Updated January 1, 2020.
If you are a resident of the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”) or control or process of the Personal Information of EEA Residents, you should consult the sections of this policy relating to the “Rights of EEA Residents” and “International Data Transfers” for provisions that may apply to them.
If you are a resident of the State of California or have or control Personal Information of California residents, you should consult the sections of this policy pertaining to the “California Privacy Rights” including rights under the California Consumer Privacy Act (“CCPA”), which comes into effect on January 1, 2020.
Information We Collect
“Personal Information” is information that may be used to directly or indirectly identify an individual (which in some cases, may include certain Device Information). Personal Information includes (a) names, aliases, postal addresses, unique personal identifiers, online identifiers, Internet Protocol (IP) address, email address, account name, social security number, driver’s license numbers, passport numbers or other similar identifiers; (b) bank account numbers, insurance policy numbers, education, employment, employment history, financial information, medical information, or health insurance information; (c) characteristics of protected classifications under California or federal law; (d) commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; (e) internet or other electronic network activity information; (f) audio, electronic, visual or similar information; (g) professional or employment-related information; and (h) education information that is not publicly available. We may combine the Personal Information that we obtain about individuals from more than one source.
Most of the Personal Information we collect about individuals is provided by us either by the individuals themselves or by clients who have or control Personal Information about individuals, such as businesses or employers, in order for us to provide our Services. It is the obligation of any party other than an individual client to provide any required notices to the individuals whose Personal Information is submitted to us and to obtain any necessary consents from such individuals.
We collect and process Personal Information about individuals to (i) provide the Services for our clients; (ii) provide answers to inquiries or questions; (iii) maintain regular communication with clients as may be necessary to inform them of updates and other information regarding us and our Services; and (iv) when applicable, provide information to third parties with your consent (e.g., to provide a Federal ID number when completing payroll documentation).
The Personal Information stored on our system may include, without limitation, items such as (a) social security number, passport number;; (b) driver’s license numbers; (c) unique personal identifiers for payment processing and auditing; (d) commercial and financial information for business and personal management services; (e) audio, electronic and visual information; and (f) professional and employment related information.
How and When Personal Information Is Shared with Other Parties
We do not sell, trade or license Personal Information about our clients or any individuals. We do, however, work with a number of trusted partners who perform vital functions as part of our operations, as further set forth below. We do not share Personal Information unless it is necessary to fulfill our responsibilities.
Additional Sharing of Information
We may engage third parties to help us carry out certain other internal functions such as account processing, client services, or other data collection relevant to our business. Personal Information is shared with these third parties only to the extent necessary for us to process the transactions you initiate or perform other specific Services. Our partners are legally required to keep Personal Information private and secure.
In certain extenuating circumstances, we may be required share Personal Information with law enforcement or other government agencies as required by law. We reserve the right to disclose Personal Information to comply with a judicial proceeding, court order or legal process.
We will not share Personal Information if such sharing is prohibited by applicable privacy and data protection laws, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018 (“GDPR”) or the CCPA.
Notifications and Communications from Ziffren Brittenham
Legal or Security Communications
We may send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection. In other cases, these notifications involve changes to various legal agreements or policies. Generally, you may not opt out of such emails. We may also send out communications for verification purposes to comply with the CCPA.
We may also send you responses to emails you send us, if appropriate.
California Privacy Rights
The following section pertains to the rights of individuals or households in California (“California consumers”).
Civil Code Section 1798.83
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marking purposes. However, the foregoing does not apply to businesses like ours that do not disclose Personal Information to third parties for direct marketing purposes without prior approval or give customers a free mechanism to opt out of having their Personal Information disclosed to third parties for their direct marketing purposes.
Rights under the CCPA
After January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) will provide California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information are generally described above but differ for individual consumers depending on the Services used by such consumers.
