs, and other confidential and proprietary information, databases, data, documents, instruction manuals, records, memoranda, notes, user guides, in either printed or machine-readable form, whether or not copyrightable or patentable or protectable under any other intellectual property law, or any written or verbal instructions or comments.

"Intellectual Property Rights" or "IPR" include: (a) all rights, title, and interest under any statute or under Applicable Laws including patent rights; copyrights including moral rights; and any similar rights in respect of the Intellectual Property, anywhere in the world, whether negotiable or not; (b) any licences, permissions and grants in connection therewith; (c) Applications for any of the foregoing and the right to apply for them in any part of the world; (d) right to obtain and hold appropriate registrations in Intellectual Property anywhere in the world; (e) all extensions and renewals thereof; and (f) causes of action in the past, present or future, related thereto including the rights to damages and profits, due or accrued, arising out of past, present or future infringements or violations thereof and the right to sue for and recover the same.

"Opt-Out" means (as the case may be) a link for you to indicate your refusal to our use of your Personal Data and the mechanism explained in Clause 10 of this Policy.

"Party" refers individually to you and Hyperion.

"Parties" refer to both you and Hyperion jointly.

"Personal Data" shall mean any personally identifiable information relating to an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal Data includes both directly identifiable information, such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, information that could be used to identify a household, telephone number, key-coded data or online identifiers, such as IP addresses, and includes any data that constitutes "personal data" or "sensitive personal data or information" under other Data Protection Law.

"Personal Identification Information" means your name, address, identification number, phone number, and includes any other information by which you may be personally identified.

"Sensitive Personal Data or Information" with respect to a person shall mean such personal information which consists of information relating to:

1. Passwords;

2. Financial information such as bank account or credit card or debit card or other payment instrument details;

3. Details of Government issued Identification cards or licenses such as Aadhar Card, PAN Card, and Driving Licence.

4. Physical, physiological and mental health condition;

5. Sexual orientation;

6. Medical records and history;

7. Biometric information;

8. Any detail relating to the above clauses as provided to body corporate for providing service; and

9. Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

"Services" shall mean the provision of leasing Vehicles from Hyperion and/or providing Users the option to undertake Delivery Services for clients, made available by Hyperion to the Users on the Platform;

"Service Platform", refers to any of our html-based/internet-based computer programs, smart phone, tablet or personal computer applications and all other software programs made available to the Users (either via Apple iOS or Android) by us.

"Third Party" shall mean a party which is not a signatory to the Terms and this Privacy Policy.

1. We understand that you entrust us with certain Personal Data and in exchange for your trust, you expect us to treat your information in accordance with the terms of this Policy.

1. INFORMATION WE MAY COLLECT AND HOW WE COLLECT IT

We may obtain your Personal Data from various sources. When you visit or use our or avail the Services, we may collect, use, or disclose the following data about you:

1. Information You Provide to Us:

You may be required to provide us with your Personal Data while: (i) signing up for the Service Platform; (ii) creating an Account on the Service Platform; (iii) availing our Services; and (iv) performing Know-Your-Customer ("KYC") verification. You hereby agree to provide us with accurate information and ensure that you update such information as required. We may receive the following information directly from you, thereby enabling you to make use of the Service Platform:

1. Identification Details such as name, date of birth, gender, photograph, driving licences, Aadhaar card details, and PAN card details, which are used for the purpose of creating an account with Hyperion and availing the Services;

2. Correspondence Details such as email address, letter, telephone number, postal address, postal code, shipping and billing formation (such as delivery address and billing address), etc. which are used for the purpose of communication with you, resolving your queries, and provision of other support Services;

3. Financial Data such as bank account details, payment account number, credit or debit card or debit card number, etc. which are used for the purpose of enabling and effecting transactions on the Service Platform; and

4. Information you provide to us through social media networks or Service Platform such as your name, profile picture, likes, location, friend list and other information described on the social media network or Service Platform sign-up page.

Please note that we also may collect and store your Personal Data we receive from Third Party sources. Please be advised that Third Parties have their own privacy policies, and you should refer to them for any questions you may have about the information they may collect about you and when you create an Account and/or use the Service Platform.

