Privacy Policy
V Viswanathan Associates
Chartered Accountants & Professional Service Providers
FRN: 013713S | IBBI Registered Valuer | CFE
Legal Compliance Statement
This Privacy Policy is fully compliant with the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Chartered Accountants Act 1949, Companies Act 2013, Income Tax Act 1961, GST Act 2017, SEBI regulations, RBI guidelines, IBBI regulations, and all other applicable Indian laws governing professional CA services and data protection.
Table of Contents
1 Introduction and Scope
V Viswanathan Associates ("we," "us," "our," or "the Firm") is a premier chartered accountancy firm committed to maintaining the highest standards of data protection and privacy in accordance with applicable Indian laws, international best practices, and professional ethical standards.
This Privacy Policy Applies When You:
- Visit our website (viswanathanassociates.com)
- Engage our company registration services
- Request startup valuation services
- Utilize tax filing and planning services
- Access GST compliance services
- Undergo statutory or tax audits
- Use our Virtual CFO services
- Seek international tax advisory
- Participate in appeals and litigation support
- Communicate with us through any medium
Important Consent Notice
By accessing our services, engaging our professional expertise, or providing your personal data, you explicitly consent to the collection, processing, and use of your information as described in this Privacy Policy. If you do not agree with these practices, please refrain from using our services and contact us to discuss alternative arrangements.
2 Data Fiduciary Information
Legal Entity Details
Contact Information
Anna Salai, Chennai 600002
Tamil Nadu, India
Data Protection Officer (DPO) & Privacy Contacts
Primary DPO Contact
Email: dpo@viswanathanassociates.com
Response Time: Within 48 hours
Specialized Privacy Contacts
- Privacy Queries: privacy@viswanathanassociates.com
- Grievance Officer: grievance@viswanathanassociates.com
- Data Requests: datarequests@viswanathanassociates.com
- Security Issues: security@viswanathanassociates.com
3 Personal Data We Collect
3.1 Client Information
Personal Identifiers
- • Full name and aliases
- • Father's/Mother's/Spouse's name
- • Date of birth and age
- • Gender and nationality
- • Photographs and signatures
- • Marital status and family details
Contact Information
- • Residential and business addresses
- • Mobile and landline numbers
- • Email addresses (personal/business)
- • Emergency contact details
- • Communication preferences
- • Social media profiles (if provided)
3.2 Government and Legal Identifiers
Tax Identifiers
- • PAN (Permanent Account Number)
- • Aadhaar Number
- • TAN (Tax Deduction Account Number)
- • GSTIN (GST Identification Number)
- • TIN (Tax Identification Number)
Identity Documents
- • Passport details and copies
- • Voter ID information
- • Driving license details
- • Ration card information
- • Utility bills for address proof
Business Registrations
- • CIN (Corporate Identity Number)
- • LLP Identification Number
- • Partnership firm registration
- • Trade license numbers
- • Professional membership IDs
3.3 Financial and Business Information
Banking and Financial Details
- • Bank account numbers and IFSC codes
- • Credit card and debit card information
- • Investment portfolio details
- • Insurance policy information
- • Loan and mortgage details
- • Fixed deposit and savings details
- • Mutual fund and stock investments
Income and Revenue Data
- • Salary and compensation details
- • Business turnover and revenue
- • Rental income information
- • Capital gains and losses
- • Other income sources
- • Expense and deduction details
Business Information
- • Company incorporation details
- • Business activities and objectives
- • Shareholder and director information
- • Authorized and paid-up capital
- • Board resolutions and compliance records
- • Audit history and findings
- • Regulatory filings and submissions
Professional Information
- • Occupation and job title
- • Employer details and history
- • Professional qualifications
- • Business partnerships
- • Industry classification
- • Work experience and skills
3.4 Digital and Technical Information
Website and Digital Footprint
- • IP addresses and geolocation data
- • Browser type, version, and settings
- • Operating system and device information
- • Cookies and tracking technologies
- • Website navigation patterns
- • Session duration and page views
- • Referral sources and search terms
Communication Records
- • Email conversations and attachments
- • Phone call records and notes
- • WhatsApp and messaging communications
- • Video conference recordings (with consent)
