Privacy Policy

At TBS, data privacy is a fundamental value and an integral part of how we design, deliver, and operate our Enterprise Resource Planning (ERP) solutions and IT services. We recognize the importance of protecting personal data and respecting the privacy rights of individuals in an increasingly digital ecosystem.

This Data Privacy & Protection Policy establishes the principles, governance framework, and operational controls governing the collection, use, storage, sharing, and protection of personal data processed by the Company. The Policy is aligned with globally recognized privacy and data protection laws and standards.

Stakeholders

This Policy applies to: - All employees, consultants, contractors, and temporary staff - Business partners, vendors, and service providers - Clients and authorized users of our ERP systems - Website visitors, prospects, and applicants

Geographical Scope

This Policy applies globally to all personal data processed by the Company, irrespective of the location where the data is collected, stored, or processed.

The Company is committed to: - Upholding the highest standards of data privacy and protection - Embedding privacy into business processes and technology design - Ensuring compliance with applicable data protection laws - Protecting personal data against unauthorized access, loss, or misuse - Promoting transparency, accountability, and trust with stakeholders

The Company has established a structured Data Privacy Framework that integrates governance, risk management, and compliance mechanisms across business functions. This framework ensures consistent application of privacy principles throughout the personal data lifecycle.

Oversight of this framework is provided by the designated Privacy Leadership and Data Protection function.

The Company adheres to the following core privacy principles:

• Lawfulness, Fairness, and Transparency
  Personal data is processed lawfully, fairly, and in a transparent manner.
• Purpose Limitation
  Personal data is collected for specified, explicit, and legitimate purposes.
• Data Minimization
  Only data necessary for the intended purpose is collected and processed.
• Accuracy
  Reasonable steps are taken to ensure personal data is accurate and up to date.
• Storage Limitation
  Personal data is retained only for as long as required by business or legal needs.
• Integrity and Confidentiality
  Appropriate security measures are implemented to protect personal data.

Privacy considerations are embedded into the design and development of ERP systems, applications, and business processes. Privacy Impact Assessments (PIAs) are conducted using a risk-based approach during the early stages of projects to identify and mitigate privacy risks.

The Company continuously monitors global and local privacy regulations and ensures compliance through internal controls, policies, and procedures. Where required, external legal and compliance advisors are engaged to address regulatory changes and obligations.

Personal data may be processed for purposes including but not limited to: - ERP system access, authentication, and user management - Client onboarding, implementation, and support services - Contract management, billing, and financial operations - Information security, audit, and compliance activities - Human resources, recruitment, and workforce management

The Company respects the rights of individuals in relation to their personal data. Subject to applicable laws, individuals may exercise rights including access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

Requests are handled through a defined Data Subject Request (DSR) process within prescribed timelines.

The Company maintains a formal Privacy Incident Management process to detect, assess, respond to, and remediate privacy incidents and data breaches. Employees are required to promptly report suspected incidents. Corrective and preventive actions are implemented to minimize impact and prevent recurrence.

Disciplinary action may be taken for violations of this Policy in accordance with internal procedures.

The Company implements administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of personal data, including: - Role-based access controls - Encryption of data in transit and at rest where applicable - Secure IT infrastructure and monitoring - Periodic risk assessments and audits

Third parties processing personal data on behalf of the Company are subject to due diligence, contractual data protection obligations, and periodic compliance reviews. Privacy and confidentiality requirements are flowed down to suppliers and subcontractors.

Where personal data is transferred across borders, appropriate safeguards are implemented in accordance with applicable laws, including contractual and technical measures.

Mandatory data privacy training is provided to employees and relevant stakeholders to promote awareness, accountability, and compliance with this Policy and applicable laws.

The Company conducts periodic internal assessments and audits to evaluate the effectiveness of its privacy controls. Where necessary, independent third-party audits may be undertaken.

• Policy Owner: Data Privacy / Compliance Function
• Oversight: Senior Management
• Review Frequency: Annual or upon material regulatory change

This Policy may be updated from time to time to reflect changes in legal, regulatory, or business requirements. Updated versions will be formally approved and communicated.

For questions, concerns, or data subject requests, please contact:

TBS – Tema Business Systems Private Limited
Email: contact@tema-systems.com
Address: PR R One Towers, First floor, Jayabheri Enclave-2,
DLF Road, Near Radisson Hotel, Gachibowli,
Hyderabad, Telangana -500032.