Last Updated: Feb 26, 2026

Bhatt & Joshi Associates (“we,” “us,” “our,” or “the Firm”) respects the privacy of every visitor to our website www.bhattandjoshiassociates.com (the “Website”). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our Website or interact with us through it, and your rights in relation to such data.

This Privacy Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

By accessing or using this Website, you acknowledge that you have read, understood, and consented to the collection and use of your information as described in this Privacy Policy.

1. Information We Collect

We collect personal data from you only when you voluntarily provide it or when it is automatically generated through your interaction with the Website. The categories of information include:

1.1 Information You Provide Directly

  • Contact details such as your full name, email address, phone number, and city, submitted through our contact form, consultation request form, or WhatsApp enquiries.
  • Subject matter of your enquiry, including any description of your legal concern or query you choose to share.
  • Correspondence, including messages, emails, or attachments you send to us.

1.2 Information Collected Automatically

  • Technical data such as IP address, browser type and version, device type, operating system, referring URL, and approximate geographic location (city or region level).
  • Usage data including pages visited, time spent, navigation paths, and search terms used on the Website.
  • Cookies and similar technologies as described in Section 7 below.

1.3 Information from Third Parties

We may receive limited information from analytics providers (such as Google Analytics) and advertising platforms when you engage with our content elsewhere on the internet.

2. How We Use Your Information

We process your personal data only for specific, lawful purposes, including:

  • Responding to your enquiries, consultation requests, and questions about our practice areas.
  • Providing information about our services where you have requested it.
  • Sending communications relating to your enquiry, including follow-ups and clarifications.
  • Improving the Website, its content, and user experience.
  • Maintaining security and preventing fraud, abuse, or unauthorised access.
  • Complying with applicable laws, regulations, court orders, and professional obligations of advocates under Indian law.

We do not use your personal data for automated decision-making or profiling that produces legal effects.

3. Legal Basis for Processing

Under the DPDP Act, we process your personal data on the following lawful bases:

  • Your consent, where you voluntarily submit information through forms or correspondence.
  • Legitimate uses specified under the DPDP Act, including responding to requests you have initiated.
  • Legal obligations imposed under Indian law, including the Advocates Act, 1961 and rules framed by the Bar Council of India.

4. Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

  • With members of the Firm — partners, associates, and authorised staff — strictly on a need-to-know basis to respond to your enquiry.
  • With service providers such as our hosting provider, email service, analytics provider, and IT support, who are bound by confidentiality obligations and process data only on our instructions.
  • For legal compliance, where disclosure is required by law, court order, statutory authority, or to protect our legal rights.
  • With your explicit consent, where you have authorised a specific disclosure.

We do not transfer your personal data outside India except to service providers operating in jurisdictions that the Central Government has not restricted under the DPDP Act, and only with appropriate safeguards in place.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and professional obligations, to resolve disputes, and to enforce our agreements. When personal data is no longer required, we either delete it securely or anonymise it.

Enquiry data not converted into a client engagement is generally retained for a period of up to three years, unless a longer retention period is required by law.

6. Data Security

We have implemented reasonable security practices and procedures, including technical, administrative, and physical safeguards, to protect your personal data against unauthorised access, alteration, disclosure, loss, or destruction. These include:

  • Secure SSL/TLS encryption of data transmitted through the Website.
  • Access controls limiting personal data to authorised personnel.
  • Regular security reviews of our systems and service providers.
  • Confidentiality obligations binding all members and staff of the Firm.

However, no method of transmission over the internet or electronic storage is entirely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your browsing experience, analyse Website traffic, and understand visitor preferences.

7.1 Types of Cookies We Use

  • Strictly necessary cookies required for the Website to function properly.
  • Analytics cookies (such as Google Analytics) that help us understand how visitors use the Website.
  • Functional cookies that remember your preferences and settings.

7.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can choose to accept, reject, or delete cookies. Please note that disabling certain cookies may affect the functionality of the Website.

8. Your Rights as a Data Principal

Under the DPDP Act, you, as a Data Principal, have the following rights in relation to your personal data:

  • Right to access — to obtain confirmation that we process your personal data, along with a summary of the personal data processed and processing activities.
  • Right to correction and erasure — to request correction of inaccurate or misleading personal data, completion of incomplete data, updating of personal data, and erasure of personal data no longer necessary for the purpose for which it was processed.
  • Right to grievance redressal — to a readily available means of grievance redressal in respect of any act or omission regarding the performance of our obligations.
  • Right to nominate — to nominate another individual who shall, in the event of your death or incapacity, exercise these rights on your behalf.
  • Right to withdraw consent — to withdraw your consent at any time, where processing is based on consent. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact our Grievance Officer using the details provided in Section 13 below.

9. Third-Party Links

The Website may contain links to third-party websites, including social media platforms, legal databases, and government portals. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit.

10. Children’s Privacy

Our services are not directed at children below the age of eighteen years. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will take steps to delete such data promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be effective from the date of its publication on this page, with the “Last Updated” date revised accordingly. We encourage you to review this page periodically.

12. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising in relation to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts at Ahmedabad, Gujarat.

13. Contact Us

If you have any questions, concerns, or grievances regarding this Privacy Policy or our processing of your personal data, or if you wish to exercise any of your rights, please contact us:

Bhatt & Joshi Associates
Email: [email protected]
Phone: +91 98243 23743
WhatsApp: Chat with us
Address: Office No. B311, Grace Business Park, B/h. Kargil Petrol Pump, Epic Hospital Road, Sagar Sangeet Cross Road, Sola, Ahmedabad – 380060

We aim to acknowledge all grievances within a reasonable time and resolve them in accordance with applicable law.