1. INTRODUCTION AND COMMITMENT TO PRIVACY

At Hebbevu Farms Private Limited (hereinafter referred to as the “Company”, “we”, “our”, or “us”), we are committed to protecting the privacy, dignity, and data rights of all individuals and stakeholders who interact with our physical operations, digital interfaces, websites, mobile applications, and related service platforms (collectively, the “Platform”). This Privacy Policy (“Policy”) sets out the manner in which we collect, use, process, store, disclose, and protect your personal and sensitive personal data in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act). By voluntarily accessing our Platform, engaging in a farm management relationship with us, or providing your information for registration, communication, or contractual documentation, you consent to the terms outlined herein. If you do not agree with this Policy, you are advised not to use the Platform or provide any personal data to the Company.

2. COLLECTION OF PERSONAL AND SENSITIVE DATA

We may collect both personal data and sensitive personal data from you, directly or indirectly, when you access our Platform, register your land with us, engage with our farm operations services, respond to surveys, or communicate with us via physical or digital means. This information may include your full name, mobile number, email address, residential and property address, Aadhaar number, PAN number, scanned identification documents, bank account details, investment preferences, nominee details, photographs, biometric data (if any), or any other legally required documentation. We may also collect device identifiers, IP addresses, geolocation data, browser information, and Platform usage patterns through cookies, server logs, and analytics tools to ensure the integrity, security, and usability of our services. All such data is collected on the basis of lawful consent, contractual necessity, and legitimate interest as permitted under the DPDP Act and other relevant regulations.

3. PURPOSE OF DATA COLLECTION AND LAWFUL PROCESSING

The data we collect is used solely for legitimate business, contractual, operational, and regulatory purposes directly connected with the services rendered by Hebbevu Farms Private Limited. This includes, but is not limited to, verifying ownership of agricultural land, executing legally binding farm management agreements, fulfilling Know Your Customer (KYC) obligations, preparing legal or registration documents, facilitating payments and profit-sharing, providing operational updates, disbursing reports, or communicating important project notifications. We also use your information to improve user experience, personalize content, analyze performance metrics, and ensure compliance with applicable land laws, agricultural norms, labor codes, tax laws, and environmental mandates. Under no circumstances will your personal data be processed for unlawful purposes or beyond what is necessary to provide our services unless you have been informed and have consented to such additional use.

4. CONSENT, WITHDRAWAL, AND DATA PRINCIPAL RIGHTS

By sharing your personal or sensitive data with the Company, you provide your free, informed, and unambiguous consent for us to use, retain, and process your information as detailed in this Policy. Under the Digital Personal Data Protection Act, 2023, you, as the Data Principal, have the right to request access to your data, seek correction of any inaccuracies, withdraw previously granted consent, restrict certain forms of data processing, and even nominate a successor for your data in case of incapacitation. You may also request the erasure of data once the original purpose has been fulfilled or where retention is no longer legally justified. To exercise any of these rights, a written request may be submitted to our Grievance Officer, whose contact details are listed in Section 9 of this Policy. Please note that withdrawal of consent may result in the partial or complete suspension of services and may also affect your ability to execute or enforce contractual rights under the terms of engagement.

5. DATA STORAGE, SECURITY, AND RETENTION STANDARDS

We maintain the highest industry standards of data security and confidentiality to prevent unauthorized access, misuse, loss, or alteration of your data. All digital data is stored in encrypted servers with multi-layer access control protocols, firewalls, anti-malware systems, and regular vulnerability assessments. Sensitive documents and identity proofs are maintained with strict physical and digital access logs. We retain your data only for as long as necessary to fulfill the purpose of its collection or for the period required by applicable law, including tax audits, compliance inspections, legal proceedings, or statutory reporting obligations. Once the data retention period expires or upon legitimate request from you, we will securely delete or anonymize the data in accordance with prescribed data destruction protocols.

