PRIVACY POLICY

Last Updated: December 23, 2025

1. INTRODUCTION

ASK LEGAL – Advocates & Legal Consultants (“Firm“, “We“, “Us“, or “Our“) is committed to protecting the privacy and security of your personal data. This Privacy Policy (“Policy“) outlines how we collect, use, process, store, and disclose your information when you access our website (the “Platform“), engage our legal services, or interact with us.

By accessing our Platform or providing your information, you consent to the practices described in this Policy. This Policy adheres to the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules“), and the Digital Personal Data Protection Act, 2023 (“DPDP Act“), and is designed to ensure compliance with the principles and requirements established under the Digital Personal Data Protection Rules, 2025.

Definitions

For the purposes of this Privacy Policy:

• “Data Fiduciary”: ASK LEGAL acts as a data fiduciary as defined under the DPDP Act, responsible for determining the purposes and means of processing personal data.
• “Data Principal”: You are the data principal as defined under the DPDP Act—any individual to whom personal data relates and who is identifiable from such data.
• “Personal Data”: Any information relating to a data principal, including data collected online or offline, which may be digitised and processed in connection with our services. This includes but is not limited to name, contact details, professional information, case-specific information, financial records, and technical data.
• “Sensitive Personal Data”: Personal data relating to passwords, financial information, medical records, biometric data, or any other data category designated as “sensitive” under applicable law.

2. INFORMATION WE COLLECT

We collect different types of information to provide legal services and improve your experience:

1. Information You Provide Voluntarily

• Personal Identity Data: Name, age, gender, date of birth, and nationality.
• Contact Details: Email address, mobile number, residential address, and office address.
• Professional Details: Job title, organization/employer, and professional background. This information may be collected if you apply for a position via our Careers section.
• Client Information: Information relevant to your legal matters, which may include sensitive personal data such as financial information, medical records, litigation history, government identification numbers (Aadhaar, PAN), and case-specific details provided for the purpose of legal representation and advice.

1. Information Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type, operating system, device type, time zone setting, and unique device identifiers.
• Usage Data: Details of your visits to our Platform, including pages accessed, time spent on the Platform, traffic data, location data (if enabled), and server logs.
• Cookies and Similar Technologies: As detailed in Section 8, we may use cookies, pixels, tags, and similar technologies to enhance your experience.

3. HOW WE USE YOUR INFORMATION

We process your data only for lawful purposes and on the basis of:

• Your explicit or implied consent;
• Legal obligation;
• Protection of vital interests;
• Performance of contract; or
• Legitimate interests in the context of providing legal services.

Specific Purposes of Processing

1. Legal Services: To provide legal advice, representation, consultancy services, case management, and correspondence as requested by you or as necessary to fulfill our engagement with you.
2. Communication: To respond to your inquiries, send legal alerts, newsletters, practice updates, or other communications (only if you have opted in). You may unsubscribe from such communications at any time by using the unsubscribe link provided in emails or by contacting us directly.
3. Recruitment: To process job applications, internship applications, and candidate evaluations.
4. Compliance and Legal Obligations: To fulfill our legal and regulatory obligations, including Know Your Customer (KYC) verification, anti-money laundering (AML) compliance, compliance with court orders, regulatory investigations, and adherence to Bar Council of India rules.
5. Website Optimization and Analytics: To analyze website traffic, user behavior patterns, and improve the Platform’s user experience using non-identifiable, aggregated data.
6. Data Protection and Security: To detect, prevent, and address fraud, abuse, and security incidents.

Legal Basis for Processing

As a data fiduciary under the DPDP Act, we process personal data on the basis of:

• Your Consent: Free, specific, informed, unconditional, and unambiguous consent demonstrated through clear affirmative action (such as explicit checkbox consent or submission of forms).
• Reasonably Expected Processing: Processing that you would reasonably expect in the course of providing legal services and legal advice.
• Legal Compliance: Processing required to comply with law, court orders, regulatory requirements, or government authorities.
• Data Accuracy and Completeness: We make reasonable efforts to ensure that your personal data is accurate, complete, and up-to-date. Should you identify any inaccuracies, please notify us immediately.

Mandatory Breach Notification and Security Incident Management

In accordance with the DPDP Act and DPDP Rules, 2025, we maintain a commitment to data protection and breach management:

• We implement reasonable security safeguards to protect your personal data.
• In the event of a personal data breach affecting your personal data, we shall:
  • Notify you immediately (without undue delay) with details of the breach, its nature, consequences, and steps being taken for mitigation.
  • Notify the Data Protection Board of India within 72 hours from the time we become aware of the breach, or within such extended timeframe as the Board may permit.
  • Maintain records of all security incidents and breaches for regulatory purposes.

4. DISCLOSURE OF INFORMATION

We maintain strict confidentiality of your information and are bound by professional privilege where applicable under Indian law. We do not sell, rent, or lease your personal data to third parties for marketing purposes.