1. Information We Collect Automatically

We may collect certain Personal Data from you automatically through our servers that keep an activity log tracing all Users of the Service Platform. The information we collect may include but is not limited to your Internet Protocol (IP) address, home address, time of access, date of access, web page(s) visited, number of clicks, software crash reports, browser/app details, session identification number, search terms, search results, referring website's addresses, information about things near your device, such as wi-fi access points, cell towers, operating system, mobile network information including carrier name and phone number, and Service Platform version number, and Bluetooth-enabled devices subject to your settings and device permissions. Additionally, when you avail our Services through the Service Platform, we may collect information regarding your location which can be used to directly or indirectly identify you.

We may include functionality for the User's convenience on our Service Platform that allows you to remain logged-in so that you do not have to re-enter a password each time you want to avail our Services. If you choose to remain logged-in, you should be aware that anyone with access to your device will be able to access and make changes to your account and may be able to obtain your personal information through your account. For this reason, if you choose to remain logged-in to the Service Platform, we strongly recommend you enable the security features on your smartphone, tablet or personal computer to protect against unauthorised access to and use of your device and your Account on our Service Platform.

2. Information We Receive From Third Parties

We may receive information about you from a Third Party if you have provided your consent for such information to be shared with us. We may combine and process such data internally towards our Services. We also work closely with select third parties (including, for example, subcontractors such as advertising networks, analytics providers, search information providers, infrastructural services, including cloud service providers) and may receive information about you from such sources. We may also collect and receive information in an aggregated form such as statistical or demographic data from different browser types for analysis.

2. USE OF YOUR DATA

   1. We only have access to and/or collect Personal Data that you give us or that is collected while accessing our Service Platform, using our Services or via e-mail or other direct contact from you. By using our Services, creating an Account, or accessing the Service Platform, you grant us the permission to collect, use, copy, transmit, store and back-up your Personal Data for purposes of the Services and/or for any other purpose(s) as contemplated by the Policy and the Terms.

   2. We may use your Personal Data for the following purposes (each of which is, "Permitted Use"):

1. To enable you to access and use our Service Platform, interact with Third Party customers engaged by Hyperion on the Service Platform, and to avail the Services provided by us;

2. To ensure that the content of the Service Platform is presented on the most effective manner for you and for your mobiles and other devices;

3. To provide you with alerts, materials, or information that you have requested for or signed up to;

4. To carry out our obligations arising from any contracts entered into between you and us;

5. To allow you to participate in interactive features of our Service Platform, including access your history while availing our Services;

6. To comply with Applicable Laws and regulations;

7. To collect overdue amounts and seeking professional advice, especially in cases of legal proceedings;

8. To improve and further our Services, subject to your exercise of the Opt-Out;

9. To inform you about our latest Services and updates;

10. To resolve disputes, troubleshoot problems, and measure your interest in Services provided by us;

11. To customise your experience;

12. To detect and protect us against error, fraud and other criminal activity;

13. To enforce the Terms;

14. To provide means to respond to your inquiries and/or resolving your complaints;

15. To send service or support messages, security alerts, Account notifications, updates, etc.;

16. To optimise the Service Platform and improve our business;

17. To improve our marketing and promotional efforts, analyse site usage, and create a profile about you based on the information you provide to us in order to tailor our Services to your interests;

18. To aid strategic development , data collection and business analytics;

19. To manage our relationship with advertisers and partners;

20. To enable us to provide the Service Platform through the use of appropriate technological services;

21. To audit usage of the Service Platform;

22. To enable us to implement behavioural analytics; and

23. Purposes directly related or incidental to any of the above

    1. By agreeing to this Policy, you hereby grant us your consent for sharing your information including your Personal Data, with Third Parties, including Third Parties situated outside India, for the Permitted Uses, and in all instances henceforth in pursuance of Clause 3 of this Policy.

