Privacy Policy

Platizio Services LLP – Master Privacy Policy

Table of Contents

  1. Introduction and Scope
  2. Key Terms
  3. Categories of Users
  4. Personal Data We Collect
  5. Sources of Personal Data
  6. How We Use Personal Data
  7. Legal Basis for Processing
  8. Sharing and Disclosure of Personal Data
  9. Cross-Border Transfers
  10. Cookies and Tracking Technologies
  11. Communications and Marketing
  12. Data Retention
  13. Data Security
  14. AI and Analytics
  15. Children and Minors
  16. Rights of Data Principals
  17. Withdrawal of Consent
  18. Account Closure and Data Deletion
  19. Third-Party Services
  20. Data Breach and Incident Response
  21. Changes to This Policy
  22. Contact and Grievance Redressal

Introduction and Scope

This Master Privacy Policy ("Policy") describes how Platizio Services LLP ("Platizio", "we", "us", or "our") collects, uses, stores, shares and protects personal data when you access or use our website, mobile applications, digital interfaces, distributor portals, investor journeys, support channels and all other products and services provided by Platizio (together, the "Platform"). This Policy applies to investors, prospective investors, leads, sub-distributors, channel partners, dealers, vendors and other business partners. This Policy does not apply to Platizio employees and contractors, whose personal data is processed under separate internal policies.

Key Terms

"Personal Data" means any data relating to an identified or identifiable natural person. "Data Principal" means the natural person to whom the personal data relates. "Data Fiduciary" means Platizio or any entity that determines the purpose and means of processing personal data. "Processing" means an operation performed on personal data, such as collection, storage, use, sharing, disclosure or erasure. This Policy uses certain defined terms consistent with the Digital Personal Data Protection Act, 2023 of India (DPDP Act).

Categories of Users

We collect personal data from and about the following categories of users: (i) investors and prospective investors using the Platform to discover and transact in financial products; (ii) leads and prospects who register interest in Platizio services; (iii) sub-distributors, channel partners, dealers and other business partners; (iv) representatives of Product Providers, service providers, auditors and regulators; and (v) visitors to our websites or support channels. This Policy does not cover employees or contractors of Platizio.

Personal Data We Collect

Depending on your role and the product or service used, we may collect: (a) identity information, such as name, date of birth, gender, nationality, PAN, Aadhaar or other government identifiers, CKYC number, specimen signature and photographs; (b) contact information, such as address, email, phone number and emergency contacts; (c) KYC documents, including proof of address, identity, income and source of funds; (d) financial information, such as bank account details, cancelled cheque, tax residency status, investment experience, risk profile, investment objectives, FATCA/CRS declarations, LRS declarations, nominee details and transaction history; (e) occupational and employment information; (f) responses to risk assessment and suitability questionnaires; (g) regulatory status, such as PEP status, SEBI registration, AMFI ARN, EUIN, NISM certification, PMS/AIF accreditation or other licences; (h) trade and transaction data, including transaction amount, product type, order instructions, confirmations, statements, balances and holdings; (i) device and technical information, such as IP address, browser type, operating system, device identifiers, device model, session data, error logs, login history, app usage, cookies and similar technologies; (j) communication data, such as call recordings, emails, chat transcripts, support tickets, feedback and marketing preferences; and (k) other data that you choose to share with us or that is necessary for providing the Platform.

Sources of Personal Data

We collect personal data (a) directly from you when you provide it on our Platform, send documents, communicate with us or our sub-distributors or partners; (b) from sub-distributors, channel partners, Product Providers and other business partners during onboarding or transaction processing; (c) from third-party service providers such as KYC registrars, credit bureaus, payment gateways, banks, custodians, remittance partners, analytic vendors and technology platforms; (d) from publicly available sources and government databases; and (e) automatically through the use of cookies, SDKs, pixels, web beacons and similar technologies when you interact with our Platform. We may combine data obtained from different sources.

