Privacy Policy

Introduction

SecureTax Management Private Limited (“SecureTax”, “we”, “us”, or “our”) is committed to protecting your personal information and your right to privacy. This Privacy Policy (“Policy”) explains how we collect, store, use, share, and safeguard your personal data when you use our website www.securetax.co.in and our tax, accounting, and compliance services (collectively, the “Services”).

This Policy is designed to comply with applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), the UK General Data Protection Regulation (“UK GDPR”), and the EU General Data Protection Regulation (“GDPR”) where applicable.

By accessing or using our Platform or Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, please refrain from using our Services.

1. Who We Are — The Data Controller

SecureTax Management Private Limited is the data controller responsible for your personal data collected through this website and associated Services. We are registered in India and operate across two primary jurisdictions:

• India operations: governed by the Digital Personal Data Protection Act, 2023
• United Kingdom operations: governed by UK GDPR and the Data Protection Act 2018

If you have any privacy-related questions, you may contact our Data Protection Officer:

2. Information We Collect

We collect personal data only to the extent necessary to provide our Services and maintain our relationship with you.

2.1 Information You Provide Directly

• Identity Data: Full name, date of birth, gender, photograph, and signature
• Contact Data: Email address, phone number, residential or business address
• Tax & Financial Identifiers: PAN, GSTIN, TAN, UTR numbers, National Insurance Number (UK)
• Financial Data: Bank account details, UPI ID, payment card information, invoice records
• Business Data: Company name, nature of business, director/partner details, business registration numbers
• KYC Documents: Government-issued identity proof, address proof, and photographs as required by law
• Communications: Enquiries via our contact form, support tickets, and email correspondence

2.2 Information Collected Automatically

• Device & Technical Data: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent, links clicked, referral sources, and navigation patterns
• Cookie Data: Session cookies, persistent cookies, and similar tracking technologies (see Section 7)

2.3 Information from Third Parties

• From government portals (e.g., TRACES, GST Network, HMRC) when you authorise us to act on your behalf
• From affiliated partners or referral sources, subject to their privacy policies
• Publicly available professional or commercial registries for due diligence purposes

3. How We Use Your Personal Data

We process your personal data for the following purposes, each supported by a valid legal basis:

4. How We Share Your Data

We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances, with appropriate safeguards in place.

4.1 Service Providers & Processors

We engage trusted third-party vendors to support our operations, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Vercel)
• Payment processors and banking partners
• CRM, accounting, and productivity software providers
• Email communication platforms

All such processors are bound by data processing agreements and prohibited from using your data for any other purpose.

4.2 Government & Regulatory Authorities

We may be required to disclose personal data to tax authorities (e.g., Income Tax Department, HMRC), law enforcement, or courts where required by applicable law. We will notify you where legally permitted to do so.

4.3 Professional Advisors

Our legal counsel, auditors, and insurers may access limited personal data as necessary for their professional functions, subject to confidentiality obligations.

4.4 Business Transfers

In the event of a merger, acquisition, or restructuring, your data may be transferred to the successor entity, subject to equivalent privacy protections.

5. International Data Transfers

SecureTax operates in both India and the United Kingdom. Your data may be processed or stored in either jurisdiction. Where data is transferred internationally:

• Transfers from the UK to India are conducted under appropriate UK GDPR safeguards, including Standard Contractual Clauses (SCCs) where required
• Transfers are only made to countries or entities that provide an adequate level of data protection
• You may request details of the specific safeguards applied to your data by contacting us at legal@securetax.co.in

6. How Long We Retain Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

7. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience and gather analytical insights. The types of cookies we use are:

• Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Activated only with your consent.
• Preference Cookies: Remember your settings and personalisation choices.
• Marketing Cookies: Used to display relevant content. We do not currently use third-party advertising cookies.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

8.1 Rights under GDPR / UK GDPR (UK Users)

• Right of Access: Obtain a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention obligations)
• Right to Restrict Processing: Ask us to pause processing under certain conditions
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Automated Decision-Making: Challenge decisions made solely by automated processes

8.2 Rights under DPDP Act, 2023 (India Users)

• Right to Access: Know what personal data is being processed and the basis for doing so
• Right to Correction and Erasure: Request updates or deletion of inaccurate or outdated data
• Right to Grievance Redressal: Raise a complaint regarding data processing through our grievance mechanism
• Right to Nominate: Nominate a person to exercise rights on your behalf in the event of death or incapacity
• Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting prior lawful processing

To exercise any of the above rights, please submit a written request to legal@securetax.co.in. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Data Security

We implement robust technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure:

• Encryption of data in transit (TLS/HTTPS) and at rest (AES-256)
• Role-based access control and multi-factor authentication for staff systems
• Regular security audits, penetration testing, and vulnerability assessments
• Strict third-party vendor due diligence and data processing agreements
• Employee training on data protection and information security best practices
• Incident response procedures for data breaches, including regulatory notification obligations

Despite our best efforts, no system is entirely immune to risk. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authority as required by applicable law.

10. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without parental consent, please contact us immediately at legal@securetax.co.in and we will take prompt steps to delete that data.

11. Third-Party Websites

Our Platform may contain links to third-party websites for your convenience. These websites operate independently and are governed by their own privacy policies. SecureTax bears no responsibility for the privacy practices or content of any third-party site. We encourage you to review the privacy policy of every website you visit.

12. Grievance Redressal

In accordance with applicable laws, including the DPDP Act, 2023, we have designated a Grievance Officer to address any privacy-related concerns:

If you are a UK or EU resident and are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk
• India: Data Protection Board of India (upon establishment under the DPDP Act)

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will:

• Update the “Last Updated” date at the top of this document
• Notify registered users via email or a prominent notice on our Platform
• Where required by law, obtain renewed consent

Your continued use of the Platform after any changes constitutes acceptance of the updated Policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out to us: