LEGAL

Privacy Policy

Privacy and Data Sovereignty Policy

Effective Date: 26 March 2026

Data Controller: Indian Attorneys Ltd

Data Controller & Fiduciary: Indian Attorneys Ltd (Trading as "Indian Attorneys UK")

1. Overview and Scope

1.1. Executive Commitment

Indian Attorneys Ltd ("the Company," "IA UK," "we," "our") is committed to the highest standards of data sovereignty and privacy for our global clientele. This Policy governs the lifecycle of personal and sensitive legal data processed via www.indianattorneysuk.com (the "Platform").

1.2. Jurisdictional Compliance

This Policy is designed to comply simultaneously with the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018, and the Digital Personal Data Protection (DPDP) Act 2023 of India.

2. Data Controller and Fiduciary Identification

Entity Name: Indian Attorneys Ltd

Registered Office: The Bristol Office, 2nd Floor, 5 High Street, Westbury on Trym, Bristol, BS9 3BY, UK

Data Protection Officer (DPO) Email: indianattorneys.uk@gmail.com

Regulatory Status: IA UK acts as a Data Controller in the United Kingdom and a Significant Data Fiduciary (where applicable) under Indian legal frameworks.

3. Taxonomy of Data Collected

To facilitate cross-border legal solutions and AI-driven matching, we process the following:

  • 3.1. Identity & KYB/KYC Data: Full legal name, date of birth, nationality, and high-resolution copies of passports, OCI cards, or Aadhaar details.
  • 3.2. Sensitive Legal Intelligence: Court filings, property titles, inheritance records, family law briefs, and evidentiary materials uploaded to our Secure Vault.
  • 3.3. Algorithmic Input Data: Information provided by the User to the AI Matching Engine, including case summaries and specific legal requirements.
  • 3.4. Financial & Escrow Data: Encrypted transaction tokens, billing history, and escrow status. Note: We utilize PCI-DSS compliant gateways and do not store raw card nomenclature.
  • 3.5. Technical Metadata: IP addresses, device forensics, and interaction logs with the AI interface.

4. The AI Data Protocol

4.1. Purpose of AI Processing

IA UK utilizes proprietary AI models to analyze User inputs for the sole purpose of identifying optimal matches within our Verified Attorney Network.

4.2. Data Minimization

Our AI processes data on a "Need-to-Know" basis. Where feasible, sensitive identifiers are masked during the algorithmic matching phase.

4.3. Human-in-the-Loop

Consistent with UK GDPR Article 22, IA UK does not utilize purely automated decision-making that produces a legal effect. AI outputs serve as strategic recommendations, subject to human oversight by our consultants.

5. Legal Basis for Processing

We process data under the following lawful mandates:

PurposeUK GDPR BasisIndian DPDP 2023 Basis
Service FacilitationContractual NecessityConsent / Certain Legitimate Uses
Legal Due DiligenceLegal ObligationCompliance with Law
AI Lawyer MatchingExplicit ConsentSpecified Purpose Consent
Escrow ManagementPerformance of ContractTransactional Fulfillment
Platform SecurityLegitimate InterestsData Protection Integrity

6. Trans-Border Data Sovereignty (UK -- India)

6.1. The Cross-Border Bridge

To resolve Indian legal matters, data must be transferred to the Republic of India.

6.2. Safeguards

Such transfers are strictly governed by Standard Contractual Clauses (SCCs) and the International Data Transfer Agreement (IDTA).

6.3. Data Processor Oversight

Every Indian Attorney in our network is contractually bound to IA UK's Data Processing Addendum (DPA), ensuring that data handled in India receives protections equivalent to UK statutory requirements.

7. The Secure Vault & Technical Security

7.1. Encryption Standards

All data is protected by AES-256 bit encryption at rest and TLS 1.3 encryption in transit.

7.2. The Vault Architecture

Our document repository utilizes role-based access control (RBAC). Only the designated Network Attorney, upon your explicit instruction, is granted a time-limited key to view sensitive case files.

7.3. Cyber Resilience

We perform quarterly vulnerability assessments and utilize ISO 27001-compliant cloud infrastructure.

8. Data Retention and Disposal

  • Case Files & Document Vault: Retained for 6 years following the closure of the matter or termination of the account.
  • Financial & Escrow Records: Retained for 7 years to satisfy HMRC and statutory audit requirements.
  • AI Interaction Logs: Anonymized after 12 months for system optimization.

9. Your Statutory Rights

Under the UK GDPR and the Indian DPDP Act, you possess the following irrevocable rights:

  • Right to Access & Portability: Request a structured digital copy of your entire Vault.
  • Right to Correction: Rectify inaccuracies in your legal or identity profiles.
  • Right to Erasure (The "Right to be Forgotten"): Request deletion of data, subject to mandatory legal retention periods.
  • Right to Withdraw Consent: You may cease AI processing at any time by closing your active inquiry.

10. Third-Party Disclosures

We do not sell, rent, or trade your personal data. Disclosure is limited to:

  • Verified Network Attorneys: Only after your explicit match and consent.
  • Escrow Providers: For the secure processing of professional fees.
  • Judicial/Regulatory Bodies: Only when compelled by a valid court order or statutory requirement in the UK or India.

11. Contact and Complaints

For all data-related inquiries or to exercise your rights:

Data Protection Officer

Indian Attorneys Ltd

Email: indianattorneys.uk@gmail.com

You also have the right to lodge a complaint with:

  • UK: Information Commissioner's Office (ICO) | www.ico.org.uk
  • India: Data Protection Board of India (under the DPDP Act).