1. Overview

Freedom Registry Limited (hereinafter “Fusion MF”) is committed to maintaining the confidentiality, integrity, and security of its investor data. Fusion MF handles sensitive personal data of investors, distributors, and other stakeholders. Access to such data is granted only to authorized users and third-party service providers under strict security protocols.

Fusion MF complies with relevant SEBI regulations, ISO 27001 standards, and applicable Indian Data Protection laws, and implements robust controls to prevent unauthorized access.

2. Objective / Purpose

This policy establishes guidelines for:

1. 1. Providing access to Fusion MF applications, data, and servers.

   2. Approved modes of access and authentication.

   3. Roles and responsibilities of internal users, distributors, investors, and third-party vendors.

   4. Monitoring, audit, and compliance mechanisms.

   5. Ensuring data protection in accordance with regulatory standards.

3. Scope

This policy applies to:

• • Fusion MF internal employees

  • AMC users

  • Distributors and intermediaries

  • Investors accessing Fusion MF digital platforms

  • Third-party vendors with authorized access to Fusion MF systems

4. High-Level Policy Statement

a) Fusion MF collects, records, and uses personal and sensitive data for fulfilling contractual obligations and regulatory requirements. All such data shall be used solely for intended purposes.

b) Personal data is stored securely, adhering to ISO 27001 standards. Key principles:

• • Fair and lawful collection and processing

  • Purpose limitation

  • Accuracy and currency

  • Data minimization

  • Security and confidentiality

c) Data access is granted on a need-to-know basis, and users must maintain confidentiality and use data only for authorized purposes.

5. Definitions

• • Access: Ability to read, update, create, delete, or copy data.
  • Data: All personal and financial information maintained by Fusion MF or its RTA.
  • Sensitive Personal Data or Information (SPDI): Includes PAN, UIN, mutual fund transactions, bank details, PINs, passwords, biometric data, medical data, or any information classified as sensitive by law.
  • User / User Entity: Any individual or entity authorized to access Fusion MF systems.
  • RTA: Registrar & Transfer Agent engaged by Fusion MF.

6. Terms & Conditions for Data Access

a) Security & Access Control

1. 1. Users must ensure devices connecting to Fusion MF servers are secured and protected.

   2. Access credentials (user ID, passwords) must be safeguarded; unauthorized sharing is prohibited.

   3. Fusion MF may require additional authentication (digital certificates, OTPs, or smart cards).

   4. Users must immediately report any loss, theft, or unauthorized access.

   5. Periodic password changes and strong password policies must be enforced.

b) Fusion MF Commitments

1. 1. Fusion MF ensures data is stored securely and used only for authorized purposes.

   2. Data may be shared with regulators, banks, distributors, or other stakeholders as required by law or contractual obligations.

   3. Fusion MF requires third-party vendors to adhere to equivalent or stricter data protection standards.

c) Data User Commitments

1. 1. Users must understand Fusion MF’s data protection and privacy policies.

   2. Users consent to the processing and sharing of data with authorized entities for account operations and regulatory compliance.

   3. Users agree to follow security protocols, instructions, and application usage norms.

   4. Users must not attempt to exceed privileges or reverse-engineer Fusion MF systems.

   5. Any bugs, errors, or security breaches must be reported promptly.

   6. User accounts and data access are personal and non-transferable.

d) Confidentiality & Intellectual Property

• • Users shall keep all technical, operational, and system-related information confidential.

  • Fusion MF’s intellectual property, including application design, source code, and database structures, is protected.

e) Anti-Bribery

• • Users must not offer any inducements to Fusion MF staff for unauthorized access.

  • Any solicitation must be reported immediately to Fusion MF’s Chief Information Security Officer (CISO).

f) Password Guidelines

• • Keep passwords confidential; do not reuse passwords across services.

  • Use strong passwords including uppercase, numbers, and special characters.

  • Avoid storing passwords in written or digital form.

  • Report lost or compromised passwords immediately.

g) Transactions, Internet Frauds & Technology Risks

• • Users are responsible for providing accurate information for transactions.

  • Fusion MF disclaims liability for delays, errors, or unauthorized access resulting from user negligence or external events.

  • Users accept inherent internet risks and agree to resubmit instructions if failures occur.

h) Liability

• • Users are not liable for unauthorized transactions caused by Fusion MF staff or negligence if promptly reported.

  • Users are liable if negligence contributes to loss, including improper handling of credentials.

  • Fusion MF is not liable for damages due to events beyond its control (natural disasters, cyberattacks, system failures).

i) Disclosure of Personal Information

• • Fusion MF may share personal data confidentially with regulators, banks, custodians, and other authorized parties for operational and legal compliance.

j) Proprietary Rights, Non-Transferability & Termination

• • Fusion MF intellectual property is protected and must not be duplicated or shared.

  • User access is personal and non-transferable.

  • Services may be terminated by the user or Fusion MF in case of breach or closure of accounts.

k) Notices

• • Notices may be given electronically, by hand, or by post to registered addresses.

  • General notices will also be published on Fusion MF’s website.

l) Governing Law & Arbitration

• • Indian law applies, with courts in Mumbai having jurisdiction.

  • Disputes may be resolved via arbitration under Indian Arbitration and Conciliation Act 1996.

m) Grievance Redressal

• • Users may contact the Fusion MF Grievance Officer for data privacy or security issues.

  • Complaints will be addressed within one month.