6. SHARING AND DISCLOSURE OF PERSONAL DATA

Hebbevu Farms Private Limited does not sell or rent personal data to any third parties. However, we may share your data with trusted third-party service providers, legal advisors, KYC verification agencies, cloud storage partners, auditors, agricultural consultants, or government departments strictly for purposes consistent with the purpose for which it was collected. In case of a statutory requirement, legal summons, or regulatory notice, we may also disclose data to competent authorities or law enforcement agencies. Any data shared with external parties is done under confidentiality agreements and data protection contracts ensuring equivalent levels of protection as required under Indian law and, where applicable, international standards. We shall not be liable for any misuse of data arising from circumstances beyond our reasonable control, including cyberattacks or systemic failures, but we shall take immediate remedial measures if any breach is detected.

7. CROSS-BORDER TRANSFERS AND CLOUD INFRASTRUCTURE

Certain operational functions of Hebbevu Farms may be supported by cloud-based service providers or data processors located outside India. Accordingly, your data may be stored or processed in foreign jurisdictions, including regions such as Singapore, Europe, or the United States. By using our Platform or entering into a farm operations agreement, you expressly consent to such international transfer of data, subject to the Company’s adherence to contractual safeguards, standard data protection clauses, and lawful processing principles recognized by Indian law. We ensure that any overseas vendor or cloud partner maintains compliance with data security standards equivalent to those required under the DPDP Act, 2023 and the IT Rules, 2011.

8. COOKIES, TRACKING TECHNOLOGIES, AND DIGITAL FOOTPRINTS

Our Platform may utilize cookies, pixel tags, and analytical tools to enhance user experience, enable secure logins, and track engagement metrics such as page views, click behavior, and session history. Cookies help us maintain session integrity, personalize services, and identify areas for Platform improvement. You may choose to block certain cookies via your browser settings; however, doing so may impact functionality and disable features like real-time reporting, secure form submissions, or dashboard access. Hebbevu Farms shall not use tracking technologies to collect sensitive personal data without consent, nor shall it sell or transmit your digital usage patterns to unauthorized entities for marketing purposes.

9. GRIEVANCE REDRESSAL AND CONTACT INFORMATION

If you have any questions, concerns, or grievances regarding this Policy or the manner in which your data is processed, you may contact our designated Grievance Officer. We are committed to acknowledging your complaint within 7 working days and resolving the matter within 30 days, in compliance with statutory requirements.

Grievance Officer
Hebbevu Farms Private Limited
Ninth floor, Unit A 904, Brigade Signature tower Huskur village, Bengaluru, Karnataka 560049
Email: hello@hebbevu.com
Phone: +91 9606975444

10. CHANGES TO THIS POLICY AND USER ACKNOWLEDGMENT

Hebbevu Farms Private Limited reserves the right to modify, revise, or amend this Privacy Policy at any time to reflect changes in law, technology, operational models, or regulatory guidance. Any such changes will be posted on our Platform along with the date of last revision. Users are advised to periodically review this Policy to remain informed of how their data is being protected. Continued use of the Platform or services after any changes to the Policy shall be deemed as your acceptance of the revised terms.

11. LAWFUL BASIS FOR DATA COLLECTION AND PROCESSING

Hebbevu Farms Private Limited collects and processes personal data in strict adherence to the principles laid down under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Data is collected only for lawful, specific, and necessary purposes that are directly related to the operation of farm management agreements, landholder onboarding, compliance filings, financial disbursals, and other services rendered by the Company. The legal basis for processing includes

(i) consent explicitly obtained from the Data Principal (User),

(ii) contractual necessity arising from the farm operations agreement,

(iii) compliance with applicable legal obligations under land and tax law, and

(iv) the legitimate interest of ensuring sustainable and secure digital service delivery.

The Company ensures that no personal or sensitive data is collected without a clearly communicated purpose and that data is never processed for unlawful or excessive objectives.

