KANCO ("we", "us", or "our") is committed to protecting the privacy of every individual who visits our website or engages our professional services. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights in relation to it. By using our website, you agree to the terms described here.
1 Overview
KANCO is a professional audit, taxation, accounting, and business advisory firm registered and operating in Karachi, Pakistan. We are bound by Pakistan's applicable data protection obligations, including the Prevention of Electronic Crimes Act 2016 (PECA) and any subsequent personal-data regulations issued by the Government of Pakistan.
We collect only the minimum personal information necessary to provide our services and to communicate with you effectively. We do not sell, rent, or trade your personal information to any third party for marketing purposes.
2 Information We Collect
We may collect the following categories of personal information:
2.1 Information You Provide Voluntarily
- Contact enquiries: Your name, email address, phone number, company name, and the subject/message you submit through our contact form.
- Consultation requests: Details you share when requesting an appointment or professional consultation.
- Email correspondence: Any personal details included in emails or messages you send directly to our staff.
- Chatbot interactions: Questions and messages submitted through the Zainab AI-free chatbot on our website.
2.2 Information Collected Automatically
- Session data: A temporary session cookie (PHPSESSID) is issued to maintain your browsing session. It contains no personal identifiers and is deleted when you close your browser.
- Server logs: Our hosting provider may log your IP address, browser type, referring page, and pages visited. These logs are used solely for security monitoring and are not linked to your personal identity.
2.3 Information We Do NOT Collect
3 How We Use Your Information
We use the personal information you provide solely for the following purposes:
- Responding to your enquiries, consultation requests, and messages.
- Providing, managing, and improving the professional services you have engaged us for.
- Sending you relevant communications regarding your matter (not unsolicited marketing).
- Complying with our legal and regulatory obligations as a professional firm registered in Pakistan.
- Maintaining internal records of client engagements as required by applicable auditing standards and tax regulations.
- Improving and securing our website based on anonymised usage data.
We will not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
4 Disclosure of Your Information
We do not disclose your personal information to third parties except in the following limited circumstances:
- Service providers: Trusted service providers (such as web hosting) who process data on our behalf under strict contractual obligations and may not use it for their own purposes.
- Legal obligation: When required by Pakistani law, a court order, or a regulatory authority such as the Federal Board of Revenue (FBR), Securities and Exchange Commission of Pakistan (SECP), or any other competent authority.
- Professional duty: Where disclosure is required to fulfil our professional duties as auditors or advisors, in accordance with applicable professional standards (ICAP, ICMA).
- With your consent: Any other disclosure only with your explicit prior consent.
5 Data Retention
We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law:
- Contact form submissions: Retained for up to 12 months unless a client relationship commences, in which case standard client record retention periods apply.
- Client engagement files: Retained for a minimum of 7 years in accordance with Pakistani tax and company law requirements.
- Server access logs: Typically purged by our hosting provider within 90 days.
When personal information is no longer required, it is securely deleted or anonymised.
6 Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, alteration, or disclosure. These measures include:
- HTTPS encryption for all data transmitted between your browser and our server.
- Server-side session management with HttpOnly and SameSite cookie flags.
- Access controls limiting who within KANCO can access client data.
- Regular review of our security practices.
While we take reasonable precautions, no system is completely secure. If you believe your data has been compromised, please contact us immediately.
7 Cookies
Our website uses a single strictly-necessary session cookie:
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
PHPSESSID |
Maintains your browsing session (admin authentication only — not set for public visitors) | Session (deleted when browser closes) | Strictly Necessary |
We do not use analytics, advertising, or third-party cookies. No cookie consent banner is required because the only cookie used is strictly necessary for the operation of the admin system.
8 Your Rights
You have the following rights in relation to your personal information held by us:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of any inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to any legal retention obligations.
- Objection: Object to the processing of your information for a particular purpose.
- Withdrawal of consent: Where processing is based on your consent, withdraw that consent at any time.
To exercise any of these rights, please contact us at info@kanco.com.pk. We will respond within 30 days.
9 Third-Party Links
Our website may contain links to third-party websites (such as regulatory authorities or professional bodies). We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policy of any external site you visit.
10 Children's Privacy
Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the "Last Updated" date at the top of this page. Continued use of our website after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us: