1. Introduction and Identity of the Data Controller

Welcome to ReliaBull Financial Services Private Limited (hereinafter referred to as "ReliaBull", "we", "us", or "our"). ReliaBull Financial Services Private Limited is a AMFI-registered Mutual Fund Distributor (ARN-88227) and a financial services intermediary operating under the applicable laws and regulations of the Republic of India. Our registered office is located at No 4-D, 4th Floor, Victoria Plaza, Santacruz West, Mumbai - 400054, Maharashtra, India.

This Privacy Policy governs the collection, storage, processing, use, disclosure, and protection of personal information and financial data of individuals (hereinafter referred to as "Users", "you", or "your") who access or use our official website at www.reliabullwealth.com (hereinafter referred to as the "Website").

This Privacy Policy has been prepared in compliance with:

• The Information Technology Act, 2000 ("IT Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules");
• The Digital Personal Data Protection Act, 2023 ("DPDPA") and rules thereunder as notified by the Ministry of Electronics and Information Technology ("MeitY");
• Securities and Exchange Board of India ("SEBI") regulations, circulars, and guidelines applicable to Mutual Fund Distributors and investment intermediaries;
• The Prevention of Money Laundering Act, 2002 ("PMLA") and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005;
• Reserve Bank of India ("RBI") guidelines pertaining to Know Your Customer ("KYC") norms;
• Association of Mutual Funds in India ("AMFI") guidelines; and
• Any other applicable laws, rules, regulations, and regulatory guidance in force from time to time.

By accessing, browsing, or using our Website, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree to these terms, we request that you immediately cease using the Website.

2. Scope and Applicability

This Privacy Policy applies exclusively to information collected through the ReliaBull Financial Services Private Limited Website (www.reliabullwealth.com). It does not apply to:

• Information collected through the ReliaBull Global Investments mobile application (which is governed by a separate Privacy Policy);
• Third-party websites, services, or platforms that may be linked from our Website;
• Offline interactions with our representatives, advisors, or branch offices; or
• Products or services offered directly by Asset Management Companies (AMCs), Registrar & Transfer Agents (RTAs), or other third parties.

This policy applies to all categories of users including prospective clients browsing the Website, registered clients who have completed their KYC and onboarding, corporate or institutional investors accessing the portal, and Non-Resident Indians (NRIs) accessing services from abroad, subject to applicable cross-border data transfer regulations.

3. Categories of Information We Collect

3.1 Information You Provide Directly

When you register on our Website, enquire about our services, or transact through our platform, we collect the following categories of personal and financial information:

• Identity Information: Full legal name as per PAN card or Aadhaar, date of birth, gender, nationality, residential status (Resident Individual, NRI, PIO, OCI), photograph, and signature.
• Contact Information: Residential and correspondence address, email address, mobile and telephone numbers, and communication preferences.
• Financial Identification: Permanent Account Number (PAN), Aadhaar number (masked as required by UIDAI regulations), passport number (for NRI clients), bank account details (account number, IFSC code, account type), and MICR code.
• Investment Information: Risk profile, investment objectives, investment horizon, existing investment holdings, annual income, net worth, source of funds, and declaration of politically exposed person (PEP) status.
• KYC Documentation: Officially valid documents (OVDs) as defined under the PMLA, including but not limited to PAN card, Aadhaar card, passport, voter identification card, driving licence, utility bills, and bank statements.
• Nominee and Guardian Details: Name, relationship, date of birth, and contact details of nominees and, in case of minor investors, guardian information.
• Communication Records: Records of emails, chat conversations, call logs, and other correspondence between you and our team.

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical information through cookies, web beacons, and similar tracking technologies:

• Device and Technical Data: IP address, browser type and version, operating system, screen resolution, device type, and referring URL.
• Usage Data: Pages visited, time spent on each page, navigation paths, links clicked, search queries entered, and frequency of visits.
• Session Data: Login and logout timestamps, session duration, and transaction activity logs.
• Cookie Data: Preferences stored via cookies including language preferences, saved search parameters, and authentication tokens.

3.3 Information from Third Parties

• From AMFI, BSE Star MF, NSE MF, CAMS, KFintech, and other RTAs: Transaction records, portfolio statements, and folio information.
• From KYC Registration Agencies (KRAs): KYC compliance status and verification records.
• From CDSL/NSDL: Demat account and e-CAS details where applicable.
• From Payment Gateways: Transaction confirmation, payment status, and associated metadata (note: we do not store full card details).
• From Credit Bureaus: Credit scores and related data where you have provided explicit consent.
• From Social Media Platforms: If you use social login features (e.g., Google), we receive your name, email ID, and profile picture subject to the permissions you grant.