3. DISCLOSURE OF YOUR PERSONAL DATA

   1. Personal Data will also be used to facilitate communication, and processing of internal administrative and record keeping. We do not rent, sell or otherwise disclose Personal Data we collected from you. We will keep the Personal Data we hold confidential and take steps to prevent unauthorised disclosures of the same to the best of our ability. However, you agree we may disclose such information to:

1. our personnel, employees, agents, advisers, auditors, contractors, financial institutions, and service providers to the extent reasonably necessary for the provision and maintenance of the Services or in connection with any of our operations. Please note that we do not authorise such agents, advisors, auditors, contractors, financial institutions, and service providers to use or disclose the information except as necessary to perform Services on our behalf or to comply with legal requirements;

2. our overseas affiliates, business partners and counterparts (if any);

3. the requisite persons in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violation of the Terms or the Policy;

4. persons under a duty of confidentiality to us;

5. persons to whom we are required to make disclosure to comply with Applicable Laws, a court order, a request from law enforcement or other legal process;

6. transfer Personal Data about you if we are acquired by or merged with another company;

7. reveal general statistical information about our Service Platform and visitors, such as number of visitors as may be required from time to time; or

8. actual or proposed transferees or participants of our Services.

   1. In the event of a merger, reorganisation, acquisition, joint venture, assignment, spin-off, transfer, asset sale, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all Personal Data to the relevant Third Party with the same rights of access and use. Please note that this may result in your Personal Data being transferred outside India.

   2. Further, you agree that we may aggregate (gather up data of all Users) information and disclose such information in a non-personally identifiable manner to advertisers and other Third Parties for other marketing and promotional purposes. We do not share Personal Data that personally identifies you with advertisers, such as your name or email, unless expressly authorised by you.

   3. Notwithstanding the above, by agreeing to this Policy you agree that we may share your Personal Data without obtaining your prior consent with: (i) Government Authorities mandated under the Applicable Laws to obtain information including Personal Data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution and punishment of offences; and (ii) any Third Party by an order passed by any competent Governmental Authority under the Applicable Laws for the time being in force.

4. CHANGE OF PURPOSE

   1. We will only use your Personal Data for the Permitted Use as specified above, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the Permitted Use. If you wish to get an explanation as to how the processing for the new purpose is compatible with the Permitted Use please contact us at [Insert email address].

   2. If we need to use your Personal Data for an unrelated purpose, you will be duly notified by us with an explanation as to the legal basis which allows us take such an action.

5. USE OF COOKIES AND SIMILAR TECHNOLOGY

   1. We may automatically track certain information about you based upon your behaviour on our Service Platform or while accessing our Services. You agree that we may use such information to do internal research on our Users' demographics and behaviour to better understand, protect and serve our Users. This information is compiled and analysed on an aggregated basis.

   2. Cookies are small text files of letters and numbers that record your preferences to uniquely identify your browser and are stored on your browser or the hard drive of your computer or other device if you agree ("Cookies").

   3. The Service Platform uses Cookies to distinguish you from other Users using the Service Platform. This helps us to provide you with a good experience when you browse the Service Platform and also allows us to improve the Service Platform. By continuing to browse the Service Platform, you are agreeing to our use of Cookies. Usage of a Cookie is in no way linked to any personally identifiable information on our Service Platform.

   4. Please note that Third Parties (including, for example, advertising networks and providers of external services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

   5. We may use certain Third Party web analytics services on the Service Platform such as Google Analytics. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse how visitors use the Service Platform. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to evaluate use of the Service Platform. These analytic services may use the data collected to contextualise and personalise the marketing materials of their own advertising network.

   6. You have the ability to accept or decline Cookies. Most web browsers automatically accept Cookies. However, Customers may block all Cookies (including essential Cookies) by activating the setting on your browser that allows you to refuse the setting of all or some Cookies. However, if you use your browser settings to block all cookies (including essential Cookies), you may not be able to access all or parts of the Service Platform.

6. Security

   1. What we do

1. We use our internal servers and a cloud infrastructure provider for storing all information and for hosting the Service Platform. We place your Personal Data in an encrypted database. Some of the safeguards we use to protect your information are firewalls, data encryption, disaster recovery plans and information access controls. However, no security system is perfect and we cannot promise that your Personal Data will remain secure in all circumstances, including the security of your data during transmission to us or the security of data on your Service Platform.

2. We subject some of our tools and infrastructure to regular checks by Third Party agencies and restrict access to your Personal Data by our personnel on a need-to-know basis only. Once we have received your Personal Data, we will use strict procedures and security features to try to prevent, as far as is reasonably possible, unauthorised access to your Personal Data.

