Privacy Policy
Privacy Policy
Important Note: This Privacy Policy outlines how GHL India Ventures Trust (referred to as "GHL AIF") collects, uses, discloses, and protects sensitive personal data or information (SPDI) in compliance with applicable laws and regulations, including the Information Technology Act, 2000, and its associated rules.
1.Purpose of the Privacy Policy
The purpose of this Privacy Policy is to outline how GHL India Ventures Trust (referred to as "GHL AIF") collects, uses, discloses, and protects sensitive personal data or information (SPDI) in compliance with applicable laws and regulations, including the Information Technology Act, 2000, and its associated rules. This policy aims to inform individuals about the handling of their SPDI by GHL AIF and to establish transparency and trust regarding the processing of personal data within the organization. Additionally, this Privacy Policy serves to demonstrate GHL AIF's commitment to upholding the privacy rights of individuals and ensuring the security and confidentiality of their personal information throughout its lifecycle. By providing clear guidelines and procedures for the collection, use, and protection of SPDI, this policy aims to foster accountability and compliance with data protection standards within GHL AIF and among its stakeholders.
2.Scope of Application
This Privacy Policy applies to all individuals whose sensitive personal data or information (SPDI) is collected, processed, or disclosed by GHL India Ventures Trust (referred to as "GHL AIF"), including but not limited to investors, employees, service providers, and other stakeholders. It encompasses all interactions and engagements with GHL AIF, whether through its digital platforms, offline channels, or in-person interactions. This policy extends to the collection of SPDI for various purposes, including investor onboarding, transaction processing, compliance with regulatory requirements, and other legitimate business activities conducted by GHL AIF. Additionally, this policy governs the handling of SPDI across all stages of its lifecycle, from initial collection to storage, usage, transfer, and eventual deletion or anonymization. It applies to all entities, processes, and systems within GHL AIF that are involved in the processing of SPDI, ensuring consistent and uniform standards for data protection and privacy across the organization. Furthermore, this policy is subject to compliance with applicable laws, regulations, and industry standards governing data protection and privacy in India, including the Information Technology Act, 2000 and its associated rules, as well as guidelines issued by regulatory authorities such as the Securities and Exchange Board of India (SEBI) and the Reserve Bank of India (RBI).
3.Principles Governing Data Protection
GHL India Ventures Trust (referred to as "GHL AIF") adheres to the following principles to ensure the protection of sensitive personal data or information (SPDI) collected, processed, and disclosed in the course of its operations:
3.1.Data Protection and Privacy Commitment
GHL AIF is committed to upholding the highest data protection and privacy standards, treating SPDI with the utmost confidentiality and integrity. This commitment extends to all aspects of GHL AIF's operations, ensuring that SPDI is collected, processed, and disclosed legally, fairly, and transparently.
3.2.Lawful and Fair Processing of Data
GHL AIF collects, processes, and discloses SPDI only for lawful purposes and in a fair and transparent manner. SPDI is processed only to the extent necessary to fulfil the purposes for which it was collected, and individuals are informed of the purposes of processing at the time of collection.
3.3.Data Minimization and Limitation
GHL AIF minimizes the collection and processing of SPDI to the extent necessary for the intended purposes. SPDI is retained only for as long as required to fulfil the purposes for which it was collected, and measures are in place to ensure that unnecessary or outdated data is securely deleted or anonymized.
3.4.Accuracy and Timeliness of Data
GHL AIF takes reasonable steps to ensure that SPDI is accurate, complete, and up-to-date and updates it as necessary to maintain accuracy. Individuals have the right to request the rectification or correction of inaccurate or incomplete SPDI held by GHL AIF.
3.5.Consent Mechanisms
GHL AIF obtains explicit Consent from individuals before collecting, processing, or disclosing their SPDI, except where otherwise permitted by law. Consent is obtained through clear and unambiguous means, and individuals are informed of their rights and options regarding the processing of their SPDI. These principles form the foundation of GHL AIF's approach to data protection and privacy, guiding its practices and decision-making processes to ensure the security, confidentiality, and integrity of SPDI in accordance with applicable laws and regulations.
