Data Protection Policy

Last updated: June 2026

Scope

This policy describes how Madaan Rishabh & Co. protects personal data handled through this website and in professional engagements, in line with the Indian Information Technology Act, 2000 and SPDI Rules, the Digital Personal Data Protection Act, 2023, the EU/UK GDPR for European users, and UAE Federal Decree-Law No. 45 of 2021 for UAE users.

Principles

• Purpose limitation — data is collected for stated purposes only and not reused incompatibly.
• Data minimisation — forms ask only what is needed to respond to you.
• Accuracy — you may request correction at any time.
• Storage limitation — retention periods are defined in the Privacy Policy.
• Security — TLS in transit, role-based access, audit logging of administrative actions, and periodic database backups.
• Accountability — the proprietor is responsible for compliance; contact rishabh@madaanrishabhandco.com.

Breach response

Suspected breaches are assessed immediately; where required, affected individuals and the applicable authority (Data Protection Board of India, EU supervisory authority, or UAE Data Office) are notified within statutory timelines.

Client engagement data

Data received during professional engagements is additionally governed by the confidentiality obligations of the Chartered Accountants Act, 1949 and the ICAI Code of Ethics, and is never disclosed except as required by law.