Privacy Policy

1. OUR COMMITMENT TO YOUR PRIVACY

Venka Strategy LLP ("Venka," "we," "us," "our") operates globally and is committed to protecting your privacy in accordance with applicable data protection laws.

We are a professional services firm registered in India, providing Business strategy consulting and business automation services to clients worldwide. Under India's Digital Personal Data Protection Act, 2023 ("DPDPA"), we are designated as a "Data Fiduciary" responsible for determining the purposes and means of processing your personal data.

This Privacy Policy explains:

  • What personal data we collect and why

  • How we use and protect your information

  • Your rights and how to exercise them

  • How to contact us with privacy questions

We believe transparency builds trust, and this policy reflects our commitment to handling your data responsibly.

2. INFORMATION WE COLLECT

We collect only the personal data necessary to provide our services, operate our business, and communicate effectively with you.

Information You Provide Directly

Contact and Professional Information:

  • Name, email address, phone number

  • Company name, job title, department

  • Professional details relevant to our services

  • Messages, inquiries, and project communications

Business Engagement Information:

  • Content shared during consultations and service delivery

  • Feedback, testimonials, and case study information (with your permission)

  • Information necessary to fulfill contractual obligations

Information Collected Automatically

Technical Data: When you visit our website or interact with our digital properties, we automatically collect:

  • IP address, browser type and version

  • Device information (operating system, screen resolution)

  • Website usage patterns (pages visited, time spent, referral sources)

  • Language preferences and general location data (city/country level)

Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance user experience, analyze website performance, and support marketing activities. See Section 11 for details on managing cookie preferences.

Information We Do NOT Collect

  • Personal data of individuals under 18 years of age (without verifiable parental/guardian consent)

  • Sensitive personal data categories (unless specifically required and authorized for services you request)

  • Financial account information or payment card details (processed by third-party payment providers)

3. HOW WE USE YOUR INFORMATION

We process your personal data for the following specific purposes:

Service Delivery and Client Management

  • Responding to inquiries and providing requested information

  • Delivering professional services and managing client projects

  • Communicating about services, updates, and project milestones

  • Managing relationships and maintaining business records

Business Operations

  • Operating, securing, and improving our website and digital infrastructure

  • Analyzing usage patterns to enhance user experience

  • Conducting internal research, analytics, and service improvement

  • Maintaining accurate business and financial records

Marketing Communications (Consent-Based Only)

  • Sending information about our services, insights, and industry updates

  • Sharing relevant content, case studies, and thought leadership

  • Event invitations and webinar notifications

You can withdraw marketing consent at any time via unsubscribe links or by contacting us.

Legal and Regulatory Compliance

  • Meeting tax, accounting, and statutory obligations under Indian law

  • Responding to legal processes, court orders, and regulatory requests

  • Protecting our rights, property, and safety, and that of our clients

  • Preventing fraud and ensuring security

We will not process your data for purposes beyond those listed without obtaining fresh consent or establishing another lawful basis.

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following lawful grounds:

Legitimate Business Interests: For most business operations, website functionality, security, and service improvements where processing is necessary for our legitimate interests and does not override your rights.

Contractual Necessity: When processing is essential to fulfill our service agreements or take steps at your request before entering into a contract.

Your Consent: For marketing communications, certain analytics, and any processing where we explicitly request your permission. Consent is voluntary and may be withdrawn at any time without affecting prior lawful processing.

Legal Obligations: When required to comply with applicable laws, regulations, tax requirements, or legal processes in jurisdictions where we operate.

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

5. SHARING YOUR INFORMATION

We do not sell, rent, or trade your personal data.

We may share your information with the following categories of recipients:

Service Providers and Business Partners

Trusted third-party vendors who assist us in delivering services and operating our business, including:

  • Cloud hosting and infrastructure providers

  • Communication and collaboration platforms

  • Analytics and business intelligence tools

  • Marketing automation and CRM systems

  • Professional advisors (legal, accounting, consulting)

These providers are contractually bound to protect your data and use it only for specified purposes. We remain fully responsible for their processing activities under DPDPA Section 8(1).

Legal and Regulatory Authorities

Government agencies, regulators, law enforcement, or courts when required by law, legal process, subpoena, or to:

  • Comply with legal obligations

  • Protect our rights and property

  • Investigate fraud or security concerns

  • Enforce our terms and agreements

Business Transfers

If Venka Strategy LLP undergoes a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

With Your Consent

We may share information with other parties when you provide explicit authorization.

6. INTERNATIONAL DATA TRANSFERS

As a global organization, we may transfer your personal data across geographical borders to trusted entities and service providers who assist us in delivering our services.

Transfer Safeguards: We implement appropriate contractual, technical, and organizational safeguards to protect data transferred internationally, including:

  • Standard contractual clauses

  • Adequacy assessments of destination jurisdictions

  • Encryption and secure transmission protocols

  • Binding data processing agreements

Your Rights: Currently, the Government of India has not restricted transfers to specific countries. You have the right to know which of your personal data is transferred internationally and to object to such transfers. Contact our Data Privacy Officer for details.

7. DATA RETENTION

We retain personal data only as long as necessary for the purposes described in this Policy or as required by applicable law.

Retention Principles:

  • Active client relationships: Duration of engagement plus 7 years (for legal and tax compliance)

  • Inquiry and prospect data: 2 years from last meaningful interaction

  • Marketing communications: Until consent is withdrawn, plus 1 additional year for record-keeping

  • Financial and tax records: 7 years as required by Indian law

  • Legal matters: Until resolution, plus applicable limitation periods

Once retention periods expire, we securely delete or anonymize your data. You may request earlier deletion by exercising your Right to Erasure (see Section 8).

8. YOUR PRIVACY RIGHTS

Under applicable data protection laws, including DPDPA, you have the following rights:

Right to Access

Obtain confirmation of whether we process your data and request a copy of your personal information.

Right to Correction

Request correction of inaccurate, incomplete, or outdated data.

Right to Erasure (Deletion)

Request deletion of your data when:

  • The purpose for processing has been fulfilled

  • You withdraw consent (for consent-based processing)

  • The data is no longer necessary for the stated purposes

Note: We may retain data if required by law or to establish, exercise, or defend legal claims.

Right to Data Portability

Receive your data in a structured, commonly used, and machine-readable format (CSV or JSON) or request that we transmit it to another service provider.

Right to Withdraw Consent

Withdrawal is as easy as giving consent:

  • Marketing emails: Click "Unsubscribe" in any email (one-click) OR email support@venka.io

  • Website cookies: Adjust preferences via our cookie consent banner

  • Other processing: Email support@venka.io specifying what consent you wish to withdraw

Effect: Processing stops immediately. Withdrawal doesn't affect previous lawful processing.

Right to Object

Object to processing based on legitimate interests for reasons specific to your situation.

Right to Nominate

Designate an individual to exercise your rights in the event of death or incapacity.
Email your nomination details to our team through support@venka.io

Right to Grievance Redressal

File a complaint with our team if you have concerns about our data handling practices.

How to Exercise Your Rights: Email: support@venka.io
Subject: [Specify: Access / Correction / Deletion / Portability / Withdrawal / Grievance / Nomination]

Response Timeline:

  • Standard requests: 30 days

  • Complex requests: 45 days (we'll notify you if extension is needed)

  • Grievances: Acknowledgment within 7 days, resolution within 90 days

9. ESCALATION TO REGULATOR

If you are not satisfied with our response to your privacy request or complaint, you have the right to file a complaint with the Data Protection Board of India.

Filing Methods:

  • Online portal (details to be published by the Board)

  • Written complaint to the Board's official address

  • Through a registered Consent Manager (once operational)

We are committed to working cooperatively with the Data Protection Board and will comply with all directives.

10. DATA SECURITY

We implement reasonable technical, organizational, and administrative security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

Security Measures Include:

  • Encryption of data in transit and at rest

  • Access controls and authentication mechanisms

  • Regular security assessments and monitoring

  • Employee training on data protection practices

  • Incident response and breach notification procedures

  • Secure cloud infrastructure with established providers

Acknowledgment: While we maintain industry-standard security practices as required under DPDPA Section 8(5), no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any vulnerabilities or incidents.

Data Breach Notification

If a personal data breach affects your information, we will:

  1. Notify the Data Protection Board of India

  2. Notify you directly via email, describing:

    • Nature of the breach and data affected

    • Likely consequences and impact

    • Measures taken to address the breach

    • Recommended steps to protect yourself

We acknowledge our legal responsibility and liability for personal data breaches as required under DPDPA, including breaches caused by our service providers.

11. COOKIES AND TRACKING TECHNOLOGIES

If we use cookies or similar tracking technologies, you will be notified via our cookie consent banner when you visit our website.

Cookie Categories:

  • Strictly Necessary: Essential for website functionality (no consent required)

  • Performance/Analytics: Help us understand how visitors use our site

  • Functional: Remember your preferences and settings

  • Marketing/Advertising: Deliver relevant content and measure campaign effectiveness

Managing Cookie Preferences:

  • Adjust settings via our cookie consent banner (accessible from website footer)

  • Configure your browser to block or delete cookies

  • Opt out of third-party analytics via provider-specific mechanisms

Current Cookie Implementation: For detailed information on specific cookies we use, visit our Cookie Preference Center on our website.

