Privacy Policy

This policy applies to all visitors to, and users of, www.thevaluationdesk.com and all services rendered by The Valuation Desk.

1. Introduction & Overview

The Valuation Desk (hereinafter "TVD," "we," "us," or "our") is a professional valuation practice registered with the Insolvency and Bankruptcy Board of India ("IBBI") as a Registered Valuer in the asset class of Securities or Financial Assets. We collaborate with a SEBI Category-I Merchant Banker and our principals hold membership with the Institute of Chartered Accountants of India ("ICAI"). Our head office is located in Hyderabad, Telangana, India.

We provide business valuation, financial advisory, and related professional services including, but not limited to, valuations for mergers and acquisitions, Employee Stock Ownership Plans (ESOPs), insolvency proceedings under the Insolvency and Bankruptcy Code 2016 ("IBC"), startup and venture capital funding, cross-border transactions under the Foreign Exchange Management Act 1999 ("FEMA"), tax-driven valuations under Sections 56 and 50CA of the Income Tax Act 1961, intellectual property valuation, and litigation support.

We are deeply committed to protecting the privacy and confidentiality of our clients, website visitors, and all individuals whose data comes to us in the course of delivering professional services. This Privacy Policy describes:

• What personal data and sensitive personal data we collect;
• The purposes for which we collect and process it;
• The legal bases upon which we rely to process your data;
• How long we retain your data;
• With whom we may share it and under what conditions;
• The rights available to you; and
• How to exercise those rights and raise grievances.

By accessing our website or engaging us for professional services, you acknowledge that you have read, understood, and consented to the practices described in this Policy. If you do not agree, please do not use our website or services.

2. Information We Collect

We collect information in the following categories, only to the extent necessary for the legitimate purposes described in this Policy:

2.1 Contact and Identity Information

When you complete our contact form, schedule a consultation, or correspond with us, we collect your full name, email address, phone number (including WhatsApp number), company or organisation name, designation, and city or state of residence.

2.2 Financial and Business Data (Sensitive Personal Data)

In the course of providing professional valuation services, we receive and process financial data pertaining to your business or personal financial affairs. This may include, but is not limited to: audited and management financial statements, balance sheets, income statements, cash flow projections, shareholding patterns, cap tables, asset registers, intellectual property documentation, loan and debt schedules, related-party transactions, and any other information shared by you or your authorised representatives for the purpose of preparing a valuation report or providing advisory services.

Such financial and business data constitutes "Sensitive Personal Data or Information" ("SPDI") within the meaning of Rule 3 of IT Rules 2011 to the extent it pertains to individuals. It is collected with your explicit consent and is used solely for the stated engagement purpose.

2.3 Usage and Technical Data

When you visit our website, we may automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and general geographic location (country/city level). This data is collected through cookies and similar technologies (see Section 8) and is used for website analytics and performance optimisation.

2.4 Communication Records

We retain records of communications between you and TVD, including emails, WhatsApp messages (where consent is given), and written correspondence. These records may be relevant to the terms of the engagement and are kept to maintain an accurate record of instructions received and advice given.

2.5 Information from Third Parties

In certain engagements, particularly insolvency or M&A mandates, we may receive information about individuals from our client (who is the contracting entity) in their capacity as a data fiduciary. We act as a data processor in such cases and process such data only on documented instructions from the client and for the stated valuation purpose.

3. How We Use Your Information

We use the information collected for the following purposes:

3.1 Service Delivery

To accept and fulfil engagement instructions; to prepare, review, and deliver valuation reports; to communicate findings and updates; to coordinate with co-valuers, joint valuers, or nominated advisors where expressly authorised; and to respond to queries arising from a completed report.

3.2 Regulatory Compliance and Professional Obligations

To comply with our obligations under the IBBI (Valuation of Assets) Rules, 2017; SEBI (Merchant Bankers) Regulations, 1992; the Companies Act, 2013; the Income Tax Act, 1961; the Prevention of Money-Laundering Act, 2002 ("PMLA"); and any other applicable statutes, regulations, or judicial and quasi-judicial orders. Certain records must be maintained for specified statutory periods irrespective of any individual request for deletion.

3.3 Communication and Relationship Management

To respond to your enquiries and consultation requests; to issue engagement letters, fee proposals, and invoices; and to send service-related communications. We may periodically send informational updates, regulatory alerts, or newsletter-type communications if you have opted in. You may opt out of non-transactional communications at any time by writing to hello@thevaluationdesk.com.

