Privacy Notice

Last Updated: June 2026


1. INTRODUCTION

Whitecruise Capital (“Company,” “we,” “us,” or “our”) is a private company incorporated under the laws of India. We are committed to protecting the privacy and personal data of individuals who access our website (“Website”) or engage with us through any channel.

This Privacy Notice explains what personal data we collect, why we collect it, how we use it, how long we retain it, and what rights you have in relation to it.

This Notice is issued in compliance with:

  • The Digital Personal Data Protection Act, 2023 (India) (“DPDPA”)
  • The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India)
  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”), for Users accessing from European Economic Area (“EEA”) jurisdictions
  • All other applicable data protection and privacy laws

By accessing this Website, you acknowledge that you have read and understood this Privacy Notice.


2. DATA CONTROLLER IDENTITY

The data controller responsible for your personal data is:

Whitecruise Capital Private Limited
#198, 2nd Floor, CMH Road, 2nd Stage, Indiranagar
Bengaluru, KA, India – 560038
contact@whitecruisecapital.com

For Users in the EEA, Whitecruise Capital acts as the data controller as defined under Article 4(7) of the GDPR.


3. WHAT PERSONAL DATA WE COLLECT

We collect only the minimum personal data necessary for the specific purpose for which it is collected. We do not engage in mass data collection, behavioral profiling, or sale of personal data under any circumstances.

3.1 Data You Provide Voluntarily

When you contact us through our Website or any communication channel, we may collect:

  • Full name
  • Email address
  • Professional affiliation or organization (if provided)
  • The content of your communication or inquiry

3.2 Data Collected Automatically

When you access our Website, we may collect the following technical data through standard server logs and analytics tools:

  • IP address (anonymized where technically feasible)
  • Browser type and version
  • Device type and operating system
  • Pages accessed and time spent
  • Referring URL

We do not use advertising trackers, cross-site tracking technologies, or third-party behavioral analytics platforms.

3.3 Data We Do Not Collect

We do not collect:

  • Financial data, bank account details, or payment information
  • Government identification numbers
  • Biometric data
  • Sensitive personal data as defined under the DPDPA 2023 and applicable law, unless explicitly required for a specific lawful purpose and with your express consent


4. PURPOSES AND LEGAL BASIS FOR PROCESSING

We process personal data only where a lawful basis exists. The following table outlines our processing activities:

Purpose: Responding to inquiries and correspondence
Legal Basis (India/DPDPA): Consent of the Data Principal; Legitimate use for responding to a voluntarily initiated communication
Legal Basis (GDPR): Article 6(1)(b) — Processing necessary for responding to a request; Article 6(1)(f) — Legitimate interests

Purpose: Website security and technical operation
Legal Basis (India/DPDPA): Legitimate use for maintaining the security and integrity of our systems
Legal Basis (GDPR): Article 6(1)(f) — Legitimate interests in operating a secure website

Purpose: Compliance with applicable law
Legal Basis (India/DPDPA): Legal obligation under applicable Indian law
Legal Basis (GDPR): Article 6(1)(c) — Legal obligation

Purpose: Access control for referral-based engagements
Legal Basis (India/DPDPA): Consent; Legitimate use for managing restricted access
Legal Basis (GDPR): Article 6(1)(a) — Consent; Article 6(1)(f) — Legitimate interests

We do not process personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.


5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Our Website may use strictly necessary cookies to ensure the technical functionality and security of the Website. These cookies do not track your behavior across external websites and do not serve advertising purposes.

5.2 We do not use:

  • Advertising cookies or third-party tracking pixels
  • Social media tracking integrations
  • Analytics platforms that share data with third parties for commercial purposes

5.3 Where we use any analytics tool, we ensure it operates under data processing agreements consistent with applicable law, and data is processed in anonymized or aggregated form to the extent possible.

5.4 You may configure your browser settings to refuse or delete cookies. Please note that disabling strictly necessary cookies may affect the functionality of this Website.

A separate Cookie Notice is available on this Website and is incorporated into this Privacy Notice by reference.


6. HOW WE SHARE YOUR PERSONAL DATA

We do not sell, rent, trade, or otherwise disclose your personal data to third parties for commercial purposes under any circumstances.

We may share personal data only in the following limited circumstances:

6.1 Service Providers
We may engage carefully selected third-party service providers (such as website hosting providers or secure email services) who process data strictly on our behalf, under binding data processing agreements, and solely for the purposes we specify. Such providers are prohibited from using your data for their own purposes.

6.2 Legal Obligations
We may disclose personal data where required to do so by applicable law, lawful order of a court or regulatory authority, or to protect the rights, property, or safety of the Company, its principals, or others.

6.3 Protection of Rights
In the event of a legal dispute, investigation, or enforcement action, we may disclose personal data to the extent strictly necessary to exercise or defend legal claims.

We do not transfer personal data internationally except where necessary for the purposes described above, and only where appropriate safeguards are in place as required by the DPDPA 2023 and, for EEA Users, the GDPR.


7. INTERNATIONAL DATA TRANSFERS

7.1 This Website is operated from India. If you are accessing from outside India, your personal data may be transferred to and processed in India.

