Terms of Use and Privacy Policies

Last updated: March 9, 2026

The policies below are applicable to www.fsg.org and any other websites operated by FSG. The practices described in this Terms of Use apply only to information gathered online at our website. They do not apply to information that you may submit to us offline or to websites maintained by other companies or organizations to which we may link.

Information We Collect

Personal Information

You can browse FSG.org without submitting your personal information to us. However, there are a number of circumstances in which you may need to provide us with your personal information.

Here are the most common ways in which we collect your personal information:

• When you sign up to receive e-mail newsletters from us;
• When you download publications and articles from us;
• When you register for and participate in our programs, activities, initiatives, and events;
• When you request information or assistance;
• In conjunction with your employment inquiries or applications;
• When you participate with social media accounts involving FSG properties;
• When you participate in communities and other interactive services;
• In conjunction with any verification of your account information;
• In conjunction with investigations into any activity that may violate the law or the website’s terms and conditions;
• When you communicate with us through the website;
• In conjunction with any other place on the website where you knowingly volunteer personal information.

Non-Personal Information

When you interact with the website, our servers may keep an activity log that does not identify you individually (“Non-Personal Information”). We may collect the following categories of Non-Personal Information:

• We may collect certain demographic data such as age, gender, and five-digit zip code as part of collecting personal information;
• We collect and store certain device information about your computer, mobile device, or other device that you use to access the website. This information may include IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information;
• We automatically log certain usage information about your use of the website, including a history of the pages you view. We use this information to provide you with a more customized experience on the website;
• We collect and store additional “traffic data” such as time of access, date of access, software crash reports, access times, and referring website addresses; and
• We collect and store your search terms and search results.

We also collect and store certain other Non-Personal Information regarding our users’ use of the website so that third parties may provide us with reports and analysis regarding usage and browsing patterns of the website.

We may combine Personal Information and Non-Personal Information gathered from the website and information that we have received, gathered, acquired, or stored from other sources, both information collected offline by FSG and information received from third parties—including information that currently exists in our files—into a single customer record. We also use and/or combine information that we collect offline to edit, enhance, and/or check the accuracy of your customer record.

How We Use Your Information

We use the information we learn from you to help us personalize and continually improve your experience on the website. We use your Personal and Non-Personal Information in the following ways:

• For editorial purposes;
• Responding to your inquiries;
• Communicating with you about your transactions with us and sending you information about features on our website or about FSG;
• Communicating with you about changes to our policies;
• Personalizing content and experiences on our website, including providing you with recommendations based on your preferences;
• Sending you newsletters, mailings, and information about programs, initiatives, activities, and events by e-mail or another medium;
• Processing your employment application;
• Event or program registration;
• Optimizing or improving our programs, services, and operations;
• Research and development;
• Verifying your account and account activities;
• Detecting, investigating, and preventing activities that may violate our policies or be illegal;
• Performing statistical, demographic, and marketing analyses of users of the website and their usage patterns; and
• Managing our organization.

We Are Committed to Protecting Your Personal Information

We do not sell or rent personal information to others, unless we are required to do so to conform to an applicable law or to protect the safety of FSG, our affiliates, the users of our website, or the public. We use your information only for the limited purposes of sending you updates and useful information about our services, programs, resources for the field, enhancing the site operation, for statistical purposes, and for overall systems administration.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Cookies

Like many websites, we use “cookies,” which are small text files that are stored on your computer or equipment when you visit certain online pages that record your preferences. We use cookies to track use of our Websites and online services. We may also use cookies to monitor traffic, improve the Websites, and make it easier and/or relevant for your use. You have the ability to accept or decline cookies.

Like some websites, we may also use web beacons or flash cookies. A web beacon or flash cookie (also known as an “action tag” “tracer tag,” or “single-pixel GIF”) is an invisible graphic on a web page or e-mail newsletter that is programmed to collect non-personally identifiable information about your use of a given website or newsletter, e.g., whether you opened the e-mail. Like cookies, web beacons allow FSG and its technology providers to summarize overall usage patterns for our analysis and provide personalized services to you. We do not share or provide personally identifiable information we may collect through such web beacons, such as names or e-mail addresses, without your permission.

Childrens’ Personal Information

While our website may be viewed by children, our site is not specifically dedicated to children and we do not actively solicit information from children. Children under the age of 13 are required to obtain permission from a parent or guardian prior to providing any personal information.

