Citizen Law Associates ×

Effective Date: November 4, 2024

Welcome to Citizen Law Associates. We are committed to protecting your privacy and handling your personal information with care and in compliance with applicable data protection laws in Pakistan and the United Kingdom. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website, engage our legal services, or communicate with us.

1. Who We Are

Citizen Law Associates is a law firm providing legal services in Pakistan and the United Kingdom. Our offices are located at:

Pakistan Office:
4-5 First Floor, Al-Useed Center
6-Fane Road, Opposite Best Western Hotel
Lahore, Pakistan
Phone: +92-42-99214245
Email: info@citizenlawassociates.com

UK Office:
Cranbrook House, Suite 3A
61 Cranbrook Road
Ilford, London, IG1 4PG, UK
Phone: +44-20-8514-4170
Email: info@citizenlawassociates.com

For the purposes of UK data protection law, Citizen Law Associates is the "data controller" responsible for your personal information collected through our UK operations and website. For Pakistan operations, we comply with applicable privacy and data protection regulations and best practices.

2. Information We Collect

We collect and process various types of personal information depending on how you interact with our firm:

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, postal address, and other contact details when you inquire about our services, request consultations, or engage us as a client
  • Identification Information: Date of birth, National Identity Card (CNIC) number, passport number, driving license, and other identification documents as required for legal services
  • Professional Information: Employment details, business information, professional qualifications when relevant to legal matters
  • Legal Matter Information: Details about your legal issues, case facts, documents, evidence, and any information you provide related to legal representation
  • Financial Information: Billing information, payment details, bank account information for fee processing and financial transactions related to legal services
  • Communication Records: Emails, letters, messages, phone call notes, meeting notes, and other communications with our firm
  • Website Forms: Information submitted through contact forms, appointment booking forms, consultation requests, newsletter subscriptions, or other website interactions

2.2 Information Collected Automatically

  • Website Usage Data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, links clicked
  • Device Information: Device type, unique device identifiers, mobile network information
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Cookies section below)
  • Location Data: General geographic location based on IP address (we do not collect precise GPS location)

2.3 Information from Third Parties

  • Referrals: Information from clients who refer you to us or professional contacts
  • Public Records: Information from court records, government databases, land registries, and other public sources relevant to legal matters
  • Service Providers: Information from payment processors, background check providers, expert witnesses, and other third-party service providers assisting with legal services
  • Opposing Parties: Information disclosed during legal proceedings, negotiations, or dispute resolution

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Providing Legal Services

  • Evaluating potential legal matters and providing legal consultations
  • Representing you in legal proceedings, negotiations, and transactions
  • Communicating with you about your legal matters
  • Preparing legal documents, contracts, pleadings, and other materials
  • Conducting legal research and case preparation
  • Coordinating with courts, opposing counsel, expert witnesses, and other parties
  • Protecting your legal rights and interests

3.2 Business Operations

  • Processing payments and managing billing
  • Maintaining client files and records as required by law
  • Managing appointments and scheduling
  • Responding to inquiries and providing customer service
  • Improving our services and client experience
  • Internal administration and record-keeping

3.3 Legal and Regulatory Compliance

  • Complying with professional conduct rules and legal ethics obligations
  • Meeting regulatory requirements for law firms in Pakistan and UK
  • Preventing fraud, money laundering, and other illegal activities
  • Responding to legal processes (court orders, subpoenas, regulatory inquiries)
  • Maintaining professional indemnity insurance
  • Conflict checking to prevent conflicts of interest

3.4 Marketing and Communications

  • Sending newsletters, legal updates, and informational content (with your consent)
  • Informing you about our services, events, and publications
  • Conducting client satisfaction surveys
  • Marketing our services (only to those who have opted in)

3.5 Website Functionality

  • Operating and maintaining our website
  • Improving website performance and user experience
  • Analyzing website traffic and usage patterns
  • Troubleshooting technical issues
  • Preventing fraud and security breaches

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

  • Contract Performance: Processing necessary to provide legal services you have engaged us for or to take steps at your request before entering into a contract
  • Legal Obligation: Processing required to comply with legal and regulatory obligations including professional conduct rules, anti-money laundering regulations, court orders, and record retention requirements
  • Legitimate Interests: Processing necessary for our legitimate interests including operating our law firm, improving services, preventing fraud, and marketing (where not overridden by your rights)
  • Consent: Where you have given specific consent for particular processing activities, such as marketing communications or optional data collection
  • Vital Interests: In rare cases, to protect someone's life or health
  • Public Interest: When performing tasks in the public interest or exercising official authority

5. How We Share Your Information

We may share your personal information with third parties in the following circumstances:

5.1 Service Providers and Professional Advisors

  • Barristers and Counsel: When we instruct barristers or other lawyers for specialized legal representation
  • Expert Witnesses: Medical experts, financial experts, technical experts, and other professionals providing expert testimony or opinions
  • Investigators: Private investigators, process servers, and other investigative service providers
  • Administrative Support: Court reporters, translators, document management services
  • Technology Providers: IT support, cloud storage providers, website hosting, email services, case management software providers
  • Payment Processors: Banks, payment gateways, and financial institutions processing payments
  • Professional Indemnity Insurers: Our malpractice insurance providers when necessary for claims or coverage

5.2 Legal and Regulatory Requirements

  • Courts and Tribunals: Disclosure during legal proceedings as required by court rules and orders
  • Opposing Parties: Information shared during litigation, negotiations, or alternative dispute resolution
  • Regulatory Authorities: Pakistan Bar Council, provincial bar councils, Solicitors Regulation Authority (UK), Legal Ombudsman, and other regulatory bodies
  • Law Enforcement: Police, FIA, National Crime Agency (UK), HMRC, FBR, and other authorities when legally required
  • Anti-Money Laundering: Financial Intelligence Unit and designated authorities for AML compliance

5.3 With Your Consent

  • Your Authorized Representatives: Family members, business partners, accountants, or others you authorize us to communicate with
  • Referrals: If you consent to being referred to other legal professionals or specialists
  • Testimonials: Using your feedback or testimonials with your express permission (typically anonymized)

5.4 Business Transfers

  • In the event of merger, acquisition, reorganization, or sale of assets, your information may be transferred to successor entities, subject to continued privacy protections

6. International Data Transfers

As we operate in both Pakistan and the UK, your personal information may be transferred between these jurisdictions. When transferring personal data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by regulatory authorities
  • Ensuring recipient countries provide adequate data protection
  • Obtaining your explicit consent where required
  • Implementing technical and organizational security measures

We take care to ensure international transfers comply with UK GDPR requirements and protect your data rights regardless of where information is processed.

7. How We Protect Your Information

We implement comprehensive security measures to protect your personal information:

Technical Security

  • Encryption of data in transit and at rest
  • Secure Socket Layer (SSL) technology for website security
  • Firewalls and intrusion detection systems
  • Regular security updates and patches
  • Secure backup systems
  • Anti-virus and anti-malware protection

Organizational Security

  • Access controls limiting who can view your information
  • Staff training on data protection and confidentiality
  • Confidentiality agreements with employees and contractors
  • Regular security audits and assessments
  • Incident response procedures
  • Physical security of offices and file storage

Legal Professional Privilege

Information covered by attorney-client privilege receives additional protections under legal professional privilege doctrines in both Pakistan and UK, providing special confidentiality protections beyond standard data protection.

8. How Long We Retain Your Information

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy and comply with legal obligations:

  • Active Client Files: For duration of legal representation plus retention periods required by law
  • Closed Matters: Minimum 6-7 years after matter conclusion as required by professional conduct rules and limitation periods for legal malpractice claims
  • Financial Records: At least 6 years as required by tax and accounting regulations
  • Conflict Checking Records: Permanently maintained to identify potential conflicts of interest
  • Marketing Contacts: Until you unsubscribe or withdraw consent, then deleted within reasonable timeframe
  • Website Analytics: Typically 26 months for Google Analytics data

After retention periods expire, we securely delete or anonymize personal information unless we have legal obligations to retain it longer.

9. Your Rights Under Data Protection Law

Under UK GDPR and emerging Pakistan data protection regulations, you have the following rights:

9.1 Right of Access

You can request copies of your personal information we hold. We will provide this free of charge within one month (extendable by two months for complex requests).

9.2 Right to Rectification

If your personal information is inaccurate or incomplete, you can request corrections. We will update records promptly.

9.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal information where:

  • It's no longer necessary for the purposes we collected it
  • You withdraw consent and we have no other legal basis
  • You object to processing and we have no overriding legitimate grounds
  • It was unlawfully processed
  • Legal obligations require deletion

Important Limitation: We cannot delete information if we have legal obligations to retain it, including professional conduct rules requiring retention of legal files, conflict checking needs, or potential legal claims.

9.4 Right to Restrict Processing

You can request we limit how we use your information while issues are resolved (e.g., if you contest accuracy or object to processing).

9.5 Right to Data Portability

For information you provided based on consent or contract, you can request we provide it in structured, commonly-used, machine-readable format or transfer it directly to another controller where technically feasible.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop immediately. For legitimate interests, we will stop unless we have compelling grounds that override your interests.

9.7 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you. We do not engage in fully automated decision-making for legal services.

9.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it anytime. This doesn't affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: info@citizenlawassociates.com
  • Phone: +92-42-99214245 (Pakistan) or +44-20-8514-4170 (UK)
  • Post: Either of our office addresses above

We will respond within one month. We may need to verify your identity before fulfilling requests.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality and analyze usage.

Types of Cookies We Use

Essential Cookies: Necessary for website operation, session management, security, and providing services you request. These cannot be disabled.

Functional Cookies: Remember your preferences (language selection, location) to provide enhanced, personalized features.

Analytics Cookies: Help us understand how visitors use our website, which pages are most popular, and how we can improve user experience. We use Google Analytics with IP anonymization.

Marketing Cookies: Track your website visit to provide relevant advertisements and measure marketing campaign effectiveness (only with your consent).

Managing Cookies

You can control and delete cookies through your browser settings. However, disabling essential cookies may affect website functionality. Most browsers allow you to:

  • View cookies stored on your device
  • Delete all or specific cookies
  • Block third-party cookies
  • Block cookies from specific websites
  • Set preferences to notify before cookies are stored

For more information about cookies and how to manage them, visit: www.aboutcookies.org

11. Third-Party Links and Embedded Content

Our website may contain links to third-party websites, social media platforms, or embedded content (videos, maps) from external sources. These third parties have their own privacy policies, and we are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.

Embedded content (YouTube videos, Google Maps) may collect data about you, use cookies, and track your interaction even if you don't click on the content. This is governed by the third party's privacy policy, not ours.

12. Children's Privacy

Our website and services are not directed at children under 16 (or 13 in some jurisdictions). We do not knowingly collect personal information from children without parental consent. If you believe we have collected information from a child inappropriately, please contact us immediately and we will delete it.

When representing children in legal matters, we obtain appropriate consent from parents or guardians and handle children's information with special care and additional protections.

13. Marketing Communications

We may send you marketing communications about our legal services, newsletters, legal updates, and events if:

  • You have opted in to receive marketing communications
  • You are an existing client and we are marketing similar legal services (soft opt-in)
  • We have legitimate interest and you haven't opted out

Unsubscribing

You can opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at info@citizenlawassociates.com
  • Calling our offices

Even if you opt out of marketing, we will still send necessary communications about legal services you have engaged us for.

14. Data Breaches

While we implement robust security measures, no system is completely immune to breaches. In the unlikely event of a data breach affecting your personal information:

  • We will assess the nature and severity of the breach
  • Notify the Information Commissioner's Office (UK) within 72 hours if required under GDPR
  • Notify affected individuals without undue delay if the breach poses high risk to your rights and freedoms
  • Take immediate action to contain the breach and prevent further unauthorized access
  • Investigate the cause and implement measures to prevent recurrence
  • Document the breach and our response as required by law

15. Attorney-Client Privilege and Professional Confidentiality

In addition to data protection laws, as a law firm we are bound by:

  • Attorney-Client Privilege: Communications between you and our lawyers for legal advice are privileged and confidential under both Pakistani and UK law
  • Professional Conduct Rules: Pakistan Bar Council Rules and SRA Code of Conduct for Solicitors (UK) impose strict confidentiality obligations
  • Legal Professional Privilege: Provides additional protections beyond data protection law for legal advice and litigation materials

These professional duties mean we cannot disclose confidential client information except in very limited circumstances (with your consent, legal compulsion, preventing serious crime, or defending malpractice claims against us).

16. Special Categories of Personal Data

Certain legal matters may require processing "special category" data (sensitive personal data) including:

  • Health information (for medical malpractice, personal injury, disability claims)
  • Criminal convictions and offenses (for criminal defense)
  • Racial or ethnic origin (for discrimination cases)
  • Religious or philosophical beliefs (for religious discrimination or family law)
  • Sexual orientation or gender identity (for discrimination or asylum cases)
  • Trade union membership (for employment matters)
  • Genetic or biometric data (where relevant to legal matters)

We process this sensitive information only when:

  • Necessary for legal claims or proceedings
  • Required for legal advice or representation
  • You have given explicit consent
  • Processing is necessary for reasons of substantial public interest
  • Other GDPR conditions for processing special category data are met

We apply enhanced security and confidentiality protections to sensitive personal data.

