Privacy Policy | Lumio Capital — Early-Stage Venture Capital

1. Introduction

Lumio Capital ("we", "us", or "our") is committed to protecting the privacy of individuals who visit our website at lumiocap.com (the "Website") and who submit information through our intake or pitch forms.

This Privacy Policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), as applicable.

By using the Website, you consent to the collection, use, storage, and disclosure of your information as described in this Privacy Policy.

2. Definitions

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under Section 2(t) of the DPDP Act, 2023.

"Data Principal" means the individual to whom the Personal Data relates, i.e., you, the user of this Website.

"Data Fiduciary" means the entity that determines the purpose and means of processing of Personal Data — in this case, Lumio Capital.

"Sensitive Personal Data or Information" (SPDI) includes passwords, financial information, health data, biometric data, sexual orientation, and such other categories as specified under Rule 3 of the SPDI Rules, 2011.

3. Information We Collect

We may collect and process the following categories of information:

3.1 Information You Provide Voluntarily

Full name(s) of founder(s) and their professional profile URLs (e.g., LinkedIn).
Company or project name.
Contact email address.
Pitch details, including one-sentence descriptions, problem statements, team qualifications, and links to pitch decks or memos.
Any other information you voluntarily provide through forms or correspondence.

3.2 Information Collected Automatically

IP address and approximate geolocation.
Browser type, version, and operating system.
Pages visited, time spent, referral URLs, and clickstream data.
Device identifiers and screen resolution.

We may use cookies, web beacons, or similar tracking technologies to collect this information. You may configure your browser to refuse cookies; however, certain features of the Website may not function as intended.

3.3 No Collection of Sensitive Personal Data

We do not intentionally collect Sensitive Personal Data or Information as defined under Rule 3 of the SPDI Rules, 2011. You are advised not to submit any SPDI through the Website.

4. Purpose of Collection and Use

Your Personal Data is collected and processed for the following lawful purposes:

Evaluation of Pitch Submissions: To review, assess, and respond to startup pitches and investment opportunities submitted through the Website.
Communication: To contact founders regarding their submissions, provide feedback, or request additional information.
Website Operations: To maintain, improve, and analyse the performance and security of the Website.
Legal Compliance: To comply with applicable laws, regulations, and legal processes under Indian law.
Legitimate Interest: To protect the rights, property, and safety of Lumio Capital and its stakeholders.

We shall not process your Personal Data for any purpose beyond what is specified herein without obtaining your prior consent, as required under Section 6 of the DPDP Act, 2023.

5. Data Storage and Retention

Your data may be stored on servers located in India and/or servers operated by third-party cloud service providers with data centres outside India. Where data is transferred internationally, we ensure that adequate safeguards are in place in accordance with applicable Indian law.

We retain your Personal Data only for as long as is necessary to fulfil the purposes outlined in this Policy, or as required to comply with legal obligations, resolve disputes, or enforce our agreements. Pitch-related data shall be retained for a maximum period of three (3) years from the date of submission, unless a continuing business relationship exists.

6. Disclosure of Information

We shall not disclose your Personal Data to any third party except in the following circumstances:

With your prior written or electronic consent.
To trusted service providers and partners who assist us in operating the Website and conducting our business, subject to confidentiality obligations.
When required by law, regulation, court order, or governmental authority under Indian law, including orders under Section 69 of the IT Act, 2000.
To protect and defend the rights, property, or safety of Lumio Capital, its stakeholders, or third parties.
In connection with a merger, acquisition, reorganisation, or sale of assets, subject to the acquiring entity agreeing to be bound by the terms of this Privacy Policy.

We do not sell, rent, or trade your Personal Data to third parties for commercial or marketing purposes.

7. Data Security

We implement reasonable security practices and procedures, as mandated under Rule 8 of the SPDI Rules, 2011, commensurate with the information being protected. These include:

Encryption of data in transit using TLS/SSL protocols.
Access controls limiting data access to authorised personnel only.
Regular security assessments and audits.
Secure coding practices for web applications.

Notwithstanding the above, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee absolute security.

8. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights in relation to your Personal Data:

Right to Access

You may request a summary of the Personal Data that is being processed and the processing activities undertaken (Section 11).

Right to Correction & Erasure

You may request correction of inaccurate or misleading Personal Data, completion of incomplete data, or erasure of data no longer necessary (Section 12).

Right to Grievance Redressal

You may raise a grievance with respect to any act or omission of the Data Fiduciary regarding your Personal Data (Section 13).

Right to Withdraw Consent

You may withdraw consent at any time with prospective effect. Upon withdrawal, we shall cease processing your Personal Data (Section 6(5)).

To exercise any of these rights, please contact us using the details provided in Section 11 below.

9. Cookies and Tracking Technologies

We may use the following types of cookies:

Essential Cookies: Required for the basic functionality of the Website.
Analytics Cookies: Used to understand user behaviour, traffic sources, and Website performance (e.g., Google Analytics or similar tools).

You may manage cookie preferences through your browser settings. Blocking certain cookies may affect the functionality of the Website.

10. Third-Party Links

The Website may contain hyperlinks to third-party websites. We are not responsible for the privacy practices, content, or security of such external websites. We encourage you to read the privacy policies of any third-party website you visit.

11. Grievance Officer

In accordance with Rule 5(9) of the SPDI Rules, 2011 and Section 13 of the DPDP Act, 2023, the details of the Grievance Officer are as follows:

Grievance Officer

Lumio Capital

Email: legal@lumiocap.com

Grievances shall be addressed within thirty (30) days from the date of receipt of the complaint, in accordance with applicable law.

12. Amendments to this Policy

We reserve the right to modify or update this Privacy Policy at any time. Any changes shall be effective upon publication on the Website with a revised "Last Updated" date. Your continued use of the Website after such modifications constitutes your acceptance of the revised Privacy Policy.

13. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in New Delhi, India.