Finiqus is a financial advisory firm offering mutual fund distribution, investment consulting, retirement and goal-based planning, insurance services, and wealth management solutions. We work with individuals, professionals, and families across India to help them make better financial decisions.

Our services are delivered through our registered office, authorized personnel, and digital infrastructure, including our website and associated tools. In providing these services, we may collect and process certain personal and financial data.

You interact with Finiqus when you visit our website, request a consultation, register on our platform, share your data with us, subscribe to our services, or use any of our online or offline offerings. his Privacy Policy outlines what happens with the data shared in such cases.

We collect information that identifies you as an individual or relates to you personally. The categories of personal data collected may include:

• Full name, date of birth, gender, and contact details
• Email address, mobile number, residential and correspondence addresses
• PAN number, Aadhaar number, or other ID documents required for KYC
• Bank account details including account number, IFSC, and bank name
• Income range, occupation, financial goals, and investment preferences
• Login credentials for user profiles (encrypted)
• IP address, location data, browser details, and usage patterns from website visits
• Any communication or interaction records including call logs, messages, and feedback
• Device identifiers and cookies if you access our platform digitally

In certain cases, you may voluntarily provide additional data. For example, when filling out consultation forms, giving testimonials, or writing to our support team.

If you invest through us via partner AMC platforms, we may also receive information shared with them, subject to your consent.

We do not intentionally collect data from children below 18 years unless specifically submitted by a guardian or legal representative for account-related services like minor folios.

We collect personal information in the following ways:

• When you fill forms on our website
• When you call, email, or chat with us
• When you subscribe to our newsletters, attend webinars, or fill feedback forms
• When you open an investment account via third-party platforms using our ARN
• When you opt for risk profiling, goal planning, or budget assistance
• When you authorize us to fetch data from regulatory, banking, or AMC sources
• When you browse our website or interact with embedded elements

We also collect non-personal technical data through cookies, tags, and analytics tools, which help us improve service delivery and understand usage patterns.

All data collected is either directly provided by you or collected through lawful means where your consent or engagement justifies the collection.

We collect and use your data to serve you better, to remain compliant with financial regulations, and to offer personalized services. Key purposes include:

• To verify your identity and complete KYC requirements
• To assess your investment risk profile
• To create a tailored financial or investment plan
• To assist in choosing mutual fund schemes based on your goals
• To provide updates on market conditions, fund performance, and advisories
• To process transactions made via partner platforms using our ARN
• To generate and share reports and statements as per your request
• To contact you regarding new services, offers, or webinars (with opt-out option)
• To fulfil our legal and regulatory obligations, including audit, tax, and reporting

We do not sell your data to any third party. We do not use your data for purposes unrelated to your interest unless explicitly consented to by you.

All personal information is used with a strict commitment to confidentiality, purpose limitation, and transparency.

We store your data using secure, industry-standard systems. Personal data is stored on servers that are protected with encryption, firewalls, and access controls.

Some of our data may be stored in cloud-based environments that follow Indian data protection laws and, where applicable, global standards such as ISO 27001, GDPR, or PCI-DSS.

Sensitive data, such as passwords and bank account numbers, is stored in encrypted form. We also implement multi-factor authentication and access role limitations within our team.

Data storage duration is determined based on the type of service provided, applicable laws (such as SEBI guidelines, PMLA norms), and internal risk assessment.

Once your engagement with us ends, we may retain certain data for audit, regulatory, or taxation purposes for a specific period before permanent deletion.

We do not sell or rent your data to any third party. We only share your data with:

• Registered Mutual Fund AMCs and their platforms where you transact
• KYC Registration Agencies (KRAs) and CKYC authorities for verification
• Payment gateway service providers, only for processing payments
• Our legal, compliance, and audit advisors under confidentiality agreements
• Technical service providers such as website hosts and data storage partners
• Regulatory authorities or enforcement agencies, only when legally required

All partners or vendors who receive your data work under strict confidentiality agreements and only use your data for the purpose we define.

No partner is authorized to re-use, sell, or distribute your data.

We do not authorize any third-party marketing services to access your data.

As a user of our services, you have specific rights regarding the personal data we collect and process. These rights ensure that you retain control over your information and can make informed choices about how it is used. Here is how you can exercise these rights and what they mean in practice.

Right to Access

You have the right to know what personal data we hold about you. You may request a detailed report listing all the data we maintain, how it was collected, and for what purposes it has been used. You can ask for a copy of this data by contacting us through our official channels.

Right to Correction

If any data we hold about you is incomplete, outdated, or incorrect, you can ask us to correct it. For example, if you have recently updated your PAN or changed your email address, and our records do not reflect the same, we will make the necessary changes after verification.