4.Data Subject Rights
GHL India Ventures Trust (referred to as "GHL AIF") recognizes and respects the following rights of individuals regarding their sensitive personal data or information (SPDI) collected, processed, or disclosed by GHL AIF:
4.1.Right to Access Personal Data
Individuals have the right to request access to their SPDI held by GHL AIF and to obtain information about its processing, including the purposes of processing, categories of data being processed, and recipients of the data.
4.2.Right to Rectification of Personal Data
Individuals may request the rectification or correction of inaccurate or incomplete SPDI held by GHL AIF. GHL AIF will take reasonable steps to ensure that inaccuracies or deficiencies in the data are promptly rectified.
4.3.Right to Erasure ('Right to be Forgotten')
Individuals have the right to request the Erasure or deletion of their SPDI held by GHL AIF under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or processed.
4.4.Right to Restriction of Processing
Individuals may request the restriction of processing of their SPDI by GHL AIF in certain situations, such as when the accuracy of the data is contested, the processing is unlawful, or the data is no longer needed for the purposes of processing.
4.5.Right to Data Portability
Individuals have the right to receive their SPDI in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.
4.6.Right to Object to Processing
Individuals may object to the processing of their SPDI by GHL AIF in certain situations, including for direct marketing purposes or where the processing is based on legitimate interests pursued by GHL AIF or a third party.
4.7.Rights Related to Automated Decision-Making and Profiling
Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where such processing is necessary for entering into or performing a contract, is authorized by law, or is based on the individual's explicit Consent.
4.8.Right to Withdraw Consent
Individuals have the right to withdraw their Consent for the processing of their SPDI by GHL AIF at any time, where Consent is the legal basis for processing. Withdrawal of Consent does not affect the lawfulness of processing based on Consent before withdrawal.
4.9.Right to Lodge a Complaint
Individuals have the right to lodge a complaint with the appropriate regulatory authority if they believe that the processing of their SPDI by GHL AIF violates applicable data protection laws and regulations. These rights empower individuals to exercise control over their personal data and to ensure that their privacy rights are respected and upheld by GHL AIF in accordance with applicable laws and regulations. GHL AIF is committed to facilitating the exercise of these rights and will respond promptly and appropriately to any requests or complaints received from individuals regarding their SPDI.
5.Security Measures and Standards
GHL India Ventures Trust (referred to as "GHL AIF") implements robust security measures and adheres to internationally recognized standards to ensure the confidentiality, integrity, and availability of sensitive personal data or information (SPDI) collected, processed, and stored within its systems and infrastructure. These security measures include:
5.1.Compliance with ISO Standards
GHL AIF complies with ISO 27701:2019 (Privacy Information Management System) and ISO 27001:2022 (Information Security Management System) standards to establish and maintain effective controls for the protection of SPDI. These standards provide a framework for implementing comprehensive privacy and security controls, including risk assessment, security policies and procedures, access controls, encryption, incident management, and ongoing monitoring and review.
5.2.Implementation of Technical and Organizational Measures
GHL AIF employs a combination of technical and organizational measures to safeguard SPDI against unauthorized access, disclosure, alteration, and destruction. These measures include:
- Access Controls: Implementing role-based access controls (RBAC) and authentication mechanisms to ensure that only authorized personnel have access to SPDI based on their roles and responsibilities.
- Encryption: Encrypting SPDI during transmission and storage using industry-standard encryption algorithms to prevent unauthorized interception or access.
- Data Minimization:Minimize the collection, processing, and retention of SPDI to the extent necessary for the intended purposes and securely delete or anonymize data that is no longer needed.
- Secure Infrastructure:Deploying secure infrastructure and network configurations, including firewalls, intrusion detection and prevention systems (IDPS), and regular vulnerability assessments and penetration testing to identify and mitigate security risks.
- Employee Training and Awareness: Providing regular training and awareness programs to employees and personnel on data security policies, procedures, and best practices to ensure that they are equipped to handle SPDI securely and responsibly.
- Incident Response and Management:Establishing incident response and management procedures to detect, investigate, and respond to security incidents and data breaches in a timely and effective manner, including notification to affected individuals and regulatory authorities as required by law.
These security measures and standards are continuously reviewed, updated, and improved to adapt to evolving threats and vulnerabilities and to maintain the highest level of protection for SPDI entrusted to GHL AIF. By implementing these measures, GHL AIF demonstrates its commitment to safeguarding the privacy and security of individual's personal data and maintaining compliance with applicable data protection laws and regulations.
6.Data Sharing and Transfer Protocols
GHL India Ventures Trust (referred to as "GHL AIF") engages in data sharing and transfer activities in accordance with applicable laws and regulations, ensuring the protection and security of sensitive personal data or information (SPDI) throughout the process. The following protocols govern data sharing and transfer practices
6.1 Collaboration with Co-Lending Partners
GHL AIF may engage in collaborations or partnerships with co-lending partners, including financial institutions, investment firms, and other entities, for the purpose of investment activities, portfolio management, or other legitimate business purposes. In such collaborations, GHL AIF ensures that appropriate contractual agreements are in place to govern the sharing and processing of SPDI, including provisions for data protection, confidentiality, and security measures. SPDI shared with co-lending partners is limited to the extent necessary to fulfil the agreed-upon purposes and is subject to the same level of protection and security standards as maintained by GHL AIF.
6.2.Procedures for International Data Transfers
In the event of international data transfers involving SPDI, GHL AIF ensures compliance with applicable data protection laws and regulations governing cross-border data transfers, including the requirements prescribed by the Information Technology Act, 2000, and its associated rules. Before transferring SPDI internationally, GHL AIF assesses the adequacy of data protection standards in the recipient country and implements appropriate safeguards to ensure the continued protection and security of SPDI. Such safeguards may include
- Obtain explicit Consent from individuals for international data transfers, where required.
- Implementing standard contractual clauses (SCCs) or other legal mechanisms approved by regulatory authorities to provide adequate protection for SPDI.
- Ensuring that the recipient entity or country provides an adequate level of data protection, as determined by relevant regulatory authorities.
- Implementing technical measures such as encryption or pseudonymization to protect SPDI during transit.
These protocols are designed to facilitate secure and compliant data sharing and transfer practices while safeguarding the privacy and confidentiality of SPDI entrusted to GHL AIF. By adhering to these protocols, GHL AIF maintains transparency, accountability, and trust in its data handling processes and ensures compliance with applicable data protection laws and regulations, including those governing cross-border data transfers.
7.Regulatory Compliance Framework
GHL India Ventures Trust (referred to as "GHL AIF") is committed to maintaining compliance with relevant laws, regulations, and industry standards governing the collection, processing, and protection of sensitive personal data or information (SPDI). The regulatory compliance framework includes adherence to the following
7.1.Adherence to DPDP Act 2023
GHL AIF complies with the provisions of the Data Protection and Privacy Act 2023 (DPDP Act) and its associated rules and regulations. The DPDP Act establishes comprehensive data protection principles, rights of data subjects, obligations of data controllers and processors, and mechanisms for enforcement and oversight. GHL AIF ensures that its data processing activities are conducted in accordance with the requirements prescribed by the DPDP Act, including obtaining explicit Consent for data processing, implementing appropriate security measures, honouring data subject rights, and maintaining records of processing activities as mandated by law.
7.2.Compliance with RBI Digital Lending Guidelines
GHL AIF adheres to the Digital Lending Guidelines issued by the Reserve Bank of India (RBI) governing digital lending platforms and activities. These guidelines set out principles and standards for fair and transparent digital lending practices, including the collection, processing, and sharing of customer data by lending entities. GHL AIF ensures compliance with the RBI guidelines in its digital lending operations, including the handling of SPDI collected from borrowers or investors, the use of technology platforms for loan processing, and the protection of customer data privacy and confidentiality.
