Privacy Policy

Noesiss Consulting (“Noesiss”, “we”, “us” or “our”) operates the website at noesiss.in (the “Website”) and provides chartered accountancy, taxation, audit, business advisory, compliance, and related professional services. We are committed to protecting the privacy of every individual whose personal data we process and to handling that data lawfully, fairly, and transparently.

For the purposes of the DPDP Act, Noesiss Consulting is the Data Fiduciary that determines the purpose and means of processing your personal data. If you are an individual whose data we process, you are a Data Principal. By accessing the Website or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

• Personal Data— any data about an individual who is identifiable by or in relation to such data.
• Data Principal— the individual to whom the personal data relates (in the case of a child, includes the parent or lawful guardian).
• Data Fiduciary— the person (here, Noesiss Consulting) who determines the purpose and means of processing personal data.
• Data Processor— any person who processes personal data on our behalf (for example, our hosting and database providers).
• Sensitive Personal Data or Information (SPDI)— as defined under the IT (SPDI) Rules, 2011, including passwords and financial information such as bank account or payment details.

We collect only the personal data that is necessary for the purposes described in this policy. The categories of data we may collect are:

a. Information you provide directly

• Contact enquiries— when you use our contact form, we collect your first and last name, email address, phone number, the service you are interested in, and the contents of your message.
• Client engagements— where you engage our professional services, we may separately collect information required to deliver those services (such as identity, PAN, financial, and tax information). Such processing is governed by your engagement letter and any supplementary data-processing terms in addition to this policy.

b. Information collected automatically

• Technical data such as your IP address, browser type, device information, operating system, referring pages, and the date and time of your visit.
• Usage and log data generated by our hosting and infrastructure providers for security, diagnostics, and performance purposes.
• Cookies and similar technologies, as described in the Cookies & Tracking section and in our Cookie Policy.
• Where you consent, analytics and advertising identifiers set by third-party tools (such as Google Analytics, Microsoft Clarity, Google Ads, and the Meta / Facebook Pixel), including aggregated, masked session-replay and heatmap data used to understand and improve the Website and our advertising.

• Directly from you when you complete a form, email us, or otherwise communicate with us.
• Automatically through cookies and server logs when you browse the Website.
• From our service providers, such as our cloud database and hosting partners, which process limited technical data on our behalf.

Under the DPDP Act, we process personal data on the basis of your consentor for “certain legitimate uses” permitted by the Act. We use your personal data to:

• respond to your enquiries and provide the information or services you request;
• deliver, administer, and improve our professional services and the Website;
• with your consent, measure and improve the performance of the Website and our advertising and marketing using analytics and advertising tools;
• maintain the security, integrity, and performance of the Website and prevent fraud or misuse;
• comply with applicable laws, regulations, and lawful requests from government or regulatory authorities; and
• send you administrative or service-related communications.

We will not use your personal data for any new purpose that is incompatible with those set out above without first obtaining your consent or unless otherwise permitted by law.

We use cookies and similar technologies to operate the Website, to remember your preferences (including your cookie-consent choice), to analyse how the Website is used, and — with your consent — to measure and target our advertising. With your consent we use analytics and advertising services including Google Analytics, Microsoft Clarity (which may record anonymised, masked session replays and heatmaps), Google Ads, and the Meta / Facebook Pixel. Non-essential cookies are set only after you provide consent through our cookie banner, and you can manage or withdraw your consent at any time.

For full details of the cookies we use and how to control them, please read our Cookie Policy.

We do not sell, rent, or trade your personal data. We may share it only in the following limited circumstances:

• Service providers (Data Processors)— trusted third parties who process data on our behalf under contractual confidentiality and security obligations, including our cloud infrastructure, database, hosting, and authentication provider (Google Firebase / Google Cloud Platform), our email provider, and — where you consent — our analytics and advertising providers (Google Analytics, Microsoft Clarity, Google Ads, and Meta Platforms).
• Legal and regulatory disclosures— where required by law, court order, or a lawful request from a government, regulatory, or law-enforcement authority in India, including the Income Tax Department and the Ministry of Corporate Affairs (MCA).
• Professional and statutory bodies— where disclosure is necessary to comply with the standards or obligations applicable to chartered accountancy practice.
• Business transfers— in connection with a merger, acquisition, or reorganisation, subject to the recipient honouring this policy.

Some of our service providers, including our cloud and database infrastructure, may store or process data on servers located outside India. Where personal data is transferred outside India, we do so in accordance with the DPDP Act, which permits such transfers except to countries specifically restricted by the Central Government. We take reasonable steps to ensure that your data continues to be protected to a standard consistent with this policy.

Your personal data is stored on secure, access-controlled cloud infrastructure provided by our service providers. We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, tax, or regulatory requirements applicable to a chartered accountancy practice in India.

When personal data is no longer required, we will erase it or anonymise it, unless retention is required or permitted by law. Where you withdraw consent and no other lawful basis or statutory retention requirement applies, we will erase the relevant personal data.

In line with Section 8 of the DPDP Act and the IT (SPDI) Rules, 2011, we implement reasonable security safeguards to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These include:

• encryption of data in transit (HTTPS/TLS);
• access controls and authentication for administrative systems;
• use of reputable cloud providers with industry-standard security certifications; and
• periodic review of our security practices and access permissions.

In the event of a personal data breach, we will take appropriate remedial measures and notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act and the Rules. While we strive to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Subject to the conditions and exemptions under the DPDP Act, you have the following rights as a Data Principal:

• Right to access— obtain a summary of the personal data we process about you and the processing activities undertaken.
• Right to correction and erasure— request correction of inaccurate or incomplete data, and updating or erasure of your personal data.
• Right to grievance redressal— have your grievances addressed by our Grievance Officer in a timely manner.
• Right to nominate— nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to withdraw consent— withdraw your consent at any time, as easily as it was given.

To exercise any of these rights, please contact our Grievance Officer using the details below. We may need to verify your identity before acting on your request. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India.

Where we rely on your consent to process personal data, that consent is free, specific, informed, unconditional, and unambiguous, and is given through a clear affirmative action. You may withdraw your consent at any time by contacting us. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal, and certain processing may continue where required by law. The consequence of withdrawal may be that we are unable to provide the related service.

The Website and our services are intended for individuals aged 18 years and above and are not directed at children. In accordance with the DPDP Act, we do not knowingly process the personal data of a child (a person under 18 years of age) without the verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has provided us with personal data, please contact us so that we can take appropriate action.

In compliance with the DPDP Act and the Information Technology Act, 2000, and the rules made thereunder, the name and contact details of our Grievance Officer are set out below. The Grievance Officer will acknowledge and address your grievances within the timelines prescribed under applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated policy will be posted on this page with a revised “Last updated” date. Where required by law, we will notify you of material changes. We encourage you to review this page periodically. Your use of the Website is also governed by our Terms of Service.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: