Legal

Privacy Policy

Last updated: 19 June 2026

Please note: This is a template. Have it reviewed by a qualified lawyer before relying on it.

This Privacy Policy explains how Finnova Advisory Services Private Limited (“Finnova Advisory”, “we”, “us” or “our”) collects, uses, shares, stores and protects your personal data when you visit finnovaadvisory.com (the “Website”) or otherwise interact with us. It is drafted having regard to India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and general data-protection best practice.

For the personal data we process in connection with the Website, Finnova Advisory acts as the Data Fiduciary, and you (the individual whose data we process) are the Data Principal.

1. Who we are & how to contact us

Finnova Advisory Services Private Limited is a corporate-finance advisory firm operating in India since 2011, with offices in Pune and Mumbai. You can reach us at:

General enquiries: finance@finnovaadvisory.com
Privacy & grievances: anilagarwal@finnovaadvisory.com
Pune: Office No 1, Tower No 2, Mayfair Towers, Shivaji Nagar, Pune, Maharashtra 411005 · +91 91569 22663
Mumbai: 120, The Summit Business Bay (Omkar), behind Gurunanak Petrol Pump, Marol Metro, Andheri East, Mumbai, Maharashtra 400093 · +91 92702 50116

2. Personal data we collect

We collect personal data that you provide directly and data that is generated automatically when you use the Website.

Information you give us

When you submit our consultation or contact form, we collect:

your name;
your company / organisation name;
your email address;
your phone number;
your requirement and indicative ticket size (the type and amount of funding or advisory you are seeking); and
any message or other details you choose to include.

If you go on to engage us, we may collect further information necessary for the engagement (for example financial statements and KYC details) under a separate written agreement.

Information collected automatically

Essential cookies — the minimal cookies needed for the Website to function and stay secure; we do not run third-party analytics or place non-essential tracking cookies (see Section 4);
Server logs and technical data — such as your IP address, browser type, device and operating system, and access timestamps, collected for security and to keep the Website running.

3. Purposes & lawful basis for processing

We process your personal data for the following purposes:

to respond to your enquiry and arrange or conduct a consultation;
to provide, and discuss the scope of, our advisory services;
to communicate with you about your request and our services;
to operate, maintain, secure and improve the Website; and
to comply with applicable legal and regulatory obligations.

Our primary lawful basis is your consent, which you give when you submit a form or otherwise choose to share your data with us for a stated purpose. Where permitted by the DPDP Act, we may also process data for certain legitimate uses, such as where you have voluntarily provided it for a specified purpose, or to comply with law. You may withdraw your consent at any time (see Section 8); doing so does not affect processing already carried out.

4. Cookies & analytics

As of the date of this policy, the Website sets only essential cookies needed for it to function and stay secure, and it does not run third-party analytics or advertising trackers (such as Google Analytics) and does not place any non-essential or cross-site tracking cookies.

If we introduce analytics or any other non-essential cookies in future, we will first present a consent notice and obtain your consent before those cookies are placed, in line with the DPDP Act, and update this section accordingly. Most browsers also let you block or delete cookies through their settings; blocking essential cookies may affect how parts of the Website work.

We do not sell your personal data. We share it only as described below:

Service providers (Data Processors) — trusted vendors who support us, such as website hosting, our form-submission relay (Web3Forms, which transmits the details you enter in our enquiry forms to our inbox), email and IT providers, who process data on our instructions and under confidentiality obligations;
Lenders, rating agencies, insurers and similar institutions — only where you have engaged us and given consent during that engagement, and only to the extent needed to progress your mandate;
Professional advisers — such as our lawyers, auditors or accountants, where reasonably necessary;
Legal and regulatory requirements — where disclosure is required by law, court order, or a competent authority, or to protect our rights, safety or property; and
Business transfers — in connection with a merger, reorganisation or similar transaction, subject to this policy.

6. Data retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, to maintain our business relationship, and to meet legal, accounting, tax or regulatory requirements. When data is no longer needed, we will delete or anonymise it, unless we are required to retain it under applicable law. Where you withdraw consent and we have no other lawful basis to retain it, we will erase your data within a reasonable period.

7. Security measures

We maintain reasonable technical and organisational security safeguards designed to protect your personal data against unauthorised access, disclosure, alteration or loss. These include access controls, encryption in transit where appropriate, restricting access to personnel who need it, and confidentiality obligations on our team and vendors. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; in the event of a personal data breach, we will act in accordance with applicable law.

8. Your rights under the DPDP Act

Subject to the DPDP Act and applicable law, as a Data Principal you have the right to:

Access — obtain a summary of the personal data we process about you and the processing activities;
Correction & completion — have inaccurate or incomplete data corrected or updated;
Erasure — request deletion of your personal data where it is no longer required and we are not legally obliged to keep it;
Withdraw consent — withdraw consent at any time, as easily as it was given (this does not affect prior lawful processing);
Grievance redressal — raise a grievance with our Grievance Officer (see Section 9) and, if unresolved, approach the Data Protection Board of India; and
Nominate — nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Grievance Officer below. We may need to verify your identity before acting on a request.

9. Grievance Officer

If you have any question, concern or complaint about how we handle your personal data, please contact our Grievance Officer:

Grievance Officer

Anil Agarwal
Finnova Advisory Services Private Limited

Email: anilagarwal@finnovaadvisory.com

Office No 1, Tower No 2, Mayfair Towers, Shivaji Nagar, Pune, Maharashtra 411005
Tel: +91 91569 22663

We aim to acknowledge and respond to grievances within the timelines required by applicable law. If you are not satisfied with our response, you may escalate the matter to the Data Protection Board of India.

10. Children’s data

The Website and our services are intended for businesses and adults, and are not directed at children. We do not knowingly collect the personal data of children (persons under 18 years of age) without verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring or targeted advertising directed at children. If you believe a child has provided us personal data, please contact our Grievance Officer so we can take appropriate action.

11. International transfers

We are based in India and primarily process personal data here. Some of our service providers (for example analytics or cloud hosting) may process data on servers located outside India. Where this happens, we take reasonable steps to ensure your data remains protected and that any such transfer is consistent with the DPDP Act and any restrictions notified by the Central Government.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this page periodically. Your continued use of the Website after changes are posted constitutes acceptance of the updated policy. This Privacy Policy should be read together with our Terms of Service.