General Data Protection Regulation

The General Data Protection Regulation (“GDPR”) is a European Regulation concerning the use and processing of personal information. We are committed to processing your information in compliance with the GDPR upon its effectiveness on May 25, 2018.

The Website is published in the United States and is subject to laws of the United States. If you are located in a country outside the United States and voluntarily submit personal information to us, you thereby consent to the general use of such information as provided in this Privacy Policy and to the transfer of that information to, and/or storage of that information in, the United States.

Questions and comments should be directed to Isra Pananon Weeks, Chief of Staff, at isra.weeks@fsg.org.

179 Lincoln Street, 3rd Floor
Boston, MA 02111
866.351.8484

To unsubscribe from e-mail updates from FSG or to delete your contact record, email Isra Pananon Weeks at isra.weeks@fsg.org.

Changes to Terms of Use

FSG reserves the right to amend the Terms of Use at any time, without any reason, without notice to you. Any changes will be published here, and you should check this website to access our most current Terms of Use. We will publish a “last updated” date at the bottom of this page.

Last updated: March 9, 2026

Last updated: March 17, 2026

1. Purpose

FSG Advisory Services Private Limited (‘FSG ASPL’ or ‘The Company) qualifies as a small data fiduciary under the Digital Personal Data Protection Rules, 2025.

This policy’s objective is to ensure compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025, safeguarding personal data of employees, clients, vendors, and other stakeholders. It establishes principles for lawful, transparent, and secure data handling.

Hierarchy of Policies: This Data Protection Policy (“Policy”) is specifically designed to ensure the compliance of FSG ASPL with the DPDP Act and DPDP Rules, 2025 and other applicable Indian data protection laws. In the event of any conflict or inconsistency between the provisions of this Policy and any other firmwide policy of FSG, Inc., the provisions of this Policy shall prevail to the extent necessary to ensure compliance with Indian law. For all other matters not governed by Indian data protection law, the relevant firmwide FSG, Inc. policies shall prevail.

2. Scope

• Applies to all employees, contractors, and third parties handling personal data.
• Covers both digital and physical records of personal data processed by the company.
• Relevant for operations within India and any cross-border data transfers permitted under law.

3. Key Definitions

• Data Principal: The individual whose personal data is being processed.
• Data Fiduciary: The company, as the entity determining the purpose and means of processing.
• Personal Data: Any data that identifies or relates to an individual.
• Sensitive Personal Data: Includes financial, health, biometric, or official identifiers.

4. Principles of Data Processing

• Lawfulness & Consent: Data collected only with valid consent or other lawful grounds. Refer annexure 1, 2.
• Purpose Limitation: Data used strictly for the purpose stated at collection.
• Data Minimization: Only necessary data is collected and retained.
• Accuracy: Reasonable steps taken to keep data up to date.
• Storage Limitation: Data retained only as long as necessary for business/ legal purposes.
• Security: Adequate technical and organizational safeguards implemented.

5. Rights of Data Principals

The company respects and facilitates the following rights under the DPDP Act:

• Right to access information about data processing.
• Right to correction and erasure of personal data.
• Right to withdraw consent.
• Right to grievance redressal.

6. Obligations of the Company

• Transparency: Provide clear privacy notices at data collection points. Refer annexure 3.
• Security Measures: Use encryption, access controls, and secure storage.
• Data Breach Notification: Report breaches to the Data Protection Board of India and affected individuals as required.
• Grievance Officer: Appoint a designated officer to handle complaints within statutory timelines. Refer annexure 4 for Grievance Redressal Mechanism SOP.
• Cross-Border Transfers: Ensure compliance with government notifications on permitted jurisdictions.

7. Employee Responsibilities

• Handle personal data only for authorized purposes.
• Prevent unauthorized disclosure or sharing.
• Report suspected breaches immediately to the designated Grievance Officer and the Information Security Officer.

8. Data Retention & Disposal

• Maintain and dispose of all records in compliance with FSG, Inc.’s firmwide Data Retention Policy, which incorporates applicable statutory and contractual obligations. Securely delete or anonymize data once retention period ends. 3

9. Governance & Review

• Policy reviewed upon changes in law.
• Training provided to employees on data protection practices.

10. Contact

Grievance/ Privacy Officer: divya.sherin@fsg.org

For any queries or complaints regarding personal data, individuals may contact the Grievance Officer.

Annexure 1

Consent Form for processing employee data

1. Purpose of Consent
This form seeks your consent for the collection, use, and processing of your personal data by FSG Advisory Services Private Limited (‘FSG ASPL’), and its parent company FSG, Inc. in compliance with the Digital Personal Data Protection Act, 2023.

