Loading Live Prices...

Privacy Policy

1. Legal Status and Regulatory Position

Prithvi Exchange (India) Limited (“Prithvi Exchange”, “PEIL”, “Company”, “we”, “us”, or “our”) is a public company duly incorporated and existing under the provisions of the Companies Act, 2013. The Company is authorised by the Reserve Bank of India (“RBI”) to operate as an Authorized Dealer – Category II (“AD-II”) in accordance with the Foreign Exchange Management Act, 1999 (“FEMA”) and the rules, regulations, circulars, and directions issued thereunder.

As an AD-II licensee, the Company is permitted to undertake specified foreign exchange transactions and provide allied services strictly within the regulatory framework prescribed by RBI. All business operations of the Company—including the purchase and sale of foreign currency, remittance services, and other permitted financial activities—are conducted in compliance with:

    • Applicable RBI Master Directions and Circulars

    • FEMA and its subordinate legislation

    • The Companies Act, 2013 and applicable corporate governance requirements

    • Relevant data protection, information security, and consumer protection laws

This Privacy Policy (“Policy”) constitutes an essential component of the Company’s overall compliance, governance, risk management, and information security framework. It outlines the principles, obligations, and practices adopted by the Company to ensure lawful, transparent, and secure handling of personal data in the course of its regulated foreign exchange and related business activities.

2. Purpose and Objective

The purpose of this Privacy Policy (“Policy”) is to establish a clear, comprehensive, and legally compliant framework for the collection, processing, storage, use, disclosure, and protection of personal data handled by Prithvi Exchange (India) Limited. This Policy is designed to:

    • Ensure lawful, fair, and transparent processing of personal data by defining the principles and standards governing how personal information is collected, used, retained, and shared in the course of the Company’s regulated foreign exchange and allied business activities.

    • Safeguard the privacy, confidentiality, and security of personal information relating to customers, counterparties, employees, directors, agents, vendors, and all other stakeholders whose data is processed by the Company.

    • Establish clear accountability and responsibility for data protection across all levels of the organization, ensuring that employees and authorized personnel understand and adhere to their obligations regarding the handling of personal data.

    • Ensure compliance with applicable Indian laws and regulatory requirements including, but not limited to, the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (as and when notified), FEMA, RBI Master Directions, and other relevant financial sector regulations.

3. Scope and Applicability

This Privacy Policy (“Policy”) applies to the full lifecycle of personal data handled by Prithvi Exchange (India) Limited (“PEIL”) and governs all activities relating to its collection, use, processing, storage, disclosure, transfer, retention, and destruction. Specifically, this Policy applies to:

    • All categories of personal data and sensitive personal data or information processed by the Company in any form, whether collected directly from individuals or obtained through lawful third‑party sources, and whether processed manually or through automated systems.

    • All modes, channels, and technologies used for data collection and processing including digital platforms, mobile applications, websites, physical forms, email communications, telephonic interactions, CCTV systems, application programming interfaces (APIs), software tools, and third‑party integrations used in the course of business operations.

    • All individuals and entities acting on behalf of or in connection with PEIL including directors, officers, employees, contractual staff, agents, franchisees, authorised representatives, service providers, outsourcing partners, consultants, and any other third parties who access, handle, or process personal data for or on behalf of the Company.

Compliance with this Policy is mandatory, enforceable, and binding on all persons and entities to whom it applies. Any violation may result in disciplinary action, contractual consequences, or legal proceedings, as applicable under law and internal governance standards.

4. Applicable Laws and Regulatory Framework

This Privacy Policy (“Policy”) has been formulated in alignment with the legal and regulatory requirements governing the operations of Prithvi Exchange (India) Limited (“PEIL”). The Policy is framed in accordance with, and shall be interpreted in conformity with, the following laws, rules, and regulatory instruments, as amended from time to time:

    • Information Technology Act, 2000 including all provisions relating to electronic records, data protection obligations, and cybersecurity requirements.

    • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 prescribing standards for the lawful handling, protection, and disclosure of sensitive personal data or information.

    • Foreign Exchange Management Act, 1999 (“FEMA”) and allied rules, regulations, and notifications governing foreign exchange transactions, reporting obligations, and compliance requirements applicable to Authorized Dealer Category-II entities.

    • Reserve Bank of India (“RBI”) Master Directions, circulars, notifications, and guidelines applicable to AD-II licensees, including those relating to foreign exchange operations, customer due diligence, outsourcing, information security, and regulatory reporting.

    • Prevention of Money Laundering Act, 2002 (“PMLA”) and associated AML/CFT rules and guidelines including obligations relating to customer identification, record-keeping, suspicious transaction monitoring, and reporting to regulatory authorities.

    • Any other applicable laws, rules, regulations, or governmental/regulatory instructions issued by competent authorities in India that may govern or impact the processing of personal data by the Company.

This Policy shall be read harmoniously with all applicable statutory and regulatory requirements, and in the event of any conflict, the provisions of the governing law or regulatory directive shall prevail.

5. Definitions

For the purposes of this Privacy Policy (“Policy”), the following terms shall have the meanings assigned below:

    • Personal Data means any data, information, or combination of data that relates to an identified individual or an individual who is identifiable, directly or indirectly, by or in relation to such data, as interpreted under applicable Indian data protection laws.

    • Sensitive Personal Data includes personal information of a more confidential or sensitive nature such as financial information, bank account details, payment instrument details, official identifiers, biometric information, and any other category of data designated as “sensitive” under applicable laws, rules, or notifications.