Limited Circumstances for Information Sharing

However, we may share your information in the following limited circumstances:

• Service Providers and Vendors: With trusted third-party vendors and service providers (such as IT support, cloud hosting providers, auditors, accountants, and document management service providers) who are engaged under written agreements ensuring that they:
  • Process your personal data only on our instructions;
  • Maintain confidentiality and security standards comparable to ours;
  • Are bound by confidentiality agreements;
  • Do not disclose your data for any other purpose.
• Legal Requirement and Regulatory Compliance: With courts, tribunals, regulatory authorities, law enforcement agencies, government bodies, or the Data Protection Board of India when:
  • Required by law, court order, or government directive;
  • Necessary to protect our legal rights, property, or safety;
  • Necessary to investigate or prevent unlawful activity.
• Professional Partners: With other legal counsel, arbitrators, mediators, court-appointed experts, or other professionals solely for the purpose of representing you in a legal matter, dispute resolution, or arbitration proceedings.
• Third-Country Transfers: Where personal data is shared with recipients located outside India, we ensure such transfers are:
  • Contractually authorized and permitted by applicable law;
  • Subject to appropriate safeguards and technical measures ensuring data protection equivalent to Indian legal standards;
  • Only undertaken with your explicit consent where required, or for legal compliance.

Data Protection for Shared Information

We disclose sensitive personal data or information to third parties only:

• With your prior written consent, or
• Where such disclosure is required by law, court order, or regulatory authority, and
• Only to entities that ensure the same level of data protection as required under the SPDI Rules, 2011 and the DPDP Act, 2023.

5. DATA SECURITY

We are committed to protecting your personal data through reasonable and appropriate security practices and procedures. In accordance with the SPDI Rules, 2011 and the DPDP Rules, 2025, we have implemented:

Security Measures

• Encryption and Data Protection: Use of secure servers, encryption protocols (such as SSL/TLS), and data masking for sensitive information.
• Access Controls: Restricted access to confidential client data limited to authorized personnel on a “need-to-know” basis, with role-based access controls and regular access audits.
• Activity Logging and Monitoring: Continuous logging and monitoring of data access and modifications; maintenance of access logs for a minimum of one year to facilitate breach detection and incident investigation.
• Data Backup and Continuity: Verified backup systems and disaster recovery procedures to ensure data availability and business continuity.
• Security Clauses in Contracts: All contracts with third-party processors and service providers include mandatory data protection and security clauses.

Security Assurance

Our security practices and procedures are reviewed and updated periodically and are designed to comply with Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as amended from time to time, and with the requirements of the DPDP Rules, 2025.

Important Disclaimer on Internet Security

While we strive to protect your personal data using industry-standard security measures, no transmission over the internet is completely secure. You acknowledge and accept that:

• Transmission of information via the internet carries inherent risks.
• We cannot guarantee absolute security of your data.
• You transmit information to us at your own risk.
• We are not liable for any unauthorized access to or use of your personal data that occurs due to factors beyond our reasonable control.

6. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to:

• Our legal and regulatory obligations (including those under the Bar Council of India rules, Indian Penal Code, Code of Civil Procedure, Code of Criminal Procedure, tax laws, and applicable statutes of limitation).
• Professional record-keeping and archival requirements.
• Litigation holds or preservation orders issued by courts or authorities.

Once the purpose for which data was collected is fulfilled and retention is no longer legally necessary, we endeavour to securely erase, anonymise, or pseudonymize your personal data in accordance with the DPDP Act and applicable legal standards. However, certain data may be retained for longer periods due to professional obligations or legal requirements.

7. YOUR RIGHTS

As a data principal under the DPDP Act, 2023, you have the following rights regarding your personal data:

Right to Access

You may request a summary or copy of the personal data we hold about you, including:

• Categories of personal data being processed.
• Purposes for which your data is being processed.
• Identities of recipients or categories of recipients with whom your data has been shared.
• Retention period for your data.
• Any other information you are entitled to under applicable law.

How to Exercise: Submit a written request to our Grievance Officer (details in Section 11) with proof of identity. We will respond within one month.

Right to Correction and Completeness

You may request correction, updating, or completion of inaccurate, incomplete, or out-of-date personal data. We will correct such data and notify recipients to whom incorrect data was shared, unless legally or technically infeasible.

How to Exercise: Contact our Grievance Officer with details of the inaccuracy and supporting evidence.

Right to Erasure

Subject to applicable law and professional obligations, you may request erasure of your personal data that is:

• No longer necessary for the purposes for which it was collected.
• Being processed without a valid legal basis.
• Retained in violation of applicable legal standards.

We will erase such data within a reasonable period, subject to exceptions for legal compliance, litigation holds, and professional obligations.

How to Exercise: Submit a written erasure request to our Grievance Officer. We will respond within one month.

Right to Withdraw Consent

You may withdraw your consent for processing your personal data at any time by notifying us in writing. Such withdrawal will not affect the lawfulness of processing prior to the withdrawal.

Important Notice: Withdrawal of consent may affect our ability to provide legal services to you or may result in termination of our engagement.

How to Exercise: Contact our Grievance Officer in writing to withdraw consent.

Right to Opt-Out of Communications

You may opt out of receiving newsletters, marketing alerts, practice updates, and non-essential communications at any time by:

• Clicking the “Unsubscribe” link at the bottom of any email communication.
• Contacting our Grievance Officer directly.

