As Grape Law Firm PLLC, we are located at 1350 Broadway, Ste 1800 New York, NY 10018 ('we', 'us'), we attach great importance to your privacy and have prepared this notice to explain our privacy practices and how we collect, use, disclose, store, and protect your personal data.
This privacy statement is applicable in situations where we decide how and why your personal data is processed (or, to use European terminology, in situations where we act as a data controller). It is not applicable for situations where we act merely as a service provider and another organization determines the manner and reason for processing your personal information (or, to use European terminology, where we act as a data processor).
What data do we collect?
The personal data we collect from you includes not only information that we actively collect when you interact with our services but also information that you voluntarily provide to us in various contexts (for example, by subscribing to our newsletter, filling out one of our forms, or sending us an email). Therefore, it is not possible to compile a list of all potential personal data we may collect from you in advance. However, we present below the typical types of personal data we collect from each data subject group.
Please note that you may belong to more than one data subject group. For example, if you have visited our website and subscribed to our newsletter, your personal data listed under both 'Website Visitor' and 'Newsletter Subscriber' will be processed.
| Data Subject | Categories of Personal Data |
|---|---|
| Website Visitor | - Information on how our website is used, pages visited, date, time and duration of the visit, search terms entered, and other interactions with the website and its content - Technical information related to the visit, online identifiers (including IP address and cookie data), and information about the devices used (including unique device identifiers, type of network connection, browser type, language, operating system) - Non-precise location information (derived from technical data such as IP address or device language settings) |
| Newsletter Subscriber | - Email address - Information on how you interact with our emails, whether you open them, the links you click, and how you use our website after clicking a link |
| Potential Client (If you have filled out a contact form or otherwise reached out to us to entrust a case to us) | - Your name, email address, telephone number, your company, your position in the company, your resume, your investment budget - Details you share about your situation or case |
| Individuals Contacting Us | - Identity and contact details you share and the content of your message |
How Do We Collect Your Data?
We collect most of the data directly from you, but we also gather some information about you using automated processes.
We collect and process your data in the following situations:
- When you visit our website (in this case, we use cookies and similar technologies, please read on for details);
- When you fill out forms on our website, for example, newsletter registration form, forms for immigration or other cases, and contact forms,
- When you subscribe to, read, or otherwise interact with our newsletters,
- When you respond to our online advertisements (in this case, we may receive data from our advertising partners),
- When you reach out to us or otherwise interact with our services.
Cookies are small text files placed on your computer by websites you visit. They are widely used to make websites work or work more efficiently, and also to provide information to the owners of the site. The table below explains the cookies we use and why we use them.
| Cookie | Name | Purpose |
|---|---|---|
| Google Analytics | _ga, _gcl_au | These cookies are used to collect information about how visitors use our website. We use the information to compile reports and help us improve the website. Cookies collect information including the number of visitors to the website, where visitors have come to the website from, and the pages they visited. You can read Google's overview. You can opt-out of being tracked by Google Analytics across all websites here. |
| _fbp | Facebook sets this cookie to display advertisements on Facebook or a digital platform powered by Facebook advertising after visiting our website. |
Most web browsers allow you to control most cookies through the browser settings. To learn more about cookies, visit About Cookies. And to implement your preferences via application mechanisms, visit About Ads, Your Online Choices, and Network Advertising.
Why and On What Legal Bases Do We Process Your Data?
We collect your data for the following purposes and according to the legal bases indicated alongside:
| Subject | Purposes | Legal Basis |
|---|---|---|
| Service Provision | Respond to your requests or communicate with you, provide initial consultation or respond to your questions and issues, update you about changes in our terms of service or our privacy notice, or otherwise communicate with you regarding your situation or case. | Performance or formation of a contract and our legitimate interests in retaining you as a customer |
| Service Maintenance | Manage, operate, and maintain our website, newsletter, and services in general, understand, diagnose, remedy, and resolve issues related to our services | Our legitimate interests in conducting our business |
| Service Analysis and Improvement | Perform analytical studies and customer research, develop new features and improvements by analyzing your interaction with our website and newsletter | Our legitimate interests in conducting our business and improving our website and your experience |
| Marketing and Advertising | Conduct our marketing and advertising campaigns, customize our products and services, content and advertisements on our website and newsletter according to your preferences, interests, and needs, conduct retargeting, targeting, and profiling campaigns, send marketing communications about our products and services | Generally, your explicit consent (however, in some cases, we may rely on our legitimate interests in marketing our services) |
| Cybersecurity | Ensure the information security of our services and prevent misuse of our website and services | Our legitimate interests in ensuring the security of our services |
| Compliance | Comply with legal obligations and legal requests, participate in investigations and legal processes, comply with information requests based on any legal information rights of third parties against us, storage and retention of your personal data in accordance with certain legal retention requirements | Legal obligation |
| Legal Proceedings | Detection, exercise, or defense of legal claims | Our legitimate interests in protecting our business and exercising our legal rights |
Where processing is based on your consent, you may withdraw your consent at any time (for example, by changing your cookie preferences, clicking the unsubscribe link in our newsletters, or by contacting us in other ways).
To Whom Do We Transfer Your Data?