    • Data Principal shall have the meaning assigned to it under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and refers to the individual to whom the personal data relates.

    • Processing means any operation or set of operations performed on personal data, whether by automated means or otherwise, including but not limited to collection, receipt, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, transfer, restriction, erasure, retention, archiving, or destruction.

6. Categories of Data Collected

Prithvi Exchange (India) Limited (“PEIL”) collects, receives, and processes various categories of personal data in the course of providing regulated foreign exchange and allied services. The nature and extent of data collected depend on the type of service availed, regulatory requirements, and operational needs. The categories of data may include, but are not limited to, the following:

6.1 Identity and Contact Data

This category includes information necessary to establish and verify the identity of an individual and to maintain communication. It may include:

    • Full legal name, aliases, and name as per official records identity verification details

    • Date of birth, age, gender, and nationality demographic identifiers

    • Photograph, signature, and specimen signature records authentication attributes

    • Residential, permanent, and correspondence addresses address information

    • Email address, mobile number, landline number, and emergency contact details communication information

This data is essential for customer onboarding, communication, and compliance with KYC norms.

6.2 KYC and Regulatory Data

As an AD‑II licensee, PEIL is legally required to collect and verify customer identity and conduct due diligence. This category includes:

    • Official identification documents, such as:
      • PAN
      • Aadhaar (where permitted under law)
      • Passport
      • Driving Licence
      • Voter ID

        • OCI/PIO cards government‑issued identifiers

    • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) information, including:
      • Risk categorization
      • Occupation and employer details
      • Residential status

        • Politically Exposed Person (PEP) status regulatory due‑diligence data

    • Source of funds and purpose of transaction details, including:
      • Income proofs
      • Salary slips
      • Business documents

        • Travel purpose declarations transaction justification information

    • Sanctions screening and AML/CFT compliance data, including:
      • Watchlist screening results

        • Suspicious transaction indicators AML compliance information

This data is collected strictly to comply with FEMA, PMLA, RBI Master Directions, and other regulatory obligations.

6.3 Financial and Transactional Data

This category includes information required to process financial transactions and maintain statutory records:

    • Bank account details, such as:
      • Account number
      • IFSC

        • Bank name and branch banking information

    • Payment instrument details, including:
      • Debit/credit card details (masked or tokenized where applicable)

        • UPI identifiers payment credentials

    • Foreign exchange transaction data, including:
      • Currency purchase/sale records
      • Remittance details
      • Beneficiary information

        • Transaction receipts and supporting documents regulated forex transaction data

    • Financial history and transaction patterns, including:
      • Frequency and volume of transactions

        • Historical transaction logs transactional behaviour data

This data is essential for executing transactions, preventing fraud, and meeting regulatory reporting requirements.

6.4 Technical and Usage Data

This category includes system‑generated or automatically collected data when individuals interact with PEIL’s digital platforms, systems, or networks:

    • Device and network identifiers, such as:
      • IP address
      • Device ID
      • MAC address

        • Browser type and version device fingerprint data

    • System logs and access records, including:
      • Login timestamps
      • Session duration

        • Authentication logs system activity information

    • Location data, such as:
      • GPS‑based location (where enabled)

        • Network‑based location geolocation information

    • Cookies, analytics, and usage metrics, including:
      • Clickstream data
      • User navigation patterns

        • Platform interaction behaviour digital usage analytics

This data helps ensure platform security, fraud prevention, service optimization, and compliance with IT security standards.

7. Lawful Basis and Purpose of Processing

Prithvi Exchange (India) Limited (“PEIL”) processes personal data strictly in accordance with applicable laws, regulatory obligations, and recognized principles of lawful, fair, and transparent data processing. Personal data is collected and processed only for legitimate business purposes, regulatory compliance, and functions integral to the Company’s operations as an Authorized Dealer – Category II. The lawful bases and purposes for processing include, but are not limited to, the following:

7.1 Onboarding, Identification, and Verification of Customers

Personal data is processed to:

    • establish the identity of customers, beneficiaries, and counterparties

    • conduct Know Your Customer (KYC), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD)

    • authenticate documents and verify credentials through permitted verification mechanisms

    • determine eligibility for availing foreign exchange and allied services

This processing is mandatory under FEMA, PMLA, RBI Master Directions, and other regulatory requirements.

7.2 Execution of Foreign Exchange and Allied Services

Personal data is processed to:

    • facilitate currency purchase/sale transactions

    • process inward and outward remittances

    • execute permitted foreign exchange services and related operational activities

    • maintain transaction records and supporting documentation

This processing is essential for the performance of a contract or service requested by the customer.

7.3 Compliance With Legal, Regulatory, and Statutory Obligations

Personal data is processed to comply with obligations under:

    • RBI regulations and Master Directions

    • FEMA and associated rules/notifications

    • PMLA and AML/CFT guidelines

    • Income‑tax, GST, and other taxation laws

    • Audit, inspection, and regulatory reporting requirements

This processing is mandatory and forms part of the Company’s statutory compliance framework.

7.4 Fraud Detection, Risk Management, and Transaction Monitoring

Personal data is processed to:

    • detect, prevent, and investigate fraud, suspicious activities, and financial crimes

    • conduct sanctions screening, risk scoring, and behavioural analysis

    • implement internal controls, security measures, and risk‑mitigation frameworks

This processing is necessary for legitimate business interests and regulatory compliance.

7.5 Customer Communication, Support, and Service Improvement

Personal data is processed to:

    • communicate transaction updates, alerts, confirmations, and service‑related information

    • respond to queries, grievances, and customer support requests

    • improve service quality, operational efficiency, and user experience

This processing is based on contractual necessity and legitimate business interests.

