Privacy Policy

Introduction

• 1. This Privacy Policy (“Policy”) is issued by Fiducia Accounting Services (“Fiducia”, “we”, “us”, or “our”) in compliance with:
• 1.1. the Digital Personal Data Protection Act, 2023 (“DPDPA”);
• 1.2. the Information Technology Act, 2000 (“IT Act”);
• 1.3. the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); and
• 1.4. where applicable, international data protection standards including the United Kingdom General Data Protection Regulation as adopted under the UK Data Protection Act 2018 (“UK GDPR”).
• 2. Fiducia acts as a Data Fiduciary (as defined under the DPDPA) in relation to the Personal Data processed in the course of providing bookkeeping, accounting, payroll, and financial management services.
• 3. This Policy describes how we collect, use, disclose, store, transfer, and protect Personal Data, and the rights available to Data Principals.

• 1. Unless the context otherwise requires, capitalised terms used in this Policy shall have the meanings ascribed to them under the DPDPA.
• 2. “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
• 3. “Data Principal” means the individual to whom the Personal Data relates.
• 4. “Processing” includes operations performed on Personal Data, whether automated or otherwise, such as collection, storage, use, disclosure, transfer, and deletion.

• 1. Entity Name: Fiducia Accounting Services.
• 2. Nature of Entity: Company registered under the Companies Act, 2013 (India).
• 3. Registered Address: 227/29-A Arya Puri, Ansari Road, Muzaffar Nagar, Uttar Pradesh, PIN – 251002
• 4. Corporate Address: Plot No. 538, First Floor, Phase 8B, Industrial Area, Sector 74, Mohali, Punjab – 160071.
• 5. Website: www.fiducia.org.in.
• 6. Contact Email: [email protected].
• 7. Contact Phone: +91-8360150277.
• 8. Grievance Officer: communications may be addressed to the Grievance Officer via [email protected].

• 1. This Policy applies to the Processing of Personal Data relating to:
• 1.1. visitors to www.fiducia.org.in (the “Website”);
• 1.2. prospective and existing clients and their authorised representatives;
• 1.3. job applicants submitting applications through the Website or otherwise;
• 1.4. individuals whose Personal Data is processed by Fiducia in the course of providing professional services; and
• 1.5. third parties whose data is incidentally processed by Fiducia in connection with service delivery.
• 2. Where Fiducia processes Personal Data on behalf of a client under a written engagement or data processing arrangement, the terms of such arrangement may supplement this Policy.

• 1. Personal Data collected directly from Data Principals or authorised representatives may include:
• 1.1. Identity Data: full name, designation, and role of authorised representatives of client entities;
• 1.2. Contact Data: email address, telephone number(s), and business address(es);
• 1.3. Professional Data: company registration details, VAT and HMRC registration numbers, and payroll-related employee information of client organisations;
• 1.4. Financial Data: bank account details, transaction records, invoices, receipts, cash-flow data, and related financial documentation;
• 1.5. Technical Data: IP address, browser type, device identifiers, and browsing patterns collected through cookies and analytics tools; and
• 1.6. Recruitment Data: curriculum vitae, educational qualifications, employment history, and references of job applicants.
• 2. Sensitive Personal Data / Sensitive Personal Data or Information (SPDI).
• 2.1. To the extent that any information processed by Fiducia constitutes “Sensitive Personal Data or Information” under the SPDI Rules, Fiducia shall process such information in accordance with applicable consent requirements and security standards.
• 2.2. Fiducia shall implement reasonable security practices and procedures and maintain appropriate technical and organisational measures to protect such information.

• 1. Fiducia may process Personal Data for the following purposes and on the following lawful bases, as applicable:
• 1.1. Provision of services (bookkeeping, payroll, accounting, financial management): performance of contract and, where required, consent under the DPDPA.
• 1.2. Client onboarding, due diligence, and KYC: compliance with applicable law and legitimate interests.
• 1.3. Responding to queries submitted through the Website or other channels: consent and legitimate interests.
• 1.4. Newsletter and marketing communications: explicit consent of the Data Principal, as required.
• 1.5. Recruitment and human resources processes: taking steps prior to entering into a contract and legitimate interests.
• 1.6. Legal compliance and regulatory reporting: compliance with applicable law.
• 1.7. Website analytics and improvement: legitimate interests and, where required, consent for cookies.
• 1.8. Prevention and detection of fraud, money laundering, and financial crime: compliance with applicable law, including the Prevention of Money Laundering Act, 2002 (“PMLA”) and the Foreign Exchange Management Act, 1999 (“FEMA”), as applicable.
• 2. Where consent is relied upon, Data Principals may withdraw consent in accordance with Clause 9.5, subject to lawful Processing and retention requirements.

