Privacy Policy
1. Introduction
Sandeep Girish G K & Co LLP (hereinafter referred to as “SGGK”, “we”, “us”, or “our”) is a Chartered Accountancy firm registered under the Limited Liability Partnership Act, 2008, with its principal office at No. 634, 1st Floor, 100 Ft. Ring Road, 2nd Phase, 7th Block, BSK III Stage, Bangalore – 560085, Karnataka, India.
This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data and information obtained through our website located at www.sggk.in (the “Website”) and through any inquiry, engagement, or communication initiated via our Website, email, telephone, or any other channel.
We are committed to protecting the privacy and confidentiality of individuals who interact with our Website, in full compliance with:
- The Digital Personal Data Protection Act, 2023 (DPDPA)
- The Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- The Institute of Chartered Accountants of India (ICAI) Code of Ethics and guidelines on client confidentiality
- Applicable provisions of the General Data Protection Regulation (GDPR) for data subjects located in the European Union
- UK General Data Protection Regulation (UK GDPR) for data subjects in the United Kingdom
By using our Website or submitting any inquiry or personal information to us, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with any part of this Policy, please do not use our Website or submit your personal information.
2. Identity of the Data Fiduciary / Controller
For the purposes of applicable data protection laws, SGGK acts as the Data Fiduciary (under DPDPA 2023) and Data Controller (under GDPR/UK GDPR) in respect of personal data collected through this Website.
Firm Name | Sandeep Girish G K & Co LLP |
Registered Office | No. 634, 1st Floor, 100 Ft. Ring Road, 2nd Phase, 7th Block, BSK III Stage, Bangalore – 560085 |
Privacy Contact | CA Ravindranath GK | ravindranath.gk@sggk.in | +91 9986192633 |
Website | www.sggk.in |
3. Personal Data We Collect
3.1 Information You Provide Voluntarily
When you contact us through our inquiry forms, email, WhatsApp, or telephone, we may collect:
- Full name and professional designation
- Business or company name, industry, and company size
- Contact details including email address and phone number
- Details of your query or requirement relating to our professional services
- Financial or business context shared voluntarily to describe your service needs
3.2 Information Collected Automatically
When you visit our Website, certain technical data may be collected automatically through cookies and server logs, including:
- IP address and approximate geographic location (city/country level)
- Browser type, version, and operating system
- Pages visited, time spent on pages, and referring URLs
- Device identifiers and screen resolution
We do not collect Sensitive Personal Data or Information (SPDI) as defined under the IT Rules 2011, such as financial passwords, biometric data, or health records, through our Website. |
4. How We Use Your Personal Data
We process your personal data only for the specific, lawful purposes described below. We will not use your data for any purpose incompatible with these stated purposes without obtaining your separate consent.
Purpose | Lawful Basis |
Responding to service inquiries and client onboarding | Contractual necessity / Consent (DPDPA § 4) |
Sending service-related communications and updates | Consent / Legitimate interest |
Website analytics and performance improvement | Legitimate interest / Consent (for cookies) |
Compliance with ICAI regulations and statutory obligations | Legal obligation (DPDPA § 7(b)) |
Fraud prevention and security monitoring | Legitimate interest / Legal obligation |
5. Professional Confidentiality – CA Firm Obligations
As a Chartered Accountancy firm, SGGK is bound by the ICAI Code of Ethics, which imposes a fundamental duty of confidentiality. This extends beyond general data protection law and provides an additional layer of protection to our clients and prospective clients.
5.1 Scope of Confidentiality
- All financial information, business data, and documents shared with us during or for the purpose of any professional engagement are held in strict professional confidence.
- Our Partners, professional staff, and support team are contractually and ethically bound to maintain the confidentiality of all client information.
- Information about your audit status, financial position, tax affairs, compliance standing, or business structure will never be disclosed to any third party without your explicit written consent, except as required by law.
5.2 Exceptions to Confidentiality
Confidentiality obligations may be overridden only in the following limited circumstances, as recognised under ICAI guidelines and applicable law:
- Disclosure required under a court order, tribunal direction, or regulatory authority
- Mandatory reporting obligations under the Prevention of Money Laundering Act (PMLA) or similar statutes
- A legal or professional duty to report in the public interest (e.g., suspected fraud or money laundering)
- Disclosure to professional indemnity insurers or legal advisors on a confidential basis
SGGK will notify you of any compelled disclosure where legally permitted to do so, prior to making such disclosure.
6. Disclosure and Sharing of Personal Data
6.1 No Sale of Personal Data
SGGK does not sell, rent, trade, or otherwise transfer your personal data to any third party for commercial purposes. We do not engage in data brokerage.
6.2 Permitted Disclosures
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to confidentiality obligations:
- Professional sub-contractors or associates engaged to assist in delivering specific services (e.g., specialist advisors), bound by equivalent confidentiality agreements
- Cloud hosting providers and IT service providers for website and data infrastructure (subject to Data Processing Agreements)
- Legal, regulatory, or statutory authorities where disclosure is required by law
- Professional indemnity insurers or legal counsel where necessary for risk management
6.3 Cross-Border Data Transfers
If any personal data is transferred outside India (including to our overseas bookkeeping service operations serving US/UK clients), such transfers will be conducted in compliance with the DPDPA 2023, and where applicable, with appropriate safeguards such as Standard Contractual Clauses under GDPR/UK GDPR.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention schedule is as follows:
Category of Data | Retention Period |
Inquiry / contact form data (no engagement) | 12 months from date of inquiry, unless engagement follows |
Client engagement records and correspondence | 8 years from end of engagement (Companies Act 2013 / ICAI norms) |
Audit workpapers and financial records | As mandated by ICAI Standards and applicable statute (minimum 8 years) |
Tax-related records | As required under the Income Tax Act 1961 (minimum 6 years from relevant AY) |
Website analytics / server logs | 13 months on a rolling basis |
Consent records | Duration of processing + 3 years |
8. Your Rights as a Data Principal / Data Subject
Depending on your jurisdiction, you have the following rights in relation to your personal data:
8.1 Rights Under DPDPA 2023 (Indian Residents)
- Right to access information about personal data processed about you
- Right to correction of inaccurate or incomplete personal data
- Right to erasure (where data is no longer necessary and no legal obligation to retain)
- Right to grievance redressal – you may contact our Privacy Contact within 30 days
- Right to nominate – you may nominate another person to exercise your rights in the event of your incapacity or death
8.2 Additional Rights Under GDPR / UK GDPR (EU/UK Residents)
- Right to data portability (receive your data in a structured, machine-readable format)
- Right to object to processing based on legitimate interests
- Right to restrict processing pending resolution of a dispute
- Right to withdraw consent at any time without affecting prior processing
- Right to lodge a complaint with your national supervisory authority (e.g., ICO in the UK)
To exercise any of the above rights, please write to us at ravindranath.gk@sggk.in with the subject line “Privacy Rights Request”. We will respond within 30 days for DPDPA requests and within 30 days for GDPR/UK GDPR requests. We may require identity verification before processing your request.
9. Cookies and Tracking Technologies
Our Website may use cookies and similar technologies. Cookies are small text files stored on your device to enhance your browsing experience and help us understand how the Website is used.
9.1 Types of Cookies Used
- These cookies are essential for the Website to function and cannot be disabled. They do not store personal data.: Strictly Necessary Cookies
- Used to understand visitor behaviour and improve Website performance (e.g., Google Analytics). These are only activated with your consent.: Analytics / Performance Cookies
- Enable personalised features such as remembering your preferences.: Functional Cookies
9.2 Cookie Consent
Where we use non-essential cookies, we will request your consent through our Cookie Consent Banner. You may withdraw cookie consent at any time through your browser settings or by contacting us. Please note that disabling certain cookies may affect Website functionality.
We do not use tracking cookies for advertising or retargeting purposes.
10. Data Security
SGGK implements appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Our security measures include:
- SSL/TLS encryption for all data transmitted through our Website
- Password-protected access controls for staff systems and databases
- Role-based access restrictions ensuring only authorised personnel can access client data
- Secure cloud hosting with reputable, compliant service providers
- Regular internal security reviews and staff training on data protection
- Documented data breach response procedures
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, SGGK will notify you without undue delay and in accordance with applicable legal obligations, including reporting to the Data Protection Board of India under the DPDPA 2023. |
11. Children’s Privacy
Our Website and professional services are directed at business professionals and corporate entities. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will promptly delete such data. If you believe we have received data from a minor, please contact us immediately at ravindranath.gk@sggk.in.
12. Third-Party Links and Services
Our Website may contain links to third-party websites, platforms (such as LinkedIn), or services. This Privacy Policy does not apply to those third-party websites. We are not responsible for the privacy practices, content, or security of external sites. We encourage you to review the privacy policies of any third-party website you visit through links on our Website.
Our Website may integrate with third-party analytics tools (such as Google Analytics). Use of these tools is governed by the respective third party’s privacy policy, and we recommend reviewing those policies independently.
13. Marketing Communications
We may send you information about our services, thought leadership content, or professional updates by email if you have provided your consent or if we have a legitimate professional relationship with you. Every marketing communication will include a clear and easy unsubscribe mechanism.
You may opt out of receiving marketing communications at any time by:
- Clicking the “Unsubscribe” link in any marketing email
- Emailing ravindranath.gk@sggk.in with “Unsubscribe” in the subject line
Opting out of marketing communications does not affect your receipt of service-related communications essential to an active engagement.
14. Changes to This Privacy Policy
SGGK reserves the right to update or modify this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or our data processing practices. Any material changes will be communicated through a prominent notice on our Website at least 14 days prior to taking effect. The “Last Revised” date at the top of this Policy will be updated accordingly.
We encourage you to review this Privacy Policy periodically. Continued use of our Website after the effective date of any changes constitutes your acceptance of the revised Policy.
15. Grievance Redressal
If you have any complaints, concerns, or questions regarding this Privacy Policy or the handling of your personal data, you may contact our designated Privacy Contact:
Grievance Officer: CA Ravindranath GK Email: ravindranath.gk@sggk.in Phone: +91 9986192633 Address: No. 634, 1st Floor, 100 Ft. Ring Road, 2nd Phase, 7th Block, BSK III Stage, Bangalore – 560085. We will acknowledge your grievance within 5 business days and endeavour to resolve it within 30 days. |
If you are not satisfied with our resolution and you are located in India, you may escalate your complaint to the Data Protection Board of India, once constituted under the DPDPA 2023. EU/UK residents may also contact their respective national data protection authority.
16. Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Bangalore, Karnataka, India, without prejudice to your statutory rights under applicable data protection law in your jurisdiction.