Privacy Policy
Last Updated: 23 March 2026
·Version: 2.0
·DPDP Act 2023 Compliant
This Privacy Policy describes how Corpus Juris Legal (“we”, “our”, “the firm”, “Corpus Juris Legal”), a unit of Unified Chambers & Associates, collects, uses, processes, stores, and protects personal data when you visit our website at www.corpusjurislegal.com (“the Website”) or when you engage with us in connection with our legal services.
This Policy is published in compliance with the Digital Personal Data Protection Act 2023 (“DPDP Act”) and the rules made thereunder, and applies to all natural persons whose personal data we process. It should be read alongside our Cookie Policy and Legal Disclaimer.
1. Who We Are — Data Fiduciary
Under the DPDP Act 2023, Corpus Juris Legal acts as the Data Fiduciary in respect of personal data processed through this Website and in connection with our legal services.
Firm Name: Corpus Juris Legal (A unit of Unified Chambers & Associates)
Registered Address: Jeevan Bharati Tower, 1st Floor, Connaught Place, New Delhi – 110 001
Phone: +91 84008 60008
Email: connect@corpusjurislegal.com
Privacy Contact: privacy@corpusjurislegal.com
2. Personal Data We Collect
We collect personal data in the following contexts:
2.1 Data You Provide Directly
- Contact and Enquiry Forms: Name, company name, designation, email address, phone number, the nature of your legal matter, and any details you choose to include in your message.
- Newsletter and Alert Subscriptions: Name, email address, company, and area of interest.
- Resource Downloads: Name and email address when you register to download legal guides or templates.
- Client Portal: Login credentials and associated account information when you access our client portal.
- Correspondence: Any personal data you include in emails, letters, or other communications with the firm.
2.2 Data Collected Automatically
- Usage Data: Pages visited, time on site, browser type, operating system, device type, referring URL, and IP address — collected through privacy-friendly analytics tools.
- Cookies: As described in our Cookie Policy. Essential cookies are set automatically; analytics cookies require your consent.
2.3 Data Relating to Legal Engagements
When you engage us for legal services, we collect additional personal data relevant to your matter — including identity documents, financial information, corporate records, and details of the legal matter — pursuant to a separate client engagement letter which sets out additional data processing terms.
3. Purposes of Processing and Legal Basis
Under the DPDP Act 2023, we process personal data based on the following grounds:
Responding to enquiries and providing information about our services
Basis: Legitimate use — responding to enquiries is a legitimate business interest
Delivering legal services to engaged clients
Basis: Performance of a contract / engagement letter
Sending newsletters, legal alerts, and regulatory updates
Basis: Consent — freely given, specific, informed, and unambiguous
Compliance with legal and regulatory obligations (KYC, anti-money laundering, court orders)
Basis: Compliance with applicable Indian law
Improving our website and understanding how visitors use it
Basis: Consent — for analytics cookies
Preventing fraud and ensuring website security
Basis: Legitimate use — protection of our rights and assets
Managing and maintaining our client portal
Basis: Performance of a contract
4. Sharing of Personal Data
We do not sell personal data to third parties. We may share personal data in the following limited circumstances:
- Service Providers (Data Processors): We engage third-party service providers for website hosting, email delivery, analytics, and CRM functions. These providers act as Data Processors under the DPDP Act and are contractually bound to process personal data only on our instructions and to maintain appropriate security standards.
- Legal and Regulatory Authorities: Where required by Indian law, court order, or regulatory direction, we may disclose personal data to courts, tribunals, law enforcement agencies, and regulatory bodies including SEBI, the RBI, and the Ministry of Corporate Affairs.
- Co-Counsel and Experts: In the context of client matters, we may share relevant personal data with co-counsel, barristers, experts, or other professionals engaged to assist with the matter — subject to appropriate confidentiality obligations.
- Business Transfers: In the event of a merger, acquisition, or dissolution of the firm, personal data may be transferred to a successor entity, subject to equivalent privacy protections.
5. Cross-Border Data Transfers
Where personal data is transferred outside India — for example, in connection with internationally seated arbitrations, cross-border transactions, or cloud service providers with infrastructure outside India — such transfers are made only to countries notified as adequate by the Central Government under the DPDP Act, or subject to appropriate contractual safeguards consistent with the DPDP Act and applicable RBI and SEBI data localisation requirements.
Our primary data infrastructure is hosted in India. Where overseas transfers occur, we document and maintain records consistent with our obligations as a Data Fiduciary.
6. Data Retention
Enquiry and Contact Data: Retained for up to 3 years from the date of enquiry, unless an attorney-client relationship is established.
Client Matter Data: Retained for a minimum of 7 years following the conclusion of the matter, in compliance with professional obligations under the Bar Council of India Rules and applicable regulatory requirements. Longer retention may apply where required by statute or regulation.
Newsletter Subscribers: Retained until you unsubscribe. You may unsubscribe at any time using the link in any communication or by contacting us at privacy@corpusjurislegal.com.
Analytics Data: Retained in aggregated, anonymised form. Raw analytics data is retained for no more than 24 months.
7. Your Rights Under the DPDP Act 2023
As a Data Principal under the DPDP Act 2023, you have the following rights in respect of your personal data processed by us:
Right to Access
Request a summary of your personal data being processed by us and the processing activities.
Right to Correction
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request erasure of personal data where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations.
Right to Grievance Redressal
Make a grievance in respect of any act or omission of ours in relation to the protection of your personal data. We will respond to grievances within 72 hours of receipt.
Right to Withdraw Consent
Where we process your data on the basis of consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Nominate
Nominate an individual who shall, in the event of your death or incapacity, exercise your rights under the DPDP Act on your behalf.
To exercise any of these rights, contact our Privacy Officer at privacy@corpusjurislegal.com. We will respond within the timeframes prescribed by the DPDP Act.
8. Security of Personal Data
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:
- TLS encryption for all data in transit
- Access controls restricting personal data to authorised personnel only
- Regular security assessments of our systems and service providers
- Incident response procedures aligned with CERT-In reporting obligations
- Staff training on data protection obligations
In the event of a personal data breach that is likely to result in harm to Data Principals, we will notify the Data Protection Board of India and affected individuals as required by the DPDP Act.
9. Cookies
We use essential cookies to operate the Website and, with your consent, analytics cookies to understand website usage. Full details of the cookies we use, their purposes, and how to manage them are set out in our Cookie Policy.
10. Third-Party Links
Our Website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies. This Policy applies only to personal data we process.
11. Children's Data
Our Website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will delete it promptly. If you believe we have collected data from a child, please contact us at privacy@corpusjurislegal.com.
12. Changes to This Policy
We may update this Policy from time to time to reflect changes in applicable law, our business practices, or regulatory guidance. When we make material changes, we will update the “Last Updated” date at the top of this Policy. Where required by law, we will notify you of changes by email or by prominent notice on the Website. Your continued use of the Website after any update constitutes acceptance of the revised Policy.
13. Grievances and Data Protection Board
If you wish to make a grievance regarding our processing of your personal data, contact our Privacy Officer at privacy@corpusjurislegal.com. We will acknowledge your grievance within 24 hours and resolve it within 72 hours where possible.
If you are not satisfied with our response, you have the right to make a complaint to the Data Protection Board of India once it is established under the DPDP Act 2023.
14. Contact
For any questions about this Privacy Policy or our data processing practices, please contact:
Privacy Officer
Corpus Juris Legal (A unit of Unified Chambers & Associates)
Jeevan Bharati Tower, 1st Floor, Connaught Place, New Delhi – 110 001
Email: privacy@corpusjurislegal.com
Phone: +91 84008 60008