In accordance with the prevailing statutory obligations mandated under the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 , and the ethical guidelines promulgated by the Institute of Chartered Accountants of India , this Privacy Policy delineates the modalities, protocols, and methodologies employed by CA Manish Binod & Associates in relation to the collection, storage, processing, utilization, dissemination, retention, and eventual erasure of personal data (as defined under Section 2(28) of the DPDP Act) furnished by users during their engagement with our digital interfaces, including but not limited to the website camanishbinod.com, client portals, or ancillary platforms.

The personal data collected by the Firm, which may include identifiers such as name, permanent account number (PAN), Aadhar number, contact particulars (telephone, email, residential/business addresses), financial records (bank statements, GST returns, income tax filings, audit documentation), and technical metadata (IP addresses, device identifiers, cookies), is processed for purposes intrinsically aligned with the provision of professional services, including tax advisory, audit compliance, financial consultancy, and regulatory filings, as well as ancillary activities such as client communication, service enhancement, and statutory obligations arising under the Companies Act, 2013, Goods and Services Tax Act, 2017, Income Tax Act, 1961, and other applicable legislative frameworks.

Notwithstanding the foregoing, the Firm reserves the right to disclose personal data to third-party entities, including governmental authorities (e.g., Income Tax Department, GST Network, Ministry of Corporate Affairs), cloud service providers engaged for data storage (subject to encryption protocols), legal advisors, or auditors, in instances where such disclosure is necessitated by legal mandate, contractual obligation, or legitimate interest, provided that such third parties adhere to confidentiality obligations consonant with industry standards and statutory requirements.

Data security measures implemented by the Firm encompass, inter alia, SSL/TLS encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, periodic penetration testing, and secure disposal mechanisms, all of which are designed to mitigate unauthorized access, accidental loss, or unlawful processing, though absolute invulnerability cannot be guaranteed owing to the inherent limitations of digital infrastructure.

Pursuant to Section 8 of the DPDP Act, Data Principals retain the right to request access to their personal data, seek rectification of inaccuracies, withdraw consent (notwithstanding potential service disruptions), and petition for erasure post the statutory retention period of seven (7) years, as prescribed under Section 94A of the Income Tax Act, 1961, which requests must be submitted in writing to the Grievance Officer, whose particulars are enumerated infra.

In furtherance of transparency, the Firm employs cookies, web beacons, and analogous tracking technologies to aggregate non-personal analytics, facilitate session management, and optimize user experience, the acceptance of which is implied through continued website usage, though users may configure browser settings to restrict such tracking, albeit with potential degradation of functionality.

For grievances pertaining to data processing, the Data Principal may contact the designated Grievance Officer, [Name], at [email address], or [phone number], who shall endeavor to resolve complaints within seven (7) working days, in compliance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

This Policy is subject to unilateral amendment by the Firm at its discretion, with revisions promulgated through website publication, and continued usage post-amendment constitutes tacit acceptance thereof.