4. Purposes of Data Processing and Legal Basis

We process your personal data for the following specific, explicit, and legitimate purposes:

4.1 Service Delivery and Account Management

• Processing mutual fund transactions including purchases, redemptions, switches, systematic investment plans (SIPs), systematic withdrawal plans (SWPs), and systematic transfer plans (STPs);
• Maintaining accurate account records, portfolio statements, and transaction histories;
• Facilitating online KYC completion, eKYC verification, and in-person verification (IPV) where required;
• Processing investment applications and communicating with AMCs and RTAs on your behalf; and
• Providing consolidated account statements and portfolio analytics.

4.2 Regulatory Compliance

• Complying with SEBI's Know Your Client (KYC) requirements and AMFI's anti-money laundering guidelines;
• Maintaining statutory records under the PMLA and reporting suspicious transactions to the Financial Intelligence Unit India (FIU-IND);
• Complying with tax reporting obligations including TDS on dividends, capital gains reporting, and Foreign Account Tax Compliance Act (FATCA) / Common Reporting Standard (CRS) declarations;
• Responding to lawful requests from regulatory authorities including SEBI, IRDAI, RBI, Income Tax Department, Enforcement Directorate, and courts of competent jurisdiction; and
• Audit and record-keeping obligations under applicable laws.

4.3 Risk Management and Fraud Prevention

• Conducting suitability assessments and risk profiling to ensure appropriate investment recommendations;
• Detecting, investigating, and preventing fraudulent transactions, identity theft, and other financial crimes;
• Monitoring unusual transaction patterns and flagging suspicious activity; and
• Maintaining records for dispute resolution and grievance redressal.

4.4 Communication and Customer Service

• Sending transactional alerts, account statements, NAV updates, dividend intimations, and regulatory communications;
• Notifying you of changes to our terms, policies, services, or regulatory requirements;
• Responding to your queries, grievances, and service requests through email, phone, and chat; and
• Sharing educational content, market insights, and investment research (with your consent, where required).

4.5 Marketing and Business Development (Consent-Based)

Subject to your explicit consent, we may use your information to send you personalized investment insights, new product information, promotional offers, and event invitations. You retain the right to withdraw such consent at any time by contacting us at service@reliabullwealth.com or adjusting your communication preferences in your account settings.

5. Sensitive Personal Data or Information (SPDI)

SPDI collected by us includes your bank account details and payment instrument information, Aadhaar number (stored in masked or tokenized form as mandated by the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016), financial standing, investment portfolios, income details, biometric data where used for authentication, and medical information if disclosed for nomination purposes. We shall not share SPDI with any third party without your prior written consent, except where required by law or for the purpose for which such information was collected.

6. Cookies and Tracking Technologies

6.1 Types of Cookies Used

• Strictly Necessary Cookies: Essential for the Website to function, including session management, authentication, and security. These cannot be disabled without affecting core functionality.
• Functional Cookies: Enable enhanced features such as remembering your preferences, language settings, and saved filters.
• Performance and Analytics Cookies: Used by tools like Google Analytics, Hotjar, and similar platforms to understand how users interact with the Website. Data collected is aggregated and anonymized.
• Targeting and Marketing Cookies (Consent-Required): Used to serve relevant advertisements and remarketing campaigns on third-party platforms, activated only with your consent.

6.2 Cookie Management

You may manage your cookie preferences through our Cookie Consent Manager accessible at the footer of our Website. You may also configure your browser to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of the Website. For detailed information, refer to our Cookie Policy available at www.reliabullwealth.com

7. Disclosure and Sharing of Information

We do not sell, rent, or trade your personal information to third parties for commercial purposes. We share your information only in the following circumstances:

• Regulatory and Statutory Bodies: SEBI, AMFI, RBI, IRDAI, Income Tax Authorities, FIU-IND, BSE, NSE, and other regulatory bodies as required by applicable law.
• Asset Management Companies (AMCs): For processing and managing your mutual fund investments. AMCs are bound by their own SEBI-mandated privacy obligations.
• Registrar and Transfer Agents (RTAs): CAMS (Computer Age Management Services) and KFintech for maintaining folio records, processing transactions, and generating statements.
• KYC Registration Agencies (KRAs): CVL-KRA, CDSL Ventures Ltd., NSDL Database Management Ltd., Dotex, and CAMS KRA for KYC verification and maintenance.
• Payment Service Providers and Banks: For processing payment instructions, NACH mandates, and banking transactions. Sharing is limited to the minimum data required for payment processing.
• Technology Service Providers: Carefully vetted cloud hosting providers, cybersecurity vendors, CRM platforms, and analytics partners operating under strict data processing agreements that prohibit them from using your data for any purpose other than providing services to us.
• Legal and Professional Advisors: Lawyers, auditors, and compliance professionals bound by professional confidentiality obligations.
• Group Companies and Affiliates: Where necessary for the delivery of integrated financial services, subject to appropriate data sharing agreements.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or a portion of our assets, your information may be transferred as part of the transaction, subject to notification to you and applicable regulatory approvals.