- • Form submissions and inquiries
- • Meeting minutes and documentation
- • Client feedback and surveys
4 Purpose of Data Processing
Company Registration
- • ROC filings and compliance
- • Director and shareholder verification
- • Address and identity verification
- • Share capital and MOA/AOA preparation
- • Digital signature certificate processing
- • Bank account opening assistance
- • Post-incorporation compliance
Startup Valuation
- • Business model analysis
- • Financial projections and DCF modeling
- • Market research and comparable analysis
- • ESOP and equity valuations
- • Due diligence support
- • Investment round preparation
- • Regulatory compliance (409A valuations)
Tax Services
- • Income tax return preparation and filing
- • Tax planning and optimization
- • Advance tax calculations
- • Capital gains tax advisory
- • International tax planning
- • Tax notice responses
- • Appellate proceedings representation
GST Services
- • GST registration and amendments
- • Monthly and quarterly return filing
- • Input tax credit optimization
- • GST audit and reconciliation
- • Compliance monitoring
- • Refund claim processing
- • GST litigation support
Audit Services
- • Statutory audit under Companies Act
- • Tax audit under Section 44AB
- • Internal audit and controls review
- • Concurrent audit services
- • Stock and inventory audits
- • Special purpose audits
- • Fraud investigation and forensic audit
Virtual CFO
- • Financial planning and analysis
- • Monthly financial reporting
- • Cash flow management
- • Budget preparation and monitoring
- • Investor relations support
- • Strategic financial advisory
- • Risk management and compliance
Additional Processing Purposes
Legal and Regulatory Compliance
- • Compliance with ICAI regulations and code of ethics
- • Anti-money laundering (AML) requirements
- • Know Your Customer (KYC) verification
- • Regulatory reporting to authorities
- • Court proceedings and legal documentation
- • Professional indemnity insurance claims
Business Operations
- • Client relationship management
- • Service quality improvement
- • Internal training and development
- • Business analytics and insights
- • Marketing and communication
- • Technology infrastructure maintenance
5 Legal Basis for Processing
Contractual Necessity
Processing necessary for the performance of our professional service contracts, including:
- • Service delivery and execution
- • Client communication and updates
- • Billing and payment processing
- • Quality assurance and review
Legal Obligation
Processing required by applicable laws and regulations, including:
- • Income Tax Act, 1961 compliance
- • Companies Act, 2013 requirements
- • GST Act, 2017 obligations
- • ICAI professional standards
Legitimate Interest
Processing necessary for our legitimate business interests, including:
- • Business development and growth
- • Risk management and fraud prevention
- • Service improvement and innovation
- • Professional networking and referrals
Explicit Consent
Processing based on your explicit consent for:
- • Marketing communications
- • Newsletter subscriptions
- • Event invitations and updates
- • Third-party service integration
6 Service-Specific Data Usage
Company Registration Services
Data Collection
- • Director and shareholder details
- • Address proof and identity verification
- • Digital signature certificate information
- • Company name and business activity details
- • Authorized capital and shareholding pattern
- • Bank account and financial information
Usage Purpose
- • MCA portal filings and submissions
- • ROC compliance and documentation
- • Legal entity establishment
- • Ongoing compliance monitoring
- • Post-incorporation support services
- • Regulatory communication and updates
Startup Valuation Services
Data Collection
- • Business model and revenue projections
- • Financial statements and cash flows
- • Market research and competitive analysis
- • Intellectual property and asset details
- • Management team and advisor information
- • Investment history and funding rounds
Usage Purpose
- • DCF and market multiple analysis
- • ESOP and equity valuation reports
- • Investment round preparation
- • Regulatory compliance (409A, FEMA)
- • Due diligence support for investors
- • Strategic planning and advisory
Tax Services
Data Collection
- • Income sources and salary details
- • Investment and capital gains information
- • Deduction claims and supporting documents
- • Previous year tax returns and assessments
- • Business income and expense details
- • International income and tax treaties
Usage Purpose
- • Tax return preparation and filing
- • Tax optimization and planning
- • Advance tax and TDS calculations
- • Notice responses and assessments
- • Appeals and litigation support
- • International tax advisory
GST Services
Data Usage
- • Sales and purchase transaction details
- • Input tax credit calculations
- • Monthly and quarterly return preparation
- • Compliance monitoring and reconciliation
Audit Services
Data Usage
- • Financial statements and accounting records
- • Internal controls and risk assessment
- • Audit trail documentation and evidence
- • Management representation letters
7 Your Data Protection Rights
Right to Information
Receive clear, comprehensive information about how your personal data is being processed, stored, and used
Right of Access
Request access to all personal data we hold about you, including processing activities and data sources
Right to Correction
Request immediate correction of any inaccurate, incomplete, or outdated personal information
Right to Erasure
Request deletion of your personal data (subject to legal retention requirements and professional obligations)
Right to Grievance Redressal
Lodge formal complaints regarding data processing activities and seek resolution through our grievance mechanism
Right to Nominate
Nominate another person to exercise your data protection rights in case of death or incapacity
How to Exercise Your Rights
Contact Methods
- Email: privacy@viswanathanassociates.com
- Phone: +91 9176044244
-
Written Request:
Data Protection Officer
V Viswanathan Associates
G131 Phase III Spencer Plaza
Anna Salai, Chennai 600002 - WhatsApp: +91 9176044244 (for urgent matters)
Response Timeline
- • Acknowledgment: Within 24 hours
- • Standard Response: Within 30 days
- • Complex Requests: Up to 60 days
- • Urgent Matters: Within 72 hours
Required Information
- • Valid identity proof
- • Specific request details
- • Account or service information
- • Preferred communication method
Limitations and Exceptions
Legal Retention Requirements
- • Income Tax Act mandates 8-year retention
- • Companies Act requires 30-year record keeping
- • GST Act mandates 6-year retention
- • ICAI professional standards requirements
- • Audit documentation retention periods
Professional Obligations
- • Ongoing legal proceedings
- • Regulatory investigation requirements
- • Professional indemnity considerations
- • Client confidentiality obligations
- • Third-party legal rights
8 Data Security Measures
Technical Safeguards
Encryption and Data Protection
- • TLS 1.3 encryption for all data transmission
- • AES-256 encryption for data at rest
- • End-to-end encryption for sensitive communications
- • Encrypted database storage with regular key rotation
- • Secure file transfer protocols (SFTP, HTTPS)
Infrastructure Security
- • Enterprise-grade firewall and intrusion detection
- • Regular security updates and patch management
- • Automated vulnerability scanning and assessment
- • Secure cloud infrastructure with ISO 27001 compliance
- • DDoS protection and traffic filtering
Access Controls
Authentication and Authorization
- • Multi-factor authentication (MFA) for all users
- • Role-based access control (RBAC) systems
- • Single sign-on (SSO) with strong authentication
- • Biometric authentication for sensitive systems
- • Regular access review and privilege revocation
Monitoring and Audit
- • Comprehensive audit trails and logging
- • Real-time security monitoring and alerts
- • User activity tracking and anomaly detection
- • Regular security assessments and penetration testing
- • Incident response and forensic capabilities
Physical Security
Office Premises Security
- • 24/7 security guard and surveillance system
- • Biometric access control to sensitive areas
- • CCTV monitoring with encrypted recording
- • Visitor access logs and escort requirements
- • Secure server room with environmental controls
Document Security
- • Fireproof safes for critical physical documents
- • Locked filing cabinets with restricted access
- • Secure shredding of confidential documents
- • Clean desk policy and document classification
- • Digital document management with version control
Organizational Measures
Staff Training and Policies
- • Comprehensive data protection training programs
- • Regular cybersecurity awareness sessions
- • Signed confidentiality and non-disclosure agreements
- • Clear data handling policies and procedures
- • Regular compliance audits and assessments
Incident Response
- • 24/7 security incident response team
- • Documented breach notification procedures
- • Regular disaster recovery testing
- • Business continuity planning
- • Forensic investigation capabilities
Backup and Disaster Recovery
Backup Strategy
- • Automated daily incremental backups
- • Weekly full system backups
- • Geographically distributed backup locations
- • Encrypted backup storage with integrity checks
- • Regular backup restoration testing
Recovery Procedures
- • RTO (Recovery Time Objective): 4 hours
- • RPO (Recovery Point Objective): 1 hour
- • Automated failover capabilities
- • Documented recovery procedures
- • Regular disaster recovery drills
Business Continuity
- • Alternative work location arrangements
- • Remote access capabilities
- • Communication continuity plans
- • Vendor and supplier contingency plans
- • Regular plan updates and testing
9 Data Retention and Disposal
Legal Retention Requirements
Income Tax Records
8 years from the end of relevant assessment year (Section 288 of Income Tax Act)
Company Records
30 years for key documents, 8 years for financial records (Companies Act 2013)
GST Records
6 years from filing of annual return (Section 36 of GST Act)
Audit Documentation
7 years from completion of audit (SA 230 - ICAI Standards)
Service-Specific Retention
Startup Valuation
10 years for valuation reports and supporting documentation
Virtual CFO Services
7 years for financial advisory records and reports
Appeals & Litigation
15 years or until final resolution, whichever is longer
Digital Communications
5 years for business communications, 1 year for marketing
Secure Data Disposal Procedures
Digital Data Destruction
- • Cryptographic Erasure: Destruction of encryption keys rendering data unrecoverable
- • Multi-pass Overwriting: DOD 5220.22-M standard for magnetic media
- • Physical Destruction: Professional hard drive shredding with certificates
- • Verification: Independent verification of data destruction completion
- • Documentation: Detailed disposal logs and certificates of destruction
Physical Document Destruction
- • Cross-cut Shredding: Industrial-grade shredding to security level P-4
- • Incineration: High-temperature destruction for highly sensitive documents
- • Pulping: Chemical breakdown for bulk document destruction
- • Chain of Custody: Documented handling from collection to destruction
- • Certificates: Official certificates of destruction from licensed vendors
Data Lifecycle Management
Creation
Data classification and security labeling at point of creation
Storage
Secure storage with appropriate access controls and encryption
Archival
Long-term storage with reduced access and enhanced protection
Disposal
Secure destruction following legal requirements and best practices
10 Professional Confidentiality
ICAI Code of Ethics Compliance
Fundamental Principles
- • Integrity: Straightforward and honest in all professional relationships
- • Objectivity: Not allowing bias or conflicts to compromise professional judgment
- • Professional Competence: Maintaining knowledge and skill at required level
- • Due Care: Acting diligently in accordance with technical and professional standards
- • Confidentiality: Respecting confidentiality of information acquired through professional relationships
Confidentiality Obligations
- • Duty not to disclose confidential information without client consent
- • Protection extends beyond termination of professional relationship
- • Obligation continues even after retirement or death
- • Includes information about former clients and prospective clients
- • Covers all forms of information, written and oral
Legal Professional Privilege
As chartered accountants, we maintain legal professional privilege over client communications and documentation in accordance with Section 126 of the Indian Evidence Act, 1872, and relevant case law precedents.
Protected Communications
- • Client consultations and advice
- • Tax planning discussions
- • Audit observations and recommendations
- • Litigation support communications
- • Strategic business advice
- • Confidential financial information
Exceptions to Privilege
- • Court orders and legal proceedings
- • Regulatory investigations with proper authority
- • Money laundering and terrorist financing
- • Professional misconduct investigations
- • Client consent for disclosure
- • Statutory disclosure requirements
Third-Party Disclosures
Authorized Disclosures
- • With Client Consent: Explicit written authorization for specific purposes
- • Professional Consultation: Anonymous consultation with other professionals
- • Quality Review: ICAI peer review and quality assurance programs
- • Professional Education: Anonymized case studies for training purposes
- • Technology Providers: Necessary disclosures to IT service providers under strict NDAs
Mandatory Disclosures
- • Legal Proceedings: Court orders and legal process requirements
- • Regulatory Compliance: ICAI, RBI, SEBI investigation requirements
- • Anti-Money Laundering: PMLA compliance and suspicious transaction reporting
- • Tax Authorities: Information sharing agreements and statutory requirements
