This Privacy Policy governs the collection, use, storage, and protection of personal data by Smartstart Business Solutions. By accessing our website or engaging our services, you acknowledge that you have read and understood this Policy.

1. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them below:

Term	Meaning
Controller	The entity that determines the purposes and means of processing Personal Data. For the purposes of this Policy, Smartstart Business Solutions acts as the Controller.
Data Principal	The natural person to whom the Personal Data relates (i.e., you, the individual user or client).
Personal Data	Any information relating to an identified or identifiable natural person, including name, email address, phone number, IP address, or any other identifier.
Processing	Any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or deletion.
Processor	A third party that processes Personal Data on behalf of Smartstart, subject to contractual safeguards.
Professional Service	The sales, branding, digital marketing, and process excellence solutions provided by Smartstart to its clients.
Website	The Smartstart website accessible at www.smartstart.biz and all associated sub-pages.
DPDPA	The Digital Personal Data Protection Act, 2023, the primary data protection legislation governing personal data processing in India.
Consent Manager	An entity registered under the DPDPA that enables data principals to manage their consents for personal data processing.

2. About Us

Smartstart Business Solutions is a business growth consultancy headquartered in Chennai, India. We help businesses across diverse industries scale with purpose through integrated solutions spanning
sales, branding, digital marketing, and process excellence.

Registered Name	Smartstart Business Solutions
Address	No. 11, Aarthi Nagar, Behind Selaiyur Police Station, Selaiyur, Chennai – 600 059, Tamil Nadu, India
Email	hello@smartstart.biz
Phone	+91 99520 81057
Website	www.smartstart.biz

3. Scope of This Policy

This Policy applies to all individuals who:

• Visit or interact with our Website (www.smartstart.biz);
• Submit enquiries or consultation requests through any channel;
• Subscribe to Smartstart Insights or any other communication from us;
• Engage Smartstart as a client for any Professional Service;
• Apply for employment or internship opportunities with us; or
• Interact with us via social media platforms including LinkedIn, Facebook, Instagram, and YouTube.

This Policy does not apply to third-party websites linked from our Website. We encourage you to review the privacy policies of any external sites you visit independently.

4. Personal Data We Collect, How We Use It, and With Whom We Share It

The table below provides a detailed and transparent account of the personal data we collect, the purpose for which it is used, and the parties with whom it may be shared, categorised by the nature of your interaction with us.

4.1 Personal Data You Provide Directly

When You Are	Personal Data Collected	How We Use It	Who We Share It With
Website visitor who submits a contact or consultation form	Full name, email address, phone number, company name, and the content of your message or enquiry.	To respond to your enquiry; to schedule and conduct consultations; to follow up on your request; to send service-related communications.	CRM and email platform providers engaged by Smartstart, who are contractually bound to process data only on our instruction.
Newsletter subscriber (Smartstart Insights)	Email address and, optionally, your name.	To deliver our monthly newsletter and periodic updates on insights, events, and offerings relevant to your business.	Email delivery service providers used by Smartstart.
Client engaging Smartstart for Professional Services	Full name, designation, company details, contact information, and business-related information relevant to the scope of the engagement.	To deliver agreed Professional Services; to manage the client relationship; to invoice and maintain financial records; to fulfil legal and regulatory obligations.	Internal team members on a need-to-know basis; professional advisors (legal, financial) where required; regulatory authorities if mandated by law.
Job applicant or career enquiry	Full name, email address, phone number, educational qualifications, employment history, and any other information contained in your submitted resume or cover letter.	To evaluate your suitability for current or future roles; to communicate with you regarding your application; to conduct reference or background checks where applicable.	Internal HR team; external recruiters or background verification agencies where applicable.

