Privacy Policy – Khalsa Financial Services

Section 01

Introduction

This Privacy Policy applies to all services provided by Khalsa Financial Services, including but not limited to ITR filing, GST services, tax consultation, bookkeeping, and company registration, accessed through our website, WhatsApp, email, telephone, or in person.

We are committed to complying with applicable Indian data protection laws, including the Information Technology Act 2000, the IT (Reasonable Security Practices and Procedures) Rules 2011, and the Digital Personal Data Protection Act (DPDPA) 2023.

We never sell, rent, or trade your personal information. Your data is used only to deliver the professional services you engage us for.

Section 02

Information We Collect

We collect different types of information depending on the service you use. The categories of data we may collect include:

🪪 Identity Data

Full name, PAN number, Aadhaar number, date of birth, gender, photograph

📞 Contact Data

Mobile number, email address, residential/business address

💰 Financial Data

Income details, bank account information, investment proofs, Form 16, salary slips, P&L accounts

🏢 Business Data

Company name, GST number, TAN, incorporation documents, MCA credentials

🔐 Portal Access

Income tax portal, GST portal login credentials provided temporarily for service delivery

🌐 Usage Data

IP address, browser type, pages visited on our website, and referral sources

We only collect information that is necessary and relevant to providing the services you have engaged us for. You have the right to decline providing certain information, though this may affect our ability to deliver services.

Section 03

How We Use Your Data

We use the personal and financial information you share with us for the following purposes:

Service delivery: Preparing and filing income tax returns, GST returns, TDS returns, and other filings on your behalf
Client communication: Contacting you regarding your engagement, sharing draft documents for review, and sending filing acknowledgements
Compliance: Fulfilling our obligations under applicable tax and corporate laws
Internal records: Maintaining client records for audit trail and quality assurance purposes
Service improvement: Understanding service usage patterns to improve our processes (using anonymised, aggregate data only)
Legal defence: Using records to defend ourselves in case of disputes or legal proceedings
Marketing communications: Sending you relevant information about our services or tax deadlines — only where you have consented, with an easy opt-out

We do not use your data for automated decision-making, profiling, or any purpose unrelated to your service engagement.

Section 04

Data Sharing & Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your data only in the following circumstances:

Government authorities: To file your returns on the Income Tax e-filing portal, GST portal, MCA portal, or other regulatory platforms as required by law
Sub-processors: With trusted sub-contractors or professionals (e.g., Chartered Accountants, data entry partners) who are bound by confidentiality agreements and handle data solely to deliver our services
Legal requirements: When required by a court order, law enforcement request, or statutory authority under applicable Indian law
Business transfer: In the event of a merger, acquisition, or sale of business assets, in which case clients will be notified and data will remain protected under the same terms
With your consent: To any third party where you have given explicit written consent

          We Never Do This: We never sell your data, share it with advertisers, or disclose it to unauthorised parties. Government portal credentials shared with us are used only for your specific filing and are not stored longer than necessary.
        

Section 05

Data Retention

We retain your personal and financial data for as long as necessary to fulfill the purposes outlined in this Policy, including for service delivery, legal, regulatory, and accounting requirements.

Client records: Retained for a minimum of 8 years from the relevant assessment year, in line with Income Tax Act requirements
GST records: Retained for a minimum of 6 years from the due date of annual return filing
Contact information: Retained for the duration of the client relationship and up to 3 years thereafter
Government portal credentials: Deleted promptly after the specific service is completed
Website usage data: Retained for up to 12 months

After the retention period expires, data is securely deleted or anonymised. You may request early deletion subject to legal retention requirements (see Your Rights below).

Section 06

Data Security

We take the security of your information extremely seriously. We implement the following measures to protect your data:

Encrypted communication channels (HTTPS, encrypted email) for transmitting sensitive documents
Access control — only authorised personnel who need the information to perform their job have access to your data
Password protection and multi-factor authentication on internal systems
Regular review and updating of security practices
Confidentiality agreements signed by all employees and contractors
Secure deletion of data that is no longer required

While we take all reasonable precautions, no method of data transmission over the internet is completely secure. We cannot guarantee absolute security but commit to notifying you promptly in the event of a data breach that may affect your information.

We recommend that you do not share sensitive information such as passwords or OTPs unless requested by our team in the specific context of an active service engagement.

Section 07

Your Rights as a Data Principal

Under the Digital Personal Data Protection Act 2023 (DPDPA) and applicable Indian law, you have the following rights with respect to your personal data:

👁️

Right to Access

Request a summary of the personal data we hold about you and how it is being processed.

✏️

Right to Correction

Request correction of inaccurate or incomplete personal data we hold about you.

🗑️

Right to Erasure

Request deletion of your data where it is no longer necessary, subject to legal retention obligations.

🚫

Right to Withdraw Consent

Withdraw consent for processing at any time. This does not affect lawfulness of prior processing.

📋

Right to Grievance Redressal

File a complaint with our Grievance Officer if you believe your data rights are not being honoured.

🏛️

Right to Complain

Lodge a complaint with the Data Protection Board of India if your rights are not adequately addressed by us.

To exercise any of these rights, please contact our Grievance Officer (see Section 12). We will respond to verified requests within 30 days.

Section 08

Cookies & Website Tracking

Our website uses cookies and similar tracking technologies to improve user experience. We use the following types of cookies:

Essential cookies: Necessary for the website to function correctly. These cannot be disabled without affecting website functionality.
Analytics cookies: Used to understand how visitors interact with our website using anonymised, aggregate data (e.g., Google Analytics). No personally identifiable information is collected through analytics cookies.
Preference cookies: Remember your preferences such as language and region to improve your experience.

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. We do not use tracking cookies for advertising or selling your data to advertisers.

Section 09

Children's Privacy

Our services are designed for adults (18 years and above) and businesses. We do not knowingly collect personal data from individuals under the age of 18.

If you believe a minor has shared personal data with us, please contact us immediately and we will take steps to delete such information as soon as reasonably practicable.

In cases where a parent or guardian engages our services on behalf of a minor (e.g., filing a minor's income from investments), the parent/guardian is the data principal and is responsible for the information provided.

Section 10

Third-Party Links

Our website may contain links to third-party websites such as the Income Tax e-filing portal, GST portal, or informational resources. These links are provided for your convenience only.

We are not responsible for the privacy practices, content, or data handling of any third-party websites. We encourage you to read the privacy policies of any third-party websites you visit through our links.

Clicking on a third-party link will take you away from our website, and this Privacy Policy will no longer apply once you leave our platform.

Section 11

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. The updated version will be posted on our website with a revised "Last Updated" date.

For material changes that may affect your rights or how we process your data, we will notify you via email or WhatsApp (where we hold your contact details) at least 7 days before the changes take effect.

Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

Section 12

Grievance Officer

In accordance with the Digital Personal Data Protection Act 2023 and Rule 5(9) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, the details of our Grievance Officer are as follows:

          Grievance Officer: [Name of Designated Officer]

          Designation: Data Compliance Officer, Khalsa Financial Services

          Email: grievance@khalsafinancial.in

          Phone: +91 98XXX XXXXX

          Response Time: We will acknowledge your grievance within 48 hours and aim to resolve it within 30 days.

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDPA 2023.

Section 13

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Email: privacy@khalsafinancial.in
Phone / WhatsApp: +91 98XXX XXXXX
Business Address: Khalsa Financial Services, [Your City, State – PIN Code]
Business Hours: Monday to Saturday, 9:00 AM – 7:00 PM IST

We are committed to resolving all privacy-related queries in a timely and transparent manner.