How We Use Personal Data

We use personal data for the following purposes: (i) to operate, maintain and improve the Platform; (ii) to perform onboarding, KYC and AML verification; (iii) to facilitate account opening, subscriptions, redemptions, transfers, payments, remittances and other transactions in Products; (iv) to communicate with you about your account, transactions, statements, reports, alerts, updates, marketing, surveys and research; (v) to enable sub-distributors to service their clients, including viewing portfolios and commissions; (vi) to carry out risk profiling, suitability assessments and regulatory compliance checks; (vii) to investigate and prevent fraud, mis-selling, unauthorised advice, money laundering, terrorism financing and other illegal activities; (viii) to comply with applicable laws and regulatory requirements, including under SEBI, AMFI, IFSCA, RBI, IRDAI, PFRDA, PMLA and DPDP Act; (ix) to improve user experience and develop new products; (x) to generate aggregated or anonymised statistics for research, analytics and reporting; and (xi) to enforce our Terms and other legal agreements.

Legal Basis for Processing

We process personal data when at least one of the following legal bases applies: (a) consent – when you give clear and specific consent to the processing of your personal data for one or more identified purposes; (b) performance of a contract – when processing is necessary to provide you with the Platform or to perform an agreement between you and Platizio or between you and a Product Provider; (c) compliance with legal obligations – when we are required by law to collect, process or retain certain data, including under the PMLA, SEBI regulations, RBI KYC Directions, IRDAI or PFRDA guidelines; (d) legitimate interests – when processing is necessary for our legitimate business interests or those of a third party, such as preventing fraud, improving our services, or marketing, except where such interests are overridden by your fundamental rights and freedoms; and (e) public interest – in some cases where processing is necessary for the performance of a task carried out in the public interest, such as reporting suspicious transactions to authorities.

Sharing and Disclosure of Personal Data

We may share personal data with: (a) Product Providers, their registrars, transfer agents, custodians, trustees and auditors for account opening, transaction processing, reporting and compliance; (b) sub-distributors, channel partners, dealers and authorised intermediaries for servicing their clients; (c) banks, payment gateways, remittance partners and custodians for funding, redemption, remittance and settlement; (d) KYC registrars, credit bureaus, identification vendors, sanctions screening and PEP screening providers; (e) technology vendors, analytics providers, CRM and marketing platforms, call centres, and service providers engaged for onboarding, hosting, data processing, communications, analytics or customer support; (f) auditors, lawyers, consultants, insurers and professional advisers; (g) government bodies, courts, regulators and law enforcement authorities, such as SEBI, AMFI, IFSCA, RBI, IRDAI, PFRDA, FIU-IND and tax authorities when required under law; (h) affiliates within the Platizio group; and (i) any other third party with your consent or where required to complete a transaction or provide a service you requested. Where personal data is shared, we implement appropriate contractual and technical safeguards to protect it.

Cross-Border Transfers

Platizio may store and process personal data within India or in other jurisdictions where Platizio or its service providers maintain facilities. When personal data is transferred outside India, we ensure that the recipient entity provides a comparable level of protection and implement appropriate contractual safeguards in accordance with the DPDP Act and other applicable laws. By using the Platform, you consent to the cross-border transfer of your personal data as described in this Policy.

Cookies and Tracking Technologies

We use cookies and similar technologies such as pixels, tags, SDKs, device identifiers and local storage to recognise your browser or device, remember your preferences, analyse trends, administer the Platform, track users' movements, detect anomalies, provide targeted advertising and measure the effectiveness of communications. You can manage cookie preferences through your browser or device settings; however, disabling cookies may affect the functionality of the Platform.