3. You shall accordingly agree that we shall not be held liable for any accidental dissemination of Personal Data that has occurred in spite of our best efforts and procedures to maintain confidentiality.

   1. What you should and should not do

You should always keep your username and password strictly confidential and should not share these details with anyone. In public areas, you should exercise caution and not leave your mobile/device unattended especially whilst logged into the Service Platform. The use of established malware and virus protection software and apps for your device is recommended. We will not be liable for any loss or damage arising from unauthorised access to your Account on the Service Platform due to any failure to comply with these precautions.

2. Please remember that if you post any of your Personal Data in public areas of the Service Platform, such information may be collected and used by others over whom we have no control.

3. If you suspect any misuse or loss or unauthorised access to your Personal Data, please let us know immediately. Please raise your concern with [Insert email address] in the first instance, and we will investigate the matter and update you as soon as possible on the next steps.

7. DATA RETENTION

   1. We will only retain your Personal Data for as long as it is necessary to fulfil the Permitted Use we collected it for, including for the purposes of complying with any legal, regulatory, tax, accounting or reporting obligations. It may be archived as long as we believe that the Permitted Use for which it was used still exists or as necessary for our legitimate business interests or for complying with legal obligations.

   2. To determine the appropriate retention period, we consider the categories, nature and sensitivity of Personal Data, the potential risk of harm from unauthorised use or disclosure of the Personal Data, the Permitted Use for which we process the Personal Data, if we can achieve the purpose through other means, and the applicable legal requirements.

   3. In most cases, we keep the information you provide for the duration of our relationships, plus a reasonable period in order to be able to run regular deletion routines or to take into account the applicable statute of limitation period or if required under Applicable Laws.

   4. If you decide to delete your Account on our Service Platform, we will delete all such data within a reasonable time after the termination of your Account or after cessation of the subject matter to which such Personal Data relates, subject to retention for purposes of complying with Applicable Laws, resolving disputes, enforcing the terms of our Privacy Policy and protecting our Intellectual Property Rights. However, it is clarified that we cannot ensure that any Personal Data stored with Institutions and/or Third Parties is deleted by such Institutions and/or Third Parties. Please note that some of your Personal Data may still exist within our systems, for example, if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our personnel will not have any access to it or use it.

   5. Your Personal Data may be transferred to and stored in locations outside of India by us where necessary to fulfil the Permitted Use as described in this Policy. Please note that those countries may not have the same data protection laws as India and your Personal Data will be subject to applicable foreign laws. When we transfer your Personal Data to other countries, we will protect that information in the manner described in this Policy and comply with the applicable Data Protection Laws of India for such transfer.

8. YOUR CONSENT AND RIGHTS

   1. Request Correction: You have the right to request correction of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of any new data you provide to us.

   2. Request Erasure: You have the right to request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You may also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to Object to Processing (as per Clause 9), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with Applicable Laws. However, please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

   3. Object to Processing: You have the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a Third Party), provided that you can sufficiently justify the reason for such an objection to processing, for example if you believe that the same impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. We shall not process your Personal Data for marketing purposes or other specific purposes after you communicate your objection to us. However, please note that, in some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your rights and freedoms.

   4. Request Restriction of Processing: You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:

1. If you want us to establish the accuracy of your Personal Data;

2. Where our use of your Personal Data is unlawful but you do not want us to erase it;

3. Where you need us to hold your Personal Data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or

4. You have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.

   1. You further have the following rights:

1. To check whether we hold Personal Data about you and to access such data; and

2. To ascertain our policies and practices in relation to Personal Data and the kind of Personal Data held by us.

   1. Please send requests for such objections, access to data, correction of data, information regarding policies and practices and kinds of data held, questions or complaints to [Insert email address]. We reserve the right to charge a reasonable fee for processing any data access request(s). Moreover, it is clarified that Hyperion cannot ensure that Institutions and/or Third Parties comply with such requests.

9. RIGHT TO OPT-OUT

   1. You have provided us your Personal Data in connection with the use, browsing, and access of the Service Platform and to process any application for Services from us, where failure to supply such Personal Data may result in the application for Services being rejected.

   2. We cannot use your Personal Data without your consent. By accepting this Policy you are providing your consent to the use and processing of the Personal Data as provided above. You have the right to opt-out or withdraw consent to the use of such Personal Data by writing to us at [Insert email address]. Such opt-out will not apply to any Third Party to whom you have consented or shall consent to the provision of your Personal Data.

   3. Please note that if you do not wish Hyperion to use your Personal Data in direct marketing and do not wish to receive direct marketing materials by phone, SMS, mail, email, fax or any other communication channels and/or do not wish Hyperion to provide your Personal Data to any other persons for their use in advertising and marketing, whether or not such persons are members of Hyperion, except where you have applied for or will apply for any service that is provided by Hyperion jointly with a Third Party, you may avail the ‘Opt-Out’ option given in such marketing emails/messages. Such Opt-out will not apply to such co-branding partners and/or Third Parties to whom you have consented or shall consent to the provision of your Personal Data separately.

10. CHILDREN’S PERSONAL DATA

Unless otherwise indicated, you are only allowed to use our Service Platform if you are over the age of 18 (eighteen) years. We will only process information about children with the express consent of the parent(s) or legal guardian(s), or when the information is provided to use by the parent(s) or legal guardian(s). This information that we collect will only be used by us to provide Services.

11. OTHER APPLICATION/SERVICE PLATFORMS

Our Services and Service Platform may contain links to Third Party applications/websites. Please note that when you click on one of these links, you are entering another application/website over which we have no control and will bear no responsibility. We do not own or control these Third Party applications and when you interact with them you may be providing information directly to them or us or both. Such information provided by you is only processed for the purposes of the legitimate interests pursued by the Third Party. Often these Third Party applications require you to enter your Personal Identification Information and further, use and collect your Personal Data. The Third Party in accordance with its privacy policy and the terms of the offer utilises this information. Since we do not control the privacy practices of these Third Parties, we encourage you to read the privacy statements/policies on all such applications/websites before deciding to use their services as their policies may differ from our Policy and Terms. You agree that we shall not be liable for any breach of your privacy of Personal Data or loss incurred by your use of these applications/websites. This Policy does not apply to information that you provide to, or that is collected by, any Third Party, such as social media platforms that you use which are not in connection with our Services. We encourage you to consult directly with such Third Parties about their privacy practices.

12. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update, change or modify this Policy at any time to comply with Applicable Law or to meet our changing business requirements. The amendment to this Policy shall come to effect from the time of such update, change or modification. We will provide you notice of any changes to the Policy. You are encouraged to check and read this Policy from time to time to familiarise yourself with such updates, as they will be binding on you. Continued use of the Service Platform or availing our Services constitutes agreement of the Users to the terms contained herein and any amendments thereto.

13. SERVICE PROVIDERS

    1. We may use a variety of Third Party service providers to help us provide the Services relating to our Service Platform. Service providers may be used for the following purposes:

1. To authenticate your identification information and documents;

2. To process your payments;

3. To check information against public databases;

4. For fraud prevention and risk assessment;

5. To allow the provision of Services through Third Party applications and software tools;

6. To provide customer service;

7. For marketing; and

8. To process and handle claims.

   1. The Third Party service providers shall have limited access to your Personal Data for performance of the above tasks and in accordance with our strict directions and policies. Such service providers shall be bound by the same standards of data protection as we are under this Policy. Please note that we do not authorise these Third Party service providers to use or disclose Personal Data except as necessary to perform the above mentioned purposes on our behalf or comply with legal requirements.

14. NON-PERSONAL INFORMATION COLLECTED BY US

    1. Non-personal data or information is the information that does not personally identify you. When you visit and interact with the Service Platform or a Third Party with whom we have contracted to provide services, non-personal information, like a list of pages visited by you, could be collected.

    2. We may collect data by using web beacons, clear GIFS, pixel tags or similar means, which will inform us when you visit the Service Platform, non-personal information like the areas of the Service Platform you visit, your operating system, your browser version, and your URL, can be identified, which can be used to enhance your online experience by understanding your web usage patterns.

