Privacy Policy

We, Grape Law Firm PLLC residing at 1350 Broadway, Ste 1800 New York, NY 10018 (“we”, “us”, “our”) place great improtance at your privacy and prepared this notice to explain our privacy practices and how we collect, use, disclose, retain, and protect your personal data.

This privacy notice applies to personal information in situations where we decide how and why your personal information is to be processed (or to use the European/Turkish terminology, where we act as a data controller). It does not apply where we are acting merely as a service provider to another organization who decides how and why we process your personal information (or to use the European terminology, where we act as a data processor).****

What data do we collect?

The personal data we collect from you are not only information that we actively collect while you interact with our services but also information that you voluntarily provide to us in various contexts (such as by subscribing to our newsletter, filling in one of our forms, or sending an email to us). Therefore, it is not possible to define an exclusive list of all potential types of personal data that we may collect from you. However, we provide below the typical types of personal data we collect from each data subject group.

Note that you may belong to more than one data subject group. For instance, if you visited our website and subscribed to our newsletter, your personal data listed next to both “Website Visitor” and “Newsletter Subscriber” will be processed.

Data Subject GroupPersonal Data Categories
Website Visitor- Information about how our website was used such as the pages visited, the date, time, and duration of the visit, search terms entered, and other interaction with the website and its content
  • Technical information related to the visit such as online identifiers (including IP address and cookie data) and information about the devices used (including unique device IDs, network connection type, browser type, language, operation system)
  • Non-precise location information (inferred from technical data such as the IP address or language setting of the device) | | Newsletter Subscriber | - Email address - Information about how you interacted with our emails such as whether you opened our email, the links you clicked, and how you use our website after clicking a link | | Potential Client (If you filled in a contact form or otherwise contacted us for entrusting us with your case) | - Your name, email address, phone number, company, position at company, resume, investment budget
  • Any details you share about your situation or case | | Persons who contact us | - Identity and contact details you share as well as the content of your message |

How do we collect your data?

You directly provide us with most of the data we collect but we also use automated processes to collect some information about you.

We collect and process your data when:

  • You visit our website, in which case we use cookies and similar technologies (more on this below);
  • You fill in the forms on our website such as newsletter sign up form, forms for questions about your immigration or otherwise cases, and contact forms,
  • You sign up to, read, or otherwise interact with our newsletters,
  • You respond to our ads online, in which case we may receive the data from our advertising partners,
  • You contact us or interact with our services in any other manner.

Cookies and Similar Technologies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why we use them.

Cookie / TechnologyNamePurpose
Google Analytics_ga
_gcl_auThese cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information including the number of visitors to the website, where visitors have come to the website from, and the pages they visited. Read Google’s overview of https://support.google.com/analytics/answer/6004245. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Facebook Ads_fbpFacebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting our website.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies visit www.aboutcookies.org and to access mechanisms for exercising your preferences visit www.aboutads.info/choices, www.youronlinechoices.eu, and www.networkadvertising.org/managing/opt_out.asp.

Why do we process your data and what are the lawful bases?

We collect your data for the following purposes and pursuant to the legal bases indicated next to them:

SubjectPurposesLegal Basis
Service provisionTo respond to or contact you about your requests, to provide initial consultation or respond to your queries and issues, to update you about changes to our terms of service or data protection notice, or to contact you otherwise about your situation or case.Performance or purpose of establishment of a contract and legitimate interests in retaining you as a client
Service maintenanceTo administer, operate, and maintain our website, newsletter, and our services in general, to understand, diagnose, troubleshoot, and fix issues with our servicesLegitimate interests in running our business
Service analysis and improvementTo perform analytics and conduct customer research, to evaluate and develop new features and improvements to our website and newsletter by analyzing your interaction with our website and newsletterLegitimate interests in running our business and improving our website and your experience
Marketing and advertisementTo carry out our marketing and advertisement campaigns, to tailor our products and services, content on our website and newsletter, and advertisements by analyzing your preferences, interests, and needs and by carrying out retargeting, targeting, and profiling campaigns, to send you marketing communications on our products and servicesGenerally your explicit consent (but on some occasions, we may rely on our legitimate interests in marketing our services)
Cyber securityTo ensure information security of our services and prevent any malicious use of our website and servicesLegitimate interests in ensuring the safety of our services
ComplianceTo comply with legal obligations and law enforcement requests, including participation in investigations and proceedings, complying with information requests from third parties based on any statutory information rights they have against us, retention and storage of your personal data to comply with specific legal retention requirementsLegal obligation
Legal proceedingsTo establish, exercise, or defend legal claimsLegitimate interests in protecting our business and exercising our legal rights

In cases where processing is based on your consent, you can withdraw your consent at any time (e.g., by changing your cookie preferences for cookies, by clicking the unsubscribe link for our newsletters, or otherwise by contacting us).

To whom do we transfer your data?

