Privacy & Data Protection Policy for Josh and Mak International (Updated August 2023)
Introduction
At Josh and Mak International, we prioritize the protection of your privacy and the security of your personal data. This Privacy Policy (hereinafter referred to as the “Privacy Policy”) outlines how we process and safeguard your personal data, clarifies your rights, and provides essential information about the handling of your personal data.
Definition of Personal Data
In this Privacy Policy, the term “personal data” (hereinafter referred to as “Personal Data”) refers to any information or set of information through which we may directly or indirectly identify you. This may include details such as your name, surname, e-mail address, telephone number, and more.
Legal Regimes and Data Protection Compliance
When processing your Personal Data, we adhere mainly to the provisions of the General Data Protection Regulation No. 2016/679 (GDPR) and other relevant international data protection standards, including Pakistan’s current data protection legislation and the Data Protection Bill (2023).
Scope of Application
This Privacy Policy applies to various situations, including but not limited to when you:
- Visit our website.
- Interact with our social network accounts on platforms such as Facebook and LinkedIn (hereinafter referred to as “Social Network Accounts”).
- Engage our legal services or enter into a legal services agreement with us.
- Register with us or provide goods or services to us.
- Contact us through phone, e-mail, WhatsApp, or other communication channels for inquiries or legal advice.
- Apply for a job position offered by Josh and Mak International.
External Website Links
Our website may contain links to external websites, including those of our business partners or websites promoting our services. Please be aware that these external websites have their own separate privacy policies, and this Privacy Policy does not apply to them. Before providing your Personal Data to these external websites or using their services, we recommend reviewing their privacy policies.
Changes to the Privacy Policy
This Privacy Policy is subject to change. Therefore, we advise you to periodically visit our website to review the latest version of the Privacy Policy.
Identity of the Data Controller
The controller of your Personal Data is Josh and Mak International Law Firm. As the data controller, we manage and operate the Website and Social Network Accounts. We act as the controller to process your Personal Data while offering and providing our Services and ensuring compliance with legal requirements.
Collection of Personal Data
We collect your Personal Data through the following means:
When you provide Personal Data directly to us, such as when you enter into agreements, receive our Services, participate in events organized by us, contact us via e-mail or phone, subscribe to our newsletter, etc.
When we automatically collect your Personal Data during your use of the Website and Social Network Accounts, such as your IP address, browsing history on the Website, link interactions, etc.
When we receive Personal Data from other sources, such as public registers, state or local government institutions, partner entities, or other third parties, including payment institutions.
When your Personal Data is provided to us by your relatives, acquaintances, or companies (employers) with your consent or as an authorized person.
Purpose of Processing Personal Data
We process your Personal Data for the following purposes:
- To offer and provide you with our Services.
- To fulfill our contractual obligations with you.
- To pursue our legitimate interests or those of third parties, in compliance with applicable legal requirements.
Accuracy and Responsibility of Personal Data
You are responsible for providing accurate, complete, and relevant Personal Data to us. If the information provided is inaccurate, false, or misleading, we reserve the right to delete such data or restrict access to our Website and Services.
Consent and Right to Withdraw
If your data is processed based on your consent, you have the right to refuse or withdraw your consent at any time.
Necessary Messages
We may send you messages related to the provision of our Services or contact you for essential communication, such as updates on Services. These messages are necessary for the proper provision of the Services and shall not be considered promotional.
Social Network Accounts
We publish information about ourselves and our activities on Social Network Accounts. The users of these platforms are also subject to the privacy policies and policies of the respective social networks. By contacting us through Social Network Accounts, certain information about your account may be visible to us, depending on your chosen privacy settings.
Updating Personal Data
You have the right to change and update your information provided to us. We may request periodic confirmation of the accuracy and relevance of your information to ensure its validity.
Security Measures
We implement appropriate technical and organizational measures to protect your Personal Data from unauthorized access, loss, or disclosure. However, it is essential to understand that no data transmission over the internet is entirely secure. As such, we cannot guarantee the absolute security of your Personal Data during its transmission or storage.
Data Retention
We retain your Personal Data only for as long as it is necessary for the purposes outlined in this Privacy Policy or as required by applicable laws and regulations.
Your Rights
You have the following rights regarding your Personal Data:
- Right to access and rectify your Personal Data.
- Right to erasure (right to be forgotten).
- Right to restrict processing.
- Right to data portability.
- Right to object to processing.
- Right not to be subject to automated decision-making.
