Privacy Policy

DNA Growth (trading as DNA Growth Global) is a global professional services firm providing outsourced finance, accounting, financial planning & analytics, strategic advisory, and technology solutions. Our registered websites are https://www.dnagrowth.com and https://www.blog.dnagrowth.com (together, the “Websites”).

We act as the data controller for personal data collected through our Websites. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over your information.

This policy applies to all visitors, prospective clients, existing clients, and anyone who interacts with our Websites or contacts us directly. It is designed to comply with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) / CPRA, Canada’s PIPEDA, and other applicable regional privacy regulations.

By using our Websites, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Websites.

We use the personal data we collect for the following purposes:

• Responding to inquiries: To reply to messages, consultation requests, and service enquiries you send us.
• Delivering services: To fulfil contractual obligations where you or your organisation engage DNA Growth for professional services.
• Website improvement: To analyse how our Websites are used, identify issues, and enhance user experience.
• Marketing communications: To send relevant updates, insights, or promotional materials — only where you have given explicit consent or where applicable law permits it.
• Security and fraud prevention: To protect our Websites, detect suspicious activity, and prevent misuse.
• Legal and regulatory compliance: To meet obligations under applicable laws, respond to lawful requests, and enforce our terms.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

If you are located in the European Union, United Kingdom, or European Economic Area, we are required under the GDPR (and UK GDPR) to identify a lawful basis for processing your personal data. We rely on the following bases:

If you have questions about the specific legal basis applicable to your data, please contact us using the details in Section 12.

We do not sell, rent, or trade your personal data to any third party. We may share your data in the following limited circumstances:

• Service Providers: Trusted third-party vendors who help us operate our Websites and deliver our services — such as email delivery platforms, CRM tools, analytics providers (Google Analytics), and web hosting. These providers process data only on our behalf, under contractual data processing agreements, and are not permitted to use your data for their own purposes.
• Professional Advisors: Lawyers, accountants, auditors, and insurers, where necessary in connection with our business operations.
• Legal & Regulatory Authorities: Where we are required to disclose information by law, court order, or regulatory authority — for example, to comply with anti-money laundering regulations or respond to a lawful government request.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred as part of that transaction. We will notify affected individuals and ensure any new data controller is bound by appropriate obligations.

DNA Growth operates globally, with team members and service providers in multiple countries including the United States, India, the United Kingdom, and others. This means that your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not have the same level of data protection laws as your home jurisdiction.

Where we transfer personal data from the EU, UK, or EEA to countries that have not received an adequacy decision from the European Commission (or the UK Secretary of State), we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs)
• Transfers to countries covered by an adequacy decision
• Binding corporate rules, where applicable

You may request details of the specific safeguards we apply to your data transfers by contacting us at hello@dnagrowth.com.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our standard retention periods are:

When data is no longer required, we securely delete or anonymise it. Where deletion is not immediately possible (for example, because data is stored in backup archives), we will isolate the data and protect it from further processing until deletion is feasible.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These measures include:

• HTTPS encryption across all our Websites
• Access controls limiting data access to authorised personnel only
• Regular security assessments and software updates
• Contractual data security obligations on all third-party service providers

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that is likely to pose a risk to your rights and freedoms, we will notify the relevant supervisory authorities and, where required, affected individuals, in accordance with applicable law.

Our Websites and services are directed exclusively at business professionals and organisations. They are not intended for, and we do not knowingly collect personal data from, individuals under the age of 16 (or 13 in jurisdictions where a lower age threshold applies, such as the United States under COPPA).

If you believe that a child under 16 has submitted personal data to us, please contact us immediately at hello@dnagrowth.com and we will take steps to delete that information promptly.

Our Websites may contain links to third-party websites, resources, or tools. These links are provided for your convenience only. Once you click a link and leave our Website, this Privacy Policy no longer applies. We have no control over the content, privacy practices, or security of third-party websites and accept no responsibility for them. We encourage you to review the privacy policy of any third-party site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last Updated” date at the top of this page. For significant changes, we may also provide a more prominent notice (such as an on-site banner or an email notification to users who have provided contact details).

We encourage you to review this policy periodically. Your continued use of our Websites after any changes constitutes your acknowledgement of the updated policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data — including requests to exercise your rights — please contact us:

For EU/UK residents: if you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with your local supervisory authority — for example, the UK Information Commissioner’s Office (ico.org.uk) or your EU member state’s data protection authority via edpb.europa.eu.