All third-party data processors engaged by us are required to implement adequate technical and organizational security measures and are prohibited from processing your data for any purpose not authorized by us.

8. Data Retention

We retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal obligations. The following retention schedules apply:

• KYC Records: Retained for a minimum of 10 (ten) years from the date of account closure, as mandated by PMLA and SEBI.
• Transaction Records: Retained for a minimum of 8 (eight) years from the date of transaction, as required under the PMLA.
• Communication Records: Retained for a minimum of 5 (five) years.
• Grievance Records: Retained for a minimum of 3 (three) years from resolution.
• Marketing and Consent Records: Retained for 3 (three) years from the date of last interaction or until consent is withdrawn, whichever is earlier.

Upon expiry of the applicable retention period, data is securely destroyed through certified data destruction processes in compliance with IS/ISO/IEC 27001 standards. Where anonymization is feasible, we may retain anonymized data for analytical purposes beyond the retention period.

9. Data Security

ReliaBull Financial Services Private Limited implements comprehensive technical and organizational security measures to protect your personal and financial information against unauthorized access, loss, misuse, alteration, or destruction. Our security framework includes:

• Encryption: All data transmitted to and from the Website is encrypted using industry-standard Transport Layer Security (TLS 1.2 or higher). Data stored on our servers is encrypted at rest using AES-256 encryption.
• Access Controls: Role-based access control (RBAC) systems ensure that only authorized personnel have access to sensitive data on a need-to-know basis. All access is logged and audited.
• Secure Infrastructure: Our systems are hosted in ISO 27001-certified data centres located within India, ensuring data sovereignty and compliance with applicable data localization requirements.
• Vulnerability Management: Regular penetration testing, vulnerability assessments, and security audits are conducted by certified information security professionals.
• Monitoring and Incident Response: 24/7 security monitoring with defined incident response procedures. In the event of a data breach, we will notify affected users and the Data Protection Board of India (DPBI) in accordance with the DPDPA, 2023.
• Employee Training: All employees handling personal data undergo regular training on data protection and information security best practices.

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights with respect to your personal data:

• Right to Access: You have the right to obtain confirmation of whether we process your personal data and to receive a summary of the personal data held and the processing activities carried out.
• Right to Correction: You have the right to request correction of inaccurate or outdated personal data and to have incomplete data completed.
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal obligations to retain such data.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Grievance Redressal: You have the right to lodge a grievance with our designated Grievance Officer and, if unsatisfied, to escalate to the Data Protection Board of India.
• Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of the above rights, please contact our Grievance Officer in the manner described in Section 13 of this Policy. We will respond to your request within the timelines prescribed under applicable law.

11. Cross-Border Data Transfers

ReliaBull Financial Services Private Limited primarily stores and processes your data within India. In limited circumstances, certain data may be transferred to or accessed from jurisdictions outside India, for example, when you access the Website from abroad or when technology service providers operate data centres in multiple geographies. Such cross-border transfers are conducted in compliance with Section 16 of the DPDPA, 2023 and only to countries or jurisdictions notified by the Central Government as permissible transfer destinations. Adequate contractual safeguards are put in place with all overseas processors.

12. Children's Privacy

Our Website and services are not directed at or intended for use by individuals below the age of 18 (eighteen) years. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data of a person below 18 years of age without verified parental consent, we will take immediate steps to delete such information. Parents or legal guardians who believe their child has provided personal information to us may contact our Grievance Officer for rectification.

13. Grievance Redressal

If you have any complaint or grievance regarding our Services, you may address it to

Email: service@reliabullwealth.com | kishan@reliabullwealth.com

Phone: [+91 99674 32226] | Working Hours: Mon–Fri, 10:00 AM – 6:30 PM IST.

14. Updates to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. Material changes will be communicated to you via email to your registered email address and/or through a prominent notice on the Website at least 30 (thirty) days before the changes take effect. Your continued use of the Website after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically. The version history of this Policy is maintained at www.reliabullwealth.com/privacy-policies.

15. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes arising from or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of competent jurisdiction in Mumbai, Maharashtra, India.

16. Contact Us

For any general queries, feedback, or concerns regarding this Privacy Policy, you may reach us at:

ReliaBull Financial Services Private Limited

No 4-D, 4th Floor, Victoria Plaza, Santacruz West, Mumbai - 400054, Maharashtra, India Email: kishan@reliabullwealth.com | service@reliabullwealth.com

Website: www.reliabullwealth.com

Phone: +91 99674 32226