Last Updated: 1 January 2025
This Privacy Policy explains how Advocate Legal Chambers collects, uses, stores, and protects personal information provided by visitors to our website and clients of our legal practice. We are committed to protecting your privacy and handling your data responsibly under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("IT Rules").
Who We Are
Advocate Legal Chambers is a legal practice registered with the Bar Council of India, with principal offices at Level 14, Nariman Point Tower, Nariman Point, Mumbai 400 021. We are the data controller for personal information collected through this website and our legal services.
For questions about this Privacy Policy or our data practices, contact our designated Privacy Officer at [email protected].
Personal Data We Collect
We collect personal data in the following circumstances:
| Data Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, title, date of birth | Contact form, client intake |
| Contact Data | Email address, phone number, postal address | Contact form, client intake |
| Legal Matter Data | Description of legal issue, case history | Consultation, client intake |
| Technical Data | IP address, browser type, pages visited, session duration | Website analytics (anonymised) |
| Communication Data | Email correspondence, WhatsApp messages, call records | Direct communication |
| Financial Data | Billing details, payment records | Engagement process (existing clients only) |
We do not knowingly collect sensitive personal data (as defined under IT Rules) through this website unless specifically required for your legal matter and with your explicit consent.
How We Use Your Data
We use personal data for the following purposes:
- Responding to enquiries — to contact you in response to messages submitted through our website or communicated directly.
- Providing legal services — to advise you, represent you, and manage your legal matter where you become a client.
- Client administration — for billing, accounting, record-keeping, and conflict-of-interest checks.
- Improving our website — using anonymised analytics data to understand how visitors use our site and improve user experience.
- Legal compliance — to comply with legal and regulatory obligations, including Bar Council of India requirements.
- Communications — to send you updates relevant to your matter and, where you have consented, legal updates and newsletters.
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Legal Basis for Processing
We process personal data on the following lawful bases:
- Consent — where you have submitted a contact form or provided information voluntarily.
- Contract — where processing is necessary to perform legal services under a client engagement.
- Legal obligation — where processing is required by applicable law, court order, or regulatory requirement.
- Legitimate interests — for purposes such as improving our website and maintaining client records, where this does not override your fundamental rights.
Data Sharing & Disclosure
We do not sell, rent, or trade your personal data to third parties under any circumstances.
We may share personal data in the following limited circumstances:
- With your consent — to co-counsel, foreign law firms, or expert witnesses engaged for your matter.
- Service providers — with trusted third-party providers (e.g., IT support, cloud storage, accounting) who are bound by confidentiality agreements and may only process data on our instructions.
- Legal requirement — where required by court order, statutory obligation, or lawful authority. We will notify you of any such disclosure where legally permissible.
- Professional regulators — with the Bar Council of India or other regulatory bodies as required by our professional obligations.
All data sharing is governed by strict confidentiality obligations. Attorney-client privilege is maintained to the fullest extent permitted by law.
Data Retention
We retain personal data for as long as necessary for the purposes set out in this Policy:
- Client matter files — retained for a minimum of 7 years after the conclusion of a matter, in accordance with professional requirements and the Limitation Act, 1963.
- Website enquiries (non-clients) — retained for 12 months from the date of enquiry, unless a client relationship is subsequently formed.
- Financial records — retained for 8 years in accordance with applicable tax and accounting laws.
- Technical / analytics data — retained in anonymised form for up to 24 months.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
- Encrypted communication channels (TLS/SSL) for all data transmitted through this website.
- Access controls restricting data access to authorised personnel only on a need-to-know basis.
- Regular security assessments and staff training on data protection.
- Secure physical storage for hard-copy client files with restricted access.
While we take all reasonable precautions, no method of electronic transmission or storage is completely secure. In the event of a data breach that is likely to affect your rights or freedoms, we will notify you and the relevant authorities as required by law.
Cookies & Analytics
This website uses cookies — small text files stored on your device — for the following purposes:
- Essential cookies — required for basic website functionality (session management, navigation). These cannot be disabled.
- Analytics cookies — used to understand how visitors use our website (pages visited, time spent, referral sources). We use anonymised analytics data only. No personal identifiers are stored in analytics cookies.
We do not use advertising, tracking, or third-party profiling cookies. You can control cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.
Your Rights
Subject to applicable law, you have the following rights in relation to your personal data:
- Access — to request a copy of the personal data we hold about you.
- Correction — to request correction of inaccurate or incomplete data.
- Deletion — to request deletion of your personal data, subject to our legal obligations and legitimate interests (e.g., ongoing legal matter, regulatory retention requirements).
- Withdrawal of consent — to withdraw consent for processing based on consent, at any time, without affecting prior processing.
- Objection — to object to processing based on legitimate interests.
- Restriction — to request restriction of processing in certain circumstances.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may require verification of your identity before processing requests.
Children's Privacy
Our website is not directed at children under 18 years of age, and we do not knowingly collect personal data from children. If you believe a child has submitted personal data through this website, please contact us immediately and we will delete such data without delay.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be published on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically. Continued use of our website after publication of changes constitutes acceptance of the revised Policy.
Contact & Complaints
If you have questions, concerns, or complaints about how we handle your personal data, please contact our Privacy Officer:
- Privacy Officer, Advocate Legal Chambers
- Level 14, Nariman Point Tower, Nariman Point, Mumbai 400 021
- Email: [email protected]
- Phone: +91-98765-43210
If you are not satisfied with our response, you may file a complaint with the relevant data protection authority in India or, where applicable, in your jurisdiction.