4.2 Personal Data Collected Automatically

When You Are	Personal Data Collected	How We Use It	Who We Share It With
Website visitor (all visitors)	IP address, browser type and version, operating system, pages visited, time spent on pages, scroll depth, event data, and referring URL.	To analyse website traffic and improve user experience; to protect against security threats; to measure the effectiveness of our marketing efforts.	Website analytics providers and security tools; all such providers are bound by data processing agreements.
Individual whose data is received from third-party sources (with your prior consent or via public platforms)	Contact details such as name, email, phone, designation, and company — received from verified third-party sources or public professional platforms such as LinkedIn.	To reach out regarding services that may be relevant to your business needs; to tailor outreach to your professional context.	No onward sharing; data used solely for internal outreach purposes.

If you provide us with personal data relating to any third party (such as a colleague or business partner), you represent that you have the necessary authority or consent from that individual to share their data with us, and that it may be used in accordance with this
Policy.

5. Legal Basis for Processing

5.1 India (Primary Jurisdiction)

Smartstart processes personal data of individuals in India primarily on the following legal bases, as recognised under the Digital Personal Data Protection Act, 2023 (DPDPA):

• Consent: Where you have freely, specifically, and informedly given us consent to process your data for a stated purpose. You may withdraw this consent at any time by writing to us, without affecting the lawfulness of any processing carried out prior to withdrawal.
• Legitimate Use: In specified circumstances recognised by the DPDPA — such as processing data for compliance with legal obligations, performance of a contract, or for the legitimate purposes of the State — where explicit consent may not be required.
• Contractual Necessity: Where processing is necessary to perform a contract to which you are a party, or to take pre-contractual steps at your request.

5.2 European Economic Area (EEA) — Where Applicable

To the extent that Smartstart processes personal data of individuals located in the EEA, we do so under one of the following lawful bases as defined by the General Data Protection Regulation (GDPR):

• Your explicit consent (Article 6(1)(a));
• The performance of a contract or pre-contractual steps (Article 6(1)(b));
• Compliance with a legal obligation (Article 6(1)(c)); or
• Our legitimate interests, where such interests are not overridden by your fundamental rights (Article 6(1)(f)).

6. International Data Transfers

Smartstart primarily processes and stores personal data within India. However, in the course of using cloud-based tools, analytics platforms, and communication services, personal data may be transferred to or processed in jurisdictions outside India.

Where such international transfers occur, we take the following steps to ensure adequate protection:

• We only transfer personal data to countries or recipients that offer a level of protection at least equivalent to that provided under Indian law, as assessed by us or as notified by the Government of India.
• For transfers involving EEA data subjects, we rely on European Commission-approved standard contractual clauses (SCCs) or other appropriate safeguards under GDPR Article 46.
• We do not transfer personal data to any country that has been restricted or prohibited by the Government of India under applicable regulations.

7. Cookie Policy

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, understand how our site is used, and deliver more relevant content.

Cookie Type	Purpose	Can You Opt Out?
Essential Cookies	Enable core website functionality such as navigation, security, and access to secure areas. The website cannot function properly without these cookies.	No — these are strictly necessary for the website to function.
Analytics Cookies	Help us understand how visitors interact with our Website, which pages are most visited, and how we can improve content and user experience.	Yes — you may opt out via the cookie preference banner displayed on your first visit.
Marketing Cookies	Used to deliver relevant advertising and to measure the performance of our campaigns across digital platforms such as Google, Meta, and LinkedIn.	Yes — you may opt out via the cookie preference banner or through your browser settings.
Preference Cookies	Remember your settings and preferences (such as language or region) to personalise your experience on return visits.	Yes — you may manage preferences via browser settings; doing so may affect personalisation features.

8. Security of Personal Data

We implement appropriate technical and organisational measures to safeguard your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. Our security practices include:

• SSL/TLS encryption for all data transmitted through our Website;
• Access controls ensuring that personal data is available only to authorised personnel on a need-to-know basis;
• Secure hosting infrastructure with regular monitoring and vulnerability assessments;
• Contractual data processing obligations imposed on all third-party service providers; and
• Internal training and awareness practices for our team members handling personal data.

While we take every reasonable precaution to protect your data, no method of transmission over the internet is entirely secure. In the unlikely event of a data breach that is likely to result in risk to your rights, we will notify you and the relevant authorities in accordance with applicable law.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:

Data Category	Retention Period
Website enquiry / contact form data	3 years from the date of last interaction.
Newsletter subscriber data	Until you unsubscribe or withdraw consent, plus 6 months for record-keeping.
Client engagement data	Duration of the engagement, plus 5 years thereafter for accounting and legal compliance.
Job applicant data	6 months from the date of application, or 1 year if shortlisted for future consideration.
Automatically collected website analytics data	Up to 26 months, in line with standard analytics platform policies.

Once retention periods expire, personal data is securely deleted or anonymised so that it can no longer be linked to any identifiable individual.

10. Your Rights as a Data Principal

Subject to applicable law, you are entitled to the following rights in respect of your personal data held by Smartstart:

10.1 Rights Available to All Individuals

• Right to Access: Request confirmation of whether we hold your personal data, and obtain a copy of such data.
• Right to Correction: Request correction of any inaccurate, incomplete, or outdated personal data we hold about you.
• Right to Erasure: Request deletion of your personal data, subject to our legal and contractual obligations.
• Right to Withdraw Consent: Withdraw any consent you have previously given for processing, without affecting the lawfulness of prior processing.
• Right to Opt Out of Marketing: Opt out of receiving marketing communications at any time by clicking “unsubscribe” in any email, or by writing to us directly.

10.2 Additional Rights for Indian Data Principals (DPDPA 2023)

• Right to Nominate: Nominate another individual who may exercise your rights in the event of your death or incapacity.
• Right to Grievance Redressal: Register a complaint with our Grievance Officer (see Clause 12) and expect a response within the timelines specified below.
• Consent Manager Rights: Provide, manage, review, or withdraw your consent through a registered Consent Manager, where applicable.

10.3 Additional Rights for EEA Data Subjects (GDPR)

• Right to Data Portability: Receive your personal data in a structured, machine-readable format.
• Right to Object: Object to processing based on our legitimate interests.
• Right to Restriction: Request restriction of processing in certain circumstances.
• Right to Lodge a Complaint: Lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at hello@smartstart.biz. We will verify your identity before acting on any request and will respond within 30 days of receipt.

11. Privacy of Children

Our Website and services are not directed at, and are not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from minors.

If you are a parent or legal guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at hello@smartstart.biz. Upon verification, we will take prompt steps to delete such data from our systems.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, Smartstart has designated a Grievance Officer to address any concerns or complaints regarding the processing of your personal data.

Grievance Officer: Navneeth S Designation: Founder & CEO, Smartstart Business Solutions Email: hello@smartstart.biz Phone: +91 99520 81057 Address: No. 11, Aarthi Nagar, Behind Selaiyur Police Station, Selaiyur, Chennai – 600 059, Tamil Nadu, India

Upon receipt of a complaint, we will:

• Acknowledge your complaint within 48 hours;
• Investigate and respond substantively within 30 days; and
• If the matter requires additional time, keep you informed of the expected resolution timeline.

If you remain unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India, once constituted under the DPDPA, 2023.

13. Third-Party Links and Platforms

Our Website may contain links to third-party websites, partner portals, or social media platforms. This Policy applies solely to our Website and the personal data we collect. We are not responsible for the privacy practices or content of any external websites.

We encourage you to review the privacy policies of any third-party sites before submitting personal data to them. The presence of a link on our Website does not imply our endorsement of that site’s privacy practices.

14. Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our business practices, applicable law, or regulatory guidance. When we make material changes, we will:

• Update the “Effective Date” and “Version” at the top of this document;
• Display a notice on our Website homepage for a period of 30 days following a material update; and
• Where required by law, seek fresh consent from affected data principals.

Continued use of our Website or engagement with our services following any update constitutes your acknowledgement of the revised Policy. We encourage you to review this page periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the manner in which we handle your personal data, please do not hesitate to reach out. We are committed to addressing all enquiries with transparency and care.