Last updated June 2021
Onward Immigration is committed to protecting the privacy of your confidential and personal information. The policy of the Firm is to comply with the rules of professional conduct which impose a duty to preserve and protect confidential client information upon lawyers and their associated personnel.
Who we are
Our website address is: https://onwardimmigrationlaw.com.
As professionals engaged in the provision of legal services to clients, Onward Immigration (the “Firm”), is committed to protecting the privacy of confidential and personal information, including personal data relating to individuals who may be clients, staff, agents, lawyers, law students, job applicants, or others inside or outside the Firm. The policy of the Firm is to comply with the rules of professional conduct which impose a duty to preserve and protect confidential client information upon lawyers and their associated personnel.
This Privacy Statement is intended to summarize the Firm’s data protection practices generally, and to advise its clients, interested law students, job applicants, website visitors, and other third parties about the Firm’s privacy policies that may be applicable to them.
This Privacy Statement is specifically addressed to parties outside the Firm who: (1) provide personal information, including but not limited to information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, etc. (“Personal Information”) to the Firm; or (2) who visit or use the Firm’s website at www.onwardimmigrationlaw.com (“Website”).
Our Collection of Personal Information
The Firm only collects Personal Information that is voluntarily provided. Any Personal Information that we collect is provided to us by you, or by a third-party who you have authorized to provide us with your Personal Information.
Providing Personal Information about Others
If you provide the Firm with Personal Information about third parties, you warrant to the Firm that any Personal Information that you provide to the Firm about any third parties was obtained by you with full consent, and that the individual has not communicated to you that they wish to opt out of receiving communication from the Firm or having the Firm collect information about him or her.
The Website is hosted and operated in the United States (“U.S.”). By using the Website, you acknowledge that any Personal Information about you, regardless of whether provided by you or obtained from a third party, is being provided to the Firm in the U.S. and will be hosted in the U.S.
Use and Disclosure of Personal Information
If you do provide Personal Information to the Firm, the Firm may use that Personal Information to:
- Provide you with legal services, if you are or become a client of the Firm, and/or respond to any requests or inquiries you may have;
- Invite you to seminars, panel events, conferences and other business engagements;
- Contact you (unless you tell us that you prefer us not to) regarding legal or law firm developments that may be of interest to you;
- Carry out, monitor and analyze our business or Website operations;
- Collect anonymous traffic data and geographic location, derived from your IP address, and perform web analytics by using software and cookies;
- Enter into or carry out contracts of various kinds; and
- Comply with any applicable laws or regulations.
We do not disclose any Personal Information to unrelated parties outside of the Firm, except to our agents or data processors or other contractors acting on our behalf and at our direction, subject to appropriate confidentiality, privacy and information security commitments provided by the receiving party; where we believe it necessary to provide a service which you have requested; as permitted or required by law; or as otherwise authorized or directed by you.
We reserve the right to disclose Personal Information that we believe to be necessary or appropriate in the following circumstances:
- As required by law, such as to comply with a subpoena, or similar legal process;
- When we believe in good faith that disclosure is necessary to protect the Firm’s rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- To enforce the Firm’s Terms of Service, Legal Agreement, Master Services Agreement, or other contract, to the extent any is applicable; and
- To allow the Firm to pursue available remedies or limit the damage it may sustain.
Confidentiality of Client Information
Consistent with its professional obligations, the Firm’s policy is to exercise the utmost discretion regarding the information our clients entrust to us. The Firm accepts and processes client information in a manner that is always subject to the client’s direction and control, and the Firm maintains reasonable and appropriate, although not infallible, security precautions. It never purposefully trades, sells or shares your information with any unrelated parties except as necessary or appropriate to conduct the Firm’s legal and business activities; subject to appropriate confidentiality, privacy and information security commitments provided by the receiving party; to further your interests; or as permitted or required by law, or as authorized or directed by you. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to the attorney who is handling your matter or to email@example.com.
Client Credit Card Information
Legitimate Business Interest Under the GDPR
Specifically for EU data subjects visiting our Website, we collect your Personal Information in furtherance of our legitimate interest to carry out our business in favor of the well-being of the Firm. Our use of your Personal Information is based on the legitimate grounds that:
- The use is necessary in order to fulfill our commitments to you under our Terms of Service or applicable client fee agreements;
- The use is necessary for compliance with a legal obligation;
- The use is necessary in order to protect your vital interests or those of another person or entity;
- We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or
- You have given us your consent.
