Tenneco Clean Air India Limited (referred to in this Privacy Statement as "Tenneco Clean Air India", "Tenneco India", "we", "us", or "our") is part of the Tenneco Group. We are a market-leading Tier 1 supplier of critical, highly engineered and technology-intensive automotive components and solutions, serving leading Indian and global original equipment manufacturers (OEMs). Our solutions support both the Indian market and export markets.

For purposes of the DPDPA, we are the "Data Fiduciary" (the entity that determines the purpose and means of processing Personal Data). We may engage third parties as "Data Processors" to process Personal Data on our behalf under contract.

This Privacy Statement applies to Personal Data we process in connection with:

• Our websites and digital properties intended for India users (including tennecoindia.com and pages that link to this Privacy Statement).
• Business communications and inquiries (including requests sent to our published India contact emails).
• Recruitment and hiring interactions (including when you apply for roles or submit your profile).
• Supplier, contractor, and business partner onboarding and management.
• Investor relations and corporate governance communications.
• Events, marketing, newsletters, and similar communications where you choose to engage.

This Privacy Statement does not apply to third‑party websites or platforms that we do not control (for example, social media or video platforms), even if our websites link to them.

What we collect depends on how you interact with us. We may collect the following categories of Personal Data:

A. Information you provide directly

• Identity and contact details (e.g., name, email address, telephone number, postal address).
• Professional details (e.g., employer, job title, department, business contact information).
• Inquiry and communication details (e.g., messages you submit; email correspondence).
• Recruitment information (e.g., resume/CV, education, work history, qualifications, interview notes, references where provided).
• Investor relations communications (e.g., meeting requests and query details).
• Any other Personal Data you choose to provide when engaging with us.

B. Information collected automatically (online identifiers and usage)

• Device and connection information (e.g., IP address, browser type, operating system, language settings).
• Usage data (e.g., pages viewed, clicks, time spent, referring URLs).
• Cookie and similar technology data (see 'Cookie Information').
• Security and integrity logs (e.g., logs used for security monitoring and fraud prevention).

C. Information we may receive from other sources

• From Tenneco Group companies and shared service functions (e.g., IT, HR, audit, compliance) where needed for legitimate business purposes.
• From recruitment sources (e.g., recruiting platforms, referees) where permitted.
• From service providers that support our websites or communications (e.g., hosting and email services).

We process Personal Data only for lawful purposes. Under the DPDPA, processing is based on your consent or on certain legitimate uses permitted by law.

Our primary legal bases include:

• Consent (where required). The DPDPA requires consent to be free, specific, informed, unconditional, unambiguous, and provided through a clear affirmative action.
• Certain legitimate uses under the DPDPA (for example, when you voluntarily provide Personal Data for a specified purpose and you have not indicated you do not consent).
• Compliance with legal obligations and responding to lawful requests.
• Contractual necessity or steps at your request prior to entering a contract (e.g., recruitment steps, supplier onboarding).

Purposes

We may process Personal Data for the purposes below. We will only use Personal Data for identified purposes, or compatible purposes permitted by law:

• To respond to inquiries and provide requested information.
• To operate, maintain, and improve our websites, including troubleshooting and performance.
• To manage customer, supplier, partner, and other stakeholder relationships.
• To administer recruitment and hiring processes (screening, interviewing, selection, and onboarding steps).
• To communicate corporate updates, investor relations information, and newsroom content.
• To protect our rights, safety, and security (including preventing fraud and maintaining system integrity).
• To comply with applicable law, regulatory requirements, and enforce our policies.

Our India website uses cookies and similar technologies. When you visit tennecoindia.com, you can use the cookie banner / consent preferences tool to manage cookie categories (for example, Necessary, Functional, Analytics, Performance, and Advertisement) and to accept, reject, or customize your preferences.

You can manage your preferences at any time using the site's 'Cookie Settings' or 'Consent Preferences' controls.

A. Cookies and similar technologies

• Cookies: small text files stored on your device.
• Local storage/session storage: browser storage used to remember preferences and support site functions.
• Tags/pixels/web beacons: code used to measure engagement and performance.
• Embedded third‑party content: content hosted by third parties (e.g., video/social media) that may set cookies or collect data when you interact with it.

B. Our approach to cookie transparency and validation

Cookie inventories can change frequently as website components, plugins, embedded content, and analytics/advertising configurations change. For that reason, the authoritative list of cookies (including cookie names and durations) is the live cookie preference center available from the website's cookie banner and footer controls.