3.4 Business Operations and Improvement

To manage our internal records, conduct quality reviews of deliverables, improve our methodologies and processes, and train our team — always in anonymised or aggregated form where feasible.

3.5 Website Analytics

To understand how visitors interact with our website, identify high-traffic pages, detect errors, and improve the overall user experience. Analytics are used in aggregated form and are not used to profile individual visitors for marketing purposes.

4. Legal Basis for Processing

Under the Digital Personal Data Protection Act, 2023 and the IT Rules 2011, we rely on the following legal bases for processing personal data:

• Consent: Where you have provided explicit, free, informed, specific, and unambiguous consent — for example, when submitting the contact form, scheduling a consultation, or sharing financial data for a valuation engagement. You may withdraw consent at any time, subject to any overriding statutory retention obligations.
• Contractual Necessity: Processing necessary to enter into or perform the terms of an engagement letter or service agreement between you (or your organisation) and TVD.
• Legal Obligation: Processing required to comply with a legal or regulatory obligation applicable to TVD, including obligations under the IBBI Rules, SEBI regulations, Companies Act, Income Tax Act, PMLA, and directions of any competent authority or court.
• Legitimate Interests: Processing necessary for the legitimate interests of TVD in operating our professional practice, securing our systems, preventing fraud, and maintaining the quality and integrity of our services — provided such interests do not override your fundamental rights and privacy interests.

5. Confidentiality & Non-Disclosure

Our confidentiality obligations are governed by the terms of the engagement letter and NDA entered into with each client. As a matter of professional ethics under ICAI guidelines and as required under the IBBI Code of Conduct for Registered Valuers, we are bound by duties of professional secrecy. We do not discuss, disclose, or use client information for any purpose other than the performance of the stated engagement.

Our professional team members are individually bound by confidentiality obligations through their employment or consultancy agreements. Access to client data is restricted on a strict need-to-know basis and is subject to role-based access controls.

Notwithstanding the above, confidentiality does not extend to information that: (a) is or becomes publicly available through no fault of TVD; (b) was already known to TVD prior to disclosure; (c) is independently developed by TVD without use of confidential information; or (d) is required to be disclosed by law, regulation, or order of a competent authority (see Section 6 below).

6. Data Sharing & Third Parties

We may share your data only in the following strictly limited circumstances:

6.1 Regulatory and Statutory Authorities

When required by law, regulation, judicial order, or direction from a competent authority — including the IBBI, SEBI, the Registrar of Companies, the Income Tax Department, the Enforcement Directorate, or a court or tribunal — we will disclose only such information as is required by the specific demand, and only after due legal verification of the demand.

6.2 Service Providers Under NDA

We engage a limited number of technology and professional service providers who assist us in delivering our services. These include cloud hosting and storage providers, document management platforms, and accounting software vendors. All such providers are engaged under written data processing agreements or NDAs that prohibit them from using your data for any purpose other than providing services to TVD, require them to implement appropriate security measures, and obligate them to return or destroy data upon termination of the service relationship.

6.3 Joint or Co-Valuers

On certain complex engagements, particularly IBC or SEBI mandates, we may engage or collaborate with another registered valuer or qualified professional. Any such collaboration is disclosed to and authorised by the client in the engagement letter, and all collaborating professionals are bound by equivalent confidentiality obligations.

6.4 Professional Advisors

We may share data with our own legal, insurance, or accounting advisors on a strictly confidential basis as necessary to obtain advice in connection with our professional practice.

7. Data Retention

We retain personal and financial data for the following periods, after which data is securely destroyed or anonymised:

• Engagement files (valuation reports, financial data, working papers, correspondence): A minimum of 8 (eight) years from the date of the report or completion of the engagement, in compliance with the record-keeping requirements of the Chartered Accountants Act, 1949, IBBI (Valuation of Assets) Rules, 2017, and the Companies Act, 2013. Longer retention may be required where a matter is subject to ongoing litigation, regulatory inquiry, or statutory audit.
• Contact and inquiry data (from website form or initial consultation where no engagement follows): 3 (three) years from the date of last meaningful interaction.
• Invoicing and payment records: 8 (eight) years, in compliance with the requirements of the Income Tax Act, 1961 and GST legislation.
• Technical/usage logs: Up to 90 days, unless a longer period is required for security or legal purposes.

Where we receive a request for deletion of data, we will honour the request to the extent permitted by law. We cannot delete data that we are legally required to retain. We will inform you if a deletion request cannot be fully actioned and the reason therefor.

