Privacy Policy | Abhilash Sontake & Associates | Abhilash Sontake & Associates

1. Introduction & Applicability

Abhilash Sontake & Associates (hereinafter referred to as "the Firm", "we", "us", or "our") operates as a premier Indian litigation firm. We are deeply committed to maintaining the confidentiality, integrity, and security of personal data entrusted to us by our clients, prospective clients, employees, and visitors to our digital platforms.

This Privacy Policy is published in accordance with the provisions of the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian privacy frameworks. It articulates our rigorous protocols regarding the collection, use, processing, and protection of digital personal data.

By accessing our website (www.abhilashassociates.in) or engaging our legal services, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

2. Interpretation & Definitions

In alignment with Section 2 of the DPDPA, 2023, the following terms shall have the meanings ascribed to them below:

"Data Fiduciary" refers to Abhilash Sontake & Associates, which determines the purpose and means of processing personal data.
"Data Principal" refers to the individual to whom the personal data relates.
"Personal Data" implies any data about an individual who is identifiable by or in relation to such data.
"Processing" means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.
"Consent Manager" refers to a person registered with the Data Protection Board of India, acting as a single point of contact to enable a Data Principal to give, manage, review, and withdraw her consent.

3. Notice & Consent Framework

The Firm operates strictly on the principles of clear, informed, and unambiguous consent, except where processing is mandated under certain legitimate uses as prescribed by law.

3.1 Notice

Before or at the time of collecting personal data, we provide Data Principals with clear notice detailing the personal data to be collected and the specific purpose for which it will be processed, accompanied by the contact details of our Data Protection Officer/Grievance Officer.

3.2 Consent

Personal data is processed solely upon the receipt of affirmative, free, specific, informed, unconditional, and unambiguous consent. Where the Data Principal is a child or a person with a disability, explicit, verifiable consent is obtained from the parent or lawful guardian in accordance with the DPDPA.

3.3 Withdrawal of Consent

Data Principals reserve the absolute right to withdraw their consent at any time. The withdrawal of consent shall not affect the legality of processing of the personal data based on consent before its withdrawal. Upon withdrawal, the Firm shall, within a reasonable time, cease and cause its Data Processors to cease processing the personal data unless such processing without consent is authorized under the DPDPA or any other prevailing law.

4. Categories of Personal Data

In the course of providing comprehensive legal services, the Firm may collect the following categories of personal data:

Identity Data: Full name, date of birth, gender, nationality, passport details, PAN, Aadhar details (where legally required or voluntarily provided for specific mandates), and bar registration numbers (for opposing counsel/peers).
Contact Data: Residential and professional addresses, email addresses, telephone/mobile numbers.
Financial Data: Bank account details, billing addresses, and tax-related information necessary for processing retainers and disbursements.
Case-Specific Data: Highly sensitive commercial, personal, or proprietary information necessary for the provision of legal advice, litigation strategy, or representation before judicial forums.
Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform used to access our digital properties.

5. Purpose of Processing

The Firm strictly limits the processing of personal data to the explicit purposes for which it was collected, which include:

Providing expert legal representation, advisory, and counsel.
Fulfilling our obligations under the Advocates Act, 1961, and the Bar Council of India Rules regarding client confidentiality and conflict-of-interest checks.
Processing billing, payments, and financial reconciliations.
Complying with statutory, regulatory, and judicial obligations, including directives from the High Courts or the Supreme Court of India.
Protecting the vital interests of the Data Principal during medical emergencies or disaster situations, as provisioned under legitimate uses of the DPDPA.

6. Data Minimization & Retention

The Firm strictly adheres to the principle of data minimization, collecting only such data as is absolutely necessary for the specified purpose.

We shall erase personal data, upon the Data Principal withdrawing her consent or as soon as it is reasonable to assume that the specified purpose is no longer being served, whichever is earlier. However, the Firm reserves the right to retain certain data beyond this period where such retention is strictly mandated by Indian law, judicial order, or for the establishment, exercise, or defense of legal claims.

7. Information Security Measures

Recognizing the critical sensitivity of legal data, the Firm implements robust technical and organizational measures (TOMs) to safeguard personal data against unauthorized access, accidental loss, alteration, or unlawful disclosure.

These measures include end-to-end encryption of sensitive digital communications, restricted access controls on a "need-to-know" basis, secure physical storage protocols for litigation files, and periodic vulnerability assessments of our IT infrastructure. Our security protocols are designed to prevent any personal data breach and adhere strictly to the compliance mandates of the Data Protection Board of India.

8. Disclosure & Cross-Border Transfer

8.1 Third-Party Disclosure

The Firm does not sell, rent, or trade personal data. Data may be disclosed to Data Processors (e.g., specialized legal tech vendors, secure cloud hosting providers, or external senior counsel) only under a valid contract ensuring that such processors apply equivalent or superior security standards.

8.2 Judicial & Statutory Disclosure

We may disclose personal data to courts, tribunals, law enforcement agencies, or regulatory authorities when compelled by a valid legal process, judicial order, or statutory requirement.

8.3 Cross-Border Transfers

Any transfer of personal data outside the sovereign territory of India shall be conducted strictly in accordance with notifications issued by the Central Government under the DPDPA, ensuring the destination jurisdiction affords an adequate level of data protection.

9. Rights of the Data Principal

Under the DPDPA, 2023, you hold the following rights over your personal data:

Right to Access: The right to obtain a summary of personal data processed by the Firm, including the underlying processing activities and identities of all Data Fiduciaries/Processors with whom data has been shared.
Right to Correction & Erasure: The right to request the correction of inaccurate or misleading data, the completion of incomplete data, the updating of personal data, and the erasure of data that is no longer necessary for the specified purpose.
Right of Grievance Redressal: The right to have any grievances regarding the processing of personal data readily addressed.
Right to Nominate: The right to nominate any other individual, who shall, in the event of the Data Principal's death or incapacity, exercise the rights of the Data Principal in accordance with the law.

To exercise these rights, Data Principals may direct their requests in writing to our Grievance Officer.

10. Cookies & Digital Tracking

Our digital platforms may utilize cookies and similar tracking technologies strictly to facilitate site functionality, enhance user experience, and generate anonymized aggregate analytical data. We do not utilize intrusive tracking mechanisms for targeted advertising. Users may configure their browser settings to decline cookies; however, this may impair the full functionality of the website.

11. Grievance Redressal Mechanism

In compliance with the DPDPA, 2023, the Firm has appointed a Grievance Officer / Data Protection Officer to address any queries, concerns, or requests regarding the processing of personal data.

Grievance Officer: Principal Legal Counsel

Entity: Abhilash Sontake & Associates

Address: Hyderabad, Telangana, India

Email: contact@abhilashassociates.in

Phone: +91 91212 16003

Grievances shall be acknowledged and resolved within the statutory timelines prescribed under the Act. Should a Data Principal remain unsatisfied with our resolution, they hold the right to appeal to the Data Protection Board of India.