Privacy Policy – Fortuna Identity Pvt Ltd

Effective Date: 01.04.2026
Last Updated: 01.04.2026

1. Introduction

Fortuna Identity Pvt Ltd ("Fortuna Identity", “Data Fiduciary”, "FID", "we", "our", "us") is committed to protecting personal data in compliance with the Digital Personal Data Protection Act, 2023 ("DPDPA") and applicable laws.

This Privacy Policy explains how we collect, use, process, store, and protect personal data of individuals ("Data Principals", “users”, “you”, “your”).

By using our website, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of This Policy

This Privacy Policy applies to the collection and processing of personal data by Fortuna Identity Pvt Ltd in the context of its website, digital platforms, and related business interactions. It defines the boundaries within which this policy is applicable and clarifies the categories of individuals and activities covered. 

This policy applies to various individuals interacting with Fortuna Identity, including website visitors, individuals submitting contact or enquiry forms, clients and prospective clients, as well as partners, vendors, and stakeholders. It governs personal data collected through official websites, online forms, email communications, and automated technologies like cookies and tracking tools. The policy covers personal data that can directly or indirectly identify individuals, such as contact details, technical identifiers, and behavioural data. However, it excludes data handled by third-party platforms, publicly available information, and any processing outside Fortuna Identity’s control, with users encouraged to review third-party privacy policies separately.  

Operating from India with a global client base, Fortuna Identity aligns this policy with Indian data protection laws and relevant international standards, while limiting its scope to external-facing data processing, with internal data practices managed under separate policies.

3. Definitions

  • Data Fiduciary: “Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
  • Data Principal: Individual whose personal data is processed
  • Personal Data: Any data about an identifiable individual
  • Processing: Any operation performed on personal data
  • Consent: Freely given, specific, informed, and unambiguous indication of agreement

4. Personal Data We Collect

What data we collect:

  • Name, email, phone number, company name
  • IP address, device and browser data
  • Website usage and analytics data

Notice at the Time of Data Collection:

  • The categories of personal data  
  • The specific purpose of processing
  • Whether the provision of data is mandatory or voluntary
  • The rights available to the Data Principal
  • A link to this Privacy Policy

Processing of Children’s Data:

Fortuna Identity does not knowingly collect personal data from children under the age of 18.

Where such processing is required:

  • Verifiable parental consent will be obtained
  • No tracking, behavioural monitoring, or targeted advertising will be conducted
  • Data collection will be strictly limited to necessary purposes

If a parent or guardian becomes aware of unauthorized data collection, they may contact us for deletion.

5. Purpose and Legal Basis of Processing

We do not process personal data beyond stated purposes.

Limitation of Purpose
Fortuna Identity ensures that:

  • Personal data is not processed for purposes incompatible with those stated above
  • Any new purpose requiring data processing will be subject to:
  • Updated notice to users
  • Additional consent, where required

6. Consent and Deemed Consent

Consent

  • Obtained through clear affirmative action
  • Can be withdrawn at any time

Deemed Consent

Processing may occur without explicit consent where permitted under law, including:

  • Voluntary provision of data
  • Compliance with legal obligations
  • Employment or business purposes
  • Public interest functions

7. Data Processing Principles

Fortuna Identity Pvt Ltd processes personal data in line with core data protection principles that ensure lawful, fair, transparent, and secure handling of information. Data is collected and used only with a valid legal basis, for specific and legitimate purposes, and limited to what is necessary, while maintaining accuracy through user access and correction mechanisms.  

Personal data is retained only as long as required and is securely deleted or anonymized thereafter.

Strong security measures are implemented to protect against unauthorized access, loss, or misuse, and the organization remains accountable by maintaining documented policies, audit trails, and compliance records. These principles are actively enforced through secure system design, internal governance, regular audits, and employee training to ensure consistent and responsible data processing practices.

8. Data Principal Rights

Data Principals have the right to:

  • Access personal data
  • Correct inaccurate data
  • Erase data
  • Withdraw consent
  • Grievance redressal
  • Nominate another individual in case of death/incapacity

Fortuna Identity Pvt Ltd upholds individuals’ rights over their personal data by providing structured, secure, and auditable mechanisms to exercise them. Users can submit requests through designated channels, which are processed within a reasonable timeframe after identity verification, typically free of charge unless requests are excessive or repetitive. While some rights may be limited due to legal or contractual obligations, Fortuna Identity ensures transparency, maintains detailed records of all requests and actions for compliance, and allows individuals to nominate others to act on their behalf in cases of death or incapacity.

9. Right to Nominate

Data Principals may nominate an individual to exercise their rights in case of death or incapacity.

10. Withdrawal of Consent

Users may withdraw consent by:

  • Submitting a request via website form
  • Contacting us via email

Upon withdrawal:

  • Services may be affected or discontinued
  • Processing will cease unless legally required
  • Existing contractual obligations may be impacted

11. Children’s Data

We do not knowingly process data of individuals under 18 years without verifiable parental consent.

We do not:

  • Track children
  • Conduct behavioural monitoring
  • Perform targeted advertising to children

12. Data Security

We implement:

  • Encryption
  • Access controls
  • Monitoring systems

13. Data Retention

Data is retained only as long as necessary or required by law and then securely deleted or anonymized.

14. Data Sharing

We do not sell personal data. Data may be shared with:

  • Service providers
  • Authorities as required by law

15. Third-Party Links

Our website may contain links to third-party websites.

We are not responsible for their privacy practices. Users should review their policies independently.

16. Security Measures

We implement industry-standard security controls, including:

  • Encryption and secure communication protocols
  • Access control and authentication mechanisms
  • Regular monitoring and vulnerability assessments

17. Data Breach Notification

In case of a personal data breach:

  • Affected individuals will be notified promptly
  • Relevant authorities will be informed, including the Data Protection Board of India, where required

Fortuna Identity will provide details on:

  • Nature of breach
  • Impact
  • Mitigation steps

Incident response procedures are aligned with regulatory requirements and security best practices.  

18. Grievance Redressal Mechanism

Grievance Officer: Ramesh Akula
Email: ramesh.akula@fortunaidentity.com

Process:

  • Acknowledgment will be provided within 7 days
  • Resolution will be provided within 15–30 days

If unsatisfied, complaints may be escalated to the Data Protection Board of India.

19. International Transfers

Where data is transferred outside India:

  • Appropriate safeguards are implemented
  • Transfers comply with applicable data protection regulations

20. Cookies

We use cookies based on consent. Users may manage preferences at any time. Fortuna Identity uses cookies and similar tracking technologies to improve user experience, maintain website functionality, and analyze performance, with cookies being small text files stored on user devices either temporarily (session) or for a defined period (persistent). The company utilizes strictly necessary cookies for core functionality, analytics cookies for performance insights, functional cookies for user preferences, and marketing cookies (where applicable) with explicit consent. Necessary cookies operate under legitimate interest, while all non-essential cookies are activated only after user consent, obtained through a customizable cookie banner that allows users to accept, reject, or manage preferences. Users can modify or withdraw consent at any time via website settings or browser controls, though disabling certain cookies may affect functionality. Some cookies may be set by third parties under their own privacy policies, with safeguards in place to ensure compliance. Cookie usage and duration vary by purpose, and Fortuna Identity maintains consent records and regularly updates its practices to align with regulatory requirements, technological changes, and audit standards.

21. Updates to Policy

We may update this policy periodically. Changes will be reflected with a revised date.

22. Contact Information

Email: dataprivacyofficer@fortunaidentity.com
Address: Fortuna Identity Pvt. Ltd.,  

Plot No. 101, Kavuri Hills- Phase II,

Hyderabad- 500033, Telangana, India

Compliance Statement

This policy is designed to align with the Digital Personal Data Protection Act, 2023 and supports audit readiness, accountability, and transparency requirements.