Essential communications related to your legal matter will continue until your matter is concluded.

Right to Nominate

You may nominate another individual to exercise your data principal rights in the event of your death or legal incapacity, in the manner prescribed under applicable law. Please contact our Grievance Officer for nomination procedures.

Right to Grievance Redressal

You have the right to lodge a grievance with our Grievance Officer (details in Section 11) regarding any mishandling, violation, or concern related to your personal data or our privacy practices.

8. COOKIES POLICY

Our Platform may use “cookies” (small text files stored on your device) and similar technologies (such as pixels, beacons, and tags) to enhance your experience and collect usage information.

Types of Cookies and Technologies We Use

• Analytics and Performance: We use tools such as Google Analytics to understand how users navigate our Platform, which pages are visited, user engagement patterns, and overall traffic trends.
• Functionality Cookies: These enable us to remember your preferences, language settings, and login information to improve your experience on subsequent visits.
• Security Cookies: These help detect and prevent fraud, unauthorized access, and other security threats.

Third-Party Tools and Services

Our Platform may integrate with third-party services and tools that may also place cookies or collect usage data, including:

• Analytics platforms (e.g., Google Analytics).
• Web hosting and content delivery networks.
• Chat and customer support widgets (if applicable).
• Email service providers.

Your Cookie Choices

• Control Through Browser Settings: You can choose to accept or decline cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being set.
• Limitations: Disabling cookies may limit or affect the functionality of certain features on our Platform.
• Third-Party Opt-Out: For analytics and advertising cookies, you may opt out through the platforms’ own opt-out mechanisms.

We recommend that you review your browser’s privacy settings to understand your cookie options.

Data Subject to International Transfer

Where personal data is collected through our Platform and processed on servers or cloud infrastructure located outside India, we ensure that such processing is subject to:

• Appropriate contractual safeguards (such as Standard Contractual Clauses or Binding Corporate Rules where applicable).
• Technical and organizational measures ensuring data protection equivalent to Indian legal standards.
• Compliance with India’s data localization requirements where notified by the Central Government.

9. THIRD-PARTY LINKS

Our Platform may contain hyperlinks to third-party websites, legal databases, government portals, and external resources (including courts’ websites, government e-filing portals, legal research databases, etc.).

Important Disclaimer

• We are not responsible for the privacy practices, content, or data handling policies of these external websites.
• Third-party websites operate under their own privacy policies, which may differ significantly from ours.
• We do not endorse or warrant the accuracy, completeness, or security of information on third-party sites.

Your Responsibility

We encourage you to carefully review the privacy policies and terms of service of any third-party website before providing your personal data or using their services.

10. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time to:

• Reflect changes in applicable law or regulatory requirements.
• Update our data handling practices.
• Improve clarity or completeness of disclosures.
• Respond to technological developments or security concerns.

The “Last Updated” date at the top of this page will indicate the latest revision. Material changes will be communicated to you via email or a prominent notice on our Platform, with a reasonable notice period before the changes become effective.

Your continued use of the Platform after such updates constitutes your acceptance of the revised Privacy Policy.

11. GRIEVANCE OFFICER AND CONTACT INFORMATION

In accordance with the Information Technology Act, 2000, the SPDI Rules, 2011, and the DPDP Act, 2023, we have appointed a Grievance Officer to address your privacy concerns, grievances, and data subject requests.

Grievance Officer Details

Field	Details
Name	Kapil Banati
Designation	Grievance Officer
Email Address	info@asklegal.in
Phone Number	+91-11-49029605
Office Address	N-20, Basement, Jangpura Extension, New Delhi – 110014

 

Grievance Handling Process

• Acknowledgment: We will acknowledge receipt of your grievance within 7 days.
• Response Timeline: We will endeavour to address and respond to your grievance within one month from the date of receipt, or within such time as may be prescribed under applicable law.
• Escalation: If you are dissatisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act, 2023.

How to Contact Us

For privacy-related queries, data subject requests, or grievances, please contact:

Email: info@asklegal.in
Phone: +91-11-49029605
Address: N-20, Basement, Jangpura Extension, New Delhi – 110014

12. DISCLAIMER

This Privacy Policy does not create a lawyer-client relationship. As per the rules of the Bar Council of India, specifically Rule 36 and related rules governing professional conduct, we are not permitted to solicit work or engage in direct advertising.

By accessing this website or communicating with us through this Platform, the user acknowledges that:

• The information provided on this website is for informational purposes only.
• This website and its contents do not constitute solicitation, advertising, legal advice, or an offer to provide legal services.
• Viewing this website, registering, or communicating with the Firm through this Platform does not create an advocate-client relationship unless and until there is a formal written engagement/retainer executed between you and the Firm.
• Users are advised to seek independent legal advice before acting on any information herein.
• We reserve the right to decline representation in any matter.

13. ACKNOWLEDGMENT

By using our Platform and accessing this Privacy Policy, you acknowledge that you have read, understood, and agree to be bound by the terms and conditions set forth herein. If you do not agree with any aspect of this Privacy Policy, please do not use our Platform or provide us with your personal data.