InvestHind is a leading Investor–Startup Platform in India offering a trusted Startup Directory where verified investors and high-potential startups can connect easily. Our platform increases startup visibility, enhances investor connections, and supports meaningful discovery through industry-focused tools and verified profiles. Users can explore relevant startup opportunities, access investor insights, and build valuable relationships designed to support growth, funding, and long-term business success.

Img
Home >> GDPR Compliance

GDPR Compliance

GDPR Compliance 

Effective Date: April 29, 2025
Last Updated:  April 29, 2025

1. Introduction

MECASTART INNOVATIONS PRIVATE LIMITED, CIN: U62020DL2025PTC447410, ROC: RoC-Delhi,
Registered Office: Flat No 2 GF Shop No-3 Amichand Khand Giri Nagar Kalkaji South Delhi Delhi
India 110019 ("Company," "we," "our," "us," or "InvestHind"), operates InvestHind, a platform
facilitating connections between Indian startups and investors.

This GDPR Compliance and Cookies Notice ("Notice") explains how InvestHind collects, processes,
stores, shares, and protects personal data under :

  1. The General Data Protection Regulation (GDPR) of the EU
  2. The Digital Personal Data Protection Act (DPDP), 2023 of India
  3. Other applicable global data privacy regulations
Continued use of InvestHind implies acceptance of this Notice.

2. Scope and Applicability

2.1 Geographic Scope: This Notice applies to personal data of: 
  1. Users in the EU; 
  2.  Users in India; 
  3. Global users whose data is processed by InvestHind.
2.2 Data Subjects: Startup Founders, Investors, Visitors, and Users of InvestHind.

3. Definitions

  1. Personal Data: Any information relating to an identified or identifiable natural person.
  2. Processing: Any operation performed on personal data.
  3. Controller: The entity determining purposes and means of processing (InvestHind).
  4. Processor: Third parties processing data on behalf of the Controller.
4. Personal Data We Collect
4.1 Data You Provide
  1. Identity: Name, date of birth, photograph
  2. Contact: Email, phone number, address
  3. Professional: Company details, role, resume
  4. Transactional: Payment and subscription data
  5. KYC: Government-issued ID, PAN, Aadhaar
4.2 Data Collected Automatically
  1. Technical: IP address, device, browser type
  2. Usage: Pages visited, clicks, preferences
  3. Cookies: Session, functional, analytics, marketing
5. Lawful Basis for Processing
5.1 Under GDPR:
  1. Consent (Art.6(1)(a))
  2. Contract (Art.6(1)(b))
  3. Legal obligation (Art.6(1)(c))
  4. Legitimate interests (Art.6(1)(f))
5.2 Under DPDP Act, 2023:
  1. Consent
  2. Performance of contract
  3. Legal obligation
  4. Legitimate interests
6. Cookies and Tracking
6.1 Definition & Types
  1. Essential: Required for platform functionality
  2. Functional: User preferences
  3. Analytics: Performance and usage
  4. Marketing: Advertising and retargeting
6.2 Consent Management
Users can manage cookies via our Cookie Settings panel or browser preferences.

7. Data Sharing
7.1 With Processors:
  1. Cloud hosts (AWS, Azure)
  2. Analytics (Google Analytics)
  3. Payment gateways
7.2 Legal Requirements:
  1. Law enforcement, courts, regulators
  2. Fraud prevention and security
8. International Transfers
8.1 GDPR-compliant mechanisms:
  1. Adequacy decisions
  2. Standard Contractual Clauses
  3. Binding Corporate Rules
8.2 DPDP Act transfers:
  1. Government-approved jurisdictions
  2. Contractual safeguards
  3. Localization for critical data
9. Data Subject Rights
9.1 EU Users (GDPR):
  1. Access, rectification, erasure, restriction, portability, objection
  2. Automated decision-making rights
9.2 Indian Users (DPDP Act):
9.3 Exercise of Rights:
Contact DPO at contact@investhind.com. Responses: 30 days (GDPR), 7 days (DPDP).

10. Data Retention     
  
 Data Type Retention Period Basis
 Account & Profile Data Duration + 7 years Legal & business needs
 KYC Documents 10 years post-closure PMLA compliance
 Transaction Records 7 years  Tax & audit laws
 Logs & Analytics 12 months Security & optimization
 Marketing Consents Until withdrawal Consent

11. Data Security
  1. Encryption: TLS, AES-256
  2. Access Controls: MFA, role-based
  3. Monitoring: SIEM, intrusion detection
  4. Audits: Regular security assessments
12. Children's Privacy
InvestHind is for users 14+. Data of minors discovered will be deleted.

13. Automated Decision-Making
  1. Matching algorithm with human oversight
  2. Right to human review upon request
14. Breach Notification
  1. 72-hour notification for significant breaches
  2. Individual notices if high risk
  3. Remedial measures and authority reporting
15. Contact & Complaints

DPO: contact@investhind.com
Registered Office: InvestHind, Flat No 2 GF Shop No-3 Amichand Khand Giri Nagar Kalkaji South
Delhi Delhi India 110019

Lodge complaints with Data Protection Board (India) or relevant EU authority.

16. Updates

We may update this Notice; material changes notified 30 days prior. Continued platform use
constitutes acceptance.
This document is subject to change on a timely and/or need basis at the sole discretion of the
Company’s management team.