Hanshills & Co. - Where Capital Meets Strategy

Effective Date: 19.9.2025
Company: HansHills & Co. Private Limited ("HansHills", "we", "our," or "us")

1. Introduction

HansHills & Co. Private Limited ("HansHills") values the privacy of every individual who interacts with us, whether as an investor, entrepreneur, business partner, service provider, consultant, employee, or visitor to our website. In the course of our activities, HansHills collects, stores, processes, and shares personal information. We recognise that such data is entrusted to us, and we are committed to handling it with the highest degree of integrity, transparency, and security. This Privacy Policy has been drafted in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), together with applicable sectoral regulations including those issued by the Securities and Exchange Board of India ("SEBI"). By interacting with HansHills or by using our website, you acknowledge and accept the terms of this Privacy Policy.

2. Categories of Information Collected

HansHills collects personal information from a variety of sources. Such information may include: (i) identity information such as full name, title, date of birth, nationality, PAN, Aadhaar, passport or other identification details; (ii) contact information including telephone numbers, postal addresses, and email addresses; (iii) business or professional details such as job title, designation, company affiliation, and corporate documents; (iv) financial information such as bank account details, payment records, investment amounts, and related transactional data; (v) technical information including IP addresses, cookies, metadata, device identifiers, browsing behaviour, and geolocation information; and (vi) any other information voluntarily provided to HansHills in correspondence, forms, surveys, or meetings. Sensitive personal data such as passwords, biometric identifiers, and health information is not ordinarily collected. In rare cases where such data is necessary (for example, regulatory filings or background verification), HansHills will only process it with explicit consent and under strict safeguards.

3. Manner of Collection

HansHills may collect data directly from you when you submit forms, documents, or applications, enter into agreements, participate in due diligence processes, or communicate with us via email or telephone. We may also collect information from third-party sources such as publicly available databases, professional references, regulatory filings, credit rating agencies, or service providers engaged for KYC and compliance checks. Additionally, information may be automatically collected through your use of our website or platforms by means of cookies, server logs, and analytics tools. All such collection is carried out fairly, lawfully, and in a manner that ensures transparency.

4. Purpose of Processing

The personal information collected by HansHills is processed for legitimate and lawful business purposes. These purposes include: (i) onboarding investors, portfolio companies, consultants, and employees; (ii) conducting KYC verification, due diligence, background checks, and compliance monitoring; (iii) performing investment transactions, drafting agreements, and fulfilling contractual obligations; (iv) maintaining statutory registers and records required under the Companies Act, SEBI regulations, and tax laws; (v) complying with obligations relating to prevention of money laundering, fraud detection, and reporting of suspicious activities; (vi) maintaining communication with investors, partners, and stakeholders for updates, disclosures, and reporting; (vii) managing internal operations, audits, and governance; and (viii) securing our IT systems, monitoring website usage, and improving user experience.

5. Legal Basis of Processing

HansHills processes personal data only where lawful grounds exist under applicable laws. These include: (i) consent of the data principal, such as when information is voluntarily provided; (ii) necessity for the performance of a contract or pre-contractual obligations, for instance in the execution of investment or service agreements; (iii) compliance with legal obligations under Indian laws such as SEBI regulations, Companies Act, and Income Tax Act; and (iv) pursuit of legitimate business interests including operational efficiency, investor relations, and corporate governance, provided such interests do not override fundamental privacy rights of individuals.

6. Disclosure and Sharing of Data

HansHills may share personal information with affiliates, group entities, and subsidiaries to enable smooth functioning of business operations. We may also disclose information to service providers such as IT support, cloud storage vendors, background verification agencies, legal counsel, auditors, or consultants, subject to confidentiality agreements. Disclosures may be made to governmental authorities, regulators, courts, or law enforcement agencies where mandated by law. In cases of mergers, acquisitions, restructuring, or sale of business assets, personal data may be transferred to counterparties with adequate safeguards. Importantly, HansHills does not engage in the sale, rental, or unauthorised commercial exploitation of personal data.

7. Retention of Data

Personal information is retained only as long as necessary for the purpose for which it was collected or for periods mandated under applicable laws. For example, accounting and tax records may be preserved for up to 8 years under the Income Tax Act, while corporate records under the Companies Act may be required indefinitely. Once the purpose of retention ceases or the legal retention period expires, data will either be securely deleted, anonymised, or archived in compliance with applicable rules.

8. Cross-Border Data Transfers

In limited circumstances, HansHills may transfer personal data outside India, for example when utilising global service providers or cloud-based solutions. Such transfers will be undertaken only where permitted by the DPDP Act or applicable rules, and subject to ensuring that the receiving jurisdiction or entity provides a level of protection comparable to Indian law.

9. Security Safeguards

HansHills maintains reasonable security practices as mandated under the IT Act and DPDP Act. These include encryption, firewalls, intrusion detection systems, role-based access, and secure storage solutions. Employees and third-party contractors are bound by confidentiality and data protection obligations. Regular audits and monitoring are carried out to ensure compliance. However, no system can guarantee absolute security. In case of a personal data breach likely to cause harm, HansHills will notify the affected individuals and the Data Protection Board of India as required under the DPDP Act.

10. Rights of Individuals

Individuals whose data is collected ("Data Principals") have specific rights under Indian law, including: (i) the right to seek confirmation on whether their personal data is being processed; (ii) the right to access such data; (iii) the right to request correction or updating of inaccurate or incomplete data; (iv) the right to request erasure where data is no longer required for the stated purpose; (v) the right to withdraw consent for data processed on the basis of consent; and (vi) the right to raise grievances before HansHills or escalate them to the Data Protection Board. Requests may be exercised by contacting the Grievance Officer, and HansHills shall endeavour to respond within the statutory timelines prescribed by law.

11. Use of Cookies and Website Data

Our website uses cookies and similar technologies to enhance functionality, analyse usage patterns, and improve services. These may include session cookies, persistent cookies, and third-party analytics cookies. By continuing to use the website, you consent to the use of such cookies. Users may configure their browsers to disable cookies, but certain website functionalities may be impaired. The website may also contain links to third-party websites, and HansHills disclaims responsibility for the privacy practices or content of such external sites.

12. Grievance Redressal Mechanism

In compliance with the DPDP Act, HansHills has appointed a Grievance Officer to handle queries and complaints relating to the processing of personal data. Individuals may contact the officer using the details provided below. Complaints will be acknowledged within a reasonable period and addressed in accordance with statutory timelines.

13. Policy Revisions

HansHills reserves the right to update or amend this Privacy Policy at any time in line with changes to law, regulatory requirements, or internal practices. Updated versions will be posted on our website with a revised effective date. Continued engagement with HansHills after such updates shall be deemed acceptance of the revised terms.