Lekshmi N Iyer & Associates (“we”, “us”, “our”) respects your privacy and is committed to protecting the personal information shared with us in the course of professional enquiries, consultations, engagements, compliance work, advisory assignments, and related professional services.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website, contact us, submit forms, communicate with us, or engage our professional services.

Legal Framework:  This Policy is drafted keeping in view the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, and the professional confidentiality obligations applicable to Chartered Accountants.

1. Applicability

This Privacy Policy applies to personal information collected through:

•        our website

•        email, phone, WhatsApp, online forms, video calls, or in-person meetings

•        professional engagement letters, onboarding forms, or client communication

•        documents shared for tax, FEMA, RBI, company law, litigation, forensic, accounting, audit, or advisory work

•        third-party platforms used for scheduling, communication, documentation, storage, or service delivery

This Policy applies to clients, prospective clients, website visitors, vendors, associates, and other individuals who interact with us.

2. Information We Collect

Depending on the nature of your enquiry or engagement, we may collect the following categories of information.

2.1 Basic Personal Information

•        Name, email address, phone number

•        Residential or business address

•        Designation, occupation, or business details

•        Identity and contact details of authorised representatives

2.2 Professional, Financial, and Compliance Information

•        PAN, Aadhaar, passport, OCI/PIO details, tax identification numbers, or other identification documents, where required

•         

•        Income details, bank statements, investment records, property documents, loan documents, invoices, agreements, ledgers, financial statements, and tax records

•         

•        GST, MCA, company incorporation, LLP, partnership, trust, or other business registration details

•        Foreign asset, foreign income, remittance, bank accounts, cross border assets/liabilities details.

•         

•        Documents relevant to tax notices, appeals, assessments, ITAT appearances, investigations, audits, regulatory proceedings, or professional representations

•         

Sensitive and compliance-sensitive information: 

Certain information, such as financial information, bank account details, passwords or portal access credentials, and other sensitive information may qualify as Sensitive Personal Data or Information (SPDI) under the IT (SPDI) Rules, 2011. Identification documents such as PAN, Aadhaar, passport, tax records, financial records, FEMA records, and regulatory documents are handled with similar care due to their confidential and compliance-sensitive nature.

2.3 Portal Access and Authorisation Information

Where specifically authorised by you, we may receive temporary access details, OTP-assisted access, DSC-based authorisation, or representative access for government or regulatory portals such as Income Tax, GST, MCA, RBI/FIRMS, or other compliance platforms.

Important: 

We do not store client portal credentials beyond the immediate session for which access was authorised. We recommend clients change passwords upon completion of the engagement. Wherever possible, we prefer DSC-based or OTP-based access over password sharing.

2.4 Website and Technical Information

•        IP address, browser and device information

•        Pages visited, time spent on the website

•        Referring website or search source

•        Cookies or similar tracking data, where applicable

3. How We Use Your Information

We collect and use personal information only for lawful and professional purposes, including:

•        Responding to enquiries and conducting initial consultations or diagnostic reviews

•        Evaluating whether we can accept an engagement

•        Preparing proposals, fee quotes, engagement letters, invoices, and payment records

•        Providing tax, FEMA, RBI, accounting, audit, litigation, forensic, corporate law, compliance, or advisory services

•        Filing returns, forms, applications, appeals, replies, certificates, reports, or representations

•        Communicating with government departments, regulators, banks, authorised dealers, consultants, counsels, or other parties where necessary for the engagement

•        Maintaining professional records, working papers, and internal documentation

•        Complying with legal, regulatory, professional, tax, audit, accounting, and record-retention obligations

•        Sending relevant professional updates, reminders, or communications, where appropriate

4. Legal Basis and Lawful Purpose for Processing

We process personal information only for lawful and professional purposes, including:

•        consent-based processing

•        responding to enquiries and pre-engagement discussions

•        performance of professional engagements

•        compliance with legal, regulatory, tax, audit, accounting, FEMA, company law, and professional obligations

•        maintenance of professional records and working papers

•        conflict checks, risk review, fraud prevention, and professional defence

•        requirements imposed by law, court, tribunal, regulator, bank, authorised dealer, government department, or professional body

5. Consent

By contacting us, submitting information through our website, sharing documents, or engaging our services, you consent to the collection and use of your personal information for the purposes stated in this Privacy Policy and in the relevant engagement terms.

Where specific consent is required for a particular purpose, we may obtain it separately.

You may withdraw consent where processing is based only on consent. However, withdrawal of consent may affect our ability to continue providing services. It will not affect processing already carried out lawfully or records required to be retained under law, professional standards, or contractual obligations.

6. When We Share Your Data

We do not sell or commercially disclose your personal data.

We may share your personal data only where necessary for professional, legal, regulatory, or service-delivery purposes, including with:

•        Government authorities: Income Tax Department, GST authorities, MCA, RBI, authorised dealer banks, courts, tribunals, or other statutory/regulatory authorities, where required by law or for professional filings and representations

•        Professional advisors and consultants: Advocates, auditors, valuers, company secretaries, bankers, consultants, or other professionals assisting us in relation to your matter, under confidentiality obligations

•        Service providers: IT support providers, cloud storage providers, email providers, accounting/compliance software providers, and other vendors who help us operate our practice, subject to confidentiality and data protection obligations

•        With your consent: Any third party specifically authorised by you, such as banks, consultants, family members, authorised representatives, or overseas advisors

7. Cross-Border Processing and Storage

Some communication, storage, email, cloud, scheduling, payment, or professional tools used by us may involve servers, service providers, or support teams located outside India.

Where personal information is transferred or processed outside India, we take reasonable steps to ensure such processing is connected with lawful professional purposes and is subject to appropriate safeguards, contractual obligations, platform terms, or confidentiality protections, consistent with the requirements of the DPDP Act, 2023 and the DPDP Rules, 2025.

8. Data Security

We implement reasonable security practices and procedures as mandated by Section 43A of the Information Technology Act, 2000 and the IT (SPDI) Rules, 2011, including:

•        Restricted access to client files and working papers

•        Use of password-protected systems and controlled access

•        Confidentiality obligations for team members, associates, and consultants

•        Reasonable digital and physical safeguards

•        Controlled sharing of documents

•        Periodic review of access and storage practices

No method of electronic transmission or storage is completely secure. Clients are advised to use secure channels when sharing sensitive documents and to avoid sending unnecessary passwords or sensitive information over unsecured channels.

9. Data Retention

We retain personal information and professional records for as long as required for completion of the engagement, legal, regulatory, ICAI, and professional obligations, and for defence of claims or proceedings. Indicative retention periods are set out below:

Where deletion is requested, we will evaluate the request subject to applicable legal, professional, regulatory, contractual, and record-retention requirements.

10. Your Rights Under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

10.1 Right to Access

You can request a summary of personal data we hold about you and how it is being used.

10.2 Right to Correction

You can request correction or updating of inaccurate or incomplete personal information.

10.3 Right to Erasure

You can request deletion of your personal data, subject to legal retention requirements, ongoing proceedings, and contractual obligations.

10.4 Right to Withdraw Consent

You may withdraw consent for marketing communications or optional services at any time by contacting us. Withdrawal does not affect lawful processing already completed.

10.5 Right to Nominate

You can nominate another individual to exercise your rights in case of death or incapacity, as provided under the DPDP Act, 2023.

10.6 Right to Grievance Redressal

You may submit a privacy-related grievance to our designated contact person mentioned in Section 17. If your grievance is not resolved, you may have the right to approach the Data Protection Board of India in accordance with applicable law.

11. Data Breach

In case of a personal data breach affecting information under our control, we will take reasonable steps to assess, contain, and mitigate the breach.

Where legally required, we will notify the Data Protection Board of India and/or affected individuals in accordance with applicable timelines and procedures.

We may also document the breach, the nature of information involved, remedial steps taken, and measures adopted to reduce the risk of recurrence.

12. Confidentiality and Professional Ethics

As a Chartered Accountant practice, we are bound by the ICAI Code of Ethics and the confidentiality requirements of the Chartered Accountants Act, 1949.

Client information obtained during a professional engagement will not be disclosed except:

•        with client authorisation

•        where disclosure is required by law, court order, or regulator

•        where required for professional review, peer review, quality control, or ICAI regulatory compliance

•        where necessary to defend professional work or respond to legal or regulatory proceedings

•        where disclosure is permitted or mandated under applicable professional standards

13. Cookies and Website Analytics

Our website may use cookies or similar technologies to improve user experience, analyse website traffic, and maintain website functionality.

You may disable cookies through your browser settings. However, this may affect certain website functions.

If we use third-party analytics tools, they may collect anonymised or aggregated information in accordance with their own privacy policies.

14. Third-Party Links and Platforms

Our website or communications may contain links to third-party websites or platforms, including government portals, tax portals, MCA, GST, RBI, payment gateways, scheduling tools, or other external resources.

We are not responsible for the privacy practices, security, or content of third-party websites. You should review their privacy policies before submitting information to them.

15. Children’s Data

Our professional services are not generally directed at children. We do not knowingly collect personal data of minors unless necessary for a lawful professional purpose — such as tax, inheritance, family settlement, trust, or compliance matters — and where such information is provided by a parent, guardian, legal representative, or authorised person.

16. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, professional practice, or our internal processes.

The updated version will be posted on our website with the revised Last Updated date. Material changes will be notified via email or prominent notice on our website.

17. Contact for Privacy Queries and Grievances

Designated Contact Person for Privacy Queries and Grievances

For questions, correction requests, consent withdrawal, or privacy-related grievances, you may contact:

•        Name: CA Lekshmi N FCA

•        Firm: Lekshmi N Iyer & Associates

•        Email: info@calekshmi.com

•        Phone: +91-9633751158

•        Address: Lekshmi N Iyer & Associates, Puliyilethu Madom, Thulamparambu South, Haripad, Alappuzha, Kerala 690 514

•        Website: www.calekshmi.com

We will make reasonable efforts to respond to privacy-related requests within a reasonable period, subject to verification and applicable legal or professional constraints.

Disclaimer

This Privacy Policy explains our data handling practices. It does not create a client relationship or professional engagement by itself. Professional services are governed by a separate engagement letter, written scope confirmation, or terms of engagement.