By adhering to the regulatory compliance framework outlined above, GHL AIF demonstrates its commitment to upholding the highest standards of data protection, privacy, and regulatory compliance in its operations. GHL AIF continually monitors regulatory developments and updates its policies and practices to ensure alignment with evolving legal and regulatory requirements governing data protection and privacy in India. Additionally, GHL AIF engages in regular audits and assessments to evaluate its compliance posture and address any identified gaps or deficiencies proactively.
8.Audit Mechanisms and Review Procedures
GHL India Ventures Trust (referred to as "GHL AIF") implements robust audit mechanisms and review procedures to monitor and assess its data protection practices, ensure compliance with applicable laws and regulations, and address any identified risks or deficiencies. The audit mechanisms and review procedures include
- Regular Internal Audits:GHL AIF conducts periodic internal audits of its data protection practices, policies, and procedures to evaluate compliance with established standards, identify areas for improvement, and mitigate risks. These audits are conducted by qualified personnel or external auditors with expertise in data protection and privacy.
- External Compliance Audits:GHL AIF engages third-party auditors or consultants to conduct independent compliance audits to assess adherence to applicable laws, regulations, and industry standards governing data protection and privacy. These audits may include assessments of data processing activities, security measures, record-keeping practices, and other relevant aspects of GHL AIF's operations.
- Ongoing Monitoring and Review:GHL AIF maintains regular reporting mechanisms to communicate audit findings, compliance status, and risk assessments to senior management and relevant stakeholders. Management oversight and accountability ensure that audit recommendations are addressed promptly and corrective actions are implemented effectively.
By implementing these audit mechanisms and review procedures, GHL AIF demonstrates its commitment to maintaining a culture of compliance, transparency, and accountability in its data protection practices. Continuous monitoring, assessment, and improvement of data protection measures enable GHL AIF to mitigate risks, enhance security posture, and safeguard the privacy and confidentiality of sensitive personal data or information (SPDI) entrusted to its care.
9.Grievance Redressal Mechanism
GHL India Ventures Trust (referred to as "GHL AIF") has established a robust grievance redressal mechanism to address concerns and complaints related to the processing of sensitive personal data or information (SPDI). The grievance redressal mechanism is designed to provide individuals with a transparent and effective means of seeking resolution for any issues or grievances they may have regarding the handling of their personal data. The key components of the grievance redressal mechanism include
- Designated Point of Contact:GHL AIF designates a dedicated point of contact, such as a Data Protection Officer (DPO) or Privacy Officer, who is responsible for overseeing the grievance redressal process and serving as the primary contact for individuals seeking resolution of data protection concerns.
- Accessibility and Transparency:GHL AIF ensures that information about the grievance redressal mechanism, including contact details of the designated point of contact and procedures for lodging complaints, is easily accessible to individuals through its website, privacy policy, or other communication channels.
- Prompt Acknowledgment:GHL AIF acknowledges receipt of complaints or concerns raised by individuals regarding the processing of their SPDI in a timely manner, typically within a specified timeframe, to provide assurance that their concerns are being taken seriously and will be addressed promptly.
- Confidentiality and Privacy:GHL AIF maintains confidentiality and privacy of individuals' complaints and personal data throughout the grievance redressal process, ensuring that only authorized personnel involved in resolving the complaint have access to the information provided.
- Investigation and Resolution:GHL AIF conducts a thorough investigation of the complaint, gathering relevant information and evidence to understand the nature and scope of the issue. Once the investigation is complete, GHL AIF takes appropriate measures to resolve the complaint, including corrective actions, remediation, or compensation where applicable.
- Communication and Feedback:GHL AIF communicates the outcome of the investigation and resolution to the individual who lodged the complaint, providing clear and transparent information about the steps taken and any remedies implemented. Additionally, GHL AIF may solicit feedback from the individual to assess their satisfaction with the resolution process and identify opportunities for improvement.
- Escalation and Regulatory Reporting:In cases where a complaint cannot be resolved satisfactorily through the internal grievance redressal mechanism or where the complaint involves significant legal or regulatory implications, GHL AIF may escalate the matter to senior management or regulatory authorities as appropriate.
By implementing a robust grievance redressal mechanism, GHL AIF demonstrates its commitment to accountability, transparency, and respect for individuals' rights in the handling of their personal data. This mechanism provides individuals with assurance that their concerns will be addressed promptly and fairly, contributing to trust and confidence in GHL AIF's data protection practices.
10.Amendment Procedures
GHL India Ventures Trust (referred to as "GHL AIF") recognizes the importance of regularly reviewing and updating its privacy policies and procedures to reflect changes in regulatory requirements, industry best practices, and evolving business needs. The following procedures govern the amendment of GHL AIF's privacy policies
- Regular Review:GHL AIF conducts periodic reviews of its privacy policies and procedures to ensure alignment with applicable laws and regulations, including the Data Protection and Privacy Act 2023, RBI guidelines, and other relevant regulatory requirements. These reviews may be triggered by changes in legislation, regulatory guidance, technological advancements, organizational changes, or other factors that may impact data protection practices.
- Stakeholder Engagement:GHL AIF engages with relevant stakeholders, including employees, investors, regulatory authorities, and industry experts, to solicit feedback and input on proposed amendments to its privacy policies. Stakeholder engagement ensures that diverse perspectives are considered and that amendments are tailored to address the needs and concerns of affected parties.
- Legal and Regulatory Compliance:Proposed amendments to GHL AIF's privacy policies are assessed for compliance with applicable laws, regulations, and industry standards governing data protection and privacy. Legal and regulatory experts may be consulted to ensure that proposed changes align with current legal requirements and best practices.
- Approval Process:Amendments to GHL AIF's privacy policies are subject to review and approval by senior management or the board of directors, as appropriate. Approval ensures that proposed changes are consistent with GHL AIF's strategic objectives, risk appetite, and commitment to data protection and privacy.
- Communication and Notification:Once amendments to GHL AIF's privacy policies are approved, affected stakeholders are notified of the changes through appropriate communication channels. This may include updates to GHL AIF's website, distribution of revised policy documents, or direct communication with affected individuals, as necessary.
- Training and Awareness:GHL AIF provides training and awareness programs to employees and relevant stakeholders to ensure understanding and compliance with amended privacy policies and procedures. Training programs may cover changes in data handling practices, updated consent mechanisms, new rights of data subjects, and other relevant topics.
- Effective Date:Amendments to GHL AIF's privacy policies take effect on the date specified in the revised policy documents or as otherwise communicated to affected stakeholders. The effective date ensures clarity and consistency in the implementation of amended policies across the organization.
By following these amendment procedures, GHL AIF ensures that its privacy policies remain current, relevant, and effective in protecting the privacy and confidentiality of sensitive personal data or information (SPDI) entrusted to its care. Transparent and proactive communication of policy changes, stakeholder engagement, and compliance with legal and regulatory requirements contribute to trust and confidence in GHL AIF's data protection practices.
GHL India Ventures Trust (GHL AIF) is committed to upholding the highest standards of data protection and privacy in accordance with applicable laws, regulations, and industry best practices. Our Privacy Policy reflects our dedication to transparency, accountability, and respect for individuals' rights in the handling of sensitive personal data or information (SPDI). By adhering to the principles outlined in this policy, implementing robust security measures, and maintaining compliance with regulatory requirements, we strive to safeguard the privacy and confidentiality of SPDI entrusted to our care.
We encourage individuals to familiarize themselves with our Privacy Policy and to reach out to us with any questions, concerns, or feedback regarding the processing of their personal data. Your trust and confidence in GHL AIF are paramount, and we remain committed to continuously improving our data protection practices to better serve you.
This Privacy Policy is effective [insert effective date] and may be updated or amended from time to time to reflect changes in regulatory requirements, industry standards, or business operations. Any material changes to the policy will be communicated to individuals through appropriate channels.
Thank you for entrusting your personal data to us. We appreciate the opportunity to serve you and are dedicated to protecting your privacy every step of the way.