Candour Legal – Best Lawyers in Ahmedabad | Law firm in Ahmedabad

Menu
+91 72288 88745
en English
enEnglish fr French ru Russian cn Mandarin Chinese

Say Hello,

contact@candourlegal.com
+91 72288 88745
linkedin

Our Practice Area

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy sets out how Candour Legal (“Candour Legal”, “we”, “us”, or “our”) collects, uses, stores, and shares personal data of individuals who visit candourlegal.com or engage with us as clients, prospective clients, or correspondents. This policy is issued in compliance with the Digital Personal Data Protection Act, 2023 (“DPDPA”) and the Information Technology Act, 2000, together with the rules and regulations notified thereunder.

1. Who we are

Candour Legal is a full-service Indian law firm with offices in Ahmedabad, Delhi, and Mumbai. For the purposes of the DPDPA, Candour Legal acts as a Data Fiduciary in respect of personal data we determine the purpose and means of processing for. For enquiries about this policy, please contact us at contact@candourlegal.com.

2. Personal data we collect

We collect personal data in the following categories:

  • Contact details: name, email address, telephone number, and postal address, when you complete a contact form, send us an email, or subscribe to firm updates.
  • Professional information: your job title, organisation, and the nature of your legal enquiry, where you provide this in correspondence.
  • Engagement information: where you engage us as a client, the information necessary to discharge our professional responsibilities, including identification documents, conflict-check data, and matter-related correspondence.
  • Technical data: IP address, browser type, device identifiers, pages visited, and referring URLs, collected automatically via server logs and analytics.
  • Cookies and similar technologies: as described in our cookie practices below.

3. Purposes and lawful basis of processing

We process personal data for the following purposes, on the lawful basis indicated:

  • Responding to enquiries: to reply to contact-form submissions and initial queries. Basis: consent and legitimate-purpose processing under Section 7 of the DPDPA.
  • Client engagement and mandate delivery: to provide legal services under an engagement letter, including conflict checks, matter conduct, invoicing, and archival retention. Basis: performance of the engagement and statutory obligations applicable to advocates under the Advocates Act, 1961 and Bar Council of India Rules.
  • Newsletter and firm updates: to send analytical commentary and firm announcements to those who have subscribed. Basis: consent.
  • Website operation and security: to maintain the availability, integrity, and security of candourlegal.com. Basis: legitimate-purpose processing under Section 7(i) of the DPDPA.
  • Regulatory compliance: to comply with applicable laws, including anti-money-laundering, tax, and professional regulatory obligations. Basis: legal obligation.

4. How we obtain consent

Where processing is based on your consent, we seek that consent through a clear affirmative action before we begin processing, such as your completion of a contact form, newsletter subscription, or initial engagement. In each case we make available, in English, a notice describing the personal data to be processed and the purpose, in the manner required by Section 5 of the DPDPA. You may withdraw consent at any time by writing to contact@candourlegal.com; withdrawal does not affect the lawfulness of processing before the withdrawal, and may result in our inability to continue providing certain services.

5. Sharing of personal data

We do not sell personal data. We share personal data only in the following circumstances:

  • Data Processors: technology service providers who process personal data on our behalf, under written contracts imposing confidentiality and data-protection obligations consistent with the DPDPA. These include email hosting, customer-relationship management, cloud storage, website hosting, and analytics providers.
  • Legal and regulatory authorities: where disclosure is required by law, court order, or a binding regulatory instrument, or where necessary to establish, exercise, or defend legal claims.
  • Co-counsel and experts: on a client matter, where engagement of co-counsel, counsel-to-counsel advice, or expert evidence is appropriate, subject to professional confidentiality obligations.
  • Professional advisors: our own auditors, insurers, and external compliance consultants, under duties of confidentiality.

6. Cross-border transfer

Some of our service providers are located outside India. We transfer personal data to such providers only to jurisdictions that are not restricted under Section 16 of the DPDPA and subject to contractual safeguards equivalent to Indian standards of protection. Where a matter involves foreign counsel or foreign-seated arbitration, cross-border transfer of client personal data is governed by the terms of the engagement letter and any applicable professional confidentiality obligations.

7. Retention

We retain personal data for the period necessary to fulfil the purpose for which it was collected, including for the life of any client matter and for a further period thereafter commensurate with limitation periods, professional archival obligations under the Advocates Act 1961, and any applicable tax or regulatory retention requirements. Contact enquiry data not resulting in an engagement is typically retained for 24 months from the last interaction, unless we are required to retain it longer. Newsletter subscription data is retained while your subscription is active and for 12 months thereafter.

8. Your rights as a Data Principal

Under Section 11 of the DPDPA, you have the following rights in respect of personal data we hold about you:

  • Right to access: to obtain a summary of the personal data processed, the processing activities, and the identities of Data Fiduciaries and Data Processors with whom it has been shared.
  • Right to correction, completion, updating, and erasure: to have inaccurate or incomplete data corrected or completed, and to have data erased where it is no longer necessary for the purpose for which it was collected.
  • Right to grievance redressal: to have a grievance addressed through our grievance officer identified below.
  • Right to nominate: to nominate another individual to exercise these rights in the event of death or incapacity.

To exercise any of these rights, please write to contact@candourlegal.com. We will respond within the period prescribed by the DPDPA and its rules.

9. Cookies

Our website uses cookies and similar technologies for essential site operation, preference storage, analytics, and — where you have consented — marketing purposes. Essential cookies are processed on the basis of legitimate-purpose processing and cannot be disabled without impairing site functionality. Non-essential cookies are set only after you provide consent. You may manage cookie preferences through your browser settings; note that blocking certain cookies may affect site behaviour.

10. Security

We apply reasonable technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, consistent with the reasonable-security-practice standard under Section 43A of the Information Technology Act, 2000 and the obligations of a Data Fiduciary under the DPDPA. No method of transmission or storage is entirely secure; please do not transmit sensitive personal data through unsecured channels.

11. Children

Our services are directed at adult professionals and clients. We do not knowingly collect personal data of children (as defined in Section 2(f) of the DPDPA). If you believe a child has provided us with personal data, please contact us and we will arrange for its deletion.

12. Grievance officer

In compliance with Section 8(10) of the DPDPA and Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, queries, grievances, and rights requests may be addressed to our Grievance Officer:

Candour Legal
Attn: Grievance Officer
Email: contact@candourlegal.com

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in applicable law, our processing practices, or the services we offer. The “last updated” date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

14. Governing law

This Privacy Policy is governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this policy is subject to the exclusive jurisdiction of the courts at Ahmedabad, Gujarat.