8. Cookies & Analytics

Our website uses cookies and similar tracking technologies to enhance your browsing experience and to collect anonymous usage statistics. Cookies are small text files stored on your device by your web browser.

8.1 Types of Cookies We Use

• Strictly necessary cookies: Essential for the website to function correctly (e.g., session management). These cannot be disabled.
• Analytics cookies: Used to collect aggregated, anonymised data about how visitors use our website (e.g., pages visited, time on site, device type). We may use tools such as Google Analytics or similar privacy-respecting analytics platforms for this purpose.
• Preference cookies: Used to remember your preferences (e.g., language or region settings) to personalise your experience.

8.2 Third-Party Cookies

Our website may embed third-party tools such as scheduling widgets (Cal.com), contact form processors, or analytics providers. These third parties may set their own cookies subject to their respective privacy policies. We encourage you to review those policies.

8.3 Managing Cookies

You may control, disable, or delete cookies through your browser settings. Disabling certain cookies may affect the functionality of the website. Most browsers provide instructions for cookie management in their Help documentation.

9. Your Rights Under DPDPA 2023

The Digital Personal Data Protection Act, 2023 provides data principals (individuals whose data is processed) with the following rights. You may exercise any of these rights by writing to our Grievance Officer (see Section 13):

9.1 Right to Access Information

You have the right to request confirmation of whether we process your personal data and, if so, to receive a summary of the personal data being processed, the processing activities undertaken, and the identities of all data fiduciaries and processors with whom your data has been shared.

9.2 Right to Correction and Erasure

You have the right to request correction of inaccurate or incomplete personal data and erasure of personal data that is no longer necessary for the purposes for which it was collected, or where consent has been withdrawn and no other legal basis for retention exists. Requests for erasure will be actioned subject to statutory retention requirements.

9.3 Right to Grievance Redressal

You have the right to raise a grievance with our Grievance Officer regarding the processing of your personal data. We will respond to all grievances within 30 (thirty) days of receipt.

9.4 Right to Nominate

You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity, as provided under DPDPA 2023.

9.5 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. It may affect our ability to continue providing services.

9.6 Regulatory Complaint

If your grievance is not resolved to your satisfaction, you may lodge a complaint with the Data Protection Board of India, once it is constituted and operational under DPDPA 2023.

10. Data Security

We implement reasonable security practices and procedures as required under Rule 8 of the IT Rules 2011 and consistent with the obligations of a data fiduciary under DPDPA 2023. Our security measures include:

• Encryption of data in transit using TLS (Transport Layer Security) protocols;
• Password-protected and encrypted storage for engagement files and client data;
• Role-based access controls limiting data access to authorised team members on a need-to-know basis;
• Secure email communication for transmission of reports and sensitive financial data;
• Regular review of access privileges and periodic security assessments;
• Contractual obligations on all third-party service providers to maintain equivalent security standards; and
• Incident response procedures to identify, contain, and notify in the event of a data breach.

In the event of a personal data breach that is likely to result in harm to data principals, we will notify the Data Protection Board of India and affected individuals in accordance with the requirements of DPDPA 2023 and any applicable regulations.

Despite the measures above, no method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

11. Children's Privacy

Our services are professional financial and valuation services intended exclusively for businesses, corporate entities, and adult individuals engaged in commercial or investment activities. We do not knowingly collect personal data from any person under the age of 18 years, nor do we offer services to minors. If we become aware that personal data of a minor has been submitted to us without appropriate parental consent, we will take immediate steps to delete that information. If you believe we have inadvertently collected data relating to a minor, please contact our Grievance Officer immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory guidance. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users or active clients by email.

We encourage you to review this Policy periodically. Your continued use of our website or services after any changes are posted constitutes your acceptance of the updated Policy.

13. Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 and the requirements of DPDPA 2023, The Valuation Desk has designated the following individual as its Grievance Officer for the purposes of addressing complaints and queries related to the processing of personal data:

Please address your grievance in writing, clearly stating your name, contact details, and a description of the issue. We will acknowledge receipt of your complaint within 48 hours and endeavour to resolve it within 30 days. Complex matters may require additional time, and we will keep you informed of progress.

14. Contact Us

For any questions, clarifications, or requests relating to this Privacy Policy or the processing of your personal data, please contact us at:

• Email: hello@thevaluationdesk.com
• Phone / WhatsApp: +91 90007 86310
• Website: www.thevaluationdesk.com/contact.html
• Head Office: Hyderabad, Telangana, India

This Privacy Policy is governed by the laws of India. Any dispute arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts at Hyderabad, Telangana.