Privacy Policy

1. Introduction & scope

This Privacy Policy describes how David Holdings Pvt. Ltd. (the firm, we, us or our) handles personal information when you visit our website, open or maintain an account, or otherwise engage our services. The firm is incorporated under the Companies Act 2013, with registered office at 1st Floor, Old No.19, New No.35, K P Towers, Mount Road, Saidapet, Chennai 600 015, India.

We are committed to handling personal data lawfully, fairly and with the discretion expected of a private banking relationship. This policy applies to information collected through this website, our client portals, our offices, and any correspondence with the firm. It does not apply to third-party websites that may be linked from our pages.

By using this website or engaging our services, you acknowledge that you have read and understood this policy. Where a separate engagement letter, account-opening form or scheme-related document contains specific data terms, those terms apply in addition to this policy.

2. Information we collect

The categories of information we collect depend on your relationship with the firm. They may include the following.

Personal and contact information

• Name, date of birth, gender and nationality.
• Residential and correspondence address, telephone numbers and email address.
• Family and nominee details where relevant to estate or succession planning.

Financial information

• Income, net worth, source of funds and investable assets.
• Bank account, demat account and transaction details.
• Holdings, portfolio positions and instructions you give the dealing desk.

KYC and identity information

• PAN, Aadhaar (where lawfully required), passport and other government identifiers.
• Proof of identity and address, photographs and specimen signatures.
• Tax residency, FATCA and CRS declarations.

Technical information

• IP address, device and browser type, and operating system.
• Pages visited, session duration and referring sources.
• Log data generated when you access our portals.

3. How we use information

We use personal information only for purposes connected with the services you have requested or that we are required to perform. These include:

• Establishing and verifying your identity at account opening.
• Providing wealth management, broking, portfolio management and advisory services.
• Executing transactions, settling trades and maintaining your accounts.
• Communicating with you about your portfolio, market developments and corporate actions.
• Meeting our legal, regulatory and tax obligations.
• Detecting, preventing and investigating fraud, market abuse and money laundering.
• Improving the security, performance and content of our website and portals.

We do not sell personal information. We do not use your information for purposes that are incompatible with those described above without first informing you.

4. Lawful basis & consent

We process personal data in accordance with the Digital Personal Data Protection Act 2023 (DPDP Act 2023) and other applicable Indian law. Depending on the activity, our processing rests on one or more of the following bases:

• Your consent, given freely and for a specified purpose.
• The performance of a contract or engagement to which you are a party.
• Compliance with a legal or regulatory obligation, including obligations under SEBI regulations and the Prevention of Money-Laundering Act 2002.
• Certain legitimate uses recognised under the DPDP Act 2023.

Where we rely on your consent, you may withdraw it at any time by contacting the Data Protection Officer. Withdrawal does not affect processing carried out before the withdrawal, and may limit our ability to continue providing certain services. Where information is necessary to meet a statutory or regulatory requirement, we may be unable to act on a withdrawal of consent for that specific purpose.

5. Sharing & disclosure

We treat your information as confidential and share it only where necessary and lawful. We may disclose personal information to:

• Regulators and authorities such as SEBI, the stock exchanges, depositories, the Reserve Bank of India, the Financial Intelligence Unit and tax authorities.
• Custodians, depositories, registrars, clearing members and banks involved in settling your transactions.
• Service providers who act on our instructions, including technology, audit, legal and reconciliation partners, under written confidentiality obligations.
• Persons you have authorised, such as nominees, mandate holders or professional advisers.
• Any party where disclosure is required by law, court order or a binding regulatory direction.

Where information is processed by a service provider, we require it to apply security measures consistent with this policy and to use the information only for the agreed purpose. Any transfer of personal data outside India is carried out in accordance with the DPDP Act 2023 and applicable rules.

6. KYC, AML & regulatory record-keeping

As a SEBI-registered intermediary, the firm is required to perform Know Your Customer (KYC) checks and to maintain records under the Prevention of Money-Laundering Act 2002 and the rules and circulars issued under it. This means we must collect, verify and retain identity, address and financial information before and during the course of your relationship with us.

KYC information may be shared with KYC Registration Agencies (KRAs) and the Central KYC Records Registry (CKYCR) as required by law, so that it can be relied upon by other regulated intermediaries. We are obliged to monitor transactions for unusual or suspicious activity and to report it to the appropriate authority where required, and we may be prevented by law from informing you that such a report has been made.

7. Cookies & analytics

Our website uses a small number of cookies and similar technologies. Strictly necessary cookies are used to operate the site and to keep your session secure. We may also use analytics cookies, where permitted, to understand how visitors use the site so that we can improve it.

You can control or delete cookies through your browser settings. Disabling certain cookies may affect the functioning of parts of the website or the client portal. Where the law requires consent for non-essential cookies, we will seek that consent before they are set.

We process website information in accordance with applicable provisions of the Information Technology Act 2000 and the DPDP Act 2023.

8. Data security

We maintain reasonable security practices and procedures designed to protect personal information against unauthorised access, alteration, disclosure or destruction. These include access controls, encryption in transit, network safeguards, audit logging and staff confidentiality obligations.

No system can be guaranteed to be entirely secure. While we take the protection of your information seriously, we cannot warrant absolute security, and you are responsible for keeping your portal credentials confidential. If we become aware of a personal data breach that is likely to affect you, we will notify you and the Data Protection Board of India as required by the DPDP Act 2023.

9. Data retention

We retain personal information for as long as your relationship with the firm continues, and thereafter for the period required by applicable law and regulation. SEBI regulations and anti-money-laundering law require certain records to be retained for a minimum number of years after the relationship ends or a transaction is completed.

When information is no longer required for any lawful purpose, we take steps to delete it or to anonymise it so that it can no longer be associated with you. Where information must be retained to meet a legal or regulatory obligation, we retain only what is necessary for that purpose.

10. Your rights

Subject to the conditions and exceptions set out in the DPDP Act 2023, you may have the right to:

• Request access to and a summary of the personal data we hold about you.
• Request correction or completion of inaccurate or incomplete information.
• Request erasure of personal data that is no longer required for a lawful purpose.
• Withdraw consent where processing is based on consent.
• Nominate another individual to exercise your rights in the event of death or incapacity.
• Raise a grievance about the way your information has been handled.

To exercise any of these rights, please contact the Data Protection Officer using the details below. We may need to verify your identity before acting on a request, and certain rights may be limited where information must be retained to meet a legal or regulatory obligation.

11. Grievance & Data Protection Officer

If you have a question, concern or complaint about how your personal information is handled, you may contact our Data Protection Officer. We will acknowledge your request and respond within the timelines prescribed by applicable law.

• Email: dpo@david-holdings.com
• Address: 1st Floor, Old No.19, New No.35, K P Towers, Mount Road, Saidapet, Chennai 600 015, Tamil Nadu, India

If you are not satisfied with our response, you may escalate your concern to the Data Protection Board of India in accordance with the DPDP Act 2023, or to the relevant regulator where the matter concerns our regulated activities.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology or the law. The version number and the date of the most recent revision are shown at the top of this document.

Where changes are material, we will take reasonable steps to bring them to your attention. Your continued use of our website and services after a revised policy takes effect indicates your acknowledgement of the updated terms.