We have set out the categories of recipients of your personal data and why we share your data with them below:

Categories of RecipientsReason for sharing
Technical service providersWe work with technical service providers who operates the technical infrastructure that we need for our sales, marekting, or other operations, assist in protecting and securing our systems and services, and provide technical services to us for the provision of our services to you.
Payment service providersAs we offer different payment options to our customers, we partner with payment service providers to ensure a smooth purchase experience for you. Naturally, some payment data can be transferred to these payment service providers to collect payment from you and confirm that the payment has been affected.
Advertising partnersWe work with advertising partners to enable us to customize the advertising content you may receive on our website and their websites and applications. These partners help us deliver more relevant ads and promotional messages to you and include Google (see above Cookies and Similar Technologies).
ConsultantsWe work with advisors (legal, financial, tax, or similar) to comply with applicable laws and exercise our rights, and these advisors may, from time to time, require access to your personal data to provide services to us.
AuthoritiesWe share your personal data when we in good faith believe it is necessary for us to do so to comply with a legal obligation under applicable law or respond to valid legal process.

We may share your personal data with third parties located in countries other than your country. Your personal data, therefore, may be subject to privacy laws that are different from those in your country. Personal data collected within the European Union/Turkiye may, for example, be transferred to and processed by third parties located in a country outside of the European Union/Turkiye. In such instances, we ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place.

How long do we keep your data?

We will store your personal data as long as is necessary for the purposes named in this data protection notice, especially for the fulfilment of our contractual and legal obligations. In general, we retain the data you provide to us for as long as you have your account with us and thereafter for such period as you may have questions or a claim in relation to our services, notwithstanding any superior retention period that we may be obliged to observe in accordance with legal requirements applicable to us.

The specific retention periods for personal data may vary depending on the following factors:

  • Necessity for the provision of our services. This includes executing the user agreement with you, maintaining, and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined based on this general rule.
  • Consent-based processing of personal data. If we process personal data based on consent, we store the data for as long as necessary in order to process it according to your consent.
  • Statutory, contractual, or other similar obligations. Retention obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data regarding pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.

What are your data protection rights?

Depending on relevant laws in your country, you may have rights such as rights to request access, port, object, correct and erase the personal information that we hold about you.****

Your Turkish Rights

If you are located in Turkiye, you have the following privacy rights:

  • To learn whether your personal data is being processed,
  • To request information if your personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used appropriately for their purpose,
  • To know the third parties to whom your personal data has been transferred,
  • To request correction if your personal data has been processed incompletely or inaccurately,
  • To request the deletion or destruction of your personal data,
  • To request that the correction of incomplete or inaccurate data and the deletion or destruction of your personal data be notified to third parties to whom we have transferred your personal data,
  • To object to the emergence of a result against you due to analysis of data exclusively through automated systems, and
  • To request compensation for any damages caused by unlawful processing of personal data.

Your EEA, UK, and Swiss Rights

If you are located in the European Economic Area (EEA), the UK or Switzerland, you have the following privacy rights:

  • You can access, correct, update, or delete your personal information.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
  • If you do not want us to use your email address to promote our own or third parties’ products or services, you can opt-out of receiving marketing emails at any time.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

Your California Privacy Rights

This Section of our privacy notice provides information for California consumers, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”).

  • You may request access to, or for a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months.
  • You may also request that we delete certain personal information we have collected from you.
  • You have a right not to receive discriminatory treatment for the exercise of your CCPA privacy rights.
  • You can request, under California Civil Code Section 1798.83, certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
  • California consumers have the right to opt-out of the sale of their personal information. We do not and will not sell your personal information. We may provide third parties with certain personal information to provide or improve our products and services, for example to deliver services at your request. In such cases, we require those third parties to handle the information in accordance with applicable laws and regulations.

California privacy laws also require that we provide California consumers information about how we use their personal information, whether collected online or offline. This document and specifically the sections above are intended to satisfy that requirement.

Your Canadian Privacy Law Rights

If your information is collected from within Canada, you have the following privacy rights:

  • You can access, correct, update, or delete your personal information.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time.
  • If you wish to make a complaint about a breach of Personal Information Protection and Electronic Documents Act (PIPEDA), please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you. If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Privacy Commissioner of Canada.

Data Deletion and Retention

Upon receiving a valid request for data deletion, we will process your request within 30 days. We will notify you once the deletion is complete.

Our data retention policy is as follows:

  • We retain your data as long as we have a business relationship with you or as required by the enforceable laws and regulations.

To permanently delete your data, please send an email to [email protected]

Data Sharing and Its Impact

We want to make you aware that sharing certain types of information, such as genetic or family history data, could have implications not just for you but also for your relatives. Please consider this carefully before sharing such sensitive information.

Third-Party Use of Data

We strictly prohibit third-party use or disclosure of your information (including de-identified, anonymized, or pseudonymized data) for any reason without your active consent. This applies to all data we collect about you.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of discovering the breach. We will provide details about the nature of the breach and instructions for any actions you may need to take to protect yourself.

Company Ownership Changes

If our company undergoes a change in ownership, merges with another company, or ceases operations:

  • We will notify you at least 30 days in advance of any transfer of your personal data.
  • You will have the option to delete your data before the transfer occurs.
  • If you choose not to delete your data, it will be transferred to the new owner under the same privacy protections outlined in this policy.
  • In the event of company closure, all personal data will be securely deleted within 90 days, unless retention is required by law.

Inquiries and requests

You can reach out to our data protection team for general questions on privacy and to exercise your data protection rights by sending an email to [email protected] or via the methods stipulated under the relevant laws and regulations (such as Communique Regarding Applications to Data Controllers for Turkiye and the GDPR for EU).

Please note that to protect your personal information, we may need to verify your identity by a method appropriate to the type of request you are making.

Changes

We keep our data protection notice under regular review and might introduce updates from time to time. This notice was last updated on 20 November 2023.