17. Your California Privacy Rights (If Applicable)

While we primarily operate in Pakistan and UK, if you are a California resident, the California Consumer Privacy Act (CCPA) may grant you additional rights including rights to know what personal information we collect, delete personal information, opt out of sale of information (we do not sell personal information), and non-discrimination for exercising privacy rights.

18. Complaints and Regulatory Oversight

If you have concerns about our handling of your personal information, please contact us first so we can address your concerns. If you remain unsatisfied, you have the right to lodge a complaint with supervisory authorities:

United Kingdom:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113

Pakistan:
While Pakistan does not yet have a dedicated data protection authority, complaints regarding privacy violations can be made to:
- Pakistan Telecommunication Authority (PTA) for telecom-related privacy issues
- Federal Ombudsman for administrative grievances
- Courts through constitutional petitions for privacy rights violations

19. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. Material changes will be posted on our website with updated effective date. Continued use of our website or services after changes indicates acceptance of the updated policy.

For significant changes affecting your rights, we will provide additional notice through email or prominent website notification.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries:
Email: info@citizenlawassociates.com
Phone: +92-42-99214245 (Pakistan) or +44-20-8514-4170 (UK)

Data Protection Officer (UK):
For UK GDPR-related matters, you can contact our Data Protection Officer at:
Email: dpo@citizenlawassociates.com

By Post:
Citizen Law Associates
Attention: Privacy Officer
4-5 First Floor, Al-Useed Center, 6-Fane Road
Lahore, Pakistan

OR

Citizen Law Associates
Attention: Data Protection Officer
Cranbrook House, Suite 3A, 61 Cranbrook Road
Ilford, London, IG1 4PG, UK

21. Specific Information for Different Users

21.1 For Website Visitors (Not Clients)

If you simply visit our website without engaging our services, we collect minimal information (website analytics, cookies) and use it only to operate and improve the website. You can browse anonymously, and we do not require account creation.

21.2 For Prospective Clients

When you contact us for consultations or inquiries, we collect information you provide to evaluate your legal needs and determine if we can assist you. If you don't become a client, we retain your information for reasonable period for record-keeping and conflict checking purposes, then delete it.

21.3 For Active Clients

As our client, we collect extensive information necessary for legal representation. This information is protected by attorney-client privilege in addition to data protection laws. We retain client files for required periods and use information solely for providing legal services, not for marketing to you (as existing client relationship allows communication about our services).

21.4 For Former Clients

After your matter concludes, we retain your file for required retention periods. We may contact you occasionally with legal updates relevant to your previous matters or general firm news (you can opt out). Your information remains confidential and privileged.

21.5 For Opposing Parties

If you are an opposing party in a legal matter, we may process your information as necessary for representing our client, including disclosure in legal proceedings. This processing is based on legal obligations and legitimate interests in providing legal representation.

22. Specific Technologies We Use

For transparency, here are specific technologies used on our website:

  • Google Analytics: Website traffic analysis (with IP anonymization)
  • Google Maps: Location display for our offices
  • Session Cookies: Maintaining your session while navigating the website
  • Language Preference Cookies: Remembering your language selection
  • Form Validation: Ensuring contact forms function properly

We do not use cookies for tracking you across other websites, creating detailed profiles for third-party advertising, or selling your data to third parties.

23. Professional Standards and Compliance

Beyond general data protection law, as a law firm we comply with:

  • Pakistan Bar Council Rules: Professional conduct and ethics rules for lawyers in Pakistan
  • SRA Standards and Regulations: Solicitors Regulation Authority requirements for UK solicitors (if applicable)
  • Anti-Money Laundering: Client due diligence, identity verification, and reporting obligations under AML laws in both jurisdictions
  • Legal Aid Requirements: Additional confidentiality and data handling requirements for legal aid matters
  • Court Rules: Compliance with court procedures regarding disclosure and handling of information in litigation

24. Changes to Our Contact Information

If our contact details change, we will update this Privacy Policy accordingly. Current contact information is always available on our website's Contact page.

25. Acknowledgment and Consent

By using our website, engaging our legal services, or providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein, subject to your rights to withdraw consent and exercise other data protection rights outlined above.

For legal services, your engagement letter will include specific terms about confidentiality and information handling that supplement this Privacy Policy.


This Privacy Policy was last updated on November 4, 2024. We are committed to protecting your privacy and handling your personal information responsibly and in compliance with all applicable laws.

If you have any questions or concerns about this Privacy Policy or how we handle your personal information, please do not hesitate to contact us. Your privacy matters to us.

Subscribe Us

Stay updated with our latest news and offers by subscribing to our newsletter. We promise to keep you informed about new services, special promotions, and important updates. Join our community and never miss out on exciting updates and offers.