Home|Privacy Policy

Privacy Policy

Objective

We have formulated this Privacy Policy to help you understand how we deal with the personal data collected from our employees, contractors, associates, vendors, and clients.

Scope

This policy applies to employees, partners, contractors, associates, consultants, vendors, retainers, clients and website visitors.

Policy Statement

We are committed to protecting and responsibly using your personal data and promoting individual privacy rights. We strive to protect personally identifiable information that we maintain or disseminate through proper administrative, physical, and technical safeguards to ensure that such information is not obtained by unauthorized individuals or used in unauthorized ways.

Framework

We may collect, store, process, use, transfer, and disclose such information about individuals (“Data Subjects or Data Principals”), which may constitute Personal Information, including Sensitive Personal Data or Information under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 or Personal Data under the Digital Personal Data Protection Act, 2023 (DPDPA), or any other applicable law in India. This policy explains the practices we follow for the collection, use, disclosure, transfer, security, and protection of Personal Information, rights of Data Principals, breach management, and other related aspects.

Meaning And Collection of Personal Data

"Personal Data" means any data relating to a Data Principal that is capable of identifying such Data Principal directly or indirectly, such as name, an identification number, location data, an online identifier, an Indirect Identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Principal. Personal Data will include Sensitive Personal Information and Special Categories of Personal Information as defined in Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. We will ensure that Personal Data collected by us is for Legitimate purposes and is used only for that specific purpose adequate, relevant, and limited to what is necessary to the intended purpose and after obtaining explicit consent, where applicable.

As data fiduciaries, we may collect a variety of personal data for legitimate purposes, such as to meet legal and regulatory obligations and for business purposes. We may collect or receive such Personal Data when you interact with us on our website, e-mail, mobile apps, or other web-based applications or through personal, telephonic, or audio-visual meetings or when you provide any documents containing your Personal Information. The Personal Data collected by us could include one or more of the following:

  • Name, birthdate, phone numbers, mailing address, email addresses, contact details, education documents, reference letters, relieving certificates, photographs, passwords to our portal, passport information;
  • Financial information such as bank account details, financial statements, permanent account number, annual income, details regarding payment instruments, tax deducted at source, service tax registration
  • Physical, physiological, and mental health condition, medical records, and history
  • Information gathered through the use of biometrics, such as fingerprints, eye retina, iris, voice patterns, and facial recognition
  • Professional certifications and registrations
  • Disciplinary and grievance procedures, the results of credit and criminal background checks
  • Voicemails, e-mails, correspondence, and other work products and communications created, stored, or transmitted by an employee using our computer or communications equipment
  • Driving license number, vehicle registration number
  • Information captured on security systems, including CCTV and key card entry systems
  • Information provided by way of participation in surveys, inquiries, subscriptions, and job applications

Consent For Personal Data

Where processing of Personal Data requires consent, we will obtain your written consent to collect, use and process your Personal Data. With respect to Personal Data disclosed to us by a data fiduciary, we will contractually obligate the data fiduciary to ensure compliance with all legal requirements relating to obtaining of consent. We will maintain and protect the appropriate security, integrity, and confidentiality of such Personal Information. In case you refuse to provide the required Personal Data or withdraw your consent at any point of time, we shall have the discretion to discontinue, refuse or withdraw our services for which the information was sought. In case of our employees, associates, partners, consultants, contractors, and retainers, we may terminate the employment or service contract or modify the terms of employment or service contract.

Use Of Personal Data

The Personal Data collected or received by us may be used or processed by us or any person or entity contractually engaged by us for purposes including

  • Administrative, operational, and business purposes
  • To execute our contractual obligations
  • To process and respond to requests and queries
  • Conducting market or customer satisfaction research
  • Payment of salaries, fees, or reimbursements into bank accounts
  • Verification of certain information
  • Providing individuals with information concerning products and services which we believe will be of interest
  • Detection, investigation and prevention of fraud and other crimes or malpractice
  • Providing Personal Data to any person or entity engaged by us to render services relating to payment, human resources, accounting etc. to support our business activities on a ‘need to know’ basis
  • Dealing with requests, enquiries or complaints and other client related activities
  • Carrying out activities connected with the running of our business such as personnel training, quality control and in connection with the transfer of any part of our business
  • Addressing network integrity and security issues
  • Protecting our networks and security systems, including monitoring and detection of potential threats, such as hacking, virus dissemination and other security vulnerabilities
  • Making available Personal Data to governmental or regulatory authorities or to a court or judicial officer as may be required under applicable law
  • Carrying out any activity in connection with a legal, governmental or regulatory requirement, for the purpose of compliance of a legal obligation in connection with legal proceedings under applicable law including cyber incidents, prosecution, and punishment for offenses, protecting and defending our rights or property or to protect another person’s safety, or to help investigations, monitor or prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person
  • Recording and monitoring electronic communications, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies and for the purposes outlined above
  • Evaluate applications for employment
  • Manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes
  • Develop manpower and succession plans
  • Protect the safety and security of staff and property including taking measures to facilitate assistance and support in case of emergency such as inserting contact numbers, blood group details on identity cards
  • Administer formalities with respect to termination of employment
  • Provide and maintain references
  • Maintain emergency contact and beneficiary details