12. CHILDREN'S PRIVACY

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children without verifiable parental or guardian consent.

If you are under 18: Please ask your parent or guardian to contact us on your behalf.

If you are a parent/guardian: If you believe your child has provided data without your consent, contact us immediately at support@venka.io, We will verify your relationship and delete the data within 15 days.

Verifiable Consent Methods (when applicable):

  • Identification document verification

  • Video call confirmation

  • Digital Locker authentication

  • Virtual tokens from authorized entities

13. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in:

  • Our data processing practices

  • Legal or regulatory requirements

  • New services or features

  • Industry best practices

For Material Changes affecting your rights or how we process data:

  • We will email you at your registered address

  • Display a prominent notice on our website for 30 days

  • May request fresh consent if required by law

For Minor Updates:

  • We will update the "Last Updated" date at the top of this Policy

  • Changes become effective immediately upon posting

Your continued use of our services after changes constitutes acceptance.
If you disagree with modifications, discontinue use and contact us to request data deletion.

14. LEGAL FRAMEWORK AND JURISDICTION

This Privacy Policy is governed by:

  • Digital Personal Data Protection Act, 2023 (DPDPA)

  • Digital Personal Data Protection Rules, 2025

  • Information Technology Act, 2000 and rules thereunder

  • Other applicable laws in India and jurisdictions where we operate

Jurisdiction: Courts in India shall have jurisdiction over disputes arising from this Policy, subject to your right to file complaints with the Data Protection Board of India.

Our Commitments:

  • Full compliance with DPDPA provisions and rules

  • Cooperation with the Data Protection Board of India

  • Respect for all Data Principal rights

  • Transparent and lawful processing practices

  • Accountability for data processing activities

15. ADDITIONAL NOTICES

No Sale of Personal Data: We do not sell your personal data to third parties for monetary or other valuable consideration.

No Automated Decision-Making: We do not use your personal data for automated decisions that produce legal effects or similarly significant impacts without human intervention.

Third-Party Websites: Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before providing personal data.

Data Accuracy: You are responsible for ensuring the accuracy of information you provide. Please inform us of any changes to maintain up-to-date records.

Language: This Policy is prepared in English. Translations may be available upon request. In case of inconsistencies, the English version prevails.

Not Legal Advice: This Policy describes our practices but is not legal advice for your specific situation. Consult a qualified attorney for legal guidance.

16. CONTACT INFORMATION

For Privacy Questions and Rights Requests:


Email: support@venka.io

Registered Office:
Venka Strategy LLP
No.192, Whitefield,
Bengaluru, Karnataka 560048
India

Website: www.venka.io

Response Times:

  • General privacy inquiries: 7 business days

  • Data subject rights requests: 30 days (45 days for complex requests)

  • Grievances: Acknowledgment within 7 days, resolution within 90 days maximum

Complaint to Regulator: Data Protection Board of India
(Contact details to be published by the Board)

17. CONSENT ACKNOWLEDGMENT

By using our services, submitting inquiries, or providing personal data, you acknowledge that:

✓ You have read and understood this Privacy Policy
✓ You understand how we collect, use, and protect your data
✓ You are aware of your rights under applicable data protection laws
✓ You know how to contact us and exercise your rights
✓ You understand how to withdraw consent and file complaints

For consent-dependent processing (such as marketing communications), we will obtain your explicit consent through clear affirmative action (opt-in checkboxes, subscription forms, or similar mechanisms) before processing your data.

QUICK REFERENCE GUIDE

Your Right How to Exercise Timeline
Access your data Email support@venka.io: "Data Access Request" 30 days Correct inaccurate data Email support@venka.io: "Data Correction Request" 30 days Delete your data Email support@venka.io: "Data Deletion Request" 30 days Get portable copy Email support@venka.io: "Data Portability Request" 30-45 days Unsubscribe from marketing Click unsubscribe link in email OR email support@venka.io Immediate Withdraw consent Email support@venka.io specifying what to withdraw Immediate Manage cookies Adjust preferences via website cookie banner Immediate File a complaint Email support@venka.io: "Grievance - [Issue]" 7 days ack, 90 days resolution Complain to regulator Contact Data Protection Board of India Per Board procedures

DOCUMENT INFORMATION

Version: 2.0
Last Reviewed: January 15, 2026
Next Review: January 15, 2027
Document Owner: Founder
Approved By: Hemanth SR

Compliance Status:
✓ Digital Personal Data Protection Act, 2023 (DPDPA)
✓ Digital Personal Data Protection Rules, 2025
✓ Information Technology Act, 2000

© 2026 Venka Strategy LLP. All Rights Reserved.

This Privacy Policy reflects our commitment to protecting your privacy and complying with applicable data protection laws worldwide.