Compliance Guidelines

Privacy Policy & Information Security Guidelines

Last Updated: 2026-06-02 | Published by: CA Partner

CA Abhijeet Dolase & Associates (ICAI Firm Registration Number: 123456W) is committed to protecting the privacy, confidentiality, and security of our clients, visitors, and website users. This policy is aligned with the Digital Personal Data Protection (DPDP) Act of India, 2023 and the ISO 27001 Information Security Management System (ISMS) standards, outlining our data processing principles, cookie settings, and security controls.

1. Principles of Data Governance (DPDP & ISO 27001)

Operating strictly under the ethical standards of the Institute of Chartered Accountants of India (ICAI) and regulatory data protection guidelines:

  • Purpose Limitation: We process personal data strictly for the specific purpose for which consent has been given (e.g., responding to consultation inquiries).
  • Data Minimization: We collect only the minimum necessary data required to carry out the requested professional service.
  • Confidentiality and Integrity: All data is handled under strict professional secrecy requirements, ensuring data accuracy and preventing unauthorized alterations.

2. Data Roles under DPDP Act, 2023

In accordance with India's DPDP Act, 2023, the following roles and classifications apply:

  • Data Fiduciary: CA Abhijeet Dolase & Associates acts as the Data Fiduciary, determining the purpose and means of processing personal data.
  • Data Principal: You, as a visitor or client submitting details on this website, are the Data Principal. You hold sovereign rights over how your digital personal data is processed.

3. Rights of the Data Principal

As a Data Principal under the DPDP Act, 2023, you have the following enforceable rights:

  • Right to Information: Access a summary of the personal data being processed, along with a description of processing activities.
  • Right to Correction and Erasure: Request the correction, completion, or deletion of personal records that are no longer necessary for the original processing purpose.
  • Right to Grievance Redressal: Register complaints regarding data processing practices with our Grievance Redressal Officer.
  • Right to Withdraw Consent: Withdraw your consent at any time. Withdrawal is made simple and can be completed via your browser's cookie settings or by contacting us directly.
  • Right to Nominate: Nominate another individual to exercise your data rights in the event of death or incapacity.

4. Information Security Safeguards (ISO 27001 alignment)

To align with ISO 27001 security standards, we implement the following technical and organizational controls:

  • Encryption in Transit (SSL/TLS): All traffic between your browser and our servers is encrypted using industry-standard Transport Layer Security.
  • Access Controls: System access to inquiry logs is restricted via secure multi-factor authentication (MFA) and limited strictly to Managing Partners and authorized compliance officers.
  • IP Address Anonymization: If you decline visitor cookies or select "Reject All", our tracking subsystem automatically applies a subnet mask to your IP address (zeroing the last octet for IPv4 or equivalent blocks for IPv6) prior to saving logs, preventing individual connection tracking.
  • Incident Management: We maintain strict security incident logging and reporting procedures. Any suspected data breach is reported within regulatory timelines.

5. Cookie Management and Consent Options

Our website implements a persistent cookie consent management system. Cookies are small data files placed on your device to ensure website performance, understand user interaction patterns, and manage access parameters:

  • Essential Subsystems: Required for security, system session authorization, and static cache validations. These cookies do not store personally identifiable data and cannot be disabled.
  • Visitor Analytics: Used to understand general traffic logs, popular regions of connection, and performance tuning. These are only activated if you explicitly select "Accept All" or opt-in to Analytics within the settings panel.

6. Grievance Redressal Officer

Under the DPDP Act, 2023, we have appointed a Grievance Redressal Officer. If you have questions regarding this Privacy Policy, your cookie preferences, or wish to exercise your rights to access, correction, or deletion of lead records, please contact:

CA. Abhijeet Tatyasaheb Dolase (Grievance Redressal Officer)
CA Abhijeet Dolase & Associates
Platinum Plaza, Chinchwad, Pune - 411019, Maharashtra
Email: compliance@cadolase.com | Response SLA: 7 business days

Frequently Asked Questions

Q Are my data rights protected under the DPDP Act, 2023 on this website?

Yes, we are fully aligned with the DPDP Act, 2023. You have complete control as a Data Principal, including the rights to access, correct, erase, or withdraw consent for any personal data you submit via our consultation forms.

Q What security protocols protect my information?

In accordance with ISO 27001 guidance, we enforce SSL/TLS encryption for all data in transit, apply strict role-based access controls, restrict data logs to authorized partners, and automatically anonymize IP addresses for analytics if consent is declined.

Q How do I withdraw my consent or request data erasure?

You can manage and withdraw your cookie consent at any time via the "Cookie Preferences" link in the footer. To request the deletion of lead records submitted via forms, email compliance@cadolase.com and our Grievance Officer will process your request within 7 business days.