• 1. Fiducia may disclose Personal Data:
• 1.1. to its employees, advisors, and contractors on a need-to-know basis and subject to confidentiality obligations;
• 1.2. to service providers, vendors, and technology partners engaged to support operations, including hosting, communications, analytics, and security providers;
• 1.3. to professional advisors such as auditors, legal counsel, and consultants;
• 1.4. to government authorities, regulators, or law enforcement agencies where required by law or for the establishment, exercise, or defence of legal rights; and
• 1.5. to clients or their authorised representatives in accordance with the relevant engagement.
• 2. Fiducia shall take reasonable steps to ensure that third parties Processing Personal Data on Fiducia’s behalf implement appropriate safeguards.

• 1. In the course of service delivery, Personal Data may be transferred between India and the United Kingdom.
• 2. Such transfers shall be subject to appropriate safeguards, which may include:
• 2.1. standard contractual clauses and or data processing agreements consistent with UK GDPR requirements, as applicable;
• 2.2. compliance with Section 16 of the DPDPA and any notifications issued thereunder by the Central Government; and
• 2.3. measures designed to ensure that recipients provide an adequate level of data protection.
• 3. Fiducia shall not transfer Personal Data to any country or territory that is notified as restricted under the DPDPA, unless permitted by law and subject to any additional safeguards required.

• 1. Subject to applicable law, Data Principals have rights under the DPDPA in relation to Personal Data processed by Fiducia, including:
• 1.1. the right to access information about Personal Data being processed;
• 1.2. the right to correction of inaccurate or incomplete Personal Data;
• 1.3. the right to erasure of Personal Data, where applicable, including upon withdrawal of consent or where the data is no longer necessary for the stated purpose, subject to lawful retention obligations;
• 1.4. the right to grievance redressal; and
• 1.5. the right to nominate another individual to exercise rights on the Data Principal’s behalf in the event of death or incapacity.
• 2. Fiducia may request additional information to verify identity and to process requests securely.
• 3. Requests may be refused or limited where permitted by law, including where compliance would conflict with legal obligations.
• 4. How to exercise rights. Data Principals may submit requests by writing to: [email protected].
• 5. Withdrawal of consent. Where Processing is based on consent, the Data Principal may withdraw consent at any time by writing to [email protected]. Withdrawal shall not affect the lawfulness of Processing carried out prior to withdrawal.

• 1. Fiducia shall retain Personal Data only for as long as is reasonably necessary to fulfil the purposes for which it is processed, and thereafter in accordance with applicable law and internal retention requirements.
• 2. Without limiting Clause 10.1, Fiducia generally applies the following retention periods (which may be extended where required by law, audit, or dispute resolution needs):
• 2.1. client financial and accounting records: 1 (one) year years from the end of the relevant financial year, consistent with record-keeping requirements under applicable law;
• 2.2. payroll and employee records of client staff: 1 (one) year years from the date of the relevant record;
• 2.3. website contact and enquiry data: 1 (one) year years from the date of the last interaction;
• 2.4. job applicant data (unsuccessful applicants): 1 (one) year from the date of application;
• 2.5. job applicant data (selected applicants): duration of employment 1 (one) year; and
• 2.6. cookie and analytics data: as specified in the applicable cookie notice or cookie policy, if any.
• 3. Upon expiry of the applicable retention period, Personal Data shall be securely deleted, anonymised, or otherwise disposed of in accordance with reasonable industry practices.

• 1. Fiducia implements reasonable security practices and procedures and maintains technical and organisational measures designed to protect Personal Data against unauthorised access, disclosure, alteration, loss, or destruction.
• 2. Fiducia represents that it is certified under ISO/IEC 27001:2022 and maintains measures that may include:
• 2.1. encryption of data in transit using industry-standard TLS protocols;
• 2.2. role-based access controls and multi-factor authentication;
• 2.3. periodic security audits, vulnerability assessments, and penetration testing;
• 2.4. employee confidentiality obligations and data protection training; and
• 2.5. incident response procedures designed to meet applicable legal requirements.
• 3. No method of transmission over the internet or method of electronic storage is fully secure. Fiducia shall take reasonable measures, but cannot guarantee absolute security.

• 1. Any grievance relating to the Processing of Personal Data may be addressed to:
• 2. Grievance Officer, Fiducia Accounting Services
• 2.1. Address: Plot No. 538, First Floor, Phase 8B, Industrial Area, Sector 74, Mohali, Punjab – 160071.
• 2.2. Email: [email protected].
• 3. Fiducia shall endeavour to respond within 30 (thirty) days from the date of receipt of a grievance, or within such other period as may be prescribed under applicable law.

• 1. Fiducia reserves the right to amend, modify, or update this Policy from time to time to reflect changes in law, regulatory requirements, industry standards, or business practices.
• 2. The revised Policy shall be published on the Website with an updated effective date. Continued use of the Website or Fiducia’s services after publication shall constitute acceptance of the revised Policy, to the extent permitted by law.

• 1. This Policy shall be governed by and construed in accordance with the laws of India.
• 2. Subject to applicable law, courts at Mohali and or Chandigarh, Punjab, India, shall have exclusive jurisdiction over any dispute arising out of or in connection with this Policy.