Img
Home >> GDPR Compliance
GDPR Compliance and Cookies Notice
Effective Date: [Date]
Last Updated: [Date]
1. Introduction
MECASTART INNOVATIONS PRIVATE LIMITED, CIN: U62020DL2025PTC447410, ROC: RoC-Delhi,
Registered Office: Flat No 2 GF Shop No-3 Amichand Khand Giri Nagar Kalkaji South Delhi Delhi
India 110019 ("Company," "we," "our," "us," or "InvestHind"), operates InvestHind, a platform
facilitating connections between Indian startups and investors.
This GDPR Compliance and Cookies Notice ("Notice") explains how InvestHind collects, processes,
stores, shares, and protects personal data under:
  • The General Data Protection Regulation (GDPR) of the EU
  • The Digital Personal Data Protection Act (DPDP), 2023 of India
  • Other applicable global data privacy regulations
Continued use of InvestHind implies acceptance of this Notice.
2. Scope and Applicability
2.1 Geographic Scope: This Notice applies to personal data of: (a) Users in the EU; (b) Users in
India; (c) Global users whose data is processed by InvestHind.
2.2 Data Subjects: Startup Founders, Investors, Visitors, and Users of InvestHind.
3. Definitions
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data.
  • Controller: The entity determining purposes and means of processing (InvestHind).
  • Processor: Third parties processing data on behalf of the Controller.
4. Personal Data We Collect
4.1 Data You Provide
  • Identity: Name, date of birth, photograph
  • Contact: Email, phone number, address
  • Professional: Company details, role, resume
  • Transactional: Payment and subscription data
  • KYC: Government-issued ID, PAN, Aadhaar
4.2 Data Collected Automatically
  • Technical: IP address, device, browser type
  • Usage: Pages visited, clicks, preferences
  • Cookies: Session, functional, analytics, marketing
5. Lawful Basis for Processing
5.1 Under GDPR:
  • Consent (Art.6(1)(a))
  • Contract (Art.6(1)(b))
  • Legal obligation (Art.6(1)(c))
  • Legitimate interests (Art.6(1)(f))
5.2 Under DPDP Act, 2023:
  • Consent
  • Performance of contract
  • Legal obligation
  • Legitimate interests
6. Cookies and Tracking
6.1 Definition & Types
  • Essential: Required for platform functionality
  • Functional: User preferences
  • Analytics: Performance and usage
  • Marketing: Advertising and retargeting
6.2 Consent Management
Users can manage cookies via our Cookie Settings panel or browser preferences.
7. Data Sharing
7.1 With Processors:
  • Cloud hosts (AWS, Azure)
  • Analytics (Google Analytics)
  • Payment gateways
7.2 Legal Requirements:
  • Law enforcement, courts, regulators
  • Fraud prevention and security
8. International Transfers
8.1 GDPR-compliant mechanisms:
  • Adequacy decisions
  • Standard Contractual Clauses
  • Binding Corporate Rules
8.2 DPDP Act transfers:
  • Government-approved jurisdictions
  • Contractual safeguards
  • Localization for critical data
9. Data Subject Rights
9.1 EU Users (GDPR):
  • Access, rectification, erasure, restriction, portability, objection
  • Automated decision-making rights
9.2 Indian Users (DPDP Act):
9.3 Exercise of Rights:
Contact DPO at [Insert DPO Email]. Responses: 30 days (GDPR), 7 days (DPDP).
10. Data Retention       
 Data Type Retention Period Basis
 Account & Profile Data Duration + 7 years Legal & business needs
 KYC Documents 10 years post-closure PMLA compliance
 Transaction Records 7 years  Tax & audit laws
 Logs & Analytics 12 months Security & optimization
 Marketing Consents Until withdrawal Consent
11. Data Security
  • Encryption: TLS, AES-256
  • Access Controls: MFA, role-based
  • Monitoring: SIEM, intrusion detection
  • Audits: Regular security assessments
12. Children's Privacy
InvestHind is for users 18+. Data of minors discovered will be deleted.
13. Automated Decision-Making
  • Matching algorithm with human oversight
  • Right to human review upon request
14. Breach Notification
  • 72-hour notification for significant breaches
  • Individual notices if high risk
  • Remedial measures and authority reporting
15. Contact & Complaints
DPO: [Insert DPO Name & Email]
Registered Office: InvestHind, Flat No 2 GF Shop No-3 Amichand Khand Giri Nagar Kalkaji South
Delhi Delhi India 110019
Lodge complaints with Data Protection Board (India) or relevant EU authority.
16. Updates
We may update this Notice; material changes notified 30 days prior. Continued platform use
constitutes acceptance.
This document is subject to change on a timely and/or need basis at the sole discretion of the
Company’s management team.