Communications and Marketing

We may use your contact details to send transactional alerts, statements, confirmations, reminders, marketing communications, surveys and research invitations. You may opt-out of marketing communications at any time by following the unsubscribe instructions in such communications or contacting support@platizio.com. Even if you opt-out of marketing, we will continue to send essential service and legal notices.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy and to comply with applicable legal, regulatory, accounting and reporting requirements. In particular, we retain KYC, AML and account opening records for at least eight (8) years after closure of the account or termination of the business relationship, or longer if required under the Prevention of Money Laundering Act (PMLA) or other laws. Transaction and statement records are retained for at least ten (10) years. Records relating to sub-distributors and partner agreements are retained for at least eight (8) years after termination. Communications, call recordings and support logs are retained for five (5) years. Cookies and analytics data are retained for up to twenty-four (24) months or as required by law. Aggregated or anonymised data that cannot be linked to an individual may be retained indefinitely. When data is no longer required or when a valid deletion request is received, we securely erase or anonymise it, unless we are required to retain it for legal or regulatory purposes.

Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure or destruction. These measures include encryption, network security, access controls, secure development practices, vulnerability assessments, incident response, employee training and periodic audits. However, no system can be completely secure; therefore we cannot guarantee the absolute security of your data. You should also protect your credentials, use strong passwords and keep your devices secure.

AI and Analytics

Platizio may use artificial intelligence (AI) and analytics tools to analyse user behaviour, generate insights, improve user experience, automate processes, summarise content or provide educational information. AI-generated content is informational only and may not always be accurate or complete. AI-generated content does not constitute investment, financial, legal or tax advice. You should not rely solely on AI-generated content for decision making and should verify critical information through other sources.

Children and Minors

The Platform is not directed to children under the age of 18. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data to us, please contact grievances@platizio.com and we will take steps to delete such data or obtain appropriate consent in accordance with applicable law.

Rights of Data Principals

Subject to applicable law, you may have the right to: (a) access your personal data and obtain information about its processing; (b) request correction or completion of inaccurate or incomplete data; (c) request erasure of personal data that is no longer necessary or where consent has been withdrawn; (d) object to certain processing or request restriction of processing; (e) request data portability; and (f) lodge a complaint with the Data Protection Board of India or other competent authority. To exercise your rights, please contact our Grievance Officer using the details below.

Withdrawal of Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent or refuse to provide certain data, we may be unable to provide some or all of our services. Even after withdrawal, we may continue to process data where we have a legal obligation or legitimate interest to do so.

Account Closure and Data Deletion

You may request closure of your account or deletion of personal data by contacting support@platizio.com. We will take reasonable steps to erase or anonymise personal data that is no longer required for the purposes stated in this Policy. However, we may continue to retain data where required for legal, regulatory, accounting, auditing, dispute resolution or record-keeping purposes. Upon account closure, outstanding transactions may still be completed or cancelled by the Product Provider. The closure of a sub-distributor's account does not affect the account of their investors, who will remain on the Platform unless they separately request closure.

Third-Party Services

The Platform may include links to or integrations with third-party websites, applications and services. Platizio is not responsible for the privacy practices of such third parties. You should review their privacy policies before using their services or providing any personal data. Any third-party terms do not modify or supersede this Policy.

Data Breach and Incident Response

In the event of a personal data breach, we have procedures in place to identify, assess and respond to the incident. Where required by law, we will notify the relevant authorities and affected individuals without undue delay, describing the nature of the breach, the likely consequences and the measures taken to mitigate the effects.

Changes to This Policy

Platizio may update this Policy from time to time to reflect changes in our practices, legal requirements or business operations. We will post the updated Policy on our website with a new effective date. We encourage you to review this Policy periodically. Your continued use of the Platform after the effective date constitutes your acceptance of the updated Policy.

Contact and Grievance Redressal

If you have any questions, requests or complaints regarding this Policy or our handling of your personal data, please contact our Grievance Officer: Anuj Pal, Operations and Compliance Officer, at grievances@platizio.com or write to our registered office at Unit No. DGL-229, Second Floor, DLF Galleria Mall, Mayur Vihar-1, Delhi, India – 110092. You may also email support@platizio.com for general queries. We will acknowledge grievances within 24 hours and aim to resolve them within 15 business days. In case you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India or other applicable regulatory authority.