We have specified below the categories of recipients of your personal data and why we share your data with them:
| Recipient | Reason for Sharing |
|---|---|
| Technical service providers | We work with technical service providers who operate the technical infrastructure we need for our sales, marketing, or other operations, help us protect and secure our systems and services, and provide technical services for our service delivery. |
| Payment service providers | As we offer different payment options to our customers, we partner with payment service providers to provide you with a seamless purchasing experience. Naturally, some payment data may be transferred to these payment service providers to receive payment from you and verify that the payment has been made. |
| Advertising partners | We work with advertising partners to customize the advertising content you might see on our website and our advertising partners' websites and applications. These partners help us deliver more relevant ads and promotional messages to you, including Google (see the Cookies and Similar Technologies section above). |
| Advisors | We work with advisors (legal, financial, tax, or similar) to comply with applicable laws and exercise our rights, and these advisors may occasionally need access to your personal data to provide services to us. |
| Authorities | We share your personal data when we believe in good faith that it is necessary to comply with a legal obligation under applicable laws or respond to valid legal processes. |
We may share your personal data with third parties outside your country. Therefore, your personal data may be subject to different privacy laws than those in your country. Personal data collected within the European Union/Turkey, for example, may be processed by third parties located in a country outside the European Union/Turkey. In such cases, we ensure that the transfer of your personal data is conducted in accordance with applicable privacy laws and particularly that appropriate contractual, technical, and organizational measures are in place.
How Long Do We Retain Your Data?
We will retain your personal data for the purposes mentioned in this privacy notice, particularly as long as necessary to fulfill our contracts and comply with our legal obligations. Generally, we retain your data for as long as you have an account with us and subsequently for a period during which there may be inquiries or claims related to our services, notwithstanding longer retention periods we may be obliged to comply with in accordance with legal requirements.
Specific retention periods for personal data may vary based on the following factors:
- Necessity for the provision of our services. This includes executing the user agreement with you, maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined based on this general rule.
- Consent-based personal data processing. If we process personal data based on your consent, we retain the data as long as necessary for processing.
- Legal, contractual, or similar obligations. For example, retention obligations arising from laws or formal orders may emerge. It may also be necessary to retain personal data related to pending or future legal disputes. Personal data in contracts, notices, and business correspondence may be subject to legal retention obligations depending on national laws.
What Are Your Data Protection Rights?
Depending on the relevant laws in your country, you may have rights to access, portability, objection, correction, and deletion of the personal information we hold about you.
Your Rights in Turkey
If you are located in Turkey, you have the following privacy rights:
- To learn whether your personal data is being processed,
- To request information if your personal data has been processed,
- To learn the purpose of your data processing and whether this data is used for intended purposes,
- To know the third parties to whom your personal data is transferred,
- To request rectification if your personal data is processed incompletely or inaccurately,
- To request deletion or destruction of your personal data,
- If you have requested rectification of incomplete or inaccurate data or deletion or destruction of your personal data, to request that this be notified to third parties to whom your personal data has been transferred,
- To object to the outcomes of exclusively automated analyses which may lead to unfavorable consequences for you, and
- To claim compensation for damages resulting from the unlawful processing of your personal data.
Your EEA, UK, and Swiss Rights
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following privacy rights:
- You can access, correct, update, or delete your personal information.
- You can object to the processing of your personal information, request us to restrict processing your personal information, or request portability of your personal information.
- If you do not wish us to use your email address to promote our own or third parties' products, you can opt out of marketing emails at any time.
- If we have collected and processed your personal information with your consent, you can withdraw your consent at any time.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Your California Privacy Rights
This section of the Privacy Notice provides the information required for California consumers under California privacy laws, including the California Consumer Privacy Act ('CCPA').
- You may request access to or a copy of the personal information we have collected, used, disclosed, and sold about you in the last twelve (12) months.
- You may also request the deletion of certain personal information we have collected from you.
- You have the right not to receive discriminatory treatment for exercising your CCPA privacy rights.
- Under California Civil Code Section 1798.83, you may request certain information about our use of personal information for direct marketing purposes.
- California consumers have the right to opt out of the sale of their personal information. We do not and will not sell your personal information. We may provide certain personal information to third parties, for example, to deliver services upon your request. In such cases, we require that these third parties handle the information in accordance with applicable laws and regulations.
California privacy laws also require us to inform California consumers about how collected personal information, whether online or offline, is used. This document, and especially the sections above, is designed to meet this requirement.
Your Canadian Privacy Law Rights
If your information is collected from within Canada, you have the following privacy rights:
- You can access, correct, update, or delete your personal information.
- If we have collected and processed your personal information with your consent, you can withdraw your consent at any time.
- If you wish to make a complaint about a violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), please contact us using the details below, and we will take reasonable steps to investigate and respond to your complaint. If you are not satisfied with our response after this process, you can complain to the Office of the Privacy Commissioner of Canada.
Questions and Requests
For general privacy questions and to exercise your data protection rights, you can email our data protection team at info@grapelaw.com or reach out using the methods specified in legal regulations.
Please remember that in order to protect your personal information, we may need to verify your identity using a suitable method in response to your request type.
Changes
We regularly review our privacy notice and may make updates from time to time. This notice was last updated on August 15, 2024.