Privacy Policy
Virtual Auditor Private Limited | CIN: U74999TN2020PTC139456 | Effective Date: 1 April 2024 | Last Updated: 19 March 2026
This Privacy Policy explains how Virtual Auditor Private Limited ("we", "us", "our", "Virtual Auditor") collects, uses, stores, shares, and protects personal data. This policy complies with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Data Fiduciary Information
Virtual Auditor Private Limited acts as a Data Fiduciary under the DPDPA. Registered office: G-131, Ground Floor, Phase 3, Spencer Plaza Mall, Anna Salai, Chennai 600002, Tamil Nadu, India. Email: support@virtualauditor.in. Phone: +91 99622 60333.
2. Personal Data We Collect
We collect the following categories of personal data: (a) Identity data: full name, PAN, Aadhaar (where legally required for filings), date of birth, DIN/DPIN; (b) Contact data: email address, phone number, postal address; (c) Financial data: bank account details, GST numbers, income tax records, financial statements (only when required for professional engagements); (d) Professional data: company name, designation, CIN/LLPIN; (e) Technical data: IP address, browser type, device information, cookies; (f) Communication data: emails, form submissions, call recordings (with consent).
3. Purpose of Data Collection
We process personal data for: (a) providing professional services including valuation, tax filing, compliance, and advisory; (b) filing statutory forms with MCA, CBDT, CBIC, RBI, IBBI, SEBI, and other regulators on your behalf; (c) communicating engagement updates, invoices, and deliverables; (d) complying with legal obligations under the Companies Act, Income Tax Act, GST Act, FEMA, and other applicable laws; (e) improving our website and services; (f) responding to enquiries submitted through our contact form.
4. Lawful Basis for Processing
Under the DPDPA, we process personal data based on: (a) your explicit consent provided at the time of engagement or form submission; (b) performance of a professional engagement contract; (c) compliance with legal obligations (statutory filings, audit requirements, KYC norms); (d) legitimate interests of the Data Fiduciary (service improvement, fraud prevention).
5. Consent Mechanism
We obtain your consent through: (a) signed engagement letters before commencing any professional assignment; (b) online consent at the time of form submission on virtualauditor.in; (c) verbal consent recorded during consultations (with disclosure). You may withdraw consent at any time by emailing privacy@virtualauditor.in. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. Note: certain data retention is mandatory under statutory requirements regardless of consent withdrawal.
6. Data Sharing and Disclosure
We share personal data only with: (a) government and regulatory authorities (MCA, CBDT, CBIC, RBI, IBBI, SEBI, ROC) as required for statutory filings on your behalf; (b) authorised employees and associates of Virtual Auditor who need access to perform their duties; (c) technology service providers (hosting, email, CRM) under strict data processing agreements; (d) legal and professional advisors when required by law or to protect our legal rights. We do NOT sell, rent, or trade personal data to third parties for marketing purposes.
7. Data Retention
We retain personal data for: (a) active engagement data: duration of engagement plus 8 years (as required under Income Tax Act Section 149 for assessment/reassessment); (b) company registration records: perpetual (as per MCA requirements); (c) valuation reports: minimum 5 years from the date of report (IBBI Regulations); (d) tax filing records: 8 years from the end of the relevant assessment year; (e) website enquiry data: 2 years from the date of enquiry; (f) cookies and technical data: 1 year. Data is securely deleted after the retention period expires unless longer retention is required by law.
8. Data Security Measures
We implement reasonable security practices as required under Rule 8 of the IT Rules, 2011: (a) encryption of data in transit (TLS 1.3) and at rest (AES-256); (b) access controls with role-based permissions; (c) regular security audits and vulnerability assessments; (d) employee training on data protection; (e) secure document sharing via encrypted channels; (f) physical security at all three office locations. In the event of a data breach, we will notify affected individuals and the Data Protection Board of India within 72 hours as required under the DPDPA.
9. Your Rights Under DPDPA
As a Data Principal, you have the right to: (a) access a summary of your personal data held by us; (b) correct inaccurate or incomplete personal data; (c) erase personal data that is no longer necessary (subject to statutory retention requirements); (d) withdraw consent at any time; (e) nominate another person to exercise your rights in case of your death or incapacity; (f) lodge a grievance with our Grievance Officer or the Data Protection Board of India.
10. Children's Data
We do not knowingly collect personal data from individuals below 18 years of age. If a minor's data is required for a professional engagement (e.g., minor shareholder in a company), we obtain verifiable consent from the parent or lawful guardian as required under Section 9 of the DPDPA.
11. Cookies and Tracking
Our website uses: (a) essential cookies for site functionality and security; (b) analytics cookies (Google Analytics) to understand usage patterns — anonymised IP addresses are used; (c) no advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings. The site functions without non-essential cookies.
12. Cross-Border Data Transfer
Personal data is primarily stored on servers located in India. In cases where data transfer outside India is necessary (e.g., 409A valuations for US entities, cross-border FEMA filings), we ensure compliance with Section 16 of the DPDPA and transfer data only to jurisdictions not restricted by the Central Government, with appropriate contractual safeguards in place.
13. Grievance Officer
In accordance with the Information Technology Act, 2000 and DPDPA 2023, the Grievance Officer for data protection matters is:
Sudhir
Grievance Officer
Virtual Auditor Private Limited
G-131, Ground Floor, Phase 3, Spencer Plaza Mall, Anna Salai, Chennai 600002
Email: support@virtualauditor.in
Phone: +91 99622 60333
Grievances will be acknowledged within 48 hours and resolved within 30 days. If you are not satisfied with the resolution, you may file a complaint with the Data Protection Board of India under Section 27 of the DPDPA.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to active clients and posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.
Contact Us
For any privacy-related queries, contact us at: Email: privacy@virtualauditor.in | Phone: +91 99622 60333 | Address: G-131, Ground Floor, Phase 3, Spencer Plaza Mall, Anna Salai, Chennai 600002.