1. Collection of Personal and Non-Personal Information

Nisarga Woods Private Limited (hereinafter referred to as the “Company”, “we”, “our”, or “us”) places the utmost importance on respecting your privacy and protecting the information you share with us. When you interact with, access, or utilize our official digital assets—including our website, subdomains, investor dashboards, mobile applications, subscription forms, contact interfaces, or any other part of our online platform (collectively referred to as the “Platform”)—we collect certain categories of information that are either provided voluntarily by you or collected automatically through system interaction. This includes, but is not limited to, your full name, contact number, email address, date of birth, gender, permanent and/or correspondence address, nationality, investment preferences, PAN number, Aadhaar number, and scanned copies of identity verification documents. In addition, we may request your banking details, digital signatures, photographs, nominee details, and tax declarations, especially where such data is required for participation in agro-realty projects, farmland ownership structuring, or investment schemes. Automatically collected data includes your IP address, browser type, device specifications, language preferences, usage behavior, session durations, referral sources, and location metadata. This may be obtained through cookies, pixels, tags, JavaScript trackers, or third-party analytics tools. All information collected is retained with the sole intent of enabling lawful, secure, and transparent operations, and such collection is done in good faith with your express or implied consent as required under applicable Indian laws.

2. Purpose and Legal Basis for Use of Information

All personal and non-personal information gathered by us is used strictly for legitimate business purposes and in accordance with applicable laws, including but not limited to the Information Technology Act, 2000 and relevant data protection rules framed thereunder. The purposes of data collection include verifying your identity, processing registration and onboarding formalities, enabling you to explore and invest in agro-realty and sustainable farmland opportunities, customizing project recommendations, providing access to investor dashboards, communicating vital project-related updates, generating legal documents such as Allotment Letters and Agreements to Sell, and facilitating payments, EMI schedules, and ownership transfers. Your data is also used to comply with applicable legal obligations including KYC/AML requirements, taxation laws, environmental regulatory filings, and other real estate compliance mandates. In addition, your personal data may be used to personalize your experience on the Platform, respond to queries, manage customer service requests, handle grievances, send transactional emails, and—only with your prior consent—communicate promotional content, newsletters, or investor announcements. All such use is rooted in your consent, contractual necessity, statutory obligation, or the legitimate interest of protecting our business and ensuring platform integrity.

3. Consent, Withdrawal, and User Control

By engaging with our Platform and voluntarily submitting your information, you provide us with your informed, free, and unconditional consent to process and retain your data as outlined in this Privacy Policy. Your consent is obtained either through affirmative action (such as checking a box, clicking ‘Submit’, or providing OTP-based verification), or implied by your continued use of the Platform. We provide you with sufficient notice and explanation at the time of data collection. You may at any time choose to withdraw your consent by writing to our designated Grievance Officer, or by initiating account deletion from the user portal (where applicable). However, please note that such withdrawal may result in restricted access to services, loss of investment privileges, or inability to complete ongoing transactions, and may require you to execute separate declarations for legal and regulatory closure. We shall not be liable for any service disruptions or losses arising out of withdrawal of consent where such consent is a precondition for project participation or land-related formalities.

4. Data Storage, Retention, and Security Practices

We maintain strict data governance practices and employ robust technical, operational, and administrative safeguards to secure your personal information against unauthorized access, misuse, alteration, or destruction. All sensitive data is stored on encrypted servers, with multi-level access controls, intrusion detection systems, firewall protections, and 256-bit SSL certificates implemented across all digital endpoints. Access to personal information is restricted to authorized personnel on a need-to-know basis, and periodic audits are conducted to test the effectiveness of our security framework. We retain your data for as long as necessary to fulfill the specific purpose for which it was collected or to comply with applicable regulatory or contractual obligations, including those arising from land ownership, revenue records, legal disputes, taxation assessments, or statutory audits. Upon lapse of the retention period or receipt of a valid deletion request, your data will either be securely deleted, anonymized, or archived in a manner compliant with Indian data retention laws. Please note that the Company shall not be held liable for any breach arising from events beyond our reasonable control, including but not limited to cyberattacks, government-mandated disclosures, or acts of God

5. Disclosure and Sharing of Information

We do not, under any circumstances, sell, lease, or trade your personal information for profit. However, certain categories of data may be shared on a limited basis with internal and external stakeholders in order to facilitate the smooth functioning of business operations. This includes trusted service providers, legal and financial consultants, payment aggregators, project partners, surveyors, digital marketing agencies, cloud hosting providers, and KYC verification agents who are contractually bound to maintain confidentiality, use data strictly as instructed, and comply with equivalent privacy standards. Your data may also be disclosed to statutory or government authorities upon receipt of a lawful order, for purposes such as tax filing, enforcement of land transfer procedures, prevention of fraud, court orders, or investigation of complaints. In the event of a merger, acquisition, strategic partnership, or change in control of the Company, your data may be part of the transferred business assets, but such transfer shall be subject to the principles and obligations stated in this Privacy Policy.