Your Privacy Rights Under the GDPR
The GDPR includes the following rights for EU data subjects who provide their information to the Firm in connection with our provision of legal services or when visiting our Website:
- The right to be informed about how we store, use, or share your data;
- The right to access your data;
- The right to rectify your data;
- The right to have us erase your data;
- The right to prevent us from processing your data;
- The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;
- The right to object to use or sharing of your data; and
- The right not to be subject to automated decision-making, including profiling.
If you have any questions about these rights, you may contact us at firstname.lastname@example.org.
With the exception of processing payments, for which LawPay and Headnote are the Payments Data Controllers; the Firm is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of personal data of the clients of the Firm and visitors to its Website. The Firm is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your personal data, you may contact us at email@example.com.
Data Processor. The Firm is the “data processor,” as defined under the GDPR, or the legal entity which processes your personal data. The Firm maintains records of any processing activities it performs, and is able to show how the Firm complies with data protection principles under the GDPR. It has effective policies and procedures in place.
To opt-out of certain advertising cookies, you may wish to visit the Network Advertising Initiative (NAI) website by clicking here.
Where We Send Your Data
Visitor comments may be checked through an automated spam detection service.
Social Media Features and Widgets
On this Website, the Firm has integrated components of the enterprise, Facebook.
Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed here. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our Website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available here, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, e.g. the Facebook blocker of the provider Webgraph. These applications may be used by the data subject to eliminate a data transmission to Facebook.
More information regarding how Facebook complies with the GDPR is located here.
On this Website, the Firm has integrated components of Twitter.
Twitter messages (tweets) are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available here. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our Website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.
Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed here.
Links to Other Websites
This site utilizes caching in order to facilitate a faster response time and better user experience. Caching potentially stores a duplicate copy of every web page that is on display on this site. All cache files are temporary, and are never accessed by any third party, except as necessary to obtain technical support from the cache plugin vendor. Cache files expire on a schedule set by the site administrator, but may easily be purged by the admin before their natural expiration, if necessary.
Do Not Track Signals
Children & Minors Privacy
The Firm does not knowingly collect, maintain or process Personal Information submitted online by anyone under the age of 18. If you are under 18, please do not attempt to send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us Personal Data, please contact us at firstname.lastname@example.org.
The Firm maintains reasonable and appropriate physical, electronic and procedural safeguards intended to maintain the confidentiality of Personal Information provided by a visitor to this Website. The Firm does not guarantee that these safeguards will always work or that its security measures are infallible.
Breach of Data
The Firm has internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.” The Firm will notify you of a personal data breach where the personal data breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. The Firm will provide you with: (i) contact details of the Data Protection Officer (DPO) or other contact person, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the organization has taken or proposes to take to address the breach, and (v) advice on steps that EU data subjects can take to protect themselves.
Data Protection Officer
The Firm is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Firm voluntarily elects to appoint Kim Felton as the DPO for this Firm. Ms. Felton is responsible for data protection compliance and can answer any questions you may have about your Personal Information. She may be reached at email@example.com.
What Rights You Have Over Your Data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Our Response to Your Requests
If you make any requests regarding your Personal Information, we will not charge you for compliance with the request. The Firm will respond and comply within one month. The Firm reserves the right to refuse or charge for requests that are manifestly unfounded or excessive. If we refuse your request, we will tell you why we are refusing your request. You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Comments on Content
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
Data Protection Impact Assessment (DPIA)
Please Note: The Firm is not required to undergo a DPIA because data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data.
Your California Privacy Rights
Under California Civil Code Section 1798.83, California clients and Website visitors are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Section 1798.83 is not applicable to the Firm, as the Firm has less than 20 employees. Nevertheless, if you have any questions or concerns, please let us know by emailing us at firstname.lastname@example.org.
Consultants, Suppliers and Vendors
In order to support its provision of legal services to its clients, from time to time, the Firm may maintain business information about prospective or ongoing consultants, suppliers, and vendors. The Firm uses this information for internal purposes and does not share this data with unrelated third parties. The Firm requires consultants, suppliers, and vendors to maintain data protections consistent with reasonable and appropriate obligations of data processors. Any prospective consultants, suppliers, or vendors with questions about our policies and expectations should contact email@example.com.
Changes and Modifications
If you change your mind about receiving information from us or have any questions or concerns about the use of information volunteered by you, please send us a request specifying your new choice. Please contact us at firstname.lastname@example.org or (347) 669-2730