The First Counsel

Legal Notice

Cookie Policy

This website sets no cookies. This policy explains what that means, how to verify it, and what would change if it ever changed.

Last revised 12 July 2026 · Effective on publication

1. Introduction

1.1 This is the cookie policy for thefirstcounsel.com (the "website"), published by The First Counsel, a law firm whose office is at 8th Floor, Askari Corporate Towers, Lahore, Punjab, Pakistan, and whose email address is [email protected] (the "firm", "we", "us").

1.2 Most cookie policies exist to catalogue the cookies a website sets. This one exists to state, and then to defend, their absence. The website sets no cookies. A policy about nothing still has work to do: it must say what the nothing covers, show how to check the claim, and commit the firm to a procedure before the position could change.

1.3 Effective date. This policy takes effect on [EFFECTIVE DATE — ON PUBLICATION] and speaks as at that date. Every statement about the website's behaviour describes the website as it exists on that date; the firm will amend this policy if any ceases to be accurate (see section 9).

1.4 This policy accompanies the Website Privacy Policy published at thefirstcounsel.com/privacy (the "Privacy Policy"); section 8 explains how the two fit together.

1.5 The legal setting, stated plainly. As at the effective date, no statute in force in Pakistan regulates cookies as such. The firm's position does not depend on that gap: it sets no cookies because a static informational website does not need them, and because the firm prefers promises it can keep categorically. If Pakistani law comes to regulate cookies, the firm expects to be in compliance on the day the law commences, since one cannot mishandle what one does not set.

2. What cookies are — and the technologies that travel with them

2.1 A cookie is a small text file that a website asks your browser to store on your device. On each later request the browser sends the cookie back, which lets a server recognise the browser it saw before. A "session" cookie expires when the browser closes; a "persistent" cookie survives until an expiry date or deletion. A "first-party" cookie is set by the site you are visiting; a "third-party" cookie by someone else whose content or code the site embeds.

2.2 Cookies are conventionally grouped by purpose: strictly necessary cookies, without which a requested function cannot work (a login, a basket, a security check); preference cookies, which remember choices such as language; analytics cookies, which measure how a site is used; and advertising cookies, which follow browsers across sites to build profiles and target advertisements.

2.3 Cookies rarely travel alone; a policy addressed only to them would leave room for evasion. The adjacent technologies:

(a) local storage and session storage — browser storage areas that a site's scripts can write to and read from. Entries in local storage do not expire on their own; they are not sent automatically with requests, but a script can read and transmit them, so they can carry identifiers exactly as cookies do;

(b) pixels and web beacons — tiny images or background requests embedded in a page so that a third party's server learns you viewed it;

(c) third-party scripts and embedded widgets — code loaded from another organisation's servers (social buttons, chat widgets, font services), which necessarily tells that organisation your device requested it, and often does more; and

(d) fingerprinting — deriving a quasi-unique identifier from the characteristics your browser exposes (screen size, fonts, time zone, hardware details), which stores nothing on your device at all and is therefore invisible to cookie controls.

2.4 In this policy, "sets no cookies" is intended in the widest sense: no cookies, no local-storage or session-storage identifiers, no pixels or beacons, no third-party tracking scripts, and no fingerprinting. The firm does not treat the narrowness of the word "cookie" as an opportunity.

3. Our position: no cookies

3.1 Neither the firm, nor any code it has written or placed on this website, stores cookies or any of the section 2.3 technologies on your device, reads any such item from it, or attempts to identify your browser across visits. This restates the abstentions in section 4.1(a) and (b) of the Privacy Policy.

3.2 This is a consequence of architecture, not a configuration that might drift. The website is statically generated: it has no login, no accounts, no comment facility, and no server-side code of the firm's own that could want to recognise a returning browser. There is nothing for a cookie to do. For the same reason there is no consent banner: a banner would imply something to consent to, and there is not. Its absence is a statement, not an oversight.

3.3 How to verify this. You need not take the firm's word for it. Every major browser ships developer tools that display exactly what a site has stored:

(a) in Chrome or Edge, open the developer tools (F12, or right-click and choose Inspect), select the Application panel, and look under Cookies and Local storage for thefirstcounsel.com — both should hold nothing set by this site;

(b) in Firefox, the Storage panel of the developer tools lists cookies, local storage, and session storage for the current site;

(c) in Safari, enable the Develop menu in Safari's settings, open the Web Inspector, and consult the Storage tab;

(d) in any of these browsers, the Network panel shows every request a page makes as it loads. Here you should see requests only to the site's own hosting infrastructure — no advertising networks, no social-media domains, no analytics endpoints.

3.4 If you inspect this website and find a cookie or stored identifier attributable to the firm's own code, report it under section 10. It will be treated as a defect and removed, not defended.

4. What the site uses instead

4.1 The website consists of pages built in advance and delivered as fixed files — text, stylesheets, scripts, images. Each page request is complete in itself. The site does not need to remember you between pages, and it does not try to: navigation carries no identifier, and the site's own links append no tracking parameters to its URLs.

4.2 Fonts, stylesheets, and scripts are served from the website's own hosting infrastructure rather than from third-party services, so loading a page announces your visit to no one but the host that serves the site [BUILD CONFIGURATION — TO BE CONFIRMED BY THE FIRM].

4.3 The contact facility follows the same principle. It assembles a draft message and opens it in your own email application (a "mailto" mechanism, described in section 3.2 of the Privacy Policy). It stores nothing in the browser, sets nothing on your device, and transmits nothing until you press send in your own mail client.

4.4 State the site does not keep is state it cannot lose, leak, or be compelled to produce — a trade the firm makes deliberately. This site treats every visitor as a stranger, every time.

5. Third-party infrastructure

5.1 One distinction deserves honesty. The firm controls the code of this website; it does not operate the servers that deliver it. The website is served from content-delivery infrastructure operated by [HOSTING PROVIDER — TO BE CONFIRMED BY THE FIRM], and infrastructure of that kind sometimes sets a limited class of cookies of its own accord, for its own security purposes.

5.2 The typical case is a strictly necessary security cookie set during an attack-mitigation challenge: suspecting automated abuse, the provider's systems may interpose a check and set a short-lived cookie recording that a browser passed it. Such cookies are the provider's own, set under its published terms for the sole purpose of keeping the site reachable; the firm does not read them, receives no analytics from them, and cannot use them to identify or follow any visitor.

5.3 As at the effective date, the firm's understanding is that ordinary browsing of this website — absent an attack or a challenge — sets no such cookie [PROVIDER CONFIGURATION — TO BE CONFIRMED BY THE FIRM]. Once confirmed, this section will name the provider and state which security cookies, if any, its service can set.

5.4 The firm will not authorise or configure any hosting or infrastructure service to set preference, analytics, or advertising cookies on this website. The only cookies that could appear without an amendment to this policy are the infrastructure's own strictly necessary security cookies; section 6 governs everything else.

6. If we ever introduce cookies

6.1 The firm does not expect to introduce cookies. But a policy is more useful stating the procedure for its own amendment than assuming permanence. So: no cookie or equivalent technology will be introduced to this website before this policy has been amended to disclose it — naming each cookie, its purpose, its duration, and who sets it, flagged prominently as a material change in the manner of section 15.2 of the Privacy Policy. There will be no quiet additions.

6.2 Where the cookie is not strictly necessary, the amendment will be accompanied by a consent mechanism: the cookie will not be set until you have agreed, where the law in force or recognised good practice requires agreement, and declining will not degrade your access to the content.

6.3 The categories that could, in principle, be introduced, and the terms on which each would arrive:

Category What it might do Consent before setting? Without amending this policy?
Strictly necessary A security or load-balancing cookie needed to keep the site reachable No, but disclosed here first Never, except the infrastructure cookies in section 5
Preference Remembering a language choice, such as between the English and forthcoming Urdu editions No, where it stores only your choice; disclosed here first Never
Analytics Measuring readership — though section 3.6 of the Privacy Policy commits the firm to cookieless analytics if any Yes Never
Advertising or targeting Profiling visitors for advertisement delivery Not applicable — will not be introduced Never

6.4 The last row is not conditional. The firm will not deploy advertising or cross-site tracking cookies on this website, and it does not reserve the right to change that position by amendment. A law firm's website should not follow its readers around the internet.

