Data Security at GSTserve

GSTserve Advisory Services LLP prioritizes the security and privacy of your personal and business data. We have adopted robust measures in accordance with Indian laws and global best practices to safeguard information throughout our operations.

Our Legal Framework

GSTserve is committed to compliance with all key Indian data protection laws, including:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Information Technology Act, 2000
  • SPDI (Sensitive Personal Data or Information) Rules
  • Applicable sectoral guidelines for financial and tax data

Security Safeguards

  • Encryption and Obfuscation: All personal and sensitive data stored or transmitted by GSTserve is encrypted using secure protocols, ensuring confidentiality and resilience against unauthorized access.​
  • Access Controls: Data is only accessible to authorized personnel based on strict role definitions and audit logs to track access and changes.
  • Data Masking and Tokenization: Where applicable, sensitive identifiers are masked or tokenized.
  • Continuous Monitoring: All access to personal and business data is logged and monitored, with security events reviewed regularly for anomaly detection.
  • Regular Data Backups: Information is backed up daily on secure servers, with copies maintained to ensure business continuity and recovery from any incidental data loss.​
  • Incident Response: A formal incident response policy enables timely detection, rapid breach reporting (to the Data Protection Board and affected users), and corrective action if any data compromise occurs.​
  • Vendor & Processor Compliance: All third-party software vendors and service providers (including cloud storage and accounting platforms) are contractually obligated to maintain data security equivalent to GSTserve’s standards.
  • Retention & Deletion: Retention and erasure of personal information are managed strictly according to statutory minimum and maximum periods under Indian law.

Client Rights and Notifications

  • You have the right to request details of the personal data held by GSTserve, correction of inaccuracies, and deletion where permitted by law.
  • GSTserve will immediately notify affected individuals and the designated authority regarding any significant breach, as mandated by the DPDP Act.​
  • Consent for data processing is always obtained in advance, with clear information on the intended use of your data.​

Staff Training and Awareness

  • All team members are trained to recognize cyber risks, phishing threats, and data privacy obligations.
  • Updates on cyber security procedures and best practices are shared regularly.

Governance and Compliance Measures

GSTserve designates senior staff to oversee compliance with privacy and data protection regulations. For significant data volumes or regulated client engagements, a Data Protection Officer (DPO) is appointed to conduct periodic audits and impact assessments.​

Contact and Reporting

For questions about data security, reporting a concern, or exercising your data rights, please contact:
GSTserve Advisory Services LLP, Kochi, Kerala, India
Email: info@gstserve.com
Phone: +91 80860 75699