Sallfin Privacy Policy

Introduction

This Privacy Policy ("Policy") describes how Sallfin Financial Planning & Analysis ("Sallfin", "we", "us", or "our"), a financial advisory and FP&A services firm based in Bhubaneswar, India, collects, uses, stores, and discloses personal information.

It applies to all individuals who visit our website (sallfin.com), contact us for enquiries, engage our services, or interact with us through any channel.

We are committed to protecting your personal information and handling it in accordance with applicable Indian data protection laws, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), and any other applicable regulations.

By using our website or engaging our services, you consent to the practices described in this Policy.

Information We Collect

We collect personal information in the following contexts:

Website and Enquiry

When you visit our website or submit an enquiry, we may collect:

• Full name
• Business email address
• Phone number
• Company name and job title
• Nature of enquiry and any information you voluntarily share
• IP address, browser type, pages visited, and time spent on site (via cookies and analytics)

Client Engagement

When you engage our services, we collect information necessary to deliver those services, including:

• Contact and identification information (name, designation, official email, phone)
• Financial information you share for the purpose of FP&A, MIS, budgeting, or loan proposal work (such as P&L statements, balance sheets, cash flow data, revenue projections)
• Business and corporate information (company registration details, industry, ownership structure)
• Bank and lender details, where relevant to capex or loan proposal services

Recruitment

If you apply for a role at Sallfin, we collect your name, contact information, educational and professional background, and any other information you provide in your application.

How We Use Your Information

We use personal information for the following purposes:

• To respond to enquiries and communicate with prospective clients
• To deliver the FP&A, MIS, budgeting, forecasting, capex, and financial modelling services you have engaged us for
• To prepare financial reports, business plans, loan proposals, and other deliverables under our engagement
• To send you relevant updates, insights, or information about Sallfin services — with your consent, or where we have a legitimate interest
• To manage our internal business operations, billing, and engagement records
• To improve our website, content, and service quality
• To comply with legal and regulatory obligations
• To evaluate candidates for employment opportunities

We process your personal information only for the purposes described above. We will not use your financial or business information for any purpose other than delivering your requested service.

Legal Basis for Processing

We process your personal information on the following legal bases:

• Consent: Where you have given us explicit consent, such as when subscribing to updates or sharing sensitive financial data for an engagement
• Contract: Where processing is necessary to perform our services under a client engagement or respond to a pre-contractual request
• Legitimate interest: Where we have a legitimate business interest, such as communicating with prospects, improving our services, or maintaining records — provided this does not override your rights
• Legal obligation: Where we are required to retain or disclose information under applicable law

Financial and Sensitive Business Information

Much of the information you share with Sallfin in the course of an engagement is commercially sensitive — financial statements, projections, internal cost structures, banking relationships, and similar data. We treat all such information with strict confidentiality.

We do not share, disclose, sell, or use client financial or business data for any purpose other than delivering the service you have engaged us for. All client financial data is handled under the terms of any non-disclosure or engagement agreement in place between Sallfin and the client.

How We May Disclose Your Information

We do not sell your personal information. We may disclose your information only in the following limited circumstances:

• To trusted service providers who assist us in delivering our services (such as cloud storage, accounting software, or document management tools), subject to appropriate confidentiality obligations
• To banks, NBFCs, or financial institutions — but only where you have engaged us to prepare a loan or credit proposal, and only with your explicit direction
• To professional advisors (lawyers, auditors) where necessary for our legal or compliance obligations
• To law enforcement or regulatory authorities where required by applicable law, court order, or legal process
• In connection with a business transfer, merger, or acquisition — in which case the acquiring entity will be required to honour the commitments in this Policy

We will not disclose your financial or business data to any third party without your knowledge and, where required, your explicit consent.

Data Retention

We retain personal information for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The criteria we use to determine retention periods include:

• The duration of our ongoing client relationship or engagement
• Whether there is a legal or regulatory requirement to retain records for a specific period (for example, financial records under Indian tax or company law)
• Whether the information is needed to resolve disputes, enforce agreements, or defend legal claims

When personal information is no longer needed, we securely delete or anonymise it. Client financial data is typically retained for a minimum of seven years in line with standard accounting and tax record-keeping requirements in India.

Cookies and Website Analytics

Our website may use cookies and similar tracking technologies to understand how visitors use the site, improve its performance, and deliver relevant content. Cookies are small data files stored on your device by your browser. We may use the following types of cookies:

• Essential cookies: required for the website to function (e.g. session management)
• Analytics cookies: to understand visitor behaviour, pages visited, and traffic sources (e.g. Google Analytics)
• Preference cookies: to remember your settings or choices

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. We do not use cookies to track you across third-party websites.

Security

We take appropriate technical and organisational measures to protect personal information from unauthorised access, disclosure, alteration, or destruction. These measures include:

• Secure cloud storage with access controls
• Password protection and role-based access to client files
• Confidentiality obligations for all personnel who handle client data
• Use of encrypted communication channels where possible

While we take reasonable precautions, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected parties in the event of a data breach that poses a significant risk.

Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Right to access: You may request a copy of the personal information we hold about you
• Right to correction: You may request correction of inaccurate or incomplete information
• Right to erasure: You may request deletion of your personal information, subject to legal obligations that require us to retain it
• Right to restrict processing: You may ask us to restrict the processing of your personal information in certain circumstances
• Right to data portability: Where applicable, you may request your personal information in a structured, commonly used format
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Right to object: You may object to processing based on our legitimate interests

To exercise any of these rights, please contact us using the details in the Contact Us section below. We will respond within 30 days of receiving your request. We may need to verify your identity before acting on your request.

Children

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will delete it promptly.

Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party websites you visit.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal information, please contact us:

We aim to respond to all privacy-related queries within 30 days. For complaints relating to the handling of your data that remain unresolved, you may approach the appropriate authority under the Digital Personal Data Protection Act, 2023, once the relevant mechanisms are established.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where appropriate, notify you by email or a notice on our website.

We encourage you to review this Policy periodically to stay informed about how we protect your information.