Under the CCPA the term “consumer” is any natural person who is a California resident. As used herein, the term “consumer” includes our clients who are natural persons who are resident in California. Under the CCPA, qualifying California consumers may have the following rights:
Right to Know and Right to Delete.
A California consumer has the right to request that we disclose what Personal Information a business may collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
As a law firm, we are bound by our ethical duties and professional responsibilities, which may limit our ability to respond to requests to know and requests to delete information.
Right for Disclosure of Information.
A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, clients’ account with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.
In the event that we receive requests from a California consumer who has a relationship with a client (for example, from an employee or customer of a client), we will inform the client.
If you are a California consumer and would like to make any requests under the CCPA, please direct them as follows:
Ziffren Brittenham LLP
1801 Century Park West
Los Angeles, CA 90067
If we receive any request we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.
In submitting a request, a California consumer must provide sufficient information to identify the consumer, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests. If requests are unclear or submitted through means other than outline above, we will provide the California consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.
California Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT for websites exists. We therefore do not currently commit to responding to browsers’ DNT signals for our website.
Rights of EEA Residents
From May 25, 2018, all processing of Personal Information of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Information and on the free movement of such data (“GDPR”).
Under the GDPR, we are a processor or co-processor of the Personal Information of EEA Residents. Our purpose for collecting and processing Personal Information from or about EEA Residents is to authenticate contacts and to provide our Services to our clients, who may be controllers or processors of Personal Information about EEA Residents. The legal basis for collecting Personal Information is to fulfill these purposes, including contracts between us and those for whom we provide Services. We also rely on your consent to use our Services, including receiving communications regarding us and our Services.
We will not share the Personal Information that we obtain about residents of the EEA with third parties except as described above regarding Personal Information.
Under the GDPR EEA Residents may also have the right to: obtain confirmation that we hold Personal Information about the resident, request access to and receive information about the Personal Information we maintain about the resident, receive copies of the Personal Information we maintain about the resident, update and correct inaccuracies in Personal Information, object to the continued processing of Personal Information, and have the Personal Information blocked, anonymized or deleted, as appropriate. The right to access Personal Information may be limited in some circumstances by local law. We are also limited by the terms of our agreements with our clients in responding to such requests and may refer any requests received from EEA Residents to our clients.
If you qualify, in order to exercise these rights, please contact us through one of the methods below:
Ziffren Brittenham LLP
1801 Century Park West
Los Angeles, CA 90067
We may ask individuals making requests to provide additional information for identity verification purposes.
Please understand, however, that we reserve the right to retain an archive of such Personal Information for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.
International Data Transfers
If you are resident outside the United States, including in the EEA, we may under limited circumstances transfer Personal Information provided by clients, as defined above, for processing in the United States. “Processing” as used in the GDPR relates to any transfer of Personal Information for use by us, including the storage of such Personal Information in our files or systems. Under the GDPR, we are considered a processor or co-processor of the Personal Information of EEA Residents and provide processing of data at the request of our clients, who may be controllers or processors of such data. By providing Personal Information to us for the purpose of obtaining information about us and our Services, clients consent to the processing of such data in the United States. The transfer of Personal Information to the United States is necessary for the performance of a contract between clients and us. Please note that you may always remove yourself from our mailing list by contacting us at firstname.lastname@example.org.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Personal Information Retention
We endeavor to limit access to the Personal Information we have about clients or other individuals to those employees who have a legitimate business need to access such information. We take commercially reasonable steps to protect our customers’ Personal Information against unauthorized disclosure or loss. However, no data transmission over the Internet or any security measures can be guaranteed to be 100% secure. Therefore, while we strive to protect user information we cannot ensure or warrant the security of any information you transmit to us. You engage in such transmissions at your risk.
If you believe your Personal Information is being improperly used by us or any third party, please immediately notify us via email at email@example.com.
We ask that you keep the Personal Information that you provide to us current and that you correct any information you have provided us by contacting us at firstname.lastname@example.org.