2. Data Collected

We may collect and process the following information:

• Contact details (e.g., name, phone, email, address)
• Personal information (e.g., age, marital status, education)
• Employment/ contract details (e.g., designation, company name, payroll, compliance records)
• Financial information (e.g., bank details for payments)
• Business communications (e.g., emails, service records)

3. Use of Data

Your personal data will be used only for:

• Providing services and fulfilling contracts
• HR and payroll management
• Legal and compliance obligations
• Communication

4. Sharing of Data

Your data will not be sold. It may be shared only with:

• Government authorities when legally required
• Service providers (e.g., payroll, IT support, auditors, insurers etc.) under strict confidentiality

5. Your Rights

You have the right to:

• Access your personal data
• Request correction or deletion
• Withdraw consent at any time
• Raise complaints with our Grievance Officer (divya.sherin@fsg.org)

6. Declaration & Signature

I hereby consent to the collection, use, and processing of my personal data by FSG ASPL and its parent company, FSG, Inc., as outlined above.

Name: __________________________

Signature: ______________________

Date: __________________________

Annexure 2

Consent for collecting personal data during research/ interviews

Enumerator script (Will be translated to local language as needed)
“Hello. My name is ___ and I am working with FSG Advisory.
We are speaking with people to understand their experiences related to [brief purpose – e.g., hiring women for shopfloor roles].

This interview will take about [X] minutes.

Your participation is completely voluntary. You may choose not to answer any question or stop the interview at any time. There will be no negative consequences if you decide not to participate.

We will collect some information from you, but your name will not be shared in any report. Your responses will be combined with others and used only for research purposes.

If you have any questions later or want your information removed, you can contact us at [FSG POC phone/ email – Share visiting card].

Do you agree to participate in this interview?”

Enumerator then records the response in the interview notes:

• ☐ Yes, verbal consent given
• ☐ No, declined

Annexure 3

Privacy Notice

1. Introduction
We value your privacy. This notice explains how we collect, use, store, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023.

2. What Data We Collect

We may collect:

• Contact details (e.g., name, phone, email, address)
• Personal information (e.g., age, marital status, education)
• Employment/contract details (e.g., designation, company name, payroll, compliance records)
• Financial information (e.g., bank details for payments)
• Business communications (e.g., emails, service records)

3. How We Use Your Data

Your data is used only for:

• Providing services and fulfilling contracts
• HR and payroll management
• Legal and compliance obligations
• Communication

4. Sharing of Data

We do not sell your data. It may be shared only with:

• Government authorities when legally required
• Service providers (e.g., payroll, IT support) under strict confidentiality

5. Your Rights

You have the right to:

• Access your personal data
• Request correction or deletion
• Withdraw consent at any time
• Raise complaints with our Grievance Officer

6. Data Security & Retention

We use encryption, access controls, and secure storage.

Data is retained only as long as necessary for business or legal purposes.

7. Contact

For any privacy-related queries or complaints, please contact:
Grievance Officer: Divya Sherin Email: divya.sherin@fsg.org
Phone: +91-7045050281

Annexure 4

Data Protection Grievance Redressal SOP

A. Objective

For FSG ASPL to ensure timely, fair, and compliant resolution of data protection complaints under the Digital Personal Data Protection Act, 2023.

B. Roles & Responsibilities

• Grievance Officer: Receives, investigates, and resolves complaints.
• Information Security Officer: Supports investigation with necessary internal reviews.
• Department Heads: Supports investigation.
• Senior Management: Handles escalations.

C. Process Steps
1. Receive Complaint

• Accept via email, form, or verbal report.
• Log with timestamp and complainant details.

2. Acknowledge Receipt

• Send acknowledgment within 24-48 hours.
• Include expected resolution timeline (max 7 days).

3. Review Validity

• Confirm if complaint pertains to personal data.
• If invalid, notify with reasons.

4. Investigate

• Review data, systems, and personnel.
• Maintain confidentiality.

5. Propose Resolution

• Share findings and corrective actions within 7 days.
• Document resolution.

6. Close or Escalate

• If resolved, send closure notice.
• If unresolved, escalate to Senior Management.
• If still unresolved after 30 days, the data principal can escalate to Data Protection Board of India.

D. Documentation

• Maintain grievance log with actions and outcomes.
• Archive for minimum 3 years.

E. Contact
Grievance Officer: Divya Sherin Email: divya.sherin@fsg.org
Phone: +91-7045050281