Watan Link

Institutional Representation

Privacy Policy

Last Updated: 26 April 2026

1. Introduction

Watan Link ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services or visit our website.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR), and Pakistan's Personal Data Protection Bill and relevant data protection principles.

By using our services, you consent to the collection and use of your information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller is:

Watan Link Professional Services

United Kingdom

Email: privacy@watanlink.com

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Identity Data: Full name, title, date of birth, gender, nationality, CNIC/NICOP number, passport details
  • Contact Data: Email address, telephone numbers (UK and Pakistan), postal addresses, WhatsApp contact details
  • Family Data: Names and details of family members relevant to inheritance, property, or legal matters
  • Property Data: Land records, property documents, ownership details, survey numbers, khasra/khatauni numbers
  • Legal Data: Court case details, legal documents, power of attorney, affidavits
  • Financial Data: Payment information, bank details (for fee processing only), transaction records
  • Communication Data: Records of correspondence, WhatsApp messages, emails, call recordings (where consented)

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system
  • Usage Data: Pages visited, time spent on pages, navigation paths, referral sources
  • Cookie Data: Information collected through cookies and similar tracking technologies

3.3 Special Category Data

In certain circumstances, we may process special category data including religious beliefs (relevant to Islamic inheritance law), health information (for detention support cases), or biometric data (passport photos, NADRA submissions). We only process such data with your explicit consent or where necessary for legal claims.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

Contractual Necessity

Processing necessary to perform our contract with you or to take steps at your request before entering into a contract.

Legitimate Interests

Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and administrative purposes, provided these do not override your rights.

Legal Obligation

Processing necessary to comply with legal obligations under UK, EU, or Pakistani law, including anti-money laundering regulations and court orders.

Consent

Where you have given explicit consent to processing for specific purposes. You may withdraw consent at any time.

Vital Interests

Processing necessary to protect someone's life, particularly relevant in unlawful detention cases.

5. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and manage our services, including land registry, legal coordination, and documentation services
  • To communicate with you regarding your case, including updates, requests for information, and service notifications
  • To coordinate with lawyers, advocates, government institutions, and other third parties on your behalf
  • To process payments and maintain financial records
  • To verify your identity and prevent fraud
  • To comply with legal and regulatory obligations
  • To improve our services and website functionality
  • To respond to enquiries and provide customer support
  • To send service-related communications (not marketing, unless consented)

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

6.1 Service Providers in Pakistan

  • Licensed lawyers and advocates handling your legal matters
  • NADRA (National Database and Registration Authority) for documentation services
  • Revenue courts, civil courts, and government land offices
  • Patwaris, tehsildars, and local revenue officials
  • Vetted transport and logistics providers

6.2 Professional Advisers

Lawyers, accountants, auditors, and insurers who provide professional services to us, bound by professional confidentiality obligations.

6.3 Regulatory and Legal Authorities

Government bodies, law enforcement agencies, courts, and regulatory authorities in the UK, EU, or Pakistan where required by law or to protect our legal rights.

6.4 Third-Party Service Providers

IT service providers, cloud storage providers, payment processors, and communication platforms (e.g., WhatsApp Business) who assist in delivering our services. All such providers are contractually bound to protect your data.

7. International Data Transfers

Due to the nature of our services, your personal data will be transferred to and processed in Pakistan. Pakistan is not currently recognised as providing an adequate level of data protection under UK or EU law.

To ensure your data is protected, we implement the following safeguards:

  • Standard Contractual Clauses (SCCs): We use EU/UK-approved standard contractual clauses with our partners in Pakistan
  • Supplementary Measures: Additional technical and organisational measures including encryption, access controls, and confidentiality agreements
  • Data Minimisation: We only transfer data that is strictly necessary for the specific service
  • Explicit Consent: Where appropriate, we obtain your explicit consent for international transfers

By using our services, you acknowledge and consent to the transfer of your data to Pakistan for the purposes outlined in this policy.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

Retention Periods

  • Active case filesDuration of service + 7 years
  • Property and land recordsDuration of service + 12 years
  • Financial and payment records7 years (legal requirement)
  • Communication records3 years after case closure
  • Website analytics data26 months
  • Marketing consent recordsUntil consent withdrawn + 1 year

After the retention period expires, we will securely delete or anonymise your personal data. In some cases, we may retain data longer if required by law or for ongoing legal proceedings.

9. Your Rights

Under UK GDPR, EU GDPR, and applicable Pakistani data protection law, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data in certain circumstances ("right to be forgotten").

Right to Restrict Processing

Request limitation of processing in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

Rights Related to Automated Decisions

Not be subject to decisions based solely on automated processing.

To exercise any of these rights, please contact us at privacy@watanlink.com. We will respond within one month. There is no fee for most requests, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, and principle of least privilege
  • Secure Communications: End-to-end encrypted messaging for sensitive communications
  • Physical Security: Secure facilities with controlled access for physical documents
  • Staff Training: Regular data protection training for all personnel
  • Incident Response: Documented procedures for detecting and responding to data breaches
  • Regular Audits: Periodic security assessments and vulnerability testing

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest practicable standard.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyse website usage.

Types of Cookies We Use

Essential Cookies

Required for website functionality. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website. Can be disabled.

Functional Cookies

Remember your preferences and settings. Can be disabled.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

12. Third-Party Links

Our website may contain links to third-party websites, including government portals, legal resources, and partner services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

13. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information. In inheritance and family matters, we may process data about minors with appropriate parental or guardian consent.

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights
  • Document all breaches and remedial actions taken
  • Implement measures to prevent future breaches

15. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@watanlink.com. We will endeavour to resolve your complaint promptly.

You also have the right to lodge a complaint with a supervisory authority:

United Kingdom

Information Commissioner's Office (ICO)

ico.org.uk

European Union

Your local Data Protection Authority

edpb.europa.eu

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. For significant changes, we may also notify you directly via email. We encourage you to review this policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Enquiries

Email: privacy@watanlink.com

Subject Line: "Data Protection Enquiry"

We aim to respond to all enquiries within 5 working days.

18. Governing Law

This Privacy Policy is governed by the laws of England and Wales. For matters involving data processed in Pakistan, relevant Pakistani data protection laws will also apply. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales, without prejudice to your right to bring proceedings in your country of residence if you are an EU/EEA resident.