How Cordiant handles personal information.

Article 1Statement and Scope

Cordiant Tech Gurus Pvt Ltd ("Cordiant", "we", "us") respects your privacy. This Policy describes how we collect, use, disclose, and protect personal information through our website at cordiant.com and through the Cordiant products deployed at customer properties.

This Policy covers two distinct contexts:

• The Cordiant website (cordiant.com). When you visit our website, request a demo, contact us, subscribe to communications, or otherwise interact with us, Cordiant is the data controller for the personal information you provide.
• The Cordiant deployed product. When Cordiant's products are deployed at a customer hotel brand or restaurant brand, the application and the data reside inside the brand's own Oracle Cloud Infrastructure tenant. The brand is the data controller for guest, employee, and operational data; Cordiant acts as a data processor under the brand's instructions and within the brand's tenant boundary.

This Policy applies to both contexts and is in addition to any data processing agreement, customer contract, or property-level privacy notice that governs a specific deployment.

Article 2Information We Collect Through cordiant.com

2.1 Information You Provide Directly

When you interact with cordiant.com you may give us information including:

• Your name, business email address, business phone number, job title, and the company you represent
• The contents of any message, demo request, briefing request, or communication you send to us
• Information related to scheduling a meeting or demonstration
• Information you provide if you apply to work with Cordiant or contract with Cordiant in any other capacity

2.2 Information Collected Automatically

When you visit cordiant.com, we automatically collect limited technical information that is standard for any website operation, including: Internet Protocol (IP) address; browser type and version; device type and operating system; pages visited, time on page, and referring URL; approximate geographic region inferred from IP address; and cookie identifiers as described in Article 5.

We use this information to operate the website, secure it against abuse, understand aggregate visitor behaviour, and improve content. We do not use it to build advertising profiles of identified individuals.

2.3 Information We Do Not Collect

Cordiant.com does not request, accept, or process special categories of personal data (including health, biometric, genetic, racial or ethnic origin, religious beliefs, or sexual orientation), nor children's personal data. Do not submit such information through the website. If you submit it inadvertently, we will delete it on becoming aware of it.

Article 3How We Use Your Information

Cordiant uses the personal information you provide and the technical information we collect to:

• Respond to your enquiries, demo requests, and other communications
• Schedule and prepare for meetings and product demonstrations
• Send you information about Cordiant products, services, and events that you have requested or that are reasonably relevant to your professional role, with a clear way to opt out of every such communication
• Manage commercial relationships with customers, prospects, distributors, and channel partners
• Operate, secure, and improve cordiant.com
• Comply with legal obligations and enforce our agreements

We do not sell or rent personal information. We do not use personal information collected through cordiant.com to train or develop artificial-intelligence models that are exposed to anyone other than Cordiant.

Article 4When We Share Information, and With Whom

Cordiant shares personal information only as set out below:

• Service providers. We engage a small number of vetted service providers — for example, hosting, email delivery, customer-relationship management, and meeting scheduling — to operate our business. These providers are contractually bound to process personal information only on Cordiant's instructions and to maintain appropriate security.
• Distributors and channel partners. Where you have engaged Cordiant through a distributor, reseller, or channel partner, we may share necessary information with that partner to deliver the service or respond to your request. Such partners are contractually bound to data-protection obligations no less rigorous than those Cordiant follows.
• Legal and regulatory. We may disclose information when required by law, court order, or other legal process, or where we believe in good faith that disclosure is necessary to protect rights, property, safety, or to investigate fraud or violation of our Terms.
• Corporate transactions. If Cordiant is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to confidentiality obligations and continued protection consistent with this Policy.

Cordiant does not sell personal information to advertisers, data brokers, or any other third party for monetary or other valuable consideration.

Article 5Cookies and Similar Technologies

Cordiant.com uses a minimal set of cookies and similar technologies. We use strictly-necessary cookies to operate the website, and a limited set of analytics cookies to understand aggregate visitor behaviour and improve content. Where required by applicable law, we obtain your consent before placing non-essential cookies. You can manage cookies in your browser settings. Disabling strictly-necessary cookies may impair website functionality.

Article 6Data Retention

We retain personal information for as long as is necessary for the purposes set out in this Policy, the duration of our relationship with you, and any additional period required to comply with legal, accounting, or contractual obligations. Specifically: enquiry and demo-request information is retained for the period needed to manage the relationship and a reasonable follow-up window thereafter; commercial records are retained for periods required by applicable tax and corporate law; technical logs are retained for short, defined periods consistent with security and operational needs.

Article 7Your Rights

Depending on the jurisdiction in which you reside, you may have rights with respect to your personal information including:

• Access. The right to obtain confirmation of, and a copy of, the personal information we hold about you
• Correction. The right to correct or update personal information that is inaccurate or incomplete
• Deletion. The right to ask us to delete personal information, subject to legal retention obligations
• Portability. The right to receive your personal information in a portable format and, where technically feasible, to have it transmitted directly to another controller
• Restriction and Objection. The right to ask us to restrict processing, or to object to processing based on legitimate interests or for direct marketing
• Withdrawal of consent. Where processing is based on consent, the right to withdraw that consent at any time without affecting prior lawful processing
• Complaint. The right to lodge a complaint with a competent supervisory authority

These rights apply, among others, under the EU General Data Protection Regulation (GDPR), the U.K. GDPR and Data Protection Act 2018, the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA), India's Digital Personal Data Protection Act 2023 (DPDP Act), Singapore's Personal Data Protection Act 2012 (PDPA), and equivalent legislation in other jurisdictions. To exercise any right, contact us at privacy@cordiant.com. We respond within the timeframes required by applicable law.

Article 8International Data Transfers

Cordiant is incorporated in India and may engage service providers in other jurisdictions. When personal information is transferred across borders, we use appropriate safeguards required by applicable law, which may include Standard Contractual Clauses, the U.K. International Data Transfer Addendum, transfer-impact assessments, or equivalent mechanisms.

For the deployed Cordiant product, the position is different and stronger: the application and the data live inside the brand's own Oracle Cloud Infrastructure tenant, in the brand's chosen region. Cross-border transfers from the brand's tenant are governed by the brand and the data-processing agreement between the brand and Cordiant, not by Cordiant alone.

Article 9Cordiant Deployed Product — Data Handling

The Cordiant deployed product is architected so that the application and the data do not leave the brand's cloud. The deployment model is as follows:

• The product runs inside the brand's Oracle Cloud Infrastructure tenant, under the brand's tenancy and access controls
• The brand is the data controller for guest, employee, operational, and commercial data processed by the product
• Cordiant acts as a data processor under the brand's instructions, governed by a written data-processing agreement
• Cordiant does not export, replicate, or aggregate brand or guest data into Cordiant's own systems
• Cordiant does not use brand or guest data to train models, build profiles, or deliver services to any third party
• Each brand's deployment is logically and contractually isolated from every other brand's deployment

Where guests of a hotel or restaurant have rights with respect to their personal information processed by the Cordiant deployed product, those rights are exercised against the brand as controller, with the brand directing Cordiant to assist as required. Cordiant supports brands in fulfilling those obligations under the data-processing agreement.

Article 10Security

Cordiant maintains technical, organisational, and contractual measures designed to protect personal information against unauthorised access, alteration, disclosure, loss, and destruction. These include role-based access controls, encryption in transit and at rest, principle of least privilege, periodic access reviews, vendor diligence, and incident-response procedures. No system is perfectly secure; if you believe your interaction with Cordiant has been compromised, contact us promptly at security@cordiant.com.

Article 11Children's Privacy

Cordiant.com is intended for business audiences. We do not knowingly collect personal information from children under the age of 16 (or the equivalent minimum age in the jurisdiction of the user). If you believe a child has provided personal information to us through cordiant.com, contact us at privacy@cordiant.com and we will delete it.

Article 12Changes to This Policy

Cordiant reviews this Policy at least annually and may amend it from time to time to reflect changes in law, technology, or our practices. The current version, with effective date and version number, is published at cordiant.com/privacy-policy.html and as a downloadable PDF at cordiant.com/Cordiant-Privacy-Policy.pdf. Material changes will be communicated to active customers and channel partners through the contact channels of the underlying agreement.

Article 13Contact

Questions, requests to exercise rights, or complaints regarding this Policy or Cordiant's privacy practices may be directed to:

For matters concerning personal data processed by the Cordiant deployed product at a specific brand, contact the brand directly as the data controller, or contact privacy@cordiant.com and we will route the request appropriately under the data-processing agreement in force.