    3. We may use or disclose non-personal information for any purpose from time to time, for instance, we may embed e-mail addresses with images. In such cases where we combine non-personal information with Personal Data, the combined information will be treated by us as Personal Data as per this Policy.

15. DIRECT MARKETING

    1. We intend to use your Personal Data in advertising and marketing of our Services. We may also provide your Personal Data to social media platforms/other applications for their use in direct marketing, whether or not such persons belong to Hyperion.

    2. We may conduct direct marketing via, email, direct mail, and other means of communication or send e-newsletters to you. However, please note you will receive direct marketing communications from us if you have requested information from us and you have not opted out of receiving such direct marketing.

16. TEXT MESSAGING

    1. If you so elect, you may provide your mobile phone number in order to receive text message alerts containing product and event information, cosmetics tips or promotion (including WhatsApp messages for Indian Users) ("Text Messages"). We do not charge a fee for you to receive Text Messages from us, however, your mobile service provider may charge you for sending and/or receiving text messages and air time, as well as any other standard applicable rates charged by a mobile service provider. If you elect to receive them and later decide that you would no longer like to receive these Text Messages, see the "Right to Opt-Out" as per Clause 10 above.

    2. Text Messages are distributed via a Third Party mobile network providers and, therefore, we cannot control certain factors relating to message delivery or guarantee availability or performance of this service, including liability for transmission delays or message failures.

17. PUSH NOTIFICATIONS AND IN-APP ALERTS AND UPDATES

When you access our Service Platform, we may provide you with the option to opt in to receive push notifications from us on your smartphone, or personal devices. These push notifications may include promotional communications regarding our Services. Please note that, you can opt-out of receiving push notifications by adjusting the settings on your smartphone, or personal devices. Opting-out of push notifications will not affect other communications you receive from us such as email communications. You may receive alerts and updates within the Service Platform regarding our Services or your Account. To opt out of receiving these alerts and updates, you may uninstall the Service Platform from your smartphone or personal devices.

18. DATA PROTECTION

    1. We will: (i) comply with all applicable Data Protection Laws and privacy laws applicable in India; (ii) comply with all standards in India that relate to Data Protection Law and privacy laws and the privacy and security of your Personal Data; (iii) refrain from any action or inaction that could cause breach of any data protection and privacy laws; (iv) do and execute, or arrange to be done and execute, each act, document and thing we deem necessary in our business judgement to keep us compliant with the Data Protection Laws and privacy laws; and (v) immediately report theft or loss of Personal Data.

    2. Any Personal Data collected or accessed by us shall be limited to that which is strictly necessary to perform our obligations in relation to the Services offered through our Service Platform or to fulfil any legal requirements. We shall use such Personal Data only as necessary in this regard and not for any other purpose. We shall maintain such Personal Data in strict confidence in accordance with the provisions of this Clause. We shall not share any Personal Data that is collected or possessed by us with any Third Party for any reason except as expressly stated in the Terms and this Policy.

    3. You agree that other than as stated in this Policy, we shall have the right to collect and/or use or analyze the Personal Data on an anonymised basis and in no way shall the Personal Data be used in a way that can lead to or reveals your identity.

    4. We advise you not to include Sensitive Personal Data in any emails you may send to us. Please do not send credit/debit card numbers or any other Sensitive Personal Data to us via email.

19. INDEMNITY AND LIMITATION OF LIABILITY

    1. For any breach of the provisions of this Policy, Hyperion shall indemnify you in accordance with the indemnification and limitation of liability provisions set forth in the Terms.

    2. We make no claims, promises or guarantees about the accuracy, completeness, or adequacy of the contents available through the Service Platform and expressly disclaim liability for errors and omissions in the contents available through the Service Platform.

    3. No warranty of any kind, implied, expressed or statutory, including but not limited to the warranties of non-infringement of Third Party rights, title, merchantability, fitness for a particular purpose and freedom from computer virus, is given with respect to the contents available through the Service Platform or its links to other internet resources as may be available to you through the Service Platform.

    4. References on the Service Platform to any specific commercial products, processes, or services or the use of any trade, firm or corporation name is for the information and convenience of the public and for the benefit of the User, and does not constitute endorsement, recommendation, or favouring by Hyperion.

