Home Services NRI Taxation About Blog Contact
Legal

Privacy Policy

Last updated: 1 June 2025  ·  Effective from: 1 June 2025

Taxmithra ("we", "our", "us") is a CA & CMA firm based in Hyderabad, India. This Privacy Policy describes how we collect, use, share, and protect personal data when you use our website (taxmithra.com) or engage our professional services. We are committed to protecting your privacy in accordance with India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable rules.

1. Introduction & Scope

This policy applies to all personal data we process about individuals who visit our website, enquire about our services, or engage us as clients — including resident Indians, Non-Resident Indians (NRIs), businesses, and startups.

By using our website or submitting information through our contact forms, WhatsApp channel, or email, you consent to the data practices described in this policy.

2. Personal Data We Collect

We collect personal data that you provide directly to us and data that is automatically collected when you use our website.

Data you provide:

  • Full name, email address, phone number (submitted via contact forms or WhatsApp)
  • City / country of residence (for NRI service enquiries)
  • Nature of your query or service requirement
  • Documents you share with us for professional services (PAN, Aadhaar, bank statements, tax returns, etc.)
  • Any other information you voluntarily share during consultation

Data collected automatically:

  • IP address, browser type, operating system
  • Pages visited, time spent, referral source (via analytics tools)
  • Cookie data (see Section 8)
Sensitive Data: In the course of providing taxation and accounting services, we may handle sensitive financial and identity documents. We treat all such data with the highest level of confidentiality and do not use it for any purpose beyond service delivery.

3. How We Use Your Data

We use collected personal data for the following purposes:

  • Service delivery: To provide CA, CMA, GST, income tax, NRI taxation, and related services you have engaged us for.
  • Communication: To respond to enquiries, share service proposals, and follow up on consultations.
  • Client onboarding: To verify identity and complete KYC as required by professional regulations.
  • Legal compliance: To meet our obligations under the Income Tax Act, GST laws, ICAI regulations, FEMA, and other applicable laws.
  • Website improvement: To understand how visitors use our website and improve user experience.
  • Marketing (with consent): To send you newsletters, tax deadline reminders, or useful resources — only if you have opted in. You may unsubscribe at any time.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:

  • Government authorities: As required by law — e.g., filing your ITR with the Income Tax Department, submitting GST returns, or complying with regulatory notices.
  • Third-party service providers: We may use trusted vendors for website hosting, email communication, and analytics. These parties are bound by confidentiality agreements and may not use your data for their own purposes.
  • Professional advisors: Senior CAs, legal counsel, or associates engaged in delivering your specific service — under strict professional secrecy obligations.
  • With your explicit consent: Any other sharing would only occur with your prior written consent.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following:

  • Client records: Retained for a minimum of 8 years from the end of the relevant financial year, as required by ICAI and tax regulations.
  • Website enquiries (non-client): Retained for up to 12 months from the date of enquiry, after which they are securely deleted unless you became a client.
  • Newsletter subscribers: Retained until you unsubscribe, after which data is deleted within 30 days.
  • Legal obligations: Where law requires us to retain data for a longer period, we will comply accordingly.

7. Your Rights Under DPDPA 2023

As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:

✅ Right to Access

Request a summary of personal data we hold about you and how it is being processed.

✏️ Right to Correction

Request correction of inaccurate, incomplete, or outdated personal data.

🗑️ Right to Erasure

Request deletion of your personal data when it is no longer necessary for the purpose collected (subject to legal retention obligations).

🔕 Right to Withdraw Consent

Withdraw consent for marketing communications or non-essential data processing at any time.

📋 Right to Grievance Redressal

Raise a grievance with us and receive a response within a reasonable timeframe.

🏛️ Right to Nominate

Nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days of receiving your request.

8. Cookies & Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and collect anonymous analytics data.

  • Essential cookies: Required for the website to function correctly (e.g., session management). Cannot be disabled.
  • Analytics cookies: We may use tools like Google Analytics to understand how visitors interact with our website. These cookies collect data in aggregated, anonymised form.
  • No advertising cookies: We do not use cookies for behavioural advertising or third-party retargeting.

You can control and delete cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our website.

9. Children's Privacy

Our website and services are intended for individuals aged 18 and above. We do not knowingly collect personal data from children under 18 years of age. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • HTTPS encryption for all data transmitted through our website
  • Access controls limiting data to authorised staff only
  • Secure storage of client documents with restricted access
  • Regular review of our data handling practices

While we strive to protect your information, no method of internet transmission or electronic storage is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authority as required by law.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify registered clients by email.

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact Us

For any questions, concerns, or to exercise your data rights, please reach out to us:

Taxmithra — Data & Privacy

📧 Email: taxmithraglobal@gmail.com

📍 Address: Hyderabad, Telangana, India

⏱ Response time: Within 30 business days

If you are not satisfied with our response, you have the right to escalate your grievance to the Data Protection Board of India once constituted under the DPDPA 2023.