This Privacy Policy explains how we use any personal data which you provide to us, including through our website at www.legalseba.com (our “Site”). We are committed to protecting and respecting your privacy.

How our Privacy Policy works

Our Privacy Policy is divided into three parts:

1. Part A: General Privacy Notice – our general notice about how we use personal data in our business, applicable to everyone about whom we may process personal data.
2. Part B: Client Privacy Notice – our client-specific notice, applicable to everyone who is in the process of engaging or has engaged us to provide legal services.
3. Part C: Recruitment Privacy Notice – our recruitment-specific notice, applicable to everyone submitting information to us for recruitment purposes.

Parts B and C are supplemental to Part A and apply in addition as appropriate.

Part A: General Privacy Notice

1. Our role as data controller

When we use personal data about you or others in connection with promoting and administering our business, providing our services, or recruitment, we do so as data controller.

The data controller is LegalSeba LLP (referred to as “We/Our/Us”). LegalSeba LLP has overall responsibility for and is the data controller of personal data collected via the Site.

2. Your role in keeping your personal data up to date

It is important that the personal data we hold about you is accurate and current. Please inform us if your personal data changes.

3. Contact details of our Privacy Manager

We have appointed a Privacy Manager to handle any data protection-related matters. You can contact our Privacy Manager by post at: Privacy Manager, LegalSeba Limited, [Address], Dhaka, Bangladesh or by email at: [email protected].

4. Categories of personal data obtained

Personal data means any information about a living individual from which that person can be identified. We may collect different kinds of personal data when you interact with us, via the Site, social media, email, telephone, post or in person. We may also receive information from third parties. This information includes:

• Identity Data: such as your name.
• Contact Data: such as email address, telephone number, address and other contact details.
• Enquiry Data: such as enquiries about engaging us for legal advice or job opportunities.
• Correspondence Data: such as correspondence between us about an enquiry.
• Technical Data: such as IP address, operating system, browser type and version, and other information about how you use our Site.
• Marketing and Communications Data: such as your communications preferences.
• Tracking Data: such as information from cookies and similar tracking technologies.

We also collect and use Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data if it cannot directly or indirectly reveal your identity.

We do not usually collect any special categories of personal data about you, but you may choose to disclose this data to us. Unless required to comply with a legal obligation or as part of providing legal services, we do not usually collect personal data relating to criminal convictions or offences.

5. Use of personal data

Our core purposes for processing personal data are to promote and operate a law firm, provide legal services, maintain records, recruit staff, and comply with laws and regulations.

We will only use your personal data when the law allows us to, including:

• Where necessary to perform a contract with you
• Where necessary for our legitimate interests (or those of a third party)
• Where we need to comply with a legal or regulatory obligation
• Where we have your consent

6. Lawful basis for processing

Depending on the purpose and data type, we rely on different lawful bases to process personal data:

7. Sharing your personal data

As a law firm, we comply with the Bangladesh Bar Council Code of Conduct, which requires us to keep client affairs confidential unless disclosure is required by law or consent.

We may share your data with:

• Our employees and consultants where necessary
• Regulators, including Bangladesh Bank, Bangladesh Financial Intelligence Unit, Bangladesh Bar Council, National Board of Revenue
• Third-party service providers for IT, business administration, or marketing services
• Our insurers and professional advisors
• Advertising and analytics service providers
• Potential buyers in case of business sale or merger

We require all third parties to respect data security and not use your personal data for their own purposes.

8. Advertising, marketing and communications preferences

We may use your Identity, Contact, Technical, and Tracking Data to form a view on what may interest you. You can unsubscribe at any time using the link in our communications or by emailing [email protected].

We work with partners to promote our services online, including via websites and social media. Cookies help us deliver relevant advertising and understand its effectiveness.

9. Cookies

We use cookies for advertising and to help the Site work better. You can set your browser to refuse cookies, though this may affect site functionality.

10. International transfers

We may transfer your data outside Bangladesh. When we do, we ensure appropriate safeguards are in place in compliance with Bangladesh data protection laws and regulations.

11. Safeguarding personal data

We have implemented appropriate technical and organizational measures to safeguard your personal data, including using encryption and following industry-standard security practices.

12. Retaining personal data

We will only keep your personal data for as long as necessary to fulfill the purposes for which we collected it. Unless Part B or Part C apply or you still receive our newsletter, we will delete your data within two years of receipt.

13. Your rights

Under data protection laws, you have rights regarding your personal data, including:

• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data
• Object to the processing of your personal data
• Request restriction of processing
• Request data transfer
• Withdraw consent

To exercise these rights, please contact our Privacy Manager. No fee is usually required, but we may charge a reasonable fee for unfounded, repetitive, or excessive requests.

14. Supervisory authority

We are supervised by the Bangladesh Information Commission. You can learn more at [website]. We prefer you contact us first with concerns, but you may complain to the Commission at any time.

15. Third-party links

Our Site may include links to third-party websites. We are not responsible for their privacy statements.

16. Updating our Privacy Policy

We regularly update this Privacy Policy. The latest version is always on our Site and available on request.

Part B: Additional Client Privacy Notice

1. Categories of personal data obtained

When you instruct us, we may collect additional data:

• Identity Data: copies of your NID, passport, or other identifying information required for anti-money laundering purposes
• Matter Data: any personal data connected with your instructions
• Financial Data: bank account and billing details
• Transaction Data: details about costs and payments

2. Use of personal data

Our core purposes include providing legal services, maintaining records, and complying with regulations. This involves providing legal advice, invoicing, record-keeping, and fulfilling anti-money laundering obligations.

3. Lawful basis for processing

We process client data on different legal bases depending on the purpose:

4. Sharing personal data

To provide services, we may share data with courts, opposing counsel, or other professionals. We comply with Bangladesh’s Money Laundering Prevention Act 2012 (as amended) and may share information with relevant authorities as required by law.

5. Retaining personal data

We store files digitally and in hard copy. We keep matter files for fifteen to twenty years, or longer if required by law, as detailed in our Information Retention Policy.

6. Destruction and retrieval

We will destroy files at the end of their storage period or earlier with client consent. Please notify us if you object. We charge for file retrieval after the completion of work.

7. Source of personal data

Most personal data comes directly from you, but we may acquire data from other parties connected to your matter or from public sources.

8. Failure to provide personal data

If we need personal data to carry out our duties (e.g., anti-money laundering checks) and you do not provide it, we may be unable to act for you.

9. Mailing list

We produce newsletters and host events about legal changes. We may provide these to clients without additional consent, but you can opt out by emailing [email protected].

Part C: Recruitment Privacy Notice

1. Categories of personal data obtained

When you apply to join us, we collect:

• Identity Data: such as your NID, passport copy and date of birth
• Career Data: education, qualifications, skills and experience
• Financial Data: salary history, bank account and tax details

2. Why and how we use personal data

We process recruitment data to assess suitability, comply with regulations, and facilitate hiring.

3. Lawful basis for processing

• Reviewing applications: Legitimate interests
• Preliminary hiring steps: Legitimate interests

4. Sharing personal data

We may share your data with insurers, regulators, advisors, and colleagues. We will conduct background checks as required by law.

5. Retaining personal data

If successful, further privacy information will be provided when you join. If you are unsuccessful, we will delete your data within two years.

6. Source of personal data

Most data comes directly from you, but we may obtain additional information during recruitment or from public sources.

7. Failure to provide personal data

We cannot properly consider your application without your CV and interview participation.

8. Automated decision making

We do not currently use automated decision-making in recruitment.