Processing for the purposes of this policy refers to online and offline processing and includes activities such as copying, filing, and feeding information into a database. We maintain Personal Data in an organised and easily accessible manner. We will use the Personal Data only for the purpose for which it has been collected.

Disclosure Of Personal Data

We may at times disclose and/or transfer Personal Data to third parties in cases where it is necessary for discharging our contractual obligations and/or providing services to you and/or if you have consented for the same. We may, on a need basis, disclose and/or transfer Personal Data to

  • associates, affiliates, partners, other persons or bodies corporate to enable them to provide services to you on our behalf or provide services to us or assist us in client engagements which involves receipt and collection of, receiving, processing, storing, dealing or handling personal information.
  • any relevant entity in the event of a reorganization, merger, or sale
  • any third party pursuant to a requirement of a governmental or regulatory body or an order of a court of competent jurisdiction or as may be required under applicable law.

If we outsource the processing of your Personal Data to third parties or provide your Personal Data to third-party service providers, we will oblige those third parties to protect your Personal Data with appropriate security measures and prohibit them from using your Personal Data for their own purposes or from disclosing your Personal Data to others. We will adhere to consent and intimation requirements where your Personal Data is shared with third parties.

Security Practices and Controls

We will take all reasonable steps to ensure that Personal Data is stored in a secure environment and protected from unauthorized access, modification, or disclosure. We strive to keep the Personal Data secure by implementing the security practices and controls.

Personal Data is stored using systems with restricted access and housed in facilities with physical security measures. Our comprehensive information security programme is documented in our Information Security Policy (Sudit K. Parekh & Co. LLP Information Security Policy), which contains managerial, technical, operational, and physical security control measures. Our offices are ISO 27001, ISO 9100, and BS10012 certified to manage the security and privacy of Personal Data.

Updating Of Personal Data

We will keep your records updated with the latest available Personal Information. To enable this, you can reach out to dpo.office@skparekh.com.

Retention Of Personal Data

We will retain Personal Data only for such period as may be required to observe, perform, and comply with our obligations or as required under applicable law

Rights Of Data Principals

As a Data Principal, you have several rights concerning your Personal Data that we want to make you aware of summarily

  • Right to Access: As a Data Principal, you have the right to access your Personal Data being processed by us and understand the purpose, recipients to whom your Personal Data has been disclosed, and the envisaged period of retention of Personal Information.
  • Right to Rectification: You have the right to rectify any inaccuracy in your Personal Data obtained and processed by us.
  • Right to Erasure: You have the right to get your Personal Data erased on the grounds of completion of purpose, withdrawal of consent, unlawful processing of data, or pursuant to the exercise of the right to restrict processing or any statutory requirement.
  • Right to Restriction of Processing: You have the right to require us to restrict processing of your Personal Data on grounds where you contest the accuracy of the Personal Data being processed and in case of unlawful processing, among others.
  • Right to Data Portability: You have the right to receive your Personal Data collected and being processed by us in a structured, commonly used, and machine-readable format and have the right to transmit such Personal Data to another fiduciary without any hindrance from us when the processing of Personal Data is based on consent and where processing is carried out by automated means.
  • Right to object to processing: You have the right to object to processing your Personal Data on grounds and if such Personal Data is being processed for direct marketing purposes.
  • Right to lodge complaints: Where you believe that we have violated or presented a potential risk to your right to privacy, you have the right to lodge a complaint with the Data Protection authority under the applicable regulations.
  • Right to withdraw consent: You may at any time withdraw your consent by writing to us at the e-mail address below.

You may exercise your rights by writing to us at dpo.office@skparekh.com. Exercise of the above rights shall be under DPDPA.

Data Protection Officer

Our Data Protection Officer (DPO) can be reached at dpo.office@skparekh.com .

Breach Management

We have an established Security and Privacy Incident Policy that outlines various threats and vulnerabilities that may lead to breaches of security and privacy of Personal Data and processes to guide and implement responses to such incidents. If you have any privacy-related concerns, feedback, or grievances, you may contact us at dpo.office@skparekh.com

Changes To Policy

We may update our Privacy Policy from time to time. The revised policy will be posted on our website.