PivotIQ Ventures Private Limited

Effective: October 2025

1. Introduction

PivotIQ Ventures Private Limited ("PivotIQ," "we," "us," or "our") is committed to protecting the personal data and privacy rights of individuals in India. This Privacy Policy describes our practices in full compliance with India's Digital Personal Data Protection Act, 2023 (DPDP), which governs the processing of digital personal data. This policy applies whenever we process the personal data of Data Principals in India, regardless of residency.

2. Definitions

● Data Principal: The individual to whom the personal data relates.

● Data Fiduciary: PivotIQ, the entity that determines the purpose and means of processing personal data.

● Data Processor: An entity that processes personal data on behalf of the Data Fiduciary.

● Personal Data: Any data about an individual who is identifiable by or in relation to such data.

● Processing: Any operation or set of operations performed on personal data, including collection, storage, use, transfer, or deletion.

● Consent: Free, specific, informed, and unconditional indication by the Data Principal, signifying acceptance of the processing of their personal data for a specified purpose.

3. Scope and Application

This policy applies to the processing of personal data:

● Of users, clients, personnel, and third-parties inside India.

● Collected digitally in India.

This policy does not apply to anonymized data or data made public by law or by the Data Principal.

4. Data We Collect

We collect, process, and store the following categories of Personal Data necessary for our business operations:

● Contact details (name, email, phone, address)

● Professional information (title, organization, history)

● Financial and billing information

● Device and browser data (for digital platforms)

● Communication records

● Marketing and website usage data

● Any other data required for our consulting business or by applicable law

We do not intentionally collect sensitive data unless required by project scope or law, in which case additional safeguards and notices will apply.

5. Purposes and Legal Basis of Processing (Consent and Legitimate Uses)

We process personal data for:

● Service delivery, client relationship management, and communication.

● Marketing (with appropriate consent).

● Legal, compliance, and accounting obligations.

● Business operations, analytics, and security.

Our legal basis for processing Personal Data under the DPDP Act includes:

● Consent: Explicitly obtained consent from the Data Principal (which must be free, informed, and unconditional).

● Specified Legitimate Uses: Processing for certain purposes where consent is deemed unnecessary, such as:

○ Compliance with any law.

○ Fulfilling any obligation under employment.

○ Responding to a medical emergency.

○ Processing for reasonable purposes as may be specified.

6. Consent, Choices, and Updates

We obtain consent per DPDP standards where required. Consent is always freely given, specific, informed, and unconditional.

Data Principals may withdraw consent at any time. The withdrawal of consent must be easy to access and exercise. Withdrawal does not affect the legality of processing done before the withdrawal.

7. Data Principal Rights

Data Principals have the right to:

● Access: Right to obtain a summary of personal data being processed and the processing activities.

● Correction and Erasure: Right to seek correction and completion of inaccurate, incomplete, or misleading personal data, and to request erasure of personal data.

● Grievance Redressal: Right to have grievances addressed.

● Withdrawal of Consent: Right to withdraw previously granted consent.

● Nomination: Right to nominate a representative who can exercise their rights in the event of their death or incapacity.

We will facilitate these rights and respond within the legal timeframe.

8. Data Security and Retention

We implement technical and organizational measures for the integrity, confidentiality, and resilience of personal data, including:

● Encryption and pseudonymization where appropriate.

● Access and security controls.

● Incident response protocols.

Data retention is for as long as necessary for the purpose collected, and as required by Indian law, followed by secure deletion or anonymization.

9. International Data Transfers

Outbound transfers of personal data outside India are permitted, except to jurisdictions that may be restricted by the Central Government of India. Data transferred cross-border will always be subject to robust security and regulatory compliance.

10. Data Breach Notification

If a data breach occurs likely to result in risk to your rights, we will notify the Data Protection Board of India and affected Data Principals without undue delay. We will provide information about the breach and recommended next steps.

11. Children’s Privacy

We do not knowingly process the data of minors below 18 years. Where processing is required, we will obtain verifiable parental or guardian consent as required by law.

12. Third Parties and Subprocessors

We may share data with:

● Subprocessors, contractors, advisors, and IT providers, always under contract and strict controls.

● Legal/government authorities under valid request.

● Affiliated entities, merger/acquisition stakeholders with proper notification and safeguards.

13. Automated Processing

Where we use automated systems (such as analytics or profiling):

● We ensure the processing aligns with the stated purposes and legal basis.

● Data Principals maintain the right to correction, completion, and erasure regarding data used in such systems.

14. Accountability and Documentation

We maintain accurate and complete internal records of our processing activities.

Data Protection Officer:

Anagha Dhaneshwar

15. Grievance Redressal and Complaints

You may contact us or our Data Protection Officer about any privacy question, request, or complaint.

● Indian Data Principals may escalate matters to the Data Protection Board of India if not resolved internally first.

17. Governing Law

This policy and all processing activities are governed by Indian law and jurisdiction, specifically the Digital Personal Data Protection Act, 2023.

18. Contact Us

PivotIQ Ventures Private Limited

Registered Office:

Nakshatra, Abhiyanta Colony, Savedi, Ahilyanagar

India

Data Protection Officer:

Anagha Dhaneshwar

Email: anagha.dhaneshwar@pivotiq.in

Phone: +91-9033050602

General Privacy Inquiries:

Contact@pivotiq.in

This policy was last updated October 2025.