6. Cross-Border Transfers and Global Hosting Infrastructure

As part of our operational architecture and IT infrastructure, your personal data may be stored or processed on servers located outside India, depending on the geographic location of our hosting services, cloud providers, or database partners. By using our Platform and accepting this Policy, you expressly authorize the Company to transfer your data to jurisdictions outside India where adequate data protection measures are observed. We assure you that such cross-border transfers are conducted only when necessary and under legally binding safeguards, including Standard Contractual Clauses (SCCs), data processing agreements, and compliance certifications. In all instances, the Company ensures that the level of protection afforded to your data abroad is at least equivalent to that mandated under Indian data privacy norms.

7. Use of Cookies, Tracking Tools, and Analytics

The Platform utilizes cookies, tracking pixels, and analytics scripts to improve functionality, enhance user experience, gather statistical insights, and personalize service offerings. Cookies are small text files stored on your device that help us recognize returning users, maintain sessions, store user preferences, and analyze behavioral data such as time spent on pages, click patterns, form abandonment, and response rates. Some cookies are essential for Platform functionality and cannot be disabled, while others may be disabled or deleted via browser settings. By continuing to use the Platform, you consent to our use of cookies and analytics tools such as Google Analytics, Meta Pixel, and Hotjar in accordance with this Policy. Disabling certain cookies may impact your access to personalized features and secure logins.

8. Grievance Redressal and User Rights

In compliance with Indian laws and fair practice standards, we uphold your rights as a data subject, including the right to access your information, rectify inaccurate or outdated data, request erasure or restriction of processing, and object to certain forms of data use. Any concerns, complaints, or grievances regarding the handling of your personal data may be directed to our appointed Grievance Officer whose details are provided below. The Grievance Officer shall acknowledge your complaint within seven (7) working days and endeavor to resolve it within thirty (30) days, barring exceptional circumstances. We remain committed to transparency, accountability, and lawful data processing in all user interactions.

Grievance Officer
Hebbevu Farms Private Limited
Ninth floor, Unit A 904, Brigade Signature tower Huskur village, Bengaluru, Karnataka 560049
Email: hello@hebbevu.com
Phone: +91 9606975444

9. Updates and Modifications to this Policy

We reserve the unfettered right to amend, update, revise, or supplement this Privacy Policy at any time, at our sole discretion, to reflect changes in legal requirements, technological upgrades, business processes, or industry best practices. Any such revision shall be communicated by publishing the updated Policy on the Platform along with a revised effective date. We encourage all Users to periodically review this Policy to stay informed about how we protect and utilize your data. Your continued use of the Platform following the publication of any changes shall constitute your acceptance of such revised terms.

10. Children’s Privacy and Age Restrictions

Nisarga Woods Private Limited does not knowingly solicit or collect personal data from individuals under the age of 18 years. Our services, offerings, investment opportunities, and digital interfaces are designed and intended exclusively for adults who are legally capable of entering into binding contracts under Indian law, particularly in the context of land ownership, financial investment, and real estate transactions. By accessing or using our Platform, you affirm that you are at least 18 years of age or the age of majority in your jurisdiction, whichever is higher. In the event that we become aware that personal data has been inadvertently collected from a minor without verified parental or guardian consent, we shall take immediate and reasonable steps to delete such data from our servers and systems. Users who are guardians of minors and believe that a child under their supervision may have submitted personal information to our Platform are requested to contact our Grievance Officer for immediate redressal. The Company disclaims all liability for any harm, loss, or legal action arising from the unauthorized or fraudulent access of our services by individuals below the age threshold.

11. Third-Party Links, Integrations, and External Services

For your convenience and enhanced digital experience, our Platform may contain hyperlinks, plug-ins, embedded forms, API integrations, or redirects to third-party websites, mobile applications, government portals, payment gateways, or partner platforms. These third-party entities operate independently and are governed by their own respective privacy policies, data practices, and terms of service. We do not exercise control over their operations, and we expressly disclaim any responsibility or liability for the content, security protocols, user interface, data usage, or accuracy of the information provided by these external platforms. Clicking on such links or authorizing any external integration is undertaken solely at your own risk, and we advise all Users to review the respective privacy terms of such entities prior to proceeding. Whether you engage with payment gateways for financial transactions, use map tools to view geolocation of farm projects, or utilize third-party document signing platforms for agreement execution, please be advised that any data shared in such processes is subject to the policies of the concerned provider, and Nisarga Woods shall not be held responsible for their data handling practices.

