Privacy Policy
M S Sulthan & Associates (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under applicable privacy laws, including India’s Digital Personal Data Protection Act, 2023 (DPDP Act), the EU/UK GDPR, major U.S. privacy laws (including CCPA/CPRA), and relevant Middle East data protection laws (including UAE PDPL and Saudi PDPL).
1. Introduction
M S Sulthan & Associates (“we” or “us”) respects your privacy and is committed to protecting your personal data. This policy explains what information we collect, why we collect it, how we use it, and your rights, in compliance with global and Indian data protection laws.
2. Information We Collect
2.1 Information You Provide
Name, email, phone number, firm details, messages, and form submissions.
2.2 Automatically Collected Data
Device type, browser, IP address, and browsing activity via server logs.
2.3 Cookies & Similar Technologies
We use cookies and similar technologies to remember preferences and analyze site usage. You may disable cookies in your browser settings.
3. How We Use Your Information
3.1 Service Delivery & Improvement
To deliver, maintain, and improve our legal and advisory services.
3.2 Personalization & Communication
To personalize your experience and send confirmations, invoices, security alerts, legal updates, and marketing communications (where required, based on consent).
3.3 Data Sharing
Your data is shared only where necessary and lawful: with your consent, with trusted service providers bound by confidentiality and processing terms, under EU Standard Contractual Clauses (where applicable), or when required by law, regulation, court order, or professional obligation.
4. Data Retention
4.1 Account Data
Retained while your account or relationship with us is active.
4.2 Transactional Records
Retained for statutory and professional retention periods (including tax, accounting, anti-money laundering, and bar/professional compliance obligations), then securely deleted or anonymized.
5. Your Privacy Rights
5.1 GDPR & DPDP Act Rights
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict or object to processing (where applicable)
- Right to data portability (where applicable)
- Right to withdraw consent
- Right to grievance redressal and nomination (under DPDP Act)
5.2 CCPA/CPRA Rights (California)
- Right to know categories of personal data collected and disclosed
- Right to delete personal data (subject to exceptions)
- Right to correct inaccurate personal data
- Right to opt out of sale or sharing of personal data (where applicable)
- Right to limit use/disclosure of sensitive personal information (where applicable)
- Right to non-discrimination for exercising privacy rights
5.3 Middle East Privacy Rights (UAE, KSA, and other applicable jurisdictions)
- Rights to be informed about processing activities
- Rights to access, correction, and deletion where legally available
- Rights related to consent management and lawful processing bases
- Rights to file complaints with relevant data protection regulators
To exercise any rights, contact us at contact@mssulthan.com.
6. Data Security
We implement technical and organizational safeguards, including encryption in transit where appropriate, role-based access controls, confidentiality obligations, secure hosting controls, and periodic security assessments to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure.
7. Cookies & Tracking
We use cookies for functionality, analytics, and (where permitted) marketing. You can manage your preferences using our cookie banner and browser settings. In certain regions, non-essential cookies are deployed only after valid consent.
8. Third-Party Links
Our website may contain links to third-party websites or services. We do not control, and are not responsible for, their privacy practices. Please review their privacy policies separately.
9. Children’s Privacy
Our services are not directed to children under 18, and we do not knowingly collect personal data from children without legally valid authorization. If you believe a child has provided personal data to us, please contact us for prompt review and deletion where required.
10. International Data Transfers
10.1 EU/UK Transfer Mechanisms
Where personal data is transferred outside the EEA/UK, we use lawful safeguards such as Standard Contractual Clauses and related risk-assessment measures, where required.
10.2 India DPDP Act Mechanisms
Cross-border transfers of personal data from India are handled in accordance with applicable government notifications, restrictions, and safeguards under Indian law.
10.3 Regional Compliance
For users in jurisdictions with transfer restrictions (including parts of the Middle East and U.S. state laws), we apply legally recognized transfer and processing controls as required by local regulations.
11. Updates to This Policy
We may revise this policy periodically to reflect legal developments, regulatory guidance, or changes in our services. Material updates will be posted on this page with an updated effective date. Continued use of our services after updates indicates acceptance, to the extent permitted by law.
12. Contact Us
For privacy questions, requests, or complaints, contact: contact@mssulthan.com.
