Data Protection Laws and Privacy Rights Under the Digital Security Act

GDPR Privacy Policy The right to privacy was an intrinsic element of the promise of the right to life and personal liberty protected under Article 32 of the Constitution, and that it included, at its core, a negative obligation to not violate the right to privacy and a positive right to take all actions necessary to protect the right to privacy. The right to privacy is a part of the rights to 'life' and 'personal liberty' enshrined under the Constitution. The said right cannot be curtailed "except according to procedure established by law." The Digital Security Act was enacted to ensure national data security and develop laws regarding data crime identification, prevention, suppression, trial, and other related matters. The Digital Security Act covers all kind of data processing including usage, saving, and transmission and all kinds of data which may even relate to critical information infrastructure. In addition, it has expressly covered certain types personal data under the term 'identity information . Under the Digital Security Act, the NDSC (National Data Security Council) has been entrusted with the authority to formulate and issue data protection guidance as and when required. However, for executive matters such as blocking content or decrypting a data source, the Digital Security Agency ('DSA') has the executive power. The Digital Security Act covers all kind of data processing including usage, saving, and transmission and all kinds of data which may even relate to critical information infrastructure. In addition, it has expressly covered certain types personal data under the term 'identity information'.

Under the Digital Security Act, the NDSC (National Data Security Council) has been entrusted with the authority to formulate and issue data protection guidance as and when required. However, for executive matters such as blocking content or decrypting a data source, the Digital Security Agency ('DSA') has the executive power. The Digital Security Act covers all kind of data processing including usage, saving, and transmission and all kinds of data which may even relate to critical information infrastructure. In addition, it has expressly covered certain types personal data under the term 'identity information'. The General Data Protection Regulation (GDPR) came into force on 25th May 2018 and will replace the Data Protection Directive. GDPR is designed to improve data privacy laws across Europe, to protect individuals data privacy and change the way organizations approach data processing. Nazihar IT Solution Limited understands the importance of our clients personal data. It is very important to us that our clients have confidence in how we handle their personal data as well as the corporate data and the steps we take to secure and protect their data s and the database under the prevalent enforced law of the Digital security Act enshrined by the constitution. Nazihar IT Solution Limited is free to enter into contracts and consensus between parties to determine their relationship in defining terms related to personal data, personal sensitive data, data which may not be transferred out of or into Bangladesh, and the mode of handling the same The Contract Act, 1872 can be applied to the issue of data protection that has been generally governed by the contractual relationship between parties. These provisions implicitly impose responsibility over Nazihar IT solution Limited i.e. possessing, dealing, or handling any sensitive personal data or information for the consumer, to implement and maintain reasonable security practices in order to avoid wrongful loss or wrongful gain to the owner of such data. Section 52 of the Consumers' Rights Protection Act, 2009, whoever, in violation of any prohibition under any law for the time being in force, does any act which is detrimental to a service receiver's life or security, shall be punishable under the prevalent enshrined law of the country. Under Section 53, any service provider who by its negligence, irresponsibility, or carelessness damages the service receiver's finances or health, or causes death, shall be punishable by the enforced Digital Security Act of the state.

Public sector There is no separate law on this subject. However, under the Digital Security Act, if any person commits or aids and abets in committing an offence under the Official Secrets Act, 1923 through computer, digital device, computer network, digital network, or through any other digital medium, then they will be punished with a term of imprisonment not exceeding 14 years or with a fine not exceeding BDT 2.5 million (approx. 24,740) or with both. Main regulator for data protection Under the Digital Security Act, the NDSC (National Data Security Council) has been entrusted with the authority to formulate and issue data protection guidance as and when required. However, for executive matters such as blocking content or decrypting a data source, the Digital Security Agency ('DSA') has the executive power. DATA SUBJECT RIGHTS The data protection laws of Bangladesh do not expressly grant any data subject rights, except for those agreed in the relevant contract of data usage (such as prior specific informative consent). This applied all of the below rights:

Who We Are Company Name: Nazihar IT Solution Limited Company Certificate of incorporation Number: C-156302/2019 A Registered Company In: Dhaka, Bangladesh. Registered Address: Sagufta De Laurel (3rd Floor), 1/2 Kamalapur Bazar Road, Motijheel, Dhaka-1217. Nazihar IT Solution Limited is in conformity to abide by The Digital Security Act of 2018, and it is in allegiance to heed to safeguard the corporate consumer official secrets protection with the pervasive laws of the country. .For the purposes of the Data Protection Act 2018, the General Data Protection Regulations and any other applicable data protection and privacy laws and regulations ( Data Protection Legislation ), Nazihar IT Solution Limited will be the datacontroller for all personal information that we determine the means and purpose of processing. By PersonalData we refer to information collected or held by Nazihar IT Solution Limited that identifies and relates to you as an individual or business. The information we may collect your personal data by means forms or by telephone, email, fax, or post. We may collect this data in the following ways: This might include the following: Personal information to enable us to provide our professional services to you. This will often include your name, address, email and preferred contact details. We may also need to collect information such as your national insurance number and , Company Authentication Code, Company Certificate of incorporation number, Account Office reference and VAT number as well as financial details. Information that you provide to us via our forms, emails, letters, telephone, fax or otherwise. This information may include your name, email address, telephone number and postal address etc; Any other information that you choose to send to us and for which you gave your consent for us to use.

What Do We Do With The Information We Collect? The information we collect and process is required for us to be able to perform our Contractual obligations. Where we have your permission to do so, we may also use the information collected to: provide you with information about our services that we offer via promotional communications; and keep you up-to-date via our newsletters, however, you can opt-out of any of these data uses at any time by sending us an email to: info@nazihargroup.com.

Legal Basis of Processing Nazihar IT Solution Limited will only process client s information for as long as we have a relevant legal basis to do so. This is usually in order to provide our clients with the contractual services they request from Nazihar IT Solution Limited or if clients have provided us with adequate consent to process their information for other purposes. Nazihar IT Solution Limited may use the legal basis of legitimate interests to process your information but this will always be after a careful consideration to ensure that the processing is balanced and reasonable. If Nazihar IT Solution Limited choose to process your information under the legal basis of legitimate interests, it will always inform you of our legitimate business interest and your right to object.

Data Retention Nazihar IT Solution Limited will only retain the personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Data Security We have taken reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal or official data. We will store all the personal data you provide in secure servers or systems. However, we cannot guarantee the security of any data you choose to send to us over the internet and if you choose to send such information to us via the internet, you do so at your own risk. The BTC Software we use is password encrypted to keep your data secure. All the Personal Data collected by us and stored electronically is held on a secure server in the Nazihar IT Solution Limited only. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our building and files, and we authorize access to Personal Data only for those who require it to fulfil their job responsibilities. The divulgence or any breach or leakage of information or data from the client s end is subject to punitive action in accordance to the book of law and the prevalent NDSC (National Data Security Council) Act.

Sharing Your Information With Others Clients have rights in relation to any Personal Data that we hold about you. If you wish to access your Personal Data you may make a formal subject access request by contacting Nazihar IT Solution Limited. The information you request must relate to you or another person that you have authority to act on their behalf contacting Nazihar IT Solution Limited may require a confirmation of your ID prior to providing any information about the data we hold. The rights you have in relation to the Personal Data we hold regarding you are: the right to rectify any inaccuracies in the information we hold; the right to expunge of information in specific circumstances; the right to request transfer of client s information to another controller; and (reciprocal agreement) the right to object to processing in certain circumstances. If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent Nazihar IT Solution Limited will immediately cease processing the information in question. Please send your request to Nazihar IT Solution Limited by contacting us at -info@nazihargroup.com. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Further details regarding these rights can be found on the www. naziharitsolution.com

Changes To This Privacy Policy We may change this Privacy Policy at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Data. Contact and Complaints If you have any queries about this Privacy Policy or how we process your personal data, or if you wish to exercise any of your legal rights, you may contact Nazihar IT Solution Limited-- by email: info@nazihargroup.com by telephone: 09611200600 or by post: Sagufta De Laurel (3rd Floor), 1/2 Kamalapur Bazar Road, Motijheel, Dhaka-1217. If our clients are not satisfied with how we are processing your personal data, they can make a Contact to the concerned data controller of Nazihar IT Solution Limited. Our clients can find out more about your rights under applicable data protection laws from the Information of Nazihar IT Solution s Official website: www.naziharitsolution.com

Penalties As per the Digital Security Act, if any person without any legal authority collects, sells, takes possession, supplies, or uses any person's identity information, unauthorized access in critical information infrastructure ('CII'), Illegal entrance to a computer, digital device, or computer system, Damage to a computer or computer system, Offences relating to a computer source code change, Digital or electronic forgery, Digital or electronic fraud, Identity fraud, Punishment for collecting or using identity information without permission, Cybercrime, Regarding e-transactions without legal authority, Illegal transferring, saving, etc. of data or information, Hacking-related offences, Offences under the Technology Act, Tampering with a computer source code, Hacking a computer system, Disclosure of confidentiality and privacy then such person will be penalized with offences under the digital security act enforced by the law of the country.