6.5 If the firm adopts the aggregate analytics contemplated by section 3.6.2 of the Privacy Policy, that service will by its stated conditions set no cookie and place no identifier on your device; its adoption would be disclosed there and noted here, without moving the website out of the position this policy describes.

7. Managing cookies in your browser

7.1 On this website there is nothing to manage. But cookie controls matter across the rest of the web, and a policy with your attention may as well be useful. Menu labels move between browser versions; treat the paths below as signposts, accurate as at the effective date.

7.2 In Chrome, cookie controls live under Settings, then Privacy and security: block third-party cookies, clear browsing data, and — under Site settings — view and delete what individual sites have stored. Clicking the icon at the left of the address bar shows what the current site has set.

7.3 In Firefox, open Settings, then Privacy & Security. Enhanced Tracking Protection blocks known trackers and third-party tracking cookies by default, at a strictness you can adjust; under Cookies and Site Data, the Manage Data control lists every site holding data and lets you remove any or all of it.

7.4 In Safari on a Mac, open Safari's Settings and select Privacy; Manage Website Data lists and deletes stored data site by site, and "Prevent cross-site tracking" is on by default. On an iPhone or iPad, the controls are in the Settings app under Safari, with stored data under Advanced, then Website Data.

7.5 In Edge, open Settings, then Cookies and site permissions, to block third-party cookies, clear data on exit, and manage individual sites.

7.6 Every browser also offers a private or incognito mode, which discards cookies and site data when the window closes, and most can be set to block all cookies outright. Blocking everything breaks sites that legitimately need state — logins, baskets, forms. This website is not among them: with all cookies blocked, it works exactly as with them allowed — one more way to test this policy's claim.

7.7 Cookie controls do not stop fingerprinting (section 2.3(d)), which stores nothing. Browsers increasingly ship anti-fingerprinting measures of their own; the firm's contribution is simpler — this website does not fingerprint.

8. Interaction with the Website Privacy Policy

8.1 The Privacy Policy is the general statement of the firm's handling of information in connection with this website. This policy is a fuller treatment of one corner of it: the abstentions in its section 4.1(a) and (b). The two documents are written to agree; if they nonetheless diverge, the stricter statement — the one promising less collection — governs until the firm resolves it by amendment.

8.2 What this policy does not cover, the Privacy Policy does. Technical data generated by serving pages (IP addresses and request logs) is dealt with in its sections 3.1 and 8; correspondence you send the firm, in its section 3.2; retention, in its section 9. Cookies are only one way a website can know things about its visitors, and reading both documents gives the complete picture.

8.3 The conditional provisions of the Privacy Policy — a hosted form endpoint (section 3.2.3), online event registrations (section 3.4), and cookieless aggregate analytics (section 3.6.2) — could each change what the website does without changing its position on cookies. If any is activated in a way that involves a cookie or an equivalent technology, section 6 of this policy applies in full.

9. Changes

9.1 The firm will amend this policy when the website's behaviour changes, when its infrastructure changes in a way section 5 describes, or when the law in force in Pakistan comes to address cookies. Amendments take effect on publication of the revised policy with a new effective date.

9.2 Any amendment introducing a cookie or an equivalent technology is a material change and will be flagged prominently at the top of this policy, stating what changed and when. Silence in a later version is not a change of position; changes will be explicit.

9.3 Earlier versions are retained by the firm and will be provided on request to [email protected].

10. Contact

10.1 Questions about this policy, and reports under section 3.4, should be addressed to:

The First Counsel Attention: [PARTNER RESPONSIBLE FOR DATA PROTECTION — TO BE CONFIRMED BY THE FIRM] 8th Floor, Askari Corporate Towers, Lahore, Punjab, Pakistan Email: [email protected] (subject line "Cookies") Telephone: [TELEPHONE — TO BE CONFIRMED BY THE FIRM]

10.2 If you believe this website has set a cookie or stored an identifier contrary to this policy, say so, with the browser and page concerned if you can. The firm will investigate, answer you, and correct any defect it finds. Broader concerns about the firm's handling of personal information may be raised under the Data Privacy Complaints Procedure published on this website.

Questions about this document may be addressed to [email protected]. Where this document is translated, the English text prevails.

Every matter begins with a first conversation.

Contact the Firm