Privacy Policy
This Privacy Policy explains how Rakesh Baid & Company ("the firm", "we", "us") collects, uses, and protects personal data submitted through this website. It is published in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Who we are
Rakesh Baid & Company is a proprietorship firm of Chartered Accountants in continuous practice in Kolkata since 1998. The firm is the Data Fiduciary in respect of personal data submitted through this website.
2. Personal data we collect
When you submit the enquiry form on this website, we collect:
- Your name
- Your email address
- Your mobile telephone number
- The service category you have selected
- The contents of the message you choose to send
Our web server may, in addition, log:
- Your IP address (in hashed form, for rate-limiting purposes only)
- Date and time of the submission
- Browser user-agent string
We do not knowingly collect any data classified as sensitive personal data (such as financial information, health information, biometric data, or government-issued identifiers) through this website. You are requested not to share PAN, Aadhaar, bank details, OTPs, passwords, or other sensitive identifiers through the website form. Such information, where required for an engagement, will be collected separately through secure channels.
3. Purpose of processing
We process the personal data described above strictly for the following purposes:
- Responding to your enquiry by telephone or email
- Establishing an initial professional engagement, if you choose to proceed
- Internal records of website-originated enquiries
- Preventing abuse of the contact form (rate-limiting using hashed IP)
We do not use website enquiry data for marketing, profiling, automated decision-making, or onward sale or sharing.
4. Lawful basis — your consent
The lawful basis for our processing is your specific, informed, and free consent, given when you tick the consent checkbox in the enquiry form. You may withdraw consent at any time as described in Section 8 below. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. How long we retain your data
Enquiry data is retained for a maximum of 24 months from the date of submission, after which it is securely deleted. If your enquiry results in a professional engagement, the relevant data may be retained for longer in accordance with applicable professional, statutory, or regulatory requirements (including ICAI guidelines and tax laws).
Rate-limit data (hashed IP + timestamps) is automatically purged after 60 minutes.
6. Sharing with third parties
We do not sell, rent, or share your personal data with third parties for their own purposes. Limited disclosures may occur in the following cases:
- Hosting: The website is hosted on Hostinger International Ltd. infrastructure. Server logs may transit Hostinger systems incidentally.
- Statutory requirement: Where disclosure is required by law, by a court, or by a regulatory authority of competent jurisdiction.
We do not transfer personal data outside India for processing.
7. Security measures
The website is served over HTTPS with TLS encryption. The form-handling endpoint applies server-side validation, rate-limiting, and protection against header injection. Enquiry contents are delivered to a firm-controlled email inbox. Despite these measures, no internet-based system can be guaranteed to be 100% secure; the firm cannot warrant absolute security.
8. Your rights as a Data Principal
Under the DPDP Act, you have the following rights with respect to your personal data:
- Right to access — obtain a summary of personal data we hold about you
- Right to correction — correct inaccurate or misleading data
- Right to erasure — have your data deleted, subject to legal-retention exceptions
- Right to withdraw consent — at any time, with the same ease as it was given
- Right to grievance redressal — raise a complaint with the firm's Grievance Officer (see Section 10)
- Right to nominate — designate another individual to exercise these rights in the event of your incapacity or demise
To exercise any of these rights, write to privacy@rakeshbaid.com. We will respond within thirty (30) days.
9. Cookies and tracking
This website does not set marketing cookies. Essential session cookies may be set by the web server only for security reasons. We do not use third-party analytics services that profile users.
10. Grievance Officer
In line with Section 10 of the DPDP Act and Rule 5(9) of the IT Rules 2011, the Grievance Officer for this website is:
Rakesh Kumar Baid
Proprietor, Rakesh Baid & Company
2 Mandir Street, Kolkata 700073
Email: privacy@rakeshbaid.com
Telephone: +91 99037 00000
You may also approach the Data Protection Board of India for grievance redressal as constituted under the DPDP Act.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page indicates the most recent revision. We will not retroactively reduce your rights without your consent.
12. Contact
For any questions about this Privacy Policy or our handling of personal data, write to privacy@rakeshbaid.com.