Privacy policy

1. Who we are

This website is operated by Grwal Group (“we”, “us”, “our”) as the corporate presence for the group and its listed ventures. The site is published at grwal.com (including https://grwal-cl3ttgg8a-web-team-india.vercel.app when that is the address you use).

For any question about this policy or how we handle personal information, contact us at hello@grwal.com. Please include “Privacy enquiry” in the subject line so we can route your message quickly.

2. Scope of this policy

This policy applies to personal information processed when you visit or use grwal.com, including the contact form, email links, and the technical operation of the site (such as security and error logs).

Individual ventures, apps, or storefronts may collect additional data under their own privacy notices. Where a product or site links to a separate policy, that notice governs data collected there. This page covers the corporate website only unless we say otherwise on that page.

3. Personal information we collect

“Personal information” means information that identifies you or can reasonably be linked to you. We group what we collect as follows:

• Information you provide. When you submit the contact form, we receive your name, email address, enquiry type (topic), and the content of your message. If you email us outside the form, we process your email address, any address or identifiers in the headers, and the body of your message (and attachments, if you send them).
• Technical and usage data. Like most websites, our servers and infrastructure produce logs that may include your IP address, approximate location derived from IP, browser type and version, device type, referring URL, pages requested, and date and time of requests. We use this information to deliver pages, diagnose faults, detect abuse, and protect the security of the site.
• Content from third-party hosts. Some pages display images or media loaded from external domains (for example content delivery networks). When your browser requests those assets, the third party may receive technical data such as your IP address and request headers according to its own policies.

We do not ask you to provide sensitive categories of data (such as health information or government identifiers) on this corporate site. Please do not send us sensitive personal information unless we have explicitly asked for it and explained how it will be used.

4. How we use personal information

We use the information above for purposes that include:

• Reading and responding to your enquiries, and following up where appropriate.
• Routing messages internally to the right team (for example partnerships, press, or security contacts).
• Operating, hosting, and improving the website; monitoring performance; and maintaining backups and business records where appropriate.
• Protecting our rights, users, and systems; investigating misuse; and complying with legal obligations.

We do not use personal information from this site for automated profiling or solely automated decisions that produce legal or similarly significant effects.

5. Legal bases (UK, EEA, and similar)

Where data protection law requires a “legal basis”, we typically rely on: legitimate interests in operating a corporate website, communicating with people who contact us, and keeping our IT environment secure and reliable (balanced against your rights); and consent where the law requires it for a specific activity. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

We may also process information where necessary to perform a contract with you or to take steps at your request before a contract, or where processing is necessary to comply with law.

7. Sharing and processors

We share personal information with a limited set of service providers who help us run this website and our business. They process data only on our instructions or as otherwise required by law, and they are expected to implement appropriate security measures. Categories of recipients typically include:

• Hosting and infrastructure providers that store and transmit site content and logs.
• Email and communications providers used to deliver messages from the contact form to our inbox.
• Professional advisers where required (for example lawyers or accountants), subject to confidentiality obligations.
• Authorities when we believe disclosure is required by law, legal process, or to protect vital interests.

We do not sell your personal information. We do not share personal information from this site with third parties for their own marketing purposes.

8. International transfers

Grwal Group works across regions, and our service providers may process data in countries other than the one you are in. Where UK or EEA law applies, we take steps that are appropriate in the circumstances—such as standard contractual clauses approved by regulators or other lawful transfer mechanisms—to ensure your information remains protected.

9. Retention

We keep contact and email correspondence for as long as needed to handle your request, manage ongoing relationships, and meet legal, tax, and accounting requirements. Server and security logs are kept for a limited period consistent with operational and security practice, then deleted or aggregated where appropriate.

10. Security

We implement technical and organisational measures designed to protect personal information against unauthorised access, loss, or alteration. No method of transmission over the internet is completely secure; we encourage you to use a strong, unique password for any accounts you hold with us elsewhere and to avoid sending confidential information by email unless you have agreed a secure channel with us.

11. Your rights

Depending on applicable law, you may have the right to request access to, correction of, or deletion of your personal information; to restrict or object to certain processing; to data portability; and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority—for example, in the UK, the Information Commissioner’s Office (ICO)—or with another regulator in your country.

To exercise any right, email hello@grwal.com with a clear description of your request. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law.

If you are in a jurisdiction with additional privacy laws (including certain US states or India’s Digital Personal Data Protection Act), you may have comparable or extra rights. We will honour requests to the extent required by the law that applies to our processing.

12. Links to other sites

We link to operating websites of ventures in the Grwal Group portfolio so you can visit those businesses directly. Those sites are controlled by the relevant venture (or its operators) and are covered by their own privacy notices and terms—not by this corporate policy. We still encourage you to read each site’s notice before you submit personal information there.

Where we link to independent third-party sites (for example professional networks), we do not control how they collect or use data. Their policies apply on those domains.

13. Children

This corporate website is not directed at children, and we do not knowingly collect personal information from anyone under 16 through this site. If you believe we have collected information from a child in error, please contact us and we will take appropriate steps to delete it.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we may provide a more prominent notice on the site where appropriate. We encourage you to review this page periodically.