DPDP Act, 2023 Compliant
1. Data Fiduciary
Gosree Finance Limited ("GFL"), registered under the Companies Act 2013, is the Data Fiduciary under the DPDP
Act 2023. We process your personal data lawfully, fairly and transparently.
2. Personal Data Collected
- Name, email address and mobile number (provided at registration)
- Login timestamps, session activity and IP address
- Documents accessed and actions performed in the Data Room
- OTP delivery records for multi-factor authentication (MSG91)
3. Purpose of Processing (Section 4, DPDP Act)
- Authentication and secure access management
- Audit trail maintenance for regulatory compliance
- Delivering OTPs via MSG91 SMS for multi-factor authentication
- Security alerts and access-change notifications
4. Your Rights as Data Principal (Chapter III, DPDP Act)
- Right to Access (Sec 11): Request a summary of personal data we hold about you
- Right to Correction & Erasure (Sec 12): Request correction or deletion of data
- Right to Grievance Redressal (Sec 13): Raise concerns with our Data Protection Officer
- Right to Nominate (Sec 14): Nominate another person to exercise your rights
- Right to Withdraw Consent: Withdrawal may terminate your Data Room access
5. Data Retention
Personal data is retained for 7 years from the date of last access, or as required by RBI/SEBI regulations.
OTP records are deleted immediately after verification.
6. Security Measures
GFL implements encryption, role-based access controls, session timeouts, and SMS OTP via MSG91 to prevent
unauthorised access, disclosure or loss of data.
7. Third-Party Processors
MSG91 is engaged solely for OTP delivery. Only your registered mobile number is shared for this purpose. No
financial or document data is shared with any third party.
8. Data Protection Officer
Contact: dpo@gosree.com | Gosree Finance Limited, Kerala, India.
Investor Data Room