In addition, tennecoindia.com includes standard website platform text (for example, describing potential comment, login-related cookies, and embedded content behaviors). Such text may describe functionality that is available on some sites or configurations; however, the authoritative source for what is active on tennecoindia.com at the time of your visit is the live cookie preference center and the features you actually use.

C. Cookie and tracking inventory (high-level)

The table below provides a high-level inventory based on (i) the cookie categories displayed in the cookie banner and (ii) WordPress framework behaviors described on the governance page.

We may share Personal Data:

• Within the Tenneco Group for legitimate business purposes (e.g., shared IT, audit, compliance, HR support).
• With Data Processors and service providers that process data on our instructions (e.g., hosting, IT support, recruitment systems), under contractual requirements.
• With professional advisors (e.g., legal and audit) where necessary.
• With regulators, government agencies, and law enforcement where required or permitted by law.
• In connection with corporate restructurings or transactions, subject to safeguards.

We retain Personal Data only as long as necessary for the purposes described in this Privacy Statement, unless longer retention is required by law.

DPDPA requires erasure of Personal Data when (a) you withdraw consent, or (b) it is reasonable to assume the specified purpose is no longer being served, unless retention is required for compliance with law.

Illustrative retention approach (examples)

• Website logs: typically retained for a limited period for security and troubleshooting.
• Inquiry and contact communications: retained for relationship management, audit, and follow-up.
• Recruitment data: retained for a period necessary to manage hiring decisions and comply with legal requirements.
• Cookies: retained for the duration defined in the cookie preference center or the cookie's technical lifespan.

Tenneco is a global organization. Your Personal Data may be transferred to and processed in countries outside India (including the United States) for the purposes described above.

Where we transfer Personal Data outside India, we implement appropriate safeguards consistent with applicable law, including contractual, technical, and organizational measures.

A. DPDPA notice and multi-language access

Under the DPDPA, when we seek consent we provide a notice that informs you of: (i) the personal data to be processed and the purposes; (ii) how to exercise rights; and (iii) how to complain to the Data Protection Board of India. The notice must be accessible in English or any language specified in the Eighth Schedule to the Constitution.

B. Consent, withdrawal, and Consent Managers

DPDPA requires consent to be free, specific, informed, unconditional and unambiguous, signified by a clear affirmative action. You may withdraw consent at any time, and withdrawal should be as easy as giving consent.

You may also give, manage, review, or withdraw your consent through a Consent Manager registered with the Data Protection Board of India, where applicable.

C. Your rights as a Data Principal

Subject to applicable law and certain exceptions, you may have the following rights:

• Right to access information about Personal Data processed by us.
• Right to correction and erasure of Personal Data.
• Right of grievance redressal.
• Right to nominate another person to exercise your rights in the event of death or incapacity.

D. Duties of Data Principals

DPDPA also recognizes certain duties of Data Principals (for example, not impersonating another person and providing information that is not false or frivolous).

E. Personal data breaches

DPDPA defines a 'personal data breach' broadly, and requires Data Fiduciaries to take reasonable security safeguards to prevent breaches. If a personal data breach occurs, we must notify the Data Protection Board of India and affected Data Principals in the form and manner prescribed.

We implement reasonable technical and organizational safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, loss, or destruction. Safeguards may include access controls, least privilege, encryption where appropriate, monitoring, and incident response.

Our websites and services are not directed to children. Under the DPDPA, a 'child' is an individual under 18 years. Where required by law, we will obtain verifiable consent from a parent or lawful guardian before processing a child's Personal Data.

Our websites may include links to third‑party websites or platforms. We do not control those third parties and are not responsible for their privacy practices. Please review the third party's privacy policy.

If you have questions about this Privacy Statement, wish to exercise your rights, or want to raise a privacy grievance under the DPDPA, please contact us. We may need to verify your identity before fulfilling a request, to protect you and prevent unauthorized disclosures.

We may update this Privacy Statement from time to time. We will post updates on this page and update the 'Last Updated' date.

Personal Data

Any data about an individual who is identifiable by or in relation to such data.

Processing

Operations performed on Personal Data (e.g., collection, storage, use, disclosure, erasure).

Data Principal

The individual to whom the Personal Data relates.

Data Fiduciary

The organization that determines the purpose and means of processing.

Data Processor

Any person who processes Personal Data on behalf of the Data Fiduciary.

Consent Manager

A person registered with the Board who enables Data Principals to manage consent via an accessible, interoperable platform.