SupabaseAuthHandler Component Loaded
SEBI Registered Investment Advisor|Registration No.: INA000022437
Sitemap

Privacy Policy

1. Introduction

1.1. Finspurt Analytics Private Limited (“Finspurt”, “Company”, “we”, “us” or “our”) is committed to protecting the privacy and security of personal data of users and clients in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and rules thereunder, the SEBI (Investment Advisers) Regulations, 2013 and other Applicable Laws.

1.2. This Privacy Policy explains how we collect, use, store, share, retain and protect personal data when you visit or use our website www.finspurt.com (“Website”) or avail our investment advisory and related services (“Services”).

1.3. By accessing the Website or availing our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your personal data in the manner described herein, to the extent such processing is based on consent under the DPDP Act.

2. Regulatory Status and Role under DPDP Act

2.1. Finspurt is / will be registered with the Securities and Exchange Board of India (SEBI) as an Investment Adviser under the SEBI (Investment Advisers) Regulations, 2013.

2.2. For the purposes of the DPDP Act, Finspurt acts as a Data Fiduciary in relation to the personal data it collects and processes about clients, prospective clients, website users and other natural persons (“Data Principals”).

2.3. We process personal data strictly in accordance with:

  • The DPDP Act and rules thereunder;

  • The Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, where applicable; and

  • SEBI’s requirements on confidentiality, record keeping and investor protection under the IA Regulations.

3. Scope and Application

3.1. This Privacy Policy applies to personal data processed by Finspurt in connection with:

  • Use of the Website (including forms, tools, calculators and contact interfaces);

  • Onboarding, engagement and servicing of clients for investment advisory and allied Services; and

  • Communications, marketing and grievance redressal activities undertaken by Finspurt.

3.2. This Privacy Policy does not apply to third party websites, applications or services which may be linked from the Website, and Finspurt is not responsible for their privacy practices.

4. Categories of Personal Data Collected

Depending on your interaction with us, we may collect the following categories of personal data, as permitted by Applicable Law:

4.1. Identification and Contact Data

  • Name, residential / correspondence address, email address, mobile / telephone number, date of birth, gender, nationality, PAN, Aadhaar (if voluntarily provided and permitted by law), signature, photograph and similar identifiers.

4.2. KYC and Regulatory Data

  • KYC documents and information (e.g., proof of identity, address proofs), risk profiling information, FATCA/CRS-related declarations, occupation details, source of funds, tax residency and other information required under SEBI regulations, anti money laundering laws or other regulatory requirements.

4.3. Financial and Investment Data

  • Income details, assets and liabilities, bank account details (limited to what is necessary for fee payment / refunds), investment portfolio details, transaction history, risk appetite, financial goals and other information required to provide investment advice and to assess suitability.

4.4. Technical and Usage Data

  • IP address, device identifiers, browser type and version, time zone setting, operating system, pages viewed, access times, referring website addresses, cookie data and similar online identifiers generated when you visit or use the Website.

4.5. Communication Data

  • Records of communications with you, including emails, messages, call logs, meeting notes and query/grievance details, as required for record keeping and regulatory compliance.

4.6. Consent and Preferences Data

  • Records of your consents, privacy preferences, marketing preferences and any nominations made under the DPDP framework.

We do not intentionally collect personal data of minors (persons below 18 years) except where legally authorised by their lawful guardian and in compliance with the DPDP Act.

5. Lawful Basis and Purpose of Processing

5.1. We process personal data only for lawful purposes and on appropriate legal bases, including:

  • Consent: Where we rely on your free, specific, informed, unconditional and unambiguous consent, obtained by a clear affirmative action (e.g., ticking a checkbox, submitting a form).

  • Legal Obligation: To comply with obligations under SEBI regulations, KYC/AML laws, tax laws, DPDP Act, IT Act and other Applicable Laws.

  • Performance of Contract: To enter into and perform our client agreement, provide advisory Services, and respond to your pre contractual inquiries.

  • Legitimate Uses permitted under the DPDP Act, such as reasonable purposes notified by the Central Government.

5.2. Typical purposes for which we process personal data include:

  • Onboarding, verifying identity and conducting due diligence of clients;

  • Assessing risk profile and suitability of products as required under the IA Regulations;

  • Providing investment advice and related Services;

  • Communicating with you regarding Services, transactions, alerts and administrative information;

  • Complying with SEBI’s record keeping, reporting and inspection requirements;

  • Responding to queries, grievances and rights requests under the DPDP Act;

  • Website operation, security, fraud prevention, analytics and improvement of Services; and

  • Marketing our Services (to the extent permitted by law) with appropriate consent and opt out mechanisms.

6. Cookies and Online Tracking

6.1. The Website may use cookies, pixels and similar technologies to:

  • Maintain sessions and enable core site functionality;

  • Remember your preferences;

  • Analyse Website usage and performance; and

  • Enhance security and prevent abuse.

6.2. You can manage or disable cookies through your browser settings; however, certain parts of the Website may not function properly if cookies are disabled.

6.3. Where cookies or similar technologies are used for analytics or marketing that rely on consent, we will obtain your consent through a clear mechanism and allow you to withdraw it at any time.

7. Data Sharing and Disclosures

7.1. We may share personal data with the following categories of recipients, strictly on a need to know basis and subject to appropriate contractual safeguards:

  • Regulators and Authorities: SEBI, stock exchanges, tax authorities, law enforcement or other governmental authorities, where required under law or regulatory directions.

  • Service Providers / Data Processors: IT infrastructure providers, cloud computing providers, KYC/AML service providers, analytics and communication tools, payment service providers and professional advisers, engaged under contracts that require them to act only on our instructions and implement adequate security measures.

  • Group entities / Affiliates: Where necessary for centralised operations, compliance, risk management or as permitted by law.

  • Other Persons: Where you expressly authorise us to share data with third parties (e.g., your other advisers or family members), or where such disclosure is mandated to protect our legal rights or defend claims.

7.2. Finspurt does not sell your personal data. Any use of personal data for marketing or cross selling is subject to consent and opt out rights under the DPDP Act.

7.3. Disclosures of client information are also constrained by SEBI’s confidentiality requirements, which prohibit an investment adviser from divulging confidential client information without prior permission, except where required by law.

8. Cross Border Transfer of Personal Data

8.1. Personal data may be processed or stored on servers located in India or in other jurisdictions, subject to Applicable Law and any restrictions notified under the DPDP Act.

8.2. Where personal data is transferred outside India, we will ensure that such transfer is permissible under the DPDP Act and applicable government notifications and that reasonable measures are taken to ensure comparable protection for your personal data in the recipient jurisdiction.

9. Data Retention

9.1. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law or regulatory requirements.

9.2. SEBI regulations require investment advisers to maintain records such as KYC records, risk profiling and suitability documentation, client agreements and correspondence for prescribed minimum periods (for example, not less than five years or such extended duration as SEBI may specify).

9.3. After the applicable retention period, personal data will be securely erased, anonymised or archived in compliance with the DPDP Act and any record keeping obligations.

10. Data Principal Rights

Subject to the conditions and exemptions under the DPDP Act, you as a Data Principal have the following rights in relation to your personal data:

10.1. Right to Access / Information

To obtain a summary of your personal data being processed by us and the processing activities undertaken.

10.2. Right to Correction and Updating

To request correction, completion or updating of your personal data that is inaccurate or incomplete.

10.3. Right to Erasure

To request erasure of personal data when it is no longer necessary for the specified purposes, when consent is withdrawn and there is no other lawful basis, or when required by law, subject to our regulatory and record keeping obligations.

10.4. Right to Withdraw Consent

Where processing is based on consent, you may withdraw such consent at any time, without affecting processing already undertaken before withdrawal; however, this may impact our ability to provide or continue Services.

10.5. Right to Grievance Redressal

To register grievances with our Data Protection / Grievance Officer and, if unsatisfied, to approach the Data Protection Board of India as per the DPDP Act.

10.6. Right to Nominate

To nominate another individual to exercise your rights in case of death or incapacity, in accordance with the DPDP Act.

11. How to Exercise Your Rights

11.1. You may exercise your rights or raise any privacy related queries by contacting us at:

Email: compliance@finspurt.com

11.2. As required by the DPDP Act and related rules, we will provide a convenient mechanism (such as a web form / portal) for submitting Data Principal requests and grievances, and we will endeavour to respond within the timelines 30 days.

11.3. For security and legal reasons, we may verify your identity and seek additional information before responding to a request, and may decline certain requests where permitted or required by law (for example, where access may adversely affect the rights of others or conflict with regulatory obligations).

12. Security Measures

12.1. We implement reasonable technical and organisational security measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, consistent with the DPDP Act, IT Act and industry good practices.

12.2. Such measures may include access controls, encryption, secure storage, firewalls, intrusion detection, regular security assessments and staff training on data protection and confidentiality.

12.3. While we strive to protect your personal data, no system or transmission over the internet can be guaranteed as completely secure; any transmission is at your own risk.

13. Personal Data Breach Notification

13.1. In the event of a personal data breach that is likely to cause significant harm to Data Principals, Finspurt will notify the Data Protection Board of India and, where required, the affected Data Principals, providing relevant information and remedial steps, in accordance with the DPDP Act and applicable rules.

13.2. We may also notify relevant regulators such as SEBI or CERT In where required under the IT Act and its rules.

14. Obligations of Users

14.1. You are responsible for ensuring that the information you provide to us is accurate, complete and up to date.

14.2. You must not provide personal data of another person without lawful authority or without having obtained their consent where required; by providing such data you represent that you are authorised to do so under the DPDP Act.

14.3. You shall use the Website in compliance with our Terms and Conditions, this Privacy Policy and Applicable Law, including the IT Act and DPDP Act, and must not engage in unauthorised access, data scraping or similar activities.

15. Relationship with SEBI and Confidentiality

15.1. As a SEBI registered Investment Adviser, Finspurt is bound by regulatory obligations regarding confidentiality of client information and may not divulge confidential information without prior client consent, except where required to be disclosed in compliance with any law or regulatory requirement.

15.2. Our privacy and data handling practices are designed to satisfy both SEBI’s investor protection framework and the DPDP Act’s data protection requirements.

16. Changes to this Privacy Policy

16.1. We may update or revise this Privacy Policy from time to time to reflect changes in law (including amendments or rules under the DPDP Act), regulatory guidance, technology or our data processing practices.

16.2. Material changes will be notified by updating the “Last Updated” date and, where appropriate, by an on site notice or direct communication. Your continued use of the Website or Services after such changes constitute your acknowledgement of the revised Policy.

16.3. The current version of this Privacy Policy as published on the Website shall supersede all prior versions.

17. Governing Law and Dispute Resolution

17.1. This Privacy Policy shall be governed by and construed in accordance with the laws of India, including the DPDP Act, the IT Act and SEBI regulations.

17.2. Subject to any dispute resolution framework mandated under the DPDP Act or SEBI regulations, the courts at Thane, Maharashtra shall have exclusive jurisdiction over disputes arising out of or in connection with this Privacy Policy.