Privacy Policy

Effective date

This Privacy Policy applies to https://www.sidkes.com (the "Website") and to information that Sidkes Consultancy ("we", "us", or "our") collects through the Website, our contact forms, and our consulting engagements.

It is published in compliance with the Information Technology Act, 2000 and the rules thereunder (including the SPDI Rules, 2011), the Digital Personal Data Protection Act, 2023 ("DPDPA"), and Rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

By using the Website you consent to the practices described below. If you do not agree, please do not use the Website.

1. Who we are

Sidkes Consultancy is an Indian consulting firm headquartered at I-502, MHADA Towers, Pimpri Waghere, Pune 411017, Maharashtra, India. For the purposes of the DPDPA, we act as a Data Fiduciary in respect of personal data collected through this Website, and as a Data Processor in respect of personal data we handle on behalf of our clients during engagements.

2. Information we collect

Information you give us directly:

• Your name, business email, phone number, company, and the contents of the message when you fill in our contact form
• Information you share with us during a consulting engagement, including technical, operational, and commercial data of your business
• Subscription preferences, if you opt in to communications

Information collected automatically:

• IP address, user agent, referring URL, and pages visited (server logs)
• A randomly-generated session identifier (cookie) for security
• Aggregated, non-identifying analytics if Google Analytics or Tag Manager is enabled (currently disabled by default)

We do not collect Sensitive Personal Data or Information ("SPDI") as defined under Rule 3 of the SPDI Rules through the Website. You should not include SPDI in contact-form submissions.

3. How we use your information

We process the personal data we collect for the following purposes:

• Responding to enquiries placed via the contact form
• Delivering consulting engagements that you or your organisation has contracted us for
• Administrative and security operations of the Website (logging, diagnostics, fraud prevention)
• Compliance with legal obligations (responding to lawful requests, invoicing, tax filings)
• Improving our services through aggregated, non-identifying analytics

The legal basis under DPDPA Section 4 is consent for direct enquiries and legitimate use for engagement delivery and operational logging.

4. Cookies and tracking technologies

The Website uses functional cookies for session management and basic security. We do not run third-party advertising trackers. If we enable Google Analytics, Google Tag Manager, or hCaptcha (each currently optional and gated by environment variables), the cookies they set will be governed by the privacy policies of those providers.

You can control or block cookies through your browser settings. Disabling functional cookies may degrade some Website features (notably the contact form).

5. Sharing and disclosure

We do not sell, rent, or trade personal data. We may share your information only with:

• Service providers that operate the Website infrastructure (cloud hosting, content management, transactional email) under written contract and bound to confidentiality obligations
• Professional advisers (lawyers, auditors, tax consultants) where reasonably necessary
• Group entities of Sidkes Consultancy operating under the same privacy standards
• Law-enforcement and government authorities in response to a lawful, written request

In the case of a corporate transaction (merger, acquisition, restructuring), personal data may be transferred to the successor entity, which will continue to be bound by this policy or a successor policy of equivalent standard.

6. Data storage, retention, and cross-border transfer

Personal data collected via the Website is stored on infrastructure operated by Sidkes Consultancy on Amazon Web Services in the Mumbai (ap-south-1) region.

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law. As a default:

• Contact-form submissions: 36 months from the date of last interaction
• Engagement records: as required for tax and audit compliance under Indian law (typically 8 years)
• Server access logs: 90 days

Where personal data is transferred outside India (for example, when a transactional-email provider routes mail through servers in another country), the transfer is effected only to jurisdictions that the Central Government has not restricted under DPDPA Section 16.

7. Security practices

We follow reasonable security practices and procedures as required under Rule 8 of the SPDI Rules, including:

• TLS 1.2/1.3 encryption in transit for all Website traffic
• Encrypted database storage with restricted, role-based access
• Application-level input validation and rate limiting on public endpoints
• Audit logs of administrative changes to our content management system
• Regular review of security configurations and patching of dependencies

No system is perfectly secure. If we become aware of a personal-data breach that materially affects you, we will notify you and the Data Protection Board of India in accordance with DPDPA Section 8(6).

8. Your rights under Indian law

Under DPDPA Sections 11-13 you have the right to:

• Access the personal data we hold about you and obtain a summary of the processing
• Correction, completion, updating, or erasure of your personal data where it is inaccurate or no longer necessary for the purpose
• Withdraw your consent at any time, where processing was based on consent (subject to lawful retention obligations)
• Nominate another individual to exercise these rights on your behalf in the event of death or incapacity
• Grievance redressal through our Grievance Officer (see Section 10)

To exercise any of these rights, write to us at the email address in Section 10. We will respond within the timelines required by law (typically 30 days, extendable for cause).

9. Children's data

The Website is not directed to children under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact our Grievance Officer and we will delete it.

10. Grievance redressal

In accordance with DPDPA Section 8(9), Rule 5(9) of the SPDI Rules, and Rule 3(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Grievance Officer for the Website is:

• Name: Grievance Officer, Sidkes Consultancy
• Address: I-502, MHADA Towers, Pimpri Waghere, Pune 411017, Maharashtra, India
• Email: info@sidkes.com
• Telephone: +91 9911855994

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 15 days of receipt. If you are not satisfied with our response, you may appeal to the Data Protection Board of India established under the DPDPA.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "last updated" date will be revised, and material changes will be communicated through the Website or, where reasonably practicable, by email.

12. Contact

For questions about this Privacy Policy or your personal data, write to our Grievance Officer at info@sidkes.com.

Last updated: 14 May 2026.