Contact Information
If you have any questions, concerns, or requests related to your Personal Data or this Privacy Policy, please contact us at aemen@joshandmak.com
Effective Date
This Privacy Policy is effective from [Insert Effective Date].
How Do We Use Your Personal Data and What Principles Do We Apply?
Collection and Purpose of Personal Data
We collect and process only the Personal Data that is necessary to achieve the specified purposes of data processing.
Data Processing Principles
When processing your Personal Data, we adhere to the following principles:
- Compliance with International Industrial Standards: We comply with the requirements of effective and applicable standards of data protection including the GDPR.
- Lawful, Fair, and Transparent Processing: We process your Personal Data in a lawful, fair, and transparent manner.
- Specified and Legitimate Purposes: We collect your Personal Data for specified, clearly defined, and legitimate purposes. We do not process it in a way incompatible with those purposes, except to the extent permitted by law.
- Data Accuracy and Rectification: We take all reasonable steps to ensure that Personal Data is accurate and complete. If the data is inaccurate or incomplete, we promptly rectify, supplement, suspend, or delete it as per the purposes for which it is processed.
- Data Retention: We keep your Personal Data in a form that allows your identity to be established only for the time necessary for the purposes for which the data is processed.
- Non-Disclosure to Third Parties: We do not provide or disclose your Personal Data to third parties beyond what is outlined in this Privacy Policy or as permitted by applicable law.
- Security Measures: We ensure that your Personal Data is processed securely to prevent unauthorized access, loss, or disclosure.
Data Sharing and Transfers
We may share your Personal Data with the following categories of recipients:
(1) Our employees and authorized personnel who are involved in providing our Services or carrying out our day-to-day operations.
(2) Our service providers and partners who assist us in operating the Website, delivering the Services, and ensuring smooth functioning.
(3) Legal and regulatory authorities or institutions, where required by law or when we need to protect our legal interests.
(4) Other third parties with your consent or as required to fulfill our contractual obligations.
(5) In case of corporate restructuring, mergers, acquisitions, or other business transactions, we may disclose Personal Data to relevant entities involved in the process.
Data Transfers Outside Pakistan
Currently we process Personal Data only within Pakistan unless there is a specific request by a client to share their data with a third party out of Pakistan.
Your Obligations in Processing Personal Data Provided by Us
When you receive Personal Data from us during the provision of Services or cooperation, you agree to:
(1) Comply with the GDPR and other laws of your Jurisdiction governing the processing of Personal Data and cooperate with us to fulfill our obligations under these legal acts.
(2) Notify us within 4 hours of any security breach related to the Personal Data transferred to you, specifying the circumstances of the breach and the measures taken to mitigate its consequences.
When you provide us with Personal Data during cooperation, you agree to:
(1) Inform all relevant natural persons (e.g., employees, agents, management bodies, etc.) before transferring their Personal Data to us and provide evidence of such notification, if required by the GDPR.
(2) Notify us of any obligations related to updating, deleting, or restricting the processing of the Personal Data transferred.
(3) Ensure that you do not transfer the Personal Data of any individuals who have not been informed about its processing by us.
As a data subject, you have the following rights regarding your Personal Data:
Right to Be Informed
You have the right to receive information about the processing of your Personal Data in a concise, simple, and comprehensible language.
Right of Access
You have the right to access your Personal Data and be aware of how it is processed. You may request:
- Confirmation that we are processing your Personal Data.
- A list of your Personal Data being processed.
- The purposes and legal basis for processing your Personal Data.
- Information about any data transfers to third countries and the safety measures implemented.
- The source of your Personal Data.
- Information about profiling, if applied.
- The data retention period.
We will provide this information unless it infringes on the rights and freedoms of others.
Right of Rectification
You can request the rectification or supplementation of your incomplete Personal Data if the information we hold is inaccurate or incomplete.
Right to Erasure and “Right to Be Forgotten”
You may request the erasure or suspension of the processing of your Personal Data (except for retention) if:
- The data is no longer required for its specified purposes.
- You withdraw your consent to the processing.
- Your private interests outweigh our legitimate interests for processing.
- The data was obtained unlawfully.
Right to Restriction
You can exercise this right when:
- You dispute the accuracy of the information.
- You object to processing based on legitimate interests.
- The processing is unlawful, but you oppose its deletion.
- We no longer need the data, but you need it for litigation purposes.
Right to Data Portability
You have this right if you provided your data, and we process it based on your consent or a contract with you.