    5. Please note that we cannot guarantee the security of Personal Data. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of the User’s Personal Information at any time.

    6. We shall not be liable for any loss or damage sustained by reason of any disclosure (inadvertent or otherwise) of any Personal Data concerning the User’s Account and particulars nor for any error, omission, or inaccuracy with respect to any information so disclosed and used.

20. GRIEVANCE OFFICER

    1. In the event you have any grievances or questions about the Policy or if you wish to make a complaint regarding any violation of the provisions of the Policy and the way your Personal Data is processed, you may contact us at the details as set out below, pursuant to which your grievance shall be acknowledged within 48 (forty eight hours) and redressed within 1 (one) month from the date of receipt of grievance/complaint.

    2. The details of Our Grievance Officer are as follows:
       Name: [•]
       Email ID: [•]
       Contact Number: [•]

21. DISPUTE RESOLUTION, GOVERNING LAW AND JURISDICTION

1. Any complaint or dispute can be raised in writing to us at [Please insert email address].

2. If any disputes or claims arising under these Terms or the Privacy Policy or out of or in connection with the execution, interpretation, performance, or non-performance of these Terms or the Privacy Policy or in respect of the scope, validity or application of the Terms or the Privacy Policy, or the subject matter hereof ("Dispute"), representatives of the Parties shall cooperate, in good faith, to attempt to amicably resolve the Dispute.

3. All disputes that cannot be resolved by the Parties by discussion shall be settled by arbitration in accordance with the Arbitration Rules of the Mumbai Centre for International Arbitration, which rules are deemed to be incorporated by reference in this Clause. The arbitral tribunal shall consist of 3 (three) arbitrators with 1 (one) arbitrator being appointed by the claimant Party, 1 (one) by the respondent Party respectively and the 2 (two) appointed arbitrators appointing the 3rd (third) arbitrator. The seat of the arbitration shall be New Delhi, and the venue of arbitration shall be New Delhi. The language of the arbitration shall be English. The decision of the arbitral tribunal shall be final, binding and incontestable and may be used as a basis for judgment thereon anywhere. Judgment upon any arbitral award rendered hereunder may be entered in any court having jurisdiction, or application may be made to such court for a judicial acceptance of the award and an order of enforcement, as the case may be. This clause shall survive the expiration or the termination of this Agreement.

4. Each Party to the arbitration shall cooperate with each other Party to the arbitration in making full disclosure of and providing complete access to all information and documents requested by such other Party in connection with such arbitration proceedings, subject only to any confidentiality obligations binding on such Party or any legal privilege applicable to any such information and/or documents. Each Party shall bear its own costs of the arbitration.

22. ASSIGNMENT

We may assign any of our rights and/or responsibilities/obligations to any other person without notice to the User, at our sole discretion. However, you shall not assign, sub-license or otherwise transfer any of your rights or obligations under these Terms to any other party, unless we provide our written consent. Any assignment without such consent shall be void and have no effect. Subject to the foregoing, the Terms will be binding upon, and inure to the benefit of, the Parties and their respective permitted successors and assigns.

23. SEVERABILITY

If any term or provision of this Policy is held by a court of competent jurisdiction to be invalid, void or unenforceable, the remainder of the terms and provisions of this Policy shall remain in full force and effect and shall in no way be affected, impaired or invalidated.

24. WAIVER

The failure of a Party at any time to insist on performance of any provision of the Terms is not a waiver of that Party's right at a later time to insist on performance of that or any other governing provision of the Terms.

25. NOTICES

Any notice given under the Terms by either Party to the other must be in writing, by email, or by electronic communication via the Service Platform and will be deemed to have been given on transmission, unless the recipient can satisfactorily establish that the email or electronic communication was not received by the recipient’s email or web server. Notices to Hyperion must be sent by email to [.] or to any other email address notified by email to the Users by Hyperion, or by electronic communication via the Service Platform from time to time for such purpose. Notices to the Users shall be sent to the email address provided when registering for setting up their Hyperion Account or by such other electronic communication via the Service Platform.

26. THIRD PARTIES

No Third Party shall have any right or benefit under the Terms or entitlement to enforce any provision of the Terms.

Last updated: [19th September 2025]