7.6 Internal Reporting, MIS, Inspections, and Regulatory Submissions

Personal data is processed to:

    • prepare internal reports, dashboards, and management information systems (MIS)

    • support internal audits, compliance reviews, and risk assessments

    • respond to inspections, inquiries, and information requests from regulators

This processing is required for internal governance and regulatory compliance.

7.7 Marketing and Promotional Communication (Consent‑Based)

Personal data may be processed to:

    • send marketing messages, promotional offers, and service‑related updates

    • conduct customer engagement initiatives and loyalty programs

Such processing is undertaken only where explicit, informed, and revocable consent has been obtained from the Data Principal, in accordance with the DPDP Act.

8. Consent Management

Where the processing of personal data by Prithvi Exchange (India) Limited (“PEIL”) is based on consent, such consent shall be obtained, managed, and recorded in accordance with applicable laws and recognized data‑protection principles. The Company adopts the following standards for consent‑based processing:

8.1 Nature and Quality of Consent

Consent obtained from the Data Principal shall be:

    • Free – provided voluntarily, without coercion, undue influence, or misrepresentation.

    • Informed – based on clear disclosure of the purpose, nature of data collected, and the manner of processing.

    • Specific – limited to the particular purpose(s) for which consent is sought and not bundled with unrelated terms.

    • Unambiguous – expressed through a clear affirmative action, ensuring there is no implied or assumed consent.

The Company shall not rely on pre‑ticked boxes, silence, or inactivity as valid consent.

8.2 Withdrawal of Consent

    • The Data Principal may withdraw consent at any time, using the mechanisms provided by the Company, subject to statutory, contractual, and regulatory limitations.

    • Upon withdrawal, the Company shall cease processing the personal data for the purpose for which consent was originally granted, unless such processing is required under law or permitted on another lawful basis.

    • Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.

8.3 Impact of Withdrawal

    • Where certain services or transactions legally require the processing of personal data (e.g., KYC, CDD, AML/CFT compliance), withdrawal of consent may result in:
      • inability to provide or continue the service,
      • suspension or termination of the relationship, or

        • refusal to process further transactions.

    • The Company shall inform the Data Principal of such consequences at the time of withdrawal.

8.4 Record‑Keeping and Auditability

    • The Company shall maintain verifiable records of consent obtained, modified, or withdrawn, in accordance with regulatory and audit requirements.

    • Consent logs may be retained for compliance, dispute resolution, and regulatory inspection purposes.

9. Disclosure and Data Sharing

Prithvi Exchange (India) Limited (“PEIL”) may disclose or share personal data only in accordance with applicable laws, regulatory requirements, contractual obligations, and the principles of necessity, proportionality, and confidentiality. All disclosures are made strictly on a need‑to‑know and purpose‑limited basis, ensuring that only the minimum data required for the intended purpose is shared.

Personal data may be disclosed to the following categories of recipients:

9.1 Regulatory, Statutory, Judicial, and Law Enforcement Authorities

Personal data may be shared with:

    • the Reserve Bank of India (RBI)

    • Enforcement Directorate (ED), Financial Intelligence Unit (FIU‑IND), and other AML/CFT authorities

    • Income Tax Department, GST authorities, and other taxation bodies

    • Courts, tribunals, and judicial/quasi‑judicial authorities

    • Police, cybercrime units, and other law enforcement agencies

Such disclosures are made only when required under law, pursuant to statutory obligations, regulatory inspections, supervisory reviews, or lawful requests.

9.2 Auditors, Legal Advisors, Consultants, and Professional Service Providers

Personal data may be shared with:

    • statutory auditors, internal auditors, and audit firms

    • legal counsel and law firms

    • compliance advisors, risk consultants, and professional service providers

These disclosures are made to support audits, legal proceedings, compliance reviews, dispute resolution, and advisory services, subject to strict confidentiality and non‑disclosure obligations.

9.3 IT Service Providers, Technology Partners, and Outsourcing Vendors

Personal data may be shared with:

    • IT infrastructure providers, cloud service providers, and cybersecurity vendors

    • software vendors, API partners, and digital platform operators

    • payment processors, banks, and financial intermediaries

    • outsourced service providers engaged for operational, technical, or support functions

All such third parties are bound by contractual data protection obligations, including:

    • confidentiality agreements

    • data processing agreements

    • information security standards

    • audit and monitoring rights

Disclosures are limited to what is necessary for service delivery, system maintenance, fraud prevention, or operational continuity.

9.4 Group Entities, Affiliates, and Business Partners

Where permitted under applicable law, personal data may be shared with:

    • group companies

    • affiliates

    • authorised business partners

Such sharing is limited to legitimate business purposes, regulatory compliance, consolidated reporting, or service facilitation, and is subject to appropriate safeguards and intra‑group data‑sharing controls.

9.5 Safeguards Governing All Disclosures

All disclosures of personal data are governed by:

    • confidentiality obligations

    • contractual data protection clauses

    • technical and organizational security measures

    • access controls and audit trails

    • compliance with RBI outsourcing guidelines and IT security norms

PEIL does not sell, trade, or rent personal data to any third party under any circumstances.

10. Cross‑Border Transfer of Data

Prithvi Exchange (India) Limited (“PEIL”) may transfer personal data outside India only in circumstances permitted under applicable laws and subject to strict regulatory, contractual, and security safeguards. Any cross‑border transfer of personal data shall be undertaken with due regard to the sensitivity of the data, the purpose of transfer, and the legal requirements governing such transfers.[MK2] 

10.1 Compliance With Applicable Laws and Regulatory Requirements

Where personal data is transferred outside India, such transfer shall be carried out strictly in accordance with:

    • applicable provisions of the Digital Personal Data Protection Act, 2023,

    • the Information Technology Act, 2000 and the SPDI Rules,

    • RBI Master Directions, circulars, and guidelines applicable to AD‑II entities,

    • FEMA and related regulatory instructions,

    • any other statutory or regulatory restrictions governing offshore data storage or processing.

Cross‑border transfers shall be permitted only where the transfer is lawful, necessary, and consistent with regulatory expectations.

10.2 Contractual, Organizational, and Technical Safeguards

Before transferring personal data outside India, PEIL shall ensure that:

    • appropriate contractual safeguards are in place, including data‑processing agreements, confidentiality clauses, and obligations to maintain equivalent levels of protection;

    • technical safeguards such as encryption, secure transmission protocols, access controls, and data minimization measures are implemented;

    • organizational safeguards such as due‑diligence assessments, vendor risk evaluations, and ongoing monitoring of third‑party compliance are maintained.

These safeguards ensure that the recipient provides a level of protection comparable to that required under Indian law.

10.3 Transfer for Regulatory, Operational, or Service‑Delivery Purposes

Cross‑border transfers may occur for:

    • processing transactions through international payment networks or correspondent banks,

    • technology support, cloud hosting, or IT infrastructure located outside India,

    • regulatory reporting or compliance with lawful requests from foreign authorities (where permitted by Indian law),

    • outsourcing arrangements involving offshore service providers.

Such transfers are limited to the minimum data necessary for the intended purpose.

10.4 Accountability and Oversight

PEIL shall remain responsible and accountable for personal data transferred outside India and shall ensure:

    • continuous monitoring of third‑party compliance,

    • auditability of data flows,

    • adherence to RBI’s outsourcing and information‑security guidelines,

    • immediate remediation in case of breach or non‑compliance.

11. Data Retention and Destruction

Prithvi Exchange (India) Limited (“PEIL”) retains personal data only for the duration necessary to fulfil the lawful, regulatory, contractual, and operational purposes for which such data was collected. All retention and destruction activities are guided by the principles of necessity, proportionality, purpose limitation, storage limitation, and accountability, ensuring that personal data is not retained longer than required and is disposed of securely and responsibly.

PEIL maintains a structured Data Retention and Destruction Framework, which includes retention schedules, classification standards, destruction protocols, and audit mechanisms to ensure compliance with applicable laws and regulatory expectations.

11.1 Statutory and Regulatory Retention Requirements

PEIL is obligated to retain certain categories of personal data for minimum periods prescribed under Indian laws and regulatory frameworks. These include, but are not limited to:

    • Reserve Bank of India (RBI) Master Directions for AD‑II entities requiring retention of KYC documents, transaction records, and operational logs for specified durations.

    • Foreign Exchange Management Act (FEMA) and associated rules/notifications mandating retention of foreign exchange transaction records, supporting documents, and reporting data.

    • Prevention of Money Laundering Act (PMLA) and AML/CFT guidelines requiring retention of customer identification data, transaction records, and suspicious transaction reports for prescribed periods.

    • Income‑tax, GST, and other taxation laws requiring retention of financial records, invoices, and statutory filings.

    • Audit, inspection, and regulatory reporting requirements including retention of internal audit reports, compliance reviews, and regulatory submissions.

These laws may mandate retention for fixed minimum periods, often ranging from 5 to 10 years, depending on the nature of the record. PEIL strictly adheres to these statutory timelines and updates its retention schedule as laws evolve.

11.2 Retention for Legitimate Business Purposes

In addition to statutory requirements, PEIL may retain personal data for legitimate internal purposes, including:

    • Operational continuity and reconciliation ensuring accurate processing, settlement, and verification of transactions.

    • Fraud detection, dispute resolution, and chargeback handling retaining data necessary to investigate anomalies, resolve customer disputes, and support legal claims.

    • Internal audits, compliance reviews, and risk assessments supporting governance, internal control frameworks, and enterprise risk management.

    • Historical analysis, MIS, and business intelligence where feasible, such data is retained in anonymized or aggregated form to eliminate personal identifiers.

Retention for business purposes is always:

    • time‑bound,

    • purpose‑specific, and

    • aligned with internal data governance policies.

11.3 Secure Deletion, Anonymization, or Destruction

Upon expiry of the applicable retention period, PEIL ensures that personal data is disposed of securely using industry‑standard methods. The Company adopts a multi‑layered destruction protocol, which includes:

Secure Deletion

    • Digital data is deleted using methods that prevent recovery, including secure overwriting, cryptographic erasure, or secure wiping tools.

    • Deleted data is verified to ensure it cannot be reconstructed or retrieved.

Irreversible Anonymization

    • Where continued use of data is required for analytics, reporting, or historical trend analysis, personal identifiers are removed or masked.

    • Anonymization techniques ensure that individuals cannot be re‑identified, directly or indirectly.

Physical Destruction

    • Physical records (e.g., forms, photocopies, KYC documents) are destroyed using approved methods such as shredding, pulping, or incineration.

    • Storage media (e.g., hard drives, USB devices) are destroyed using degaussing or physical crushing.

Governance of Destruction Activities

All destruction activities are:

    • documented, including date, method, and responsible personnel

    • auditable, with logs maintained for regulatory inspection

    • performed in accordance with IT security standards, including RBI’s cybersecurity and outsourcing guidelines

    • monitored by the Information Security and Compliance teams to ensure adherence to policy

11.4 Suspension of Deletion in Special Circumstances

PEIL may temporarily suspend deletion of personal data where:

    • the data is required for ongoing investigations, regulatory inquiries, or enforcement actions

    • the data is subject to a legal hold, preservation order, or litigation requirement

    • retention is necessary to comply with directions from courts, regulators, or law enforcement agencies

During such suspension:

    • data is securely preserved,

    • access is restricted on a need‑to‑know basis, and

    • deletion resumes once the legal or regulatory requirement ceases.

11.5 Accountability and Oversight

PEIL maintains a robust governance structure to ensure compliance with retention and destruction obligations. This includes:

    • a formal data retention schedule, mapped to legal, regulatory, and business requirements

    • internal controls to monitor adherence to retention timelines

    • periodic audits of retention and destruction practices

    • audit trails for all deletion, anonymization, and destruction activities

    • oversight by the Data Protection Officer (where applicable), Compliance Department, and Information Security teams

The Company remains fully accountable for ensuring that personal data is retained only for the required duration and is destroyed securely and responsibly thereafter.

12. Information Security Measures

Prithvi Exchange (India) Limited (“PEIL”) implements a comprehensive Information Security Management Framework designed to ensure the confidentiality, integrity, availability, and resilience of personal data and information assets. The Company adopts reasonable security practices and procedures as required under applicable laws, RBI guidelines, and industry best practices. These measures include administrative, technical, and physical safeguards proportionate to the sensitivity of the data and the risks associated with processing activities.

12.1 Administrative Controls

PEIL maintains robust administrative and organizational measures, including:

    • Information Security Policies and Procedures documented policies covering data protection, access control, acceptable use, incident response, vendor management, and cybersecurity.

    • Role‑based responsibilities and governance structure including oversight by senior management, compliance teams, and information security officers.

    • Employee background verification for personnel handling sensitive data, in line with regulatory expectations.

    • Mandatory training and awareness programs covering data privacy, cybersecurity hygiene, phishing prevention, and secure handling of customer information.

    • Vendor and outsourcing risk management including due diligence, contractual safeguards, and periodic performance/security reviews in accordance with RBI’s outsourcing guidelines.

12.2 Technical Controls

PEIL deploys advanced technical safeguards to protect data across systems, networks, and digital platforms, including:

    • Access control mechanisms such as role‑based access control (RBAC), least‑privilege principles, multi‑factor authentication (MFA), and periodic access reviews.

    • Encryption and secure transmission including encryption of data at rest and in transit, secure communication protocols (TLS/SSL), and cryptographic key management.

    • Network and infrastructure security including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, anti‑malware tools, and secure configuration baselines.

    • Data loss prevention (DLP) mechanisms to prevent unauthorized copying, transfer, or leakage of sensitive information.

    • Logging, monitoring, and audit trails capturing system activity, access logs, and security events for real‑time monitoring and forensic analysis.

    • Secure software development practices including vulnerability assessments, code reviews, and patch management.

12.3 Physical Security Controls

PEIL ensures physical protection of premises, systems, and storage environments through:

    • Restricted access to sensitive areas using ID cards, biometric authentication, visitor logs, and surveillance systems.

    • Secure storage of physical documents including locked cabinets, controlled access rooms, and secure archival facilities.

    • Environmental controls such as fire suppression systems, temperature/humidity controls, and uninterrupted power supply (UPS).

    • Protection of hardware and removable media through secure disposal, controlled issuance, and tracking mechanisms.

12.4 Monitoring, Audits, and Compliance Reviews

To ensure continuous security assurance, PEIL conducts:

    • Periodic internal and external audits covering IT systems, cybersecurity controls, and data protection practices.

    • Vulnerability assessments and penetration testing (VAPT) performed at regular intervals and after major system changes.

    • Continuous monitoring of systems and networks for anomalies, unauthorized access attempts, and suspicious activities.

    • Compliance reviews aligned with RBI guidelines, IT Act requirements, and internal policies.

12.5 Incident Management and Escalation Mechanisms

PEIL maintains a structured Incident Response and Management Framework, which includes:

    • Incident detection and reporting mechanisms enabling employees, systems, and monitoring tools to flag potential security events.

    • Internal escalation protocols ensuring timely notification to designated teams, senior management, and regulators (where required).

    • Containment, investigation, and remediation procedures to minimize impact, identify root causes, and implement corrective actions.

    • Post‑incident reviews to strengthen controls, update policies, and prevent recurrence.

    • Customer communication protocols where disclosure is required under law or regulatory direction.

12.6 Continuous Improvement

PEIL regularly updates its security measures to address:

    • emerging cyber threats,

    • technological advancements,

    • regulatory changes, and

    • results of audits, assessments, and incident reviews.

The Company is committed to maintaining a resilient, secure, and compliant information security environment.

13. Rights of Data Principals (Deep and Comprehensive Version)

Subject to applicable laws, regulatory requirements, and contractual obligations, individuals whose personal data is processed by Prithvi Exchange (India) Limited (“PEIL”) (“Data Principals”) are entitled to exercise certain rights relating to their personal data. These rights are designed to promote transparency, fairness, and accountability in the processing of personal information.

The ability to exercise these rights may be limited where processing is mandated by law, required for regulatory compliance, or necessary for the performance of a lawful function of PEIL as an Authorized Dealer – Category II.

13.1 Right to Access Personal Data

Data Principals have the right to:

    • request confirmation on whether their personal data is being processed

    • obtain a summary or description of the categories of personal data held

    • seek information on the purposes of processing and categories of recipients

Access may be restricted where disclosure:

    • is prohibited under law,

    • may compromise regulatory investigations, AML/CFT controls, or security protocols,

    • involves confidential internal assessments or proprietary information.

13.2 Right to Correction and Updating of Personal Data

Data Principals have the right to:

    • request correction of inaccurate, incomplete, or outdated personal data

    • update contact details, identity information, or supporting documents

PEIL may require:

    • verification of identity,

    • submission of supporting documents,

    • compliance with KYC norms before effecting corrections.

Corrections may be declined where:

    • the data is required to be retained in its original form for regulatory or audit purposes,

    • modification would violate statutory record‑keeping obligations.

13.3 Right to Withdraw Consent

Where processing is based on consent, Data Principals may:

    • withdraw consent at any time through designated channels

    • request cessation of processing for the specific purpose for which consent was granted

However:

    • withdrawal does not affect the lawfulness of processing already carried out

    • withdrawal may result in discontinuation of services where processing is legally required (e.g., KYC, CDD, AML/CFT compliance)

PEIL will inform the Data Principal of any consequences arising from withdrawal.

13.4 Right to Grievance Redressal

Data Principals have the right to:

    • raise concerns, complaints, or grievances regarding the processing of their personal data

    • seek timely resolution through the Company’s designated grievance redressal mechanism

PEIL shall:

    • acknowledge grievances within the timelines prescribed under applicable law

    • provide a resolution or response within a reasonable period

    • escalate unresolved matters to senior compliance personnel or statutory authorities where required

13.5 Limitations and Regulatory Restrictions

The exercise of rights may be restricted where:

    • processing is required under FEMA, PMLA, RBI Master Directions, or other applicable laws

    • data must be retained for statutory audits, regulatory reporting, or law enforcement purposes

    • responding to a request may compromise fraud detection, AML/CFT controls, or security measures

    • the request is manifestly unfounded, excessive, or repetitive

In such cases, PEIL shall provide a lawful justification for declining or limiting the request.

14. Cookies and Tracking Technologies

Prithvi Exchange (India) Limited (“PEIL”) may use cookies and other tracking technologies on its digital platforms—including websites, mobile applications, and online service interfaces—to enhance user experience, improve functionality, and support security and analytics. These technologies help the Company understand how users interact with its platforms and enable the delivery of reliable, secure, and optimized services.

14.1 Types of Cookies and Tracking Technologies Used

PEIL may deploy one or more of the following technologies:

a. Essential or Strictly Necessary Cookies

Used to enable core platform functions such as:

    • secure login and authentication

    • session management

    • fraud prevention and security monitoring

    • enabling essential features required for service delivery

These cookies are necessary for the platform to function properly and cannot be disabled through general cookie settings.

b. Functional Cookies

Used to enhance user experience by remembering:

    • user preferences

    • language settings

    • previously selected options

    • customized interface features

These cookies improve convenience and personalization.

c. Performance and Analytics Cookies

Used to collect aggregated, anonymized information about:

    • website/app usage patterns

    • page performance

    • error diagnostics

    • user navigation behaviour

This data helps PEIL improve platform performance, detect issues, and optimize service delivery.

d. Advertising or Marketing Cookies (Consent‑Based)

Used only where explicit consent is obtained. These may:

    • track user interactions across websites

    • support targeted or interest‑based advertising

    • measure the effectiveness of marketing campaigns

PEIL does not use such cookies without clear, informed, and revocable consent.

e. Web Beacons, Pixel Tags, and Similar Technologies

Used to:

    • track email engagement

    • measure digital campaign performance

    • support analytics and reporting

These technologies operate in conjunction with cookies.

14.2 Purpose of Using Cookies and Tracking Technologies

PEIL uses cookies and similar tools for the following purposes:

    • Enhancing platform functionality and ensuring smooth user experience

    • Maintaining security, detecting anomalies, and preventing fraudulent activities

    • Monitoring usage patterns to improve website/app performance

    • Supporting customer service, troubleshooting, and technical diagnostics

    • Conducting analytics to understand user behaviour and improve service offerings

    • Facilitating consent‑based marketing and communication activities

All usage is aligned with the principles of transparency, purpose limitation, and data minimization.

14.3 User Control and Cookie Preferences

Users may manage or disable cookies through their browser or device settings. Depending on the browser, users may:

    • block all cookies

    • allow only certain types of cookies

    • delete existing cookies

    • receive alerts before cookies are stored

However:

    • disabling essential cookies may impact the functionality, security, or availability of certain services

    • some features may not operate as intended if cookies are restricted

PEIL provides clear information on cookie usage and, where required, obtains consent before deploying non‑essential cookies.

14.4 Third‑Party Cookies and Integrations

Certain cookies may be placed by third‑party service providers, such as:

    • analytics platforms

    • payment gateways

    • advertising partners (consent‑based)

    • embedded content providers

All third‑party cookies are subject to contractual safeguards, and PEIL ensures that such providers maintain adequate data protection standards.

14.5 Transparency and Updates

PEIL may update its cookie practices periodically to reflect:

    • changes in technology

    • regulatory developments

    • enhancements to digital platforms

Any material changes will be communicated through updated notices on the Company’s digital interfaces.

