Privacy Policy

White & Brief – Advocates & Solicitors (the “Firm”) is committed to protecting your privacy and has adopted this Privacy Policy (“Policy”) to outline the manner in which we collect, use, disclose, and safeguard your information when you visit our website, https://whiteandbrief.com, or access our services via associated platforms or mobile applications (collectively, the “Website”).

This Policy is published in compliance with:

  • Section 43A of the Information Technology Act, 2000 (“IT Act”);
  • Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); and
  • Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.

Please read this Policy carefully to understand our views and practices regarding your Personal Information and how we will treat it.

General

  1. This Policy governs your use of the Website and any content, information, or services accessible through it. Our obligations regarding client confidentiality and privileged information are governed by the terms of engagement applicable to each client relationship.
  2. By accessing or using the Website, or by otherwise providing us with your information, you confirm that you are legally competent to enter into a binding contract and have read and agreed to the practices outlined in this Policy.
  3. If you do not agree with this Policy, in part or whole, we request that you do not access or use the Website.

Information We Collect and Store

We may collect the following types of information (“Personal Information”) during your use of the Website or through offline interactions with the Firm:

  • Contact information: Name, title, email, postal address (home and business), phone number, etc.;
  • Business information: Instructions, project details, payment information, and related correspondence;
  • Login credentials: Passwords for our services or platforms;
  • Public and third-party data: Information from public records, integrity databases, or credit agencies;
  • Legal data: Details of litigation or regulatory matters relevant to our engagement or compliance obligations;
  • Event data: Dietary or accessibility needs (with your consent) for in-person events or seminars;
  • Recruitment data: Information voluntarily provided in connection with employment applications;
  • Other preferences or voluntary data you provide;
  • Visit records: When you attend our offices or engage with us in person.

Your Personal Information will be retained for as long as necessary to fulfil the Permitted Purposes or as required by applicable law. Once no longer necessary, we will delete or anonymise the data in a secure manner.

Legal Basis for Processing

Depending on the purpose for which we use your Personal Information, the legal basis may include:

  • Performance of a contract or client engagement;
  • Compliance with legal obligations;
  • Legitimate interest of the Firm or a third party;
  • Your explicit consent (where required).

Use of Personal Information

We may use your Personal Information for the following purposes (“Permitted Purposes”):

  • To provide legal services, advice, or products requested by you or your organisation;
  • To manage and administer your relationship with the Firm, including billing and communication;
  • To comply with legal or regulatory obligations (e.g., KYC, AML, antitrust, sanctions compliance);
  • To improve our services, technology platforms, or communications;
  • To ensure the security of our infrastructure and prevent unlawful activity;
  • For internal administrative or audit purposes;
  • To support marketing, business development, and event communications, with your consent.

We will not use your Personal Information to make automated decisions about you without your explicit consent.

Disclosure of Personal Information

  • We do not sell or rent Personal Information. We may share your information in the following circumstances:
  • With authorised partners, consultants, vendors, or service providers, bound by confidentiality obligations;
  • With courts, regulators, enforcement agencies, or authorities when legally required or to exercise legal rights;
  • With clients, where relevant to a legal matter involving you or your organisation;
  • In response to lawful requests or in good faith to protect rights, safety, or public interest;
  • In connection with potential business transactions or internal restructuring.

Security Measures

We implement reasonable security measures, including those prescribed under the SPDI Rules, to protect your Personal Information from unauthorised access, disclosure, or destruction. These measures include:

  • Access controls and confidentiality obligations for employees and third parties;
  • Encryption and secure storage;
  • Periodic audits and internal protocols.

You acknowledge that transmission of data over the internet is not completely secure and agree not to hold the Firm responsible for any unauthorised disclosure unless caused by gross negligence or wilful misconduct on our part.

Your Rights

You have the right to:

  • Access or review the Personal Information we hold about you;
  • Request corrections or updates to your information;
  • Withdraw your consent (where applicable), which will apply prospectively;
  • Request deletion of your information, subject to applicable legal or contractual obligations.

To exercise these rights, you may write to us at: info@whiteandbrief.com

Cross-Border Data Transfers

Your Personal Information may be stored or processed outside India in jurisdictions with differing data protection standards. Where we transfer data internationally, we will ensure appropriate safeguards are in place, including contractual protections.

Third-Party Sites and Services

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of such third parties and encourage you to review their privacy policies independently.

Modifications

We may update this Policy from time to time to reflect changes in technology, law, or our operations. Significant changes will be communicated where possible, but you are encouraged to review this page periodically.

Force MajeureThe Firm shall not be liable for any breach of security or loss of data arising due to events beyond its control, including but not limited to natural disasters, war, cyberattacks, network failures, or governmental actions (“Force Majeure Events”).