- • Professional Discipline: ICAI disciplinary proceedings and investigations
Information Security Protocols
Access Control
- • Need-to-know basis access
- • Regular access reviews
- • Immediate revocation upon termination
- • Privileged account management
- • Activity monitoring and logging
Communication Security
- • Encrypted email communications
- • Secure file sharing platforms
- • Protected video conferencing
- • Confidential document management
- • Secure printing and disposal
Staff Training
- • Annual confidentiality training
- • Ethics and professional conduct
- • Information security awareness
- • Incident reporting procedures
- • Ongoing professional development
11 International Data Transfers
Cross-Border Transfer Framework
Transfer Scenarios
- • Cloud Services: Data storage and processing in international cloud platforms
- • Software Providers: International accounting and tax software solutions
- • Professional Networks: Global CA firm associations and collaborations
- • Client Operations: Multinational client businesses and subsidiaries
- • Regulatory Reporting: Cross-border tax and compliance reporting
Legal Safeguards
- • Adequacy Decisions: Transfers to countries with adequate protection levels
- • Standard Contractual Clauses: EU SCCs and equivalent protection mechanisms
- • Binding Corporate Rules: Internal data protection policies for group companies
- • Explicit Consent: Clear client consent for specific transfer purposes
- • Derogations: Limited transfers for contract performance and legal compliance
India (Primary)
- • Primary data storage and processing
- • DPDP Act 2023 compliance
- • Local data residency requirements
- • Regulatory oversight and audits
- • Client service delivery
International Cloud
- • Backup and disaster recovery
- • Software-as-a-Service platforms
- • GDPR and ISO 27001 certified providers
- • Data processing agreements in place
- • Encryption in transit and at rest
Client Locations
- • Multinational client subsidiaries
- • Cross-border transaction support
- • Local law compliance assistance
- • International tax advisory
- • DTAA optimization services
Data Localization Compliance
Critical Personal Data (CPD)
- • Storage: Exclusively within Indian territory
- • Processing: Only by Indian entities or Indian branches
- • Access: Restricted to authorized Indian personnel
- • Backup: Secondary copies also within India
- • Monitoring: Continuous compliance monitoring and auditing
Sensitive Personal Data
- • Primary Storage: Indian servers and data centers
- • Limited Transfer: Only with explicit consent and safeguards
- • Enhanced Protection: Additional security measures and controls
- • Audit Trail: Detailed logging of all access and transfers
- • Regulatory Reporting: Regular compliance reports to authorities
12 Contact Information
Primary Contact
Firm Details
Firm Name: V Viswanathan Associates
Registration: Chartered Accountants (FRN: 013713S)
Managing Partner: V Viswanathan (FCA, ACS, IBBI RV, CFE)
Established: 2012
Office Address
G131 Phase III Spencer Plaza
Anna Salai, Chennai 600002
Tamil Nadu, India
Contact Details
Primary Phone: +91 9176044244
Office Phone: +91 044 4856 0333
General Email: info@viswanathanassociates.com
Website: viswanathanassociates.com
Business Hours
Monday - Saturday: 10:00 AM - 7:00 PM
Sunday: Closed
Emergency Support: Available 24/7 for urgent matters
Privacy & Data Protection Contacts
Data Protection Officer (DPO)
Email: dpo@viswanathanassociates.com
Phone: +91 9176044244 (Ext. 101)
Response Time: Within 24 hours
Languages: English, Tamil, Hindi
Privacy Queries
privacy@viswanathanassociates.com
Grievance Officer
grievance@viswanathanassociates.com
Data Requests
datarequests@viswanathanassociates.com
Security Issues
security@viswanathanassociates.com
Emergency Contact Protocol
Data Breach: Immediate notification within 72 hours
Security Incident: 24/7 response team activation
Urgent Requests: WhatsApp +91 9176044244
Additional Support Channels
Phone Support
Mon-Sat: 10 AM - 7 PM
Average wait time: 2 minutes
Quick queries & urgent support
Response: Within 30 minutes
Email Support
Detailed inquiries
Response: Within 4 hours
Office Visit
In-person consultation
By appointment only
Our Data Protection Commitment
Your privacy and data security are fundamental to our professional values
100% Compliance
Full adherence to DPDP Act 2023 and professional standards
24/7 Protection
Continuous monitoring and immediate incident response
Transparent Practices
Clear communication about data usage and protection measures
© 2026 V Viswanathan Associates. All rights reserved.
This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, and applicable Indian laws as of February 22, 2026.