15. Children’s Data

Prithvi Exchange (India) Limited (“PEIL”) is committed to protecting the privacy and safety of children’s [MK3] personal data. The Company does not knowingly collect, process, or store personal data of children except where such processing is explicitly required under applicable law and is carried out with appropriate safeguards and lawful consent mechanisms.

15.1 No Intentional Collection of Children’s Data

PEIL’s services are primarily intended for adults who are legally competent to enter into financial transactions. Accordingly:

    • The Company does not knowingly solicit, collect, or process personal data of children.

    • Digital platforms, forms, and service channels are not designed for direct use by children without parental involvement.

    • If the Company becomes aware that personal data of a child has been collected inadvertently, such data shall be securely deleted, unless retention is required by law.

15.2 Processing Where Required Under Law

In limited circumstances, PEIL may be required to process children’s data, such as:

    • when a minor is a beneficiary of a remittance or foreign exchange transaction

    • when regulatory requirements mandate identification of a minor for KYC, FEMA, or PMLA compliance

    • when a minor’s details are included in travel‑related documentation or supporting records

In such cases, processing is strictly purpose‑limited and governed by statutory obligations.

15.3 Parental or Guardian Consent

Where processing of a child’s personal data is legally permitted or required:

    • PEIL shall obtain verifiable consent from the child’s parent or lawful guardian

    • Consent shall be informed, specific, and documented

    • The Company may require submission of documents establishing parental/guardian authority

No processing of a child’s data shall occur without such consent, unless expressly exempted under law.

15.4 Additional Safeguards for Children’s Data

Where children’s data is processed, PEIL implements enhanced safeguards, including:

    • restricted access controls ensuring only authorized personnel may view or process such data

    • purpose limitation, ensuring data is used only for the specific regulatory or transactional requirement

    • heightened security measures to prevent unauthorized access, misuse, or disclosure

    • strict retention limits, ensuring data is not stored longer than necessary

These safeguards reflect the heightened sensitivity associated with children’s personal information.

15.5 Withdrawal of Consent and Rights of Guardians

Parents or lawful guardians may:

    • request access to the child’s personal data

    • request correction of inaccurate information

    • withdraw consent for processing (subject to regulatory requirements)

PEIL may restrict such requests where data must be retained or processed under FEMA, PMLA, RBI Master Directions, or other applicable laws.

16. Data Breach Management

Prithvi Exchange (India) Limited (“PEIL”) maintains a structured and proactive Data Breach Management Framework to detect, respond to, mitigate, and report personal data breaches in a timely and compliant manner. The Company recognizes that breaches—whether accidental, unauthorized, or malicious—pose significant risks to individuals, regulatory compliance, and operational integrity. Accordingly, PEIL adopts a multi‑layered approach to breach preparedness, response, and remediation.

16.1 Identification and Detection of Breaches

PEIL employs continuous monitoring mechanisms to detect potential or actual data breaches, including:

    • automated alerts from security systems, firewalls, IDS/IPS, and endpoint protection tools

    • anomaly detection through log monitoring and behavioural analytics

    • internal reporting channels for employees, vendors, and partners

    • periodic vulnerability assessments and penetration testing

A breach may include unauthorized access, disclosure, alteration, loss, destruction, or unavailability of personal data.

16.2 Immediate Containment and Remedial Measures

Upon detection of a suspected or confirmed breach, PEIL shall:

    • activate its Incident Response Team (IRT)

    • isolate affected systems to prevent further compromise

    • secure backup data and initiate system recovery protocols

    • apply patches, revoke credentials, or block malicious access

    • conduct preliminary assessment to determine the scope, nature, and impact

The objective is to contain the breach swiftly, minimize harm, and restore normal operations.

16.3 Impact Assessment and Root Cause Analysis

PEIL conducts a structured assessment to determine:

    • categories and volume of personal data affected

    • sensitivity of the compromised data

    • number and identity of affected individuals

    • potential harm, including financial, reputational, or privacy risks

    • whether the breach resulted from system failure, human error, or malicious activity

A detailed root cause analysis (RCA) is performed to identify underlying vulnerabilities and prevent recurrence.

16.4 Notification to Regulatory Authorities

Where required under applicable law or regulatory direction, PEIL shall notify:

    • Reserve Bank of India (RBI)

    • Computer Emergency Response Team – India (CERT‑In)

    • Data Protection Board of India (when applicable under the DPDP Act)

    • any other statutory or supervisory authority with jurisdiction

Notifications shall be made within prescribed timelines and shall include:

    • nature and cause of the breach

    • categories of data affected

    • remedial actions taken

    • potential impact and mitigation measures

PEIL ensures full cooperation with regulatory investigations and follow‑up actions.

16.5 Notification to Affected Individuals

Where legally required or where the breach poses a significant risk to individuals, PEIL shall:

    • notify affected Data Principals in a clear and timely manner

    • provide information on the nature of the breach and potential risks

    • advise on precautionary steps to mitigate harm

    • offer support channels for queries or assistance

Notifications are made using appropriate communication channels such as email, SMS, or written communication.

16.6 Documentation and Internal Record‑Keeping

PEIL maintains comprehensive internal records of all data breach incidents, including:

    • incident description and timeline

    • systems and data affected

    • containment and remediation actions

    • RCA findings and corrective measures

    • regulatory notifications and responses

    • lessons learned and policy updates

These records support audits, regulatory inspections, and continuous improvement.

16.7 Post‑Incident Review and Preventive Measures

Following resolution of a breach, PEIL conducts a post‑incident review to:

    • evaluate the effectiveness of the response

    • update security controls, policies, and procedures

    • strengthen employee training and awareness

    • enhance monitoring, detection, and prevention mechanisms

The Company is committed to continuous improvement of its cybersecurity and data protection posture.

17. Amendments and Review

Prithvi Exchange (India) Limited (“PEIL”) is committed to maintaining a Privacy Policy that remains accurate, transparent, and aligned with evolving legal, regulatory, technological, and operational requirements. Accordingly, this Policy is subject to periodic review and may be amended, updated, or supplemented from time to time.

17.1 Periodic Review and Governance

This Policy shall undergo:

    • regular internal reviews conducted by the Compliance, Legal, and Information Security teams

    • annual assessments to ensure alignment with current laws, RBI guidelines, and industry best practices

    • event‑driven reviews triggered by significant changes in business processes, technology platforms, or regulatory developments

These reviews ensure that the Policy remains current, effective, and reflective of PEIL’s data protection obligations.

17.2 Amendments Due to Legal or Regulatory Changes

The Policy may be amended to reflect:

    • changes in applicable laws, including the DPDP Act, IT Act, FEMA, PMLA, and taxation laws

    • updates to RBI Master Directions, circulars, and supervisory expectations

    • new or revised government notifications, judicial pronouncements, or regulatory advisories

Such amendments ensure continued compliance with statutory and regulatory requirements.

17.3 Amendments Due to Operational or Technological Changes

The Policy may also be updated to address:

    • introduction of new products, services, or digital platforms

    • changes in data processing practices, outsourcing arrangements, or IT infrastructure

    • enhancements to information security, risk management, or internal control frameworks

These updates ensure that the Policy accurately reflects PEIL’s operational realities.

17.4 Communication of Updates

PEIL shall ensure that:

    • updated versions of the Policy are published on the Company’s official website and digital platforms

    • material changes are communicated through appropriate channels, where required

    • the effective date of each version is clearly indicated

Continued use of the Company’s services after publication of an updated Policy shall constitute deemed acceptance of the revised terms, to the extent permitted by law.

17.5 Version Control and Record‑Keeping

PEIL maintains:

    • version histories of all prior iterations of the Policy

    • internal documentation of amendments, including rationale and approval records

    • audit trails demonstrating compliance with review and update procedures

This ensures transparency, accountability, and regulatory readiness.

18. Grievance Redressal and Contact Details

Prithvi Exchange (India) Limited (“PEIL”) is committed to ensuring that queries, requests, and grievances relating to this Privacy Policy or the processing of personal data are addressed promptly, fairly, and in compliance with applicable laws and regulatory requirements.

18.1 Designated Grievance Officer / Privacy Officer

In accordance with the provisions of the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable RBI guidelines, PEIL has designated a Grievance Officer / Privacy Officer to oversee data protection compliance and grievance redressal.

Contact Details: Grievance Officer / Privacy Officer Prithvi Exchange (India) Limited Email: [●] (Additional contact details such as phone number or postal address may be provided where required by law or regulatory direction.)

18.2 Scope of Grievance Handling

The Grievance Officer shall be responsible for addressing matters relating to:

    • requests for access, correction, or updating of personal data

    • withdrawal of consent and related consequences

    • concerns regarding data retention, deletion, or destruction

    • complaints relating to data breaches, misuse, or unauthorized disclosure

    • general queries regarding the Company’s privacy practices and this Policy

18.3 Timelines for Response

    • Grievances shall be acknowledged within the timelines prescribed under applicable law (e.g., within 24–48 hours of receipt).

    • A substantive response or resolution shall be provided within a reasonable period, typically 30 days, unless extended due to complexity or regulatory requirements.

    • Where resolution requires coordination with regulators or third parties, the Data Principal shall be informed of the expected timeline.

18.4 Escalation Mechanism

If a grievance is not satisfactorily resolved:

    • Data Principals may escalate the matter to senior compliance officials within PEIL.

    • Where applicable, grievances may be referred to the Data Protection Board of India, RBI, or other statutory authorities.

    • PEIL shall cooperate fully with regulatory authorities in grievance investigations and resolution.

18.5 Record‑Keeping and Accountability

PEIL maintains:

    • logs of grievances received, actions taken, and resolutions provided

    • audit trails for grievance handling activities

    • periodic reviews of grievance trends to strengthen internal controls and improve customer experience

This ensures that grievance redressal is transparent, accountable, and compliant with both statutory obligations and industry best practices.

Legal Status of This Privacy Policy

This Privacy Policy constitutes a legally binding document and forms an integral part of Prithvi Exchange (India) Limited’s (“PEIL”) overall governance, risk, and compliance framework. It shall be read in conjunction with the Company’s internal policies, regulatory obligations, and operational procedures. Compliance with this Policy is mandatory for all employees, officers, contractors, service providers, and any third parties who process personal data on behalf of PEIL.

The Policy is enforceable under applicable laws and regulatory guidelines, and any breach or non‑compliance may result in disciplinary action, contractual consequences, or regulatory reporting, as required.

PRITHVI EXCHANGE INDIA LIMITED,
Gee Gee Universal , 2nd Floor, Door No. 2, Mc Nichols Road, Chetpet, Chennai -600031
E-mail: [email protected]
Landline: 044-43434250
Phone : +91 7401515155
CIN: L30006TN1995PLC031931

Facebook Instagram Youtube Linkedin X-twitter

Quick Links

Our Services

Newsletter

Fill in the form and subscribe to our newsletter. 

Copyright © 2025 Prithvi Exchange. All Rights reserved.
Disclaimer | Terms & Conditions | Privacy policy | Cancellation & Refund Policy