12. Behavioral Advertising and Marketing Communications

Subject to your explicit or implied consent obtained through website forms, checkboxes, or digital interactions, we may use your personal information to offer customized advertisements, promotional offers, investor bulletins, curated content, event invitations, or updates about new projects launched by Nisarga Woods. We may also employ remarketing technologies, display advertising, or demographic targeting through platforms such as Google Ads, Meta Business Suite, or LinkedIn Campaign Manager to showcase relevant products based on your browsing history, project interests, and interaction with our Platform. You have the right to opt-out of any such marketing communications at any time by using the unsubscribe link provided in our emails or by contacting us directly through the official channels mentioned herein. Please note that opting out of marketing does not affect your ability to receive mandatory service-related communications such as transaction confirmations, legal notices, project updates, or grievance correspondence.

13. Employee Access and Internal Confidentiality

We maintain a strict internal protocol regarding access to personal data submitted by Users through the Platform. Only designated employees, consultants, and system administrators—whose roles directly relate to customer service, documentation, legal review, technical maintenance, or project allocation—are granted limited and monitored access to personal information stored in our systems. All such personnel are bound by contractual non-disclosure agreements (NDAs), data protection training mandates, and role-based access policies to ensure that your information is handled responsibly and securely. Any breach of confidentiality by internal personnel is treated as a serious violation and may lead to disciplinary action, termination, or prosecution under applicable Indian laws. We also ensure that third-party vendors and consultants working with us for technical, legal, or compliance functions follow equivalent standards of security, access limitation, and data retention as mandated under this Privacy Policy.

14. Data Accuracy, Verification, and Correction

We strongly encourage all Users to ensure that the personal and financial information shared with us is accurate, up-to-date, and verifiable. This is particularly important in the context of real estate documentation, title transfer, due diligence, and registration processes. Inaccurate or outdated data may result in communication delays, payment rejections, or legal discrepancies during execution of agreements or compliance submissions. You have the right to request review and correction of any information that is found to be incorrect or incomplete by contacting our Grievance Officer and submitting valid supporting documentation. The Company reserves the right to independently verify the corrections sought and to reject unreasonable or unverifiable requests in accordance with applicable legal standards. The accuracy and authenticity of your data is critical to safeguarding your rights as an investor and to enabling seamless transactions in line with the regulatory framework governing agro-realty investments in India.

15. Legal Disclosures and Enforcement Compliance

We may disclose your personal information, without prior notice or consent, if required to do so by law or if such disclosure is reasonably necessary to:

(i) comply with legal obligations, governmental inquiries, tax audits, or court proceedings;
(ii) enforce our terms of use, privacy obligations, or investment agreements;
(iii) protect and defend the rights, property, or safety of Nisarga Woods, its employees, investors, or affiliated entities; or
(iv) respond to claims of data misuse, fraud, or violation of statutory obligations. All such disclosures shall be made in good faith, with due regard to confidentiality norms, and only to the extent necessary for compliance or protection. In the event that a government agency, court, tribunal, or investigative authority seeks access to your information, we will, wherever legally permissible, notify you in advance of such disclosure.

16. Compliance with the Information Technology Act, 2000 and Data Protection Rules

Nisarga Woods Private Limited strictly adheres to the applicable provisions of the Information Technology Act, 2000, along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which collectively govern the handling, collection, storage, usage, transfer, and disclosure of Sensitive Personal Data or Information (SPDI) in India. The Company ensures that all SPDI—including financial details, biometric data, user passwords, contact numbers, and government-issued identification—is collected only after securing the explicit consent of the User, and solely for lawful purposes directly related to the delivery of services, execution of contracts, or legal compliance under Indian law. Such data is stored using industry-standard encryption, secure servers, and access-limited frameworks, in conformity with the ISO/IEC 27001 security standard or any other code of best practices prescribed under Rule 8 of the said Rules. We further commit that no sensitive personal data shall be published or disclosed to third parties without prior consent, except when mandated under legal obligation or authorized by governmental authorities. Any User, as a data provider, is entitled under Rule 5(6) to withdraw consent or review and correct their information by submitting a written request to our designated Grievance Officer. The Company shall, within a reasonable period, comply with such lawful requests subject to verification and operational constraints. Our compliance with these statutory provisions is ongoing and subject to regular audit and revision in accordance with amendments in Indian cyber laws and data protection standards.