12. CLASSIFICATION AND HANDLING OF SENSITIVE PERSONAL DATA

Under Rule 3 of the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Hebbevu Farms recognizes and treats the following as Sensitive Personal Data or Information (SPDI): Aadhaar details, PAN card information, banking and payment credentials, biometric data (if collected), financial health declarations, and nominee-related information. All such data is processed with enhanced security, encrypted storage, and dual-layer access controls to ensure that unauthorized parties are prevented from gaining access. The Company retains SPDI only for the period necessary to fulfill the contractual or regulatory objective and commits to deleting or anonymizing such data upon termination of services or upon receipt of a lawful deletion request from the User, unless legal obligations require otherwise.

13. DATA PRINCIPAL RIGHTS UNDER THE DPDP ACT, 2023

In compliance with the Digital Personal Data Protection Act, 2023, Hebbevu Farms acknowledges and respects the rights of every Data Principal (i.e., individual providing personal data). Users have the statutory right to: (i) access their personal data, (ii) seek correction of any inaccurate or outdated information, (iii) withdraw consent previously given, (iv) restrict processing under certain lawful conditions, (v) be informed of all entities with whom their data has been shared, and (vi) nominate a data successor. These rights can be exercised by submitting a written request to the Grievance Officer. Hebbevu Farms undertakes to respond to such requests within the time frame specified under Section 11 of the DPDP Act and maintain transparent logs of such data processing activities.

14. CONSENT MANAGEMENT AND REVOCATION

All personal and sensitive data is collected and processed by Hebbevu Farms only upon obtaining the explicit and informed consent of the User, in accordance with Sections 6 and 7 of the DPDP Act. The User may withdraw such consent at any time, and the Company will thereafter cease processing the data except to the extent required to fulfill residual legal, contractual, or statutory obligations. Consent logs are digitally stored with time stamps and audit trails. Any processing beyond the initially consented purpose shall require a fresh consent. Where data is being collected on behalf of minors or individuals lacking legal capacity, the Company shall obtain lawful consent from a parent or legal guardian.

15. SECURITY STANDARDS AND REASONABLE SECURITY PRACTICES

As mandated under Section 43A of the Information Technology Act and Rule 8 of the IT Rules, 2011, Hebbevu Farms has adopted ISO/IEC 27001-compliant frameworks and other industry-standard practices to safeguard all data collected through digital and physical means. This includes firewall protection, secure socket layers (SSL), regular penetration testing, access logs, password management systems, malware detection, and encrypted cloud storage. Internal staff and vendors are trained on data security practices, and access to sensitive information is role-based, auditable, and subject to internal approvals. Any data breach will be reported to the relevant authority and affected Data Principals in accordance with Section 8(6) of the DPDP Act.

16. GRIEVANCE REDRESSAL AND LEGAL REMEDIES

The Company has appointed a Grievance Officer in accordance with Rule 5(9) of the IT Rules, 2011 and Section 11(3) of the DPDP Act. Any User or Data Principal who believes their data has been processed in contravention of applicable law, or whose rights under the Act have been infringed, may submit a grievance in writing via email or postal communication. All grievances shall be acknowledged within seven (7) business days and resolved within thirty (30) business days unless an extension is warranted due to complexity. If the User is dissatisfied with the resolution, they may escalate the matter to the Data Protection Board of India.

17. DATA SHARING, CROSS-BORDER TRANSFERS, AND THIRD-PARTY ACCESS

Any sharing of personal data by Hebbevu Farms with third-party vendors, consultants, or cloud service providers is strictly governed by contractual agreements that incorporate confidentiality clauses and data protection standards equivalent to Indian law. Where data is stored or processed outside India (e.g., by using global cloud services), such cross-border transfers shall occur only in accordance with Chapter V of the DPDP Act and after confirming that the receiving country or entity ensures an adequate level of data protection. The User consents to such transfers by agreeing to the Company’s Privacy Policy and related terms of engagement.