10  Legal & Compliance (India‐Based)

Note: Operating guidelines; not legal advice. The Company will update these clauses as laws evolve.

10.0.1 Employment & Working Conditions

• Complies with applicable state Shops and Establishments requirements and wage/tax laws as they apply to remote employees.

• Leaves, holidays, working hours follow Company policy and applicable state law; client requirements may add obligations (with notice).

10.0.1.1 Additional Pointers:

1. State‑specific rules may apply based on your place of work; People Ops will advise.

2. Client contracts can impose stricter norms; the stricter standard applies for that engagement.

10.0.2 Tax Deduction at Source (TDS) & Payroll

• For employees, statutory tax deductions (e.g., TDS on salary, PF/ESI where applicable) will be deducted and deposited per law; Form 16 (as applicable) will be provided annually.

• Employees must submit investment declarations/proofs by deadlines to enable accurate withholding.

• For contractors/freelancers, TDS may be deducted on invoices as per applicable provisions; certificates issued as required by law.

10.0.2.1 Additional Pointers:

1. Timesheets (if applicable) are due by Friday 23:59 IST for the current week.

2. Submit investment proofs by the HR‑announced deadline to avoid higher withholding.

10.0.3 Data Protection & Privacy

• The Company processes personal data in line with applicable Indian data‑protection requirements (including the Digital Personal Data Protection framework) and, where applicable, client‑mandated regimes (e.g., GDPR).

• Privacy point of contact: privacy @pythonaisolutions.com. Report suspected data incidents immediately.

10.0.3.1 Additional Pointers:

1. Treat any client‑identifiable info as Confidential unless marked otherwise.

2. Minimize data collection: only gather what’s needed for the task.

3. Report suspected breaches immediately; faster is always better than perfect.

10.0.4 IP, Confidentiality & OSS

• All work products created in the course of employment/engagement is Company IP; do not expose source code or confidential materials publicly without approval.

• Use open‑source software in compliance with license obligations and Company OSS policy; record third‑party components and licenses in project docs.

10.0.4.1 Additional Pointers:

1. Check OSS licenses before importing; avoid copyleft where client policies forbid it.

2. Maintain a third‑party components list and licenses in the repo.

3. Never publish client code/snippets in portfolios without written approval.

10.0.5 Record Retention & Monitoring

• Store business records in Company systems; retention per policy/contract. Limited, proportionate monitoring of Company systems may occur for security and compliance.

10.0.5.1 Additional Pointers:

1. Store official records in Shared Drive, not personal folders.

2. Follow contract‑mandated retention; when in doubt, ask manager.

3. Monitoring is proportional and limited to Company systems for security/compliance.

10.0.5.2 Legal Bindings

• Data Subject Requests: Route all access/erasure/consent withdrawal requests to privacy @pythonaisolutions.com; log the request and do not take action directly.

• Cross‑Border Data: Use approved processors and Standard Contractual Clauses/DPDP‑aligned terms as applicable; consult Legal before transfers.

• Audit Readiness: Keep timesheets, approvals, and key decisions in the PM tool/Drive/Slack; avoid side channels for official records.