Right to Withdraw Consent

If you previously gave us permission to use your data for a specific purpose—such as receiving newsletters or participating in campaigns—you can withdraw this consent at any time. Once consent is withdrawn, we will no longer process your data for that particular purpose.

Right to Object

You may object to the processing of your personal data in certain situations, especially where we rely on legitimate interests or non-contractual reasons. If you feel the use of your data is unjustified or intrusive, you can raise a concern.

Right to Restrict Processing

In situations where you contest the accuracy or legitimacy of the data processing, you may ask us to restrict the processing of your personal information. During this period, we will store the data but not use it until your concern is resolved.

Right to Erasure

You can request that we delete your personal data in specific circumstances—for example, when the data is no longer needed, or you are no longer using our services. However, certain data may be retained for regulatory, legal, or audit purposes.

Right to Data Portability

You may request that your data be shared with another financial advisor, institution, or technology platform. Upon receiving your written request, and after verifying your identity, we will provide a structured and machine-readable copy of your data.

To exercise any of these rights, you must write to us with appropriate identity verification. Requests may take up to 14 business days to process, depending on the complexity and type of request.

.

We prioritize data security. Every piece of personal and financial information you provide is protected using technical and administrative safeguards designed to minimize the risk of unauthorized access, alteration, misuse, or destruction.

Encryption and Transmission Security

All data transmitted through our website or digital platforms is encrypted using Secure Socket Layer (SSL) technology. This ensures that information such as your PAN, Aadhaar, and banking details is encrypted while moving from your device to our systems.

Access Controls

We use multi-tiered access controls within our systems. Only authorized personnel within Finiqus can view or access sensitive data. Access is restricted based on roles, and every access is logged and monitored.

Device and Network Security

Our systems are regularly scanned for vulnerabilities. Firewalls, antivirus programs, and intrusion detection systems are installed to detect and prevent potential breaches. We do not allow the use of removable devices for data handling or transfer.

Employee Awareness

All team members undergo training in data privacy and confidentiality as part of onboarding and regularly thereafter. Confidentiality clauses are included in all employee agreements.

Regular Security Audits

Periodic internal and third-party audits are conducted to assess the effectiveness of our security measures. If gaps are found, they are addressed within a defined time frame.

Our website uses cookies to enhance user experience, understand visitor behaviour, and improve our services. Cookies are small text files placed on your browser when you visit our site.

What Types of Cookies We Use

• Essential cookies ensure basic functionalities like page navigation and access to secure areas.
• Analytical cookies help us understand how visitors interact with the website (such as pages visited and time spent).
• Preference cookies remember your preferences and settings for future visits.

You may disable cookies through your browser settings. However, doing so may limit some features or affect the usability of the website.

We may also use tools like Google Analytics or Facebook Pixel to track engagement. These tools collect non-personal data and follow industry practices for usage, storage, and anonymization.

Cookies do not allow us to collect your passwords, investment details, or financial transactions. We do not use cookies for selling products or behavioural targeting.

We retain personal and financial data for as long as necessary to fulfil the purposes described in this Privacy Policy, or for legal, regulatory, or operational requirements.

Examples of Retention Periods:

• KYC information is retained for 10 years after deactivation of client account, in line with SEBI norms
• Transactional data is retained for 8 years for audit and taxation purposes
• Communication records like emails or call logs may be retained for 3 years from the date of last interaction
• Website and analytics data may be retained for 12–24 months for usage analysis

Once the retention period ends, your data is securely deleted from our systems. If complete deletion is not possible (due to backups or legal holds), access to the data is isolated and prevented.

We do not retain any biometric data, credit scores, or passwords in readable form.

In the unlikely event of a data breach—unauthorized access, data leak, or compromise—we follow a clear incident response process.

Detection and Containment

Our systems constantly monitor access and traffic. If abnormal activity is detected, automated alerts trigger manual inspection and containment steps.

Assessment

We analyze the nature of the breach, the type of data affected, and whether it involved personal or sensitive data. For example, if a breach involved email addresses but no financial data, it is treated differently from a full KYC data leak.

Notification

Where required, we will notify affected individuals within 72 hours of becoming aware of the breach. We may also inform data protection authorities or regulators based on the severity and jurisdiction.

Remediation

We fix the vulnerability, reset access credentials, and restore backup data. Affected users may be asked to update passwords, reconfirm identification, or take precautionary steps.

Record-keeping

Every breach, regardless of impact, is logged in our internal registry. This record is maintained to evaluate and improve our data security practices over time.

Finiqus primarily serves clients based in India and operates all its data infrastructure within Indian jurisdiction. However, some of the digital tools and third-party service providers we use may process data outside India. This includes services like cloud storage, customer engagement platforms, and analytics tools that might be hosted in the United States, European Union, or other countries.

When your data is transferred to or processed in a foreign jurisdiction, it is handled under agreements that ensure the receiving party offers a level of data protection equivalent to what is required under Indian law. These agreements are legally binding and contain contractual clauses that obligate service providers to:

• Maintain data confidentiality
• Use the data only for agreed purposes
• Prevent unauthorized access or transfer
• Assist in audits and legal compliance

We do not transfer your core personal or financial information (like PAN, Aadhaar, investment preferences, or bank account details) to any foreign server unless required for secure backup or system maintenance under strict contractual protections.

If we work with a CRM platform that processes basic user interaction data, such as names, email IDs, or behaviour analytics, those tools are selected based on their compliance with GDPR, ISO 27001, or other recognized standards. These services are periodically reviewed.

You have the right to ask whether your data has ever been transferred outside India, where it went, and for what purpose. If you wish to restrict such transfers, you can write to us formally. We will evaluate the feasibility and share alternatives where available.

Finiqus reviews and updates its Privacy Policy at regular intervals to stay aligned with changes in technology, legal requirements, and service improvements. A change in how we collect, use, or share data will reflect here with specific timestamps.

How We Communicate Policy Changes

If the change is minor, such as an update in contact details or correction of typographical errors, the policy will be updated silently with a revision date. For example, if we replace an internal service provider or change our cookie management method, we may simply publish an updated version.

For significant changes—such as changes in your rights, the types of data we collect, or how we use your information—we will notify you through email, SMS, or through a notice on our website. You will have the option to review the revised terms before continuing to use our services.

Your continued use of our services after changes to this Privacy Policy constitutes your acceptance of those changes.

Date of Last Revision: 19th May, 2025

You may choose to opt-out or close your account if you do not agree with a new version of the policy. If you close your account, your data will be deleted or archived according to the rules stated in the data retention section.

Finiqus may provide links to third-party platforms or partner services for convenience. These could include:

• Payment gateways
• Mutual fund AMC platforms
• Investment education tools
• Government websites (for KYC, PAN verification, etc.)
• Financial calculators and tools hosted externally

These platforms operate independently and maintain their own privacy policies. When you click a link and leave the Finiqus website or application, this Privacy Policy no longer applies. For example, if you use a payment link to complete a SIP registration hosted by a third-party payment aggregator, their terms and conditions govern your interaction.

We do not control and are not responsible for the content, security, or data practices of these third-party websites. We encourage you to read their privacy policies and verify their authenticity.

Additionally, if you interact with us on platforms like WhatsApp, LinkedIn, or email marketing tools, those platforms may collect information based on their own practices. Our use of such platforms is governed by contracts, but your usage is subject to their respective privacy policies.

Finiqus does not knowingly collect or solicit personal data from anyone under the age of 18. Our services are designed for adults who are eligible to invest and contract as per the Indian Majority Act and SEBI investment regulations.

If you are a parent or guardian and believe that your child has provided us with personal data, you can contact us immediately. If we become aware that we have collected data from a minor without verified parental consent, we will delete such information as soon as possible.

Some clients may choose to invest in the name of their minor child under custodial or guardian-controlled accounts. In such cases, the information is processed through the parent or guardian and not directly collected from the child.

All investment products or financial advisory services promoted by Finiqus are intended for adult use. Any automated interactions that appear to originate from minors are filtered and flagged.

Your privacy-related concerns are important to us. We offer a structured grievance redressal process to ensure that your issues are addressed in a timely and satisfactory manner.

How to Lodge a Complaint

If you believe that your data has been misused, shared without permission, or mishandled in any way, you may submit a complaint through:

• Email: grievance@finiqus.in
• Postal Mail: Finiqus Legal & Financial Advisory, [full address to be inserted]
• Web Form: [link to be inserted]

The complaint should include:

• Your full name and registered email or mobile number
• A brief description of the issue
• Any relevant evidence (screenshots, email copies, etc.)
• The date and time of the incident

We respond to all complaints within 5 business days. If the complaint requires deeper investigation, we will keep you updated and provide a resolution within 30 business days.

Grievance Officer

Name: Adv. Jhilick Das Ghosh

Designation: Chief Law Associate, Finiqus

Email: finiqus@gmail.com

If your grievance remains unresolved, you may escalate the issue to a relevant legal forum, data protection authority, or regulatory body, depending on the nature of the complaint.

This annexure provides practical illustrations of how your data may be used in real-life scenarios at Finiqus. These examples are provided to clarify your understanding and are not exhaustive.

Scenario 1: Portfolio Planning

You fill out a goal-based investment form specifying your retirement target. You enter your age, income, current investments, and target corpus. Our system uses this data to generate a report. Your advisor then uses the report to build an investment strategy.

Scenario 2: KYC Compliance

To open a mutual fund account, we collect your PAN, Aadhaar, and photo. We submit this data to a third-party KYC Registration Agency (KRA) as required by SEBI. Once verified, your data is stored securely and used for all future investments.

Scenario 3: Risk Profiling

We send you a link to an online risk questionnaire. Based on your responses, the tool classifies you as a “moderate risk” investor. This result is shared only with your assigned advisor, who then recommends suitable mutual funds.

Scenario 4: Withdrawal Support

You email us requesting to redeem funds urgently. We verify your identity, process the redemption, and send a confirmation. Your redemption details are recorded for future reference and audit.

If you have any questions, clarifications, or requests regarding this Privacy Policy or your personal data, you may contact us using any of the methods below.

We encourage you to communicate in writing to ensure a clear record of all correspondence.

Registered Communication Address

Finiqus

Shaswata, 3/12, R.B.C. Road, Barasat,

Kolkata, Pin - 700124

West Bengal, India

Email: finiqus@gmail.com

Phone (during business hours)

+91-9674339876 / +91-9674395916

We maintain a full record of all inbound queries and will confirm receipt within two business days. Response times may vary depending on the complexity of your request, but we aim to reply within five working days for most privacy-related matters.

If your query is not privacy-specific, we may redirect it to another relevant department. If the query involves a potential breach or data misuse, it will be escalated to our legal and compliance team.

This Privacy Policy is governed by the laws of India. Any dispute, controversy, or claim arising out of or relating to this policy or your use of the services offered by Finiqus shall be subject to the exclusive jurisdiction of the courts in [City where Finiqus is headquartered], India.

You agree that all matters, including any interpretation, enforcement, or breach of the terms outlined in this policy, shall be adjudicated under Indian law, particularly the Information Technology Act, 2000 (as amended), relevant rules under the SPDI (Sensitive Personal Data or Information) Rules, and any applicable guidelines issued by the Reserve Bank of India, SEBI, or the Ministry of Electronics and Information Technology (MeitY).

In case you access our services from outside India, you do so at your own risk, and you are responsible for compliance with the laws of your jurisdiction. You also acknowledge that by using our services, you consent to the transfer of your information to India and to the application of Indian law.

We may cooperate with law enforcement agencies or legal authorities if legally compelled to share user data under a valid judicial order, summons, or regulatory directive. Such disclosures will be made with the minimum required data and recorded for accountability.

By using Finiqus services, you accept that our liability related to personal data and privacy shall be limited to the extent permissible under Indian law.

We follow best practices and reasonable security measures to protect your personal data. However, no platform can guarantee absolute protection. You understand that while we secure data against known vulnerabilities, unforeseen events such as sophisticated cyberattacks, hardware failures, or system breaches can occur.

In such events, our liability shall be limited to informing you about the breach, taking corrective actions, cooperating with regulators, and mitigating the damage. We shall not be liable for:

• Any indirect, consequential, or incidental loss resulting from data misuse or unauthorized access
• Loss of opportunity, goodwill, or anticipated profits caused by service interruptions
• Errors made by third-party platforms, financial institutions, or investment products used by you through our advisory

Finiqus shall not be held responsible for any data you voluntarily share on public platforms, social media, or third-party tools beyond our control. You are advised to exercise caution when posting any information online that could identify you, link to your account, or expose sensitive data.

By visiting the Finiqus website, using our mobile applications, registering for any of our advisory services, or voluntarily sharing your personal information through any mode of communication with us, you provide express consent to:

• The collection, storage, and use of your personal data as outlined in this Privacy Policy
• The sharing of your data with third-party service providers as per lawful and contractual necessity
• The retention of your information for service, compliance, and audit purposes

You have the right to withdraw your consent at any time by closing your account, writing to us formally, or exercising any other right under applicable laws. Withdrawal of consent may limit your ability to use some or all parts of our services, depending on regulatory obligations.

We do not assume responsibility for outdated or incorrect data provided by you. It is your responsibility to inform us of any changes in your contact details, identification numbers, or investment preferences that may affect the relevance or legality of the data we maintain.

If you are acting on behalf of another person—such as a minor child, senior family member, or organization—you confirm that you have the lawful authority to share their personal information and give consent on their behalf.

Your continued use of Finiqus services confirms your agreement to the current version of this Privacy Policy and any future versions, unless explicitly revoked.

Privacy is not only about law. It is about trust. At Finiqus, we do not treat your personal information as a commodity. We treat it as a responsibility. Every form you fill, every detail you provide, and every question you ask becomes part of a secure ecosystem built around legal rights, consent, and professional care.

We want you to ask questions. We want you to seek clarifications. We want you to hold us accountable. Because this policy is not just a legal obligation for us—it is a reflection of the way we respect your time, your decisions, and your financial life.

If at any point you believe this trust is at risk, we encourage you to reach out. We will listen. We will respond. And we will act.

You have the right to privacy. We have the duty to protect it.