Privacy Policy
Who We Are
Prantho Global is a financial consultancy operating across India, the United Kingdom, and the UAE. For the purposes of applicable data protection legislation, Prantho Global acts as the Data Controller in respect of personal data collected through this website and in the course of our client engagements.
Registered Address (India): Block B, Sushant Lok 3, Gurgaon, Haryana, India
Data We Collect
We collect only what is operationally necessary โ nothing more.
| Category | Examples |
|---|---|
| Identity Data | Full name, job title, company name |
| Contact Data | Email address, phone number, postal address |
| Enquiry Data | Service interest, nature of engagement request |
| Technical Data | IP address, browser type, device type, page visit data |
| Communication Data | Emails, call notes, meeting records |
| Sensitive Financial Data | Only when directly relevant to a mandated engagement โ handled under strict NDA |
How We Use Your Data
Your data is never monetised, sold, or used for advertising purposes. We use it solely for the following purposes:
- To respond to your enquiries and schedule consultations
- To deliver contracted advisory and consultancy services
- To send relevant market intelligence (only with your explicit consent)
- To comply with our legal and regulatory obligations across India, the UK, and the UAE
- To maintain our internal records and engagement history
Legal Basis for Processing
Given our multi-jurisdictional operations, data processing is governed by the applicable law in each region where we operate.
๐ฌ๐ง United Kingdom
We process personal data under the UK GDPR and the Data Protection Act 2018. Our legal bases are: contract performance, legitimate interests, and explicit consent where required.
๐ฎ๐ณ India
We process personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act). We rely on consent and legitimate use provisions as applicable.
๐ฆ๐ช UAE
For engagements originating from the UAE, we comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and DIFC Data Protection Law 2020 where applicable.
Cross-Border Data Transfers
Given our multi-jurisdictional presence, data may be transferred between our India, UK, and UAE offices as operationally necessary. All cross-border transfers are governed by appropriate safeguards โ including Standard Contractual Clauses (SCCs) under UK GDPR, and equivalent instruments under Indian and UAE law.
We do not transfer data to jurisdictions without adequate protections.
Data Retention
We retain personal data only for as long as legally required or operationally necessary.
| Data Category | Retention Period |
|---|---|
| Enquiry data (non-client) | 12 months from last contact |
| Client engagement records | 7 years (UK statutory minimum) |
| Financial and transaction records | As required by ICAI, HMRC, or UAE MoF |
| Marketing consent records | Until consent is withdrawn |
| Website technical logs | 90 days |
Your Rights
You hold control. We facilitate it. The following rights apply to you under applicable data protection law:
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete data held by us
Right to Erasure
Request deletion of your data where no legal obligation requires retention
Right to Restrict Processing
Limit how we use your data in certain circumstances
Right to Object
Object to processing based on legitimate interests
Right to Portability
Receive your data in a structured, machine-readable format
Right to Withdraw Consent
Where processing is consent-based, you may withdraw your consent at any time without affecting the lawfulness of prior processing
Cookies
Our website uses essential cookies to ensure basic functionality. We do not deploy advertising or third-party tracking cookies without your explicit consent. A full cookie preference centre is available via the consent banner on your first visit.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Session | Site functionality, navigation | Session |
| Analytics (opt-in) | Anonymous traffic analysis via Google Analytics | 13 months |
| Preference | Remembers your cookie consent choice | 12 months |
Security Measures
Our security posture is designed to meet the rigorous standards of the world's largest financial institutions.
TLS Encryption
All data in transit is encrypted via TLS 1.3
Access Controls
Role-based access; client data is compartmentalised by engagement
NDA by Default
All personnel and sub-contractors sign confidentiality agreements prior to any engagement
Two-Factor Authentication
Enforced across all internal systems handling client data
Data Minimisation
We collect only what is operationally required โ nothing more
Breach Protocol
In the event of a breach, we notify affected parties within 72 hours in line with UK GDPR obligations
Contact Our DPO
To exercise any of your rights, raise a concern, or request further information about our data practices, please contact us directly. We aim to respond to all data protection requests within 30 days.
Data Protection Enquiries
Reach our Data Protection Officer directly โ we respond within 30 days.