Privacy Policy.

Randhir Kumar Lal & Associates (“RKLCMA”, “the firm”, “we”) operates the website at rklcma.com. This Privacy Policy explains what information we collect when you visit the website or contact us through it, how we use that information, and the rights available to you under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

The firm’s engagement with its clients is governed by separate engagement letters and confidentiality undertakings — this policy is specifically about the website. We have written it briefly and in plain language. If anything is unclear, the named contact for privacy enquiries is the partner directly, at the address given at the foot of this page.

1. What this website collects.

The website itself is information-led. It is not a transactional site, does not require login or registration, and does not have any e-commerce or payment functionality. The information collected through routine use is therefore minimal:

• Standard server logs. Like most websites, our hosting infrastructure may automatically log routine technical information when pages are requested — including the IP address of the visitor, the date and time of the request, the page or file requested, and the type of browser and device used. These logs serve the operational and security purposes of the hosting platform.
• Information you submit through the enquiry form. The Confidential Enquiry form on the Contact page collects your name, organisation, role, subject, and message. The form does not transmit this information to the firm’s servers or store it on the website. Instead, when you click “Send Confidential Enquiry”, the form opens your own email client with the fields populated, and the email is sent through your own email service when you press Send. The website does not retain a copy.
• Information you send to us directly. If you contact the partner by email, WhatsApp, or phone, the message and any attachments you provide are received by the partner directly and are not processed through the website’s systems.

2. Cookies and web analytics.

The website may use a small number of cookies and similar technologies for technical functioning and to understand how the site is used in aggregate.

• Functional cookies. A small number of cookies may be set by the hosting platform for the technical operation of the website. These do not identify you personally and are necessary for the site to function.
• Google Analytics. The website may use Google Analytics, a web analytics service provided by Google LLC, to understand aggregate visitor patterns — pages viewed, time on site, geographic distribution at a country and city level, and the type of device used. Google Analytics uses cookies and collects information including IP addresses, which may be anonymised at collection. This information is used by the firm to improve the website’s usefulness and is not used to identify individuals. Google’s own data practices are governed by Google’s privacy policy at policies.google.com/privacy.
• Browser controls. You can disable cookies through your browser settings, or use a browser plugin (such as Google’s opt-out tool) to disable Google Analytics tracking. Disabling these will not materially affect your ability to use the website.

3. How we use the information we receive.

Information you provide through the enquiry form, email, WhatsApp, or phone is used by the firm solely to respond to your enquiry and to communicate with you about the matter you have raised. We do not:

• Sell, rent, or share your personal data with third parties for marketing purposes.
• Send unsolicited marketing communications. The firm does not operate a mailing list, newsletter, or marketing automation system.
• Use your information for any purpose other than the matter you have contacted us about, unless you separately give us specific consent for an additional purpose.

Where the matter you raise leads to a professional engagement, our use of any personal data shared in the course of that engagement is governed by the engagement letter and the firm’s separate professional confidentiality obligations — not by this website privacy policy.

4. Third-party services linked from the website.

The website includes links to external services — in particular WhatsApp (for the partner contact button) and external articles and references cited within our Point of View pieces. When you click these links, you leave the firm’s website and are subject to the privacy practices of the linked service. The firm has no control over those services and is not responsible for their data practices.

5. Retention.

Information that reaches the partner through email or WhatsApp is retained for as long as the relevant matter is open and, where the enquiry results in a professional engagement, for the period required under the firm’s engagement-letter obligations and applicable professional record-keeping requirements. Where an enquiry does not lead to an engagement, we retain the communication for a reasonable period to address any follow-up and then delete it. Server logs and analytics data are retained per the standard retention periods of the relevant service providers.

6. Your rights under the DPDP Act, 2023.

The Digital Personal Data Protection Act, 2023 gives you, as a Data Principal, certain rights in respect of your personal data. These include the right to:

• Access a summary of the personal data we hold about you and the processing activities undertaken with respect to it.
• Correction and erasure — ask us to correct inaccurate personal data we hold, or to delete personal data that is no longer necessary for the purpose for which it was collected, subject to applicable retention obligations.
• Grievance redressal — raise a grievance with the firm regarding the processing of your personal data, with the right to escalate unresolved grievances to the Data Protection Board of India established under the DPDP Act.
• Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
• Withdraw consent previously given, where the legal basis of processing was consent.

To exercise any of these rights, please contact the partner using the details in Section 8 below. We will respond within the timelines specified under the DPDP Act.

7. Security.

We take reasonable technical and organisational measures to protect information that reaches us, including secure access controls, encrypted transmission where technically possible (such as TLS for the website), and access restriction within the firm’s own systems. No method of transmission over the internet or method of electronic storage is fully secure, however; we cannot guarantee absolute security but apply reasonable care.

8. Contact for privacy enquiries.

The firm does not appoint a separate Data Protection Officer at present, as the volume and sensitivity of personal data processed through the website does not meet the threshold for mandatory DPO appointment under the DPDP Act. The named contact for privacy and data protection matters is the partner directly:

Please use the subject line “Privacy Enquiry” or “DPDP Act Request” when contacting us on these matters so the request is routed and responded to within the required timelines.

9. Updates to this policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, in the websites’ functionality, or in applicable law. The “Last updated” date at the top of this page indicates when the current version came into effect. Material changes will be reflected by an updated date and, where appropriate, by a notice on the website.