Exercising Your Rights
Upon receiving your request regarding Personal Data, we will respond and carry out the necessary actions within one month from the date of the request. If the complexity or number of applications requires more time, we may extend the response period by two months, notifying you of such extension within one month of receiving the request.
Reasonable Fees
We strive to respond to your requests in a timely and free manner, except in cases of manifestly unfounded, repetitive, or excessive requests. In such cases, we may charge a reasonable fee.
Data Retention
If we delete your Personal Data at your request, we will retain copies of information necessary to protect our legitimate interests, fulfill obligations to governmental authorities, resolve disputes, identify disruptions, or comply with any agreements you have with us.
Direct Marketing with Consent
With your consent, we may use your Personal Data for direct marketing purposes, which includes providing you with newsletters, offers, and information about our activities and Services that we believe may be of interest to you. Additionally, we may send you updates related to the quality of the Services we provide.Current we do not have any direct marketing measures in place.
Communication Channel
Updates will be sent to the e-mail address specified by you. For quality assessment purposes, we may inquire by e-mail about your satisfaction with our Services and invite you to fill out quality assessment forms. We may share your contacts with our partners or managers who assist us in delivering news updates or quality assessment services.
Responsible Use of Updates
We will make every effort not to misuse the right to share updates. After sending updates, we may collect information about the recipients, such as which messages were opened and which links were clicked. This information helps us offer more relevant and better-tailored updates.
Withdrawing Consent
You have the right to easily revoke your consent for the processing of Personal Data for direct marketing purposes, either partially or entirely. To do so, you can:
(1) Follow the instructions provided in the electronic notices and/or offers, such as clicking on the “unsubscribe” link in newsletters, etc.
(2) Send us a notification to the email address specified in this Privacy Policy. If you choose to withdraw consent in this way, we may ask you to verify your identity.
Effect of Consent Withdrawal
The withdrawal of consent does not automatically oblige us to delete your Personal Data or provide you with information about the Personal Data processed by us. To request these actions, you must make a separate request.
Responsible Handling and Security Measures
We handle your Personal Data responsibly, ensuring its security from loss, unauthorized use, or alteration. We implement physical and technical measures to safeguard the information we collect from accidental or unlawful deletion, damage, alteration, loss, disclosure, or any other unlawful processing. Security measures are determined based on the risks associated with the processing of Personal Data.
Employee Obligations
Our employees have signed written undertakings not to disclose or distribute your Personal Data to third parties or unauthorized persons.
Service Provider Access
Advocates and legal assistants who provide services to us under a service agreement may also process the Personal Data being handled by us.
Cookies Usage
Cookies are small text files that store information (often a sequence of numbers and letters) on a browser of a device (e.g., computer, tablet, mobile phone). In this Privacy Policy, we use the term “cookies” to refer to cookies and other similar technologies, such as pixel tags, web beacons, and clear gifs. Cookies enhance the Website’s functionality and integration with Social Network Accounts.
Managing Cookies
You have the option to accept or decline cookies. If you do not wish to save cookies on your device, you can adjust the settings of your browser to disable cookies. Please note that disabling cookies may limit the functionality of certain websites or block access to specific content.
Questions and Inquiries
If you have any questions about the information provided in this Privacy Policy, please contact us at aemen@joshandmak.com.
Complaints
If you wish to make a complaint about our processing of Personal Data, please submit it in writing via aemen@joshandmak.com, providing as much information as possible. We will work with you to address and resolve any issues promptly.
Changes to the Privacy Policy
We reserve the right to change this Privacy Policy. We will notify you of any changes by posting an updated Privacy Policy on the Website or through other ordinary means of communication. Any additions or changes will become effective on the date specified in the updated Privacy Policy.
Continued Use
By continuing to use the Website, entering into a contract with us for legal services, or contacting us through WhatsApp or email platforms after the Privacy Policy’s terms have been changed, it will be deemed that you have consented to the revised terms of the Privacy Policy.
Specific Compliance with EU GDPR
As Josh and Mak International, we are committed to ensuring compliance with the European Union’s General Data Protection Regulation (EU GDPR) when processing Personal Data for various purposes. Below is a table outlining the purposes of processing Personal Data, the specific Personal Data being processed, the terms of processing, and the legal basis for each processing activity:
|
Purpose of Processing |
Personal Data Being Processed |
Terms of Processing |
Legal Basis for Processing Personal Data |
|
Provision of legal services |
– Name, surname, date of birth |
– For the entire period of provision of legal services |
– Processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR) |
|
– Personal identification number |
– 10 years after the end of the provision of services |
– Processing is necessary for fulfillment of a legal obligation imposed on the controller (Article 6(1)(c) of the GDPR) |
|
|
– Individual activity certificate number |
– |
– Legitimate interests of the controller or a third party (Article 6(1)(f) of the GDPR) |
|
|
– VAT payer code |
– |
||
|
– Signature |
– |
||
|
– Address / workplace address |
– |
||
|
– Telephone number |
– |
||
|
– E-mail address |
– |
||
|
– Data of other communication channels (Skype, Facebook Messenger account data, etc.) |
– |
||
|
– Place of work |
– |
||
|
– Position held |
– |
||
|
– Data related to the object of performance of the concluded legal services contract (contracts, procedural documents, company performance documents, financial documents, correspondence of any kind, decisions of state / local self-government institutions, courts, other similar institutions, any communication, extracts from registers, other documents and information) |
– |
||
|
– Data on persons other than the client (client’s representatives) (contractors, litigants, partners, information on the client’s activities, personal life, data on minors (when they are customers or when the provision of services requires such information), etc. |
– |
||
|
– Data on the health of persons |
– |
||
|
– Religious beliefs |
– |
||
|
– Sexual orientation |
– |
||
|
– Data on the criminal record of persons, if directly related to the provision of legal services |
– |
||
|
– Name, surname of parents, guardians, caregivers, relation of these persons with the client |
– |
||
|
– Correspondence (e-mail correspondence, mail correspondence) |
– |
||
|
– Content of the power of attorney to represent the person |
– |
||
|
– Other Personal Data presented or required for the provision of legal services |
– |
||
|
Conclusion and performance of agreements necessary for the performance, administration, and maintenance of the business, as well as our business-related internal administration, other than employment relations |
– Name, surname |
– For the entire period of cooperation / validity of the agreement |
– Processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR) |
|
– Personal identification code (if required) |
– 10 years after the termination of cooperation / agreement |
– Legitimate interests of the controller or a third party (Article 6(1)(f) of the GDPR) |
|
|
– Individual activity certificate number |
– |
||
|
– Position |
– |
||
|
– Place of work |
– |
||
|
– Signature (in contracts, other documents) |
– |
||
|
– Address / address of the place of work |
– |
||
|
– Telephone number |
– |
||
|
– E-mail address |
– |
||
|
– Correspondence (e-mail, mail correspondence) |
– |
||
|
– Content of the power of attorney to represent the person |
– |
||
|
– Information on the qualifications of the party to the contract, transaction, and/or their employees |
– |
||
|
Execution of financial operations and bookkeeping, management of material and financial resources, management of debts, fulfillment of tax obligations (other than employment relations), management of payments for the Services |
– Name, surname |
– According to legal acts regulating financial transactions and accounting |
– Processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR) |
|
– Personal identification number (if required) |
– |
– Processing is necessary for fulfillment of a legal obligation imposed on the controller (Article 6(1)(c) of the GDPR) |
|
|
– Individual activity certificate number |
– |
– Legitimate interests of the controller or a third party (Article 6(1)(f) of the GDPR) |
|
|
– Position |
– |
||
|
– Place of work |
– |
||
|
– Signature (in contracts and similar documents) |
– |
||
|
– Address / address of the workplace |
– |
||
|
– E-mail address |
– |
||
|
– Telephone number |
– |
||
|
– Account number |
– |
||
|
– Credit/payment institution |
– |
||
|
– Payment details |
– |
||
|
– VAT payer code |
– |
||
|
– Information presented in tax returns, other official tax documents |
– |
||
|
– History of arrears, history of their payment and other information |
– |
||
|
– E-mail messages received and sent, including their attachments |
– |
||
|
– Content of the power of attorney to represent the person |
– |
||
|
Management, securing of operation and quality improvement of electronic information submission channels (the Website, the Social Network Accounts) |
– Data collected using website cookies |
– Website data is retained for up to 2 (two) years |
– Consent of the data subject to such processing of the data (Article 6(1)(a) of the GDPR) |
|
– IP address |
– The information is retained on Facebook and LinkedIn accounts according to the conditions set by the owners of these networks |
– Legitimate interests of the controller or a third party (Article 6(1)(f) of the GDPR) |
|
|
Administration of queries received through electronic information delivery channels, by telephone, and e-mail |
– Name, surname |
– For the entire communication period and 1 (one) year after the end |
The Josh and Mak Team
If you have queries send us an email at aemen@joshandmak.com
