പ്രാബല്യ തീയതി: 30 June 2026
HalaCap Consultancy Limited ("HalaCap", "Company", "we", "us", or "our") respects your privacy and is committed to protecting personal data collected through our website, forms, email, WhatsApp, phone calls, investor communications, client onboarding, and business interactions. Under India's Digital Personal Data Protection Act, 2023, privacy notices should clearly explain what data is collected, why it is collected, how it is used, and how individuals can exercise their rights.
1. Scope
This Privacy Policy applies to personal data collected from clients, prospective clients, investors, lenders, vendors, website visitors, and other persons who interact with HalaCap Consultancy Limited in connection with consultancy, fundraising, investment-related discussions, debt instruments, debentures, loans, equity participation, project reports, and other business support services.
This policy should be read together with any separate agreement, engagement letter, subscription document, loan agreement, debenture document, or investment contract executed with HalaCap.
2. Data We Collect
We may collect the following categories of personal data:
- Identity data, such as name, father's or spouse's name, date of birth, PAN, Aadhaar or other identification details where legally required.
- Contact data, such as address, email address, phone number, WhatsApp number, and communication preferences.
- Financial data, such as bank account details, UPI details, income information, investment capacity, source of funds, tax information, and payment records.
- KYC and compliance data, including documents and declarations needed for due diligence, anti-fraud checks, suitability review, and legal compliance.
- Transaction data, such as investment amount, loan amount, debenture subscription, equity participation, payment history, maturity details, profit-sharing details, and loss allocation terms.
- Technical data, such as IP address, browser type, device information, cookies, website usage logs, and form submissions.
- Communication data, including emails, call notes, chat messages, support requests, and meeting records.
A privacy notice should clearly identify data categories collected, purposes of processing, and any retention approach instead of relying on vague general statements.
3. How We Collect Data
We collect personal data:
- Directly from you when you contact us, fill out forms, subscribe, invest, lend, request consultancy, or sign agreements.
- From documents you provide for onboarding, KYC, suitability assessment, or transaction processing.
- From payment partners, banking channels, professional advisers, or lawful public sources where necessary.
- Automatically through website cookies, analytics tools, or server logs when you visit our online platforms.
4. Purposes of Processing
We may use your personal data for the following purposes:
- To evaluate and respond to enquiries.
- To onboard clients, investors, lenders, and business partners.
- To conduct KYC, identity verification, suitability checks, and risk assessment.
- To prepare, negotiate, execute, and administer consultancy agreements, equity agreements, debenture arrangements, and loan documents.
- To receive and process payments, maintain records, and issue confirmations or statements.
- To communicate updates relating to projects, investments, repayments, returns, risks, notices, and service changes.
- To comply with applicable laws, tax rules, contractual obligations, anti-fraud requirements, and lawful directions from authorities.
- To improve our website, services, communication, and customer experience.
- To send marketing or promotional communication where permitted by law or based on your consent.
Under DPDPA guidance, privacy notices should explain the specific purpose for which each class of data is processed and make any optional marketing use clear.
5. Data Sharing
We may share personal data only where reasonably necessary with:
- Banks, payment gateways, accountants, auditors, legal advisers, compliance professionals, and technology service providers.
- Regulatory authorities, courts, law enforcement agencies, or government bodies where disclosure is required by law.
- Counterparties, trustees, registrars, escrow agents, or transaction participants involved in a specific equity, debenture, loan, or consultancy arrangement.
- Service providers supporting hosting, communications, analytics, cloud storage, and document management.
Where third parties process personal data on our behalf, they should be bound by suitable confidentiality or data-processing obligations.
6. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, for the duration of the business relationship, and for any additional period required for legal, regulatory, tax, accounting, audit, dispute-resolution, or record-keeping purposes.
DPDPA guidance recommends stating retention periods or at least a retention approach that explains how deletion or anonymization happens after the purpose is complete.
7. Your Rights
Subject to applicable law, you may request access to your personal data, correction of inaccurate data, updating of incomplete data, withdrawal of consent where consent is the basis of processing, and deletion of personal data that is no longer required or legally required to be retained.
DPDPA-compliant privacy notices are expected to explain how people can seek access, correction, deletion, and related grievance redressal.
To exercise these rights, contact us using the details in Section 11 below.
8. Cookies and Website Data
Our website may use cookies or similar technologies to improve functionality, understand visitor behaviour, protect against misuse, and enhance user experience.
You may control cookies through browser settings, although disabling certain cookies may affect website functionality.
9. Security
We use reasonable administrative, technical, and organizational safeguards to protect personal data from unauthorized access, misuse, alteration, disclosure, or destruction.
Privacy guidance also recommends explaining security measures accurately and avoiding promises of absolute security.
10. Cross-Border Processing
If any service provider or platform used by HalaCap stores or processes data outside India, we may transfer data for legitimate business, technology, backup, communication, or service-delivery purposes, subject to applicable legal requirements and reasonable safeguards.
11. Contact and Grievances
For privacy requests, corrections, consent withdrawal, or grievances, please contact:
- HalaCap Consultancy Limited
- ഇമെയിൽ: info@halacap.com
- ഫോൺ: +91 484 2388 191
- മൊബൈൽ: +91 9995533488 / +91 7994400904
- രജിസ്റ്റർ ചെയ്ത വിലാസം: HalaCap Consultancy Limited, C/o. Azad Eramangalath, Vayalambam, Anjappalam, Methala, Kodungallur, Thrissur, Kerala - 680669