A clear account of what data we collect, why we collect it, and what we do with it. Compliant with India's Digital Personal Data Protection Act, 2023.
This Privacy Policy applies to Harshh & Co., a brand division of Acquisition Monk Private Limited ("the Company", "we", "us", "our"). For the purposes of the Digital Personal Data Protection Act, 2023, the Company is the "Data Fiduciary" responsible for your personal data.
Registered office: Bandra West, Mumbai, Maharashtra, India.
Contact for privacy queries: operations@harshh.co.
We collect personal data only when you provide it to us, or when it is automatically generated through your use of our website and programmes.
| Purpose | Lawful basis |
|---|---|
| Deliver programmes you have purchased | Performance of contract |
| Process payments and issue invoices | Performance of contract |
| Send programme updates, schedules, and reminders | Performance of contract |
| Send marketing newsletters and product updates | Your consent (opt-in) |
| Improve our website, programmes, and services | Legitimate interest |
| Comply with tax, accounting, and legal obligations | Legal obligation |
| Detect and prevent fraud or abuse | Legitimate interest |
We do not sell your personal data. Ever. Period.
We share data only with the following categories of recipients, and only to the extent necessary:
All third parties we share data with are bound by confidentiality and data protection obligations.
Some of our service providers operate servers outside India. Where personal data is transferred outside India, we ensure equivalent levels of protection through standard contractual clauses or by selecting providers with adequate data protection frameworks.
We use a minimal set of cookies. We do not use third-party advertising cookies or tracking pixels.
You can control cookies via your browser settings. Disabling strictly necessary cookies may affect site functionality.
You have the following rights regarding your personal data:
To exercise any of these rights, write to operations@harshh.co. We will respond within 30 days.
We implement reasonable technical and organisational measures to protect personal data, including:
While we take security seriously, no method of transmission or storage is 100 percent secure. In the event of a data breach affecting your personal data, we will notify you and the Data Protection Board within 72 hours of becoming aware of the breach.
Our programmes are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact us immediately at operations@harshh.co and we will delete it.
We send marketing emails only if you have actively opted in (e.g., by subscribing to our newsletter). You can unsubscribe at any time via the link in every marketing email or by writing to us. Transactional emails (programme updates, receipts, schedules) are part of the contract and cannot be opted out of without leaving the programme.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to active members at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent change.
In compliance with Section 5(7) of the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer:
Name: Privacy & Data Protection Lead
Email: operations@harshh.co
Postal: Acquisition Monk Pvt Ltd, Bandra West, Mumbai, Maharashtra, India
Response time: Within 30 days of receipt
If you have any questions about this Privacy Policy, write to operations@harshh.co. We answer every email personally and within 30 days.
