Privacy Notice

Privacy Notice

Effective as of October 14, 2024

This Privacy Notice outlines the practices of Ishimbayev Law Firm, P.C., including our affiliates (collectively referred to as “Ishimbayev Law Firm,” the “Firm,” “we,” “us,” or “our”), regarding the collection, use, and handling of personal information gathered through our digital platforms and services linked to this notice. This encompasses our website located at www.ishimbayev.com (the “Site”), other digital resources provided to our clients and third parties, our social media channels, online data rooms under our operation, and extends to our marketing initiatives, the provision of services to our corporate, institutional, and non-profit clients, participation in live events, any in-person business interactions with us, and other activities as detailed herein (hereafter, the “Service”).

California Notice and State Privacy Rights. For residents of California and other states with applicable privacy laws, please refer to the State Privacy Rights Notice section below for crucial information about your privacy rights under these laws.

Notice for European Users. Individuals located in the European Economic Area (“EEA”) or the United Kingdom (“UK”)—collectively referred to in this document as “Europe” or “European”—are advised to consult the Notice to European Users section below for pertinent information.

Scope of this Privacy Notice. Please be aware that Ishimbayev Law Firm might provide specific privacy policies or notices at the point of collecting personal information related to particular products or services we offer. It is important to note that this Privacy Notice does not encompass personal information collected from Ishimbayev Law Firm’s employees, partners, contractors, or job applicants, which is governed by separate privacy policies.

1. Collection of personal information

Information Provided by You. Ishimbayev Law Firm collects personal information that you voluntarily provide through our Service or other interactions. This information includes, but is not limited to:

  • Contact Details.Your name, address, telephone number, email, professional title, and employer details.
  • Demographic Information. Your city, state, country of residence, and postal code.
  • Records of your correspondence with us, whether through our Service, social media, or other means.
  • Online Identifiers. Usernames, passwords, or other account details for accessing our websites.
  • Financial Transactions. Details of financial transactions with us, including payment methods, bank account numbers, and transaction history.
  • Event-Related Information. Dietary preferences and other personal details you provide when attending events we host.
  • Marketing Preferences. Your preferences for receiving marketing communications from us and your interaction with these communications.
  • Audiovisual Data. Photographs, videos, voice recordings (with your consent, where required by law), and security footage from our premises.
  • Professional and Employment Data. Your job title, employer, work history, and education background.
  • Miscellaneous Data. Any other information you provide that is not specifically listed, which will be used in accordance with this Privacy Notice or as disclosed at the time of collection.

Information from Third-Party Sources. In addition to the information you provide, we may enrich our data with information obtained from other sources, which include:

  • Public Sources. Government agencies, public records, publicly accessible social media profiles, and other publicly available databases.
  • Private Sources. Data providers, social media platforms, data licensors, account intelligence services, and our client entities, which may include your employer.
  • Partner Organizations. Collaborative efforts with pro bono groups, non-profit organizations, and other partners.
  • Marketing Partners. Relationships with joint marketing partners and event co-sponsors, enhancing our service offerings and events.

Automatic Data Collection Practices. The Firm, alongside our service providers and business partners, engages in the automatic collection of information related to your devices, as well as your activities over time with our Service, communications, and other online services. This collection helps us understand user behavior, improve our Service, and personalize your experience. The types of information automatically collected include:

  • Device Information. This includes details about your computing or mobile device such as operating system type and version, device manufacturer and model, browser type, screen resolution, RAM and disk capacity, CPU usage, device category (e.g., smartphone, tablet), IP address, unique device identifiers (including those for advertising), language preferences, mobile network carrier, and radio/network information (e.g., Wi-Fi, LTE, 3G).
  • Internet and Network Activity. We track how you interact with our websites, emails, and other online content. This encompasses the pages you visit, the emails you open, the links you click on, the time you spend on specific pages, the paths you take navigating between pages or screens, and your overall activity and preferences on our Site. It also includes access times and how long you access our Service.
  • Location Data. With your permission, we may collect general location information to offer location-specific services or content. This can include city, state, or broader geographic area information.
  • Key Card and Access Information. For individuals who have physical access to our offices via a key card, fob, or remote access method, we log usage data such as the time and place of access to better secure our premises.
  • Communications Interactions. We analyze how you engage with our communications, including email and chat messages. Through technologies like pixel tags (also known as clear GIFs), embedded in our communications, we can determine whether emails have been opened or forwarded and gather other related interaction data.

Cookies and Similar Technologies. Our utilization of automatic data collection is significantly supported by cookies and similar tracking technologies. These tools are employed to enhance user experience, understand user preferences, and improve our services by analyzing how users interact with our Service. When you visit or log in to our website, these technologies may be utilized by our online data partners or vendors, and can link your activities on our site to other personal information they or third parties may have about you, including your email address. Based on this information, we (or service providers acting on our behalf) may send you communications or marketing materials. For a comprehensive understanding of how we use cookies and your options regarding them, please refer to our Cookie Notice

Information on Third Parties. In instances where you refer others to our services or share their contact information with us, it is imperative that you have their explicit consent before doing so. We commit to responsibly managing the contact details of individuals you introduce to us, ensuring their privacy and consent are respected.

2. How We Use personal information

Your personal information is crucial to us for delivering and enhancing our services, as well as ensuring a secure and efficient operational environment. Below are the key ways we might use your information, or as specifically outlined at the point of collection:

Service delivery and operations, including:

  • Delivering Our Service. We leverage your personal data to facilitate the provision and functioning of our Service to you.
  • Operational Excellence. Your personal information supports the essential day-to-day functions of our firm. This includes maintaining security, managing facility access, ensuring the smooth running of our systems, adhering to compliance requirements, and utilizing databases effectively.
  • Client Support. To offer our clients top-notch legal services, manage their records, and handle billing and payment collections, we utilize personal data.
  • Event Management. When you sign up for our events, we use your personal data to process your registration, communicate event details, and provide a welcoming and organized event experience.
  • Office Security and Access. Should you visit our premises, we employ your personal information to manage your visit efficiently and ensure the security of our office spaces.
  • Staying in Touch. We use your personal data to stay in touch with you. This includes supporting the services we offer you and responding to any inquiries, requests, or feedback you may have.

Innovation and Enhancement. We value the role your personal information plays in the continuous improvement and innovation of our services. It’s instrumental in our research and development efforts aimed at enhancing the quality of our Service, refining our business operations, and crafting new offerings. In the pursuit of these objectives, we may transform the personal information we gather into a format that cannot be linked back to you as an individual. This transformation is achieved by removing identifiers, thus creating aggregated, de-identified, or anonymized data sets. Such data, devoid of personal identifiers, allows us to conduct comprehensive analyses and improve our Service, all while maintaining your privacy. Additionally, we may share these anonymized data sets with third parties for legitimate business purposes. These activities can include, but are not limited to, enhancing our Service, fostering business growth, and developing new products and services. Rest assured, in this process, we strictly adhere to our commitment to privacy by ensuring these data sets cannot and will not be used to re-identify any individual..

Tailored Marketing Communications. Our commitment to keeping you informed about relevant offerings involves utilizing your personal information for direct marketing purposes. This task is carried out not only by us but also by our service providers and partners with whom we organize joint events. Our goal is to ensure that the marketing messages we send are aligned with your preferences and interests, making them as relevant and valuable to you as possible. To achieve this, we may personalize our communications based on the information you’ve shared with us and your interactions with our services. It’s important to us that you have control over these communications, and if at any point you decide that you no longer wish to receive them, you have the freedom to opt out. Details on how to do this are provided in the Opt-out of Communications section below, ensuring you can easily manage your preferences.

Enhancing Services and Analytics. To continuously improve and tailor our Service to your needs, we leverage your personal information for in-depth analysis of how you use our Service. This analysis helps us enhance the overall quality of our Service, refine our business strategies, and understand user behavior within our Service more accurately. By examining which areas of our Service receive the most attention and tracking how visitors navigate through our platform, including their engagement with our emails, we gain valuable insights that guide our improvements and the development of new products and services.

Compliance and Protection. We may use your personal information to:

  • Adhere to Legal Obligations. We use your data to comply with applicable laws, respond to lawful requests, and participate in legal processes, such as responding to subpoenas or cooperating with government investigations.
  • Safeguard Rights and Safety. We are committed to protecting the rights, privacy, and safety of our users, ourselves, and others. This includes making and defending legal claims when necessary.
  • Perform Internal Audits. To ensure compliance with legal, contractual, and internal policy requirements, we conduct audits of our processes.
  • Enforce Our Terms. We use your information to enforce the terms and conditions that govern our Service, maintaining its integrity and security.
  • Prevent Misuse. Part of our responsibility includes using your information to prevent, identify, and take action against fraudulent, unauthorized, or illegal activities, such as cyberattacks and identity theft.

Adaptability for New Purposes. There might be instances where we use your personal information for purposes not previously disclosed in this Privacy