7.2 For Users in the EEA: Where personal data is transferred outside the EEA, we ensure such transfers are carried out in compliance with Chapter V of the GDPR, including through the use of Standard Contractual Clauses or other appropriate safeguards recognized under applicable law.

7.3 For all Users: We process personal data in accordance with the DPDPA 2023, including its provisions on cross-border data transfers to countries notified by the Government of India as permitting such transfers.


8. DATA RETENTION

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law.

  • Inquiry and correspondence data: Retained for a period not exceeding twenty-four (24) months from the date of last communication, unless a longer retention period is required by law or for the exercise or defense of legal claims.
  • Technical/server log data: Retained for a period not exceeding ninety (90) days, after which it is deleted or anonymized.
  • Legal compliance data: Retained for such periods as required by applicable Indian law.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized such that it can no longer be attributed to any identifiable individual.


9. YOUR RIGHTS AS A DATA PRINCIPAL / DATA SUBJECT

9.1 Rights under the DPDPA 2023 (for all Users, including Indian Users)

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

  • Right to Access Information: The right to obtain a summary of the personal data we hold about you and the purposes for which it is being processed.
  • Right to Correction and Erasure: The right to request correction of inaccurate or incomplete personal data, and the right to request erasure of personal data where it is no longer necessary for the purpose for which it was collected, subject to applicable legal obligations.
  • Right to Grievance Redressal: The right to have your grievances addressed by our designated contact within a reasonable time.
  • Right to Nominate: The right to nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to Withdraw Consent: The right to easily withdraw your consent at any time for data processing that is based on consent, without affecting the lawfulness of any processing carried out prior to such withdrawal.

9.2 Rights under the GDPR (for EEA Users)

If you are located in the EEA, you have the following additional rights under the GDPR:

  • Right of Access (Article 15): The right to obtain confirmation of whether we process your personal data and to receive a copy of it.
  • Right to Rectification (Article 16): The right to request correction of inaccurate personal data.
  • Right to Erasure (Article 17): The right to request deletion of your personal data in certain circumstances.
  • Right to Restriction of Processing (Article 18): The right to request that we restrict processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): The right to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights in relation to Automated Decision-Making (Article 22): The right not to be subject to decisions based solely on automated processing that produce significant effects on you. We do not engage in such processing.
  • Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a written request to us at:

contact@whitecruisecapital.com

We will respond to your request within the timeframes prescribed by applicable law — ninety (90) days under the DPDPA 2023 and one (1) month under the GDPR, extendable in complex cases with notice to you.

We may request verification of your identity before processing your request to prevent unauthorized disclosure of personal data.


10. SECURITY OF PERSONAL DATA

10.1 We implement reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures are commensurate with the nature and sensitivity of the data processed and the risks involved.

10.2 However, no method of electronic transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.

10.3 In the event of a personal data breach that is likely to result in risk to your rights, we will notify the relevant authorities and, where required, affected individuals, in accordance with the timelines and procedures prescribed under the DPDPA 2023 and, for EEA Users, the GDPR.


11. CHILDREN’S PRIVACY

This Website is not directed at, and we do not knowingly collect personal data from, individuals under the age of eighteen (18) years. If we become aware that we have inadvertently collected personal data from a minor without appropriate consent, we will take prompt steps to delete such data. If you believe a minor has submitted personal data to us, please contact us at the address provided in Section 13.


12. LINKS TO THIRD-PARTY RESOURCES

This Website may reference or link to third-party publications, platforms, or external resources. This Privacy Notice does not apply to such third-party resources. We are not responsible for the privacy practices of any third party, and we encourage you to review the privacy notices of any external services you access.


13. GRIEVANCE OFFICER AND CONTACT

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDPA 2023, we have designated a point of contact for privacy-related grievances:

Grievance Contact
Whitecruise Capital
#198, 2nd Floor, CMH Road, 2nd Stage, Indiranagar
Bengaluru, KA, India – 560038
contact@whitecruisecapital.com

Grievances will be acknowledged promptly and resolved within thirty (30) days of receipt, in accordance with applicable law.

For EEA Users who are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your Member State of residence or place of work.


14. AMENDMENTS TO THIS PRIVACY NOTICE

We reserve the right to update or amend this Privacy Notice at any time to reflect changes in applicable law, regulatory guidance, or our data processing practices. The revised Notice will be published on this Website with an updated “Last Updated” date. Continued access to this Website following any amendment constitutes acknowledgment of the revised Notice.

We encourage you to review this Privacy Notice periodically.


15. RELATIONSHIP TO OTHER LEGAL DOCUMENTS

This Privacy Notice forms part of, and must be read together with, the Terms and Conditions and Cookie Notice published on this Website. In the event of any conflict between this Privacy Notice and the Terms and Conditions on matters of data protection, this Privacy Notice shall prevail.


© 2026 Whitecruise Capital. All Rights Reserved.
This Privacy Notice is the exclusive property of Whitecruise Capital and may not be reproduced, adapted, or distributed without prior written authorization.