Souveira Ventures Privacy Policy

1. Introduction and Scope

1.1. Policy Purpose

This Privacy Policy explains how Souveira Ventures ("Company", "we", "us", "our") collects, uses, discloses, and protects your Personal Data and business contact information in relation to your use of our Site and Services.

1.2. Commitment to Privacy

We are committed to protecting your privacy and complying with applicable data protection laws in India, including the Information Technology Act, 2000, and its accompanying rules, and, where applicable, the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1.3. Applicability

This Policy applies to all Users ("you", "your") accessing our Site and using our Services, including the WhatsApp-based B2B solution, payment gateway, Affiliate Promotions, and the Live Demo portal (when launched).

1.4. Data Collection Principle

We generally do not collect Personal Data purely from a website visit unless you voluntarily interact with a feature, such as filling out a form or engaging with a Service.

2. Definitions

Personal Data: Any information that relates to an identified or identifiable natural person or business contact, including, but not limited to, name, email address, telephone number, business name, communication logs, and message recipients.

Sensitive Personal Data or Information (SPDI): Personal Data consisting of password; financial information (e.g., bank account or credit card details); physical, physiological, or mental health condition; sexual orientation; medical records; biometric information; or any details relating to the above, as defined under Indian law.

3. Data We Collect

3.1. Voluntarily Provided Data

We collect Personal Data when you voluntarily provide it to us, specifically when you:

• Fill in a contact, enquiry, or registration form on the Site.
• Register for or utilise our Service.
• Make a payment via the integrated payment gateway.

3.2. Categories of Data Collected

Depending on your interaction with the Site or Service, the collected data may include:

• Contact/Business Data: Your name, business name, official/business contact number, email address, and postal address.
• Service Data: Business contact person details, message recipient lists, and message content/logs necessary for the operation of the WhatsApp business solution and the Live Demo portal.
• Payment Data: Transaction details (e.g., amount, date/time, billing address) and a unique payment instrument identifier (though we do not store full payment card details, as this is managed by the third-party payment processor).
• Usage Data (Live Demo/Service): Message logs, timestamps, device/browser metadata, and IP address for audit, security, and risk-management purposes related to the Live Demo portal (once available).

3.3. SPDI Collection

We endeavour not to collect SPDI unless it is strictly necessary for the provision of the Service and only with your explicit consent.

4. Purpose of Data Collection and Use

We collect and process your data for the following legitimate business purposes and to fulfill our legal obligations:

• To Provide the Service: Including onboarding, account management, configuring the WhatsApp business solution, and executing message transmission on your behalf.
• Payment Processing: To process and record transactions made through the integrated PhonePe payment gateway or other methods, and for billing purposes.
• Affiliate Management: To track and manage affiliate partner relationships, referral commissions, and settlements.
• Security and Audit: To operate, maintain, and secure the Live Demo portal (once launched), and for audit, logging, and compliance with Meta/WhatsApp platform guidelines.
• Legal Compliance: To comply with applicable laws, regulations, and audit requirements.
• Communication: To communicate with you regarding your account, Service updates, and promotional offers where permitted by law and your preferences.

4.3. Data Retention

We will only retain your data for as long as necessary to fulfil the purposes outlined in this Policy, or as required by legal, regulatory, or contractual obligations.

5. Legal Basis for Processing and Consent

5.1. Legal Basis

Our primary legal bases for processing your data are:

• Consent: Your explicit agreement for specific purposes.
• Contractual Necessity: Processing is necessary to perform the Service contract to which you are a party.
• Legal Obligation: Processing is necessary to comply with a legal or regulatory obligation.

5.2. Withdrawal of Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time (subject to contractual or regulatory restrictions).

5.3. Data Subject Rights

You have the right to request the correction, deletion, or restriction of your Personal Data, where applicable and consistent with the DPDP Act and other relevant laws.

6. Sharing and Disclosure of Data

6.1. Third-Party Disclosure

We will not share your Personal Data with third parties except under the following limited circumstances:

• With Your Consent: You have given us explicit agreement to share the data.
• Service Delivery: Sharing is essential for the delivery of the Service (e.g., providing necessary data to Meta or intermediary platforms as required by their policies or for audit/compliance).
• Affiliates/Partners: Sharing is necessary as part of an affiliate or partner relationship that you have opted into or agreed to.
• Legal Requirement: Sharing is required by law, regulation, or a valid court/authority order.

6.2. Third-Party Safeguards

Where we share data with third-party service providers, we ensure that they are bound by confidentiality obligations and process the data only for the specific purposes disclosed.

6.3. Aggregated Data

We may publish or share anonymised or aggregated data that does not identify you or your business for analytical, research, or promotional purposes.

7. Data Security and Retention

7.1. Security Practices

We implement and maintain reasonable security practices and procedures designed to protect the data we hold from unauthorised access, disclosure, alteration, or destruction, in line with our obligations under the IT Act / SPDI Rules. This includes industry-standard safeguards such as encryption, access controls, and secure servers, which are reviewed and updated periodically.

7.2. Data Retention

We will securely delete or anonymise your data once it is no longer required for the purposes set out in this Policy, subject to any longer period required by law or contractual obligations.

8. Your Rights

You have the following rights regarding your Personal Data, which you may exercise by contacting us:

• Access: The right to access and obtain a copy of the Personal Data we hold about you.
• Correction: The right to request the correction or update of your Personal Data if it is incomplete or inaccurate.
• Deletion/Anonymisation: The right to request the deletion or anonymisation of your Personal Data, subject to our legal and contractual retention obligations.
• Withdrawal of Consent: The right to withdraw consent where processing is based on consent.
• Grievance: The right to lodge a grievance with us or escalate it to the relevant adjudicatory authority under the DPDP Act, once in effect.

9. Contact and Grievance Officer

If you have any questions, grievances, or requests regarding this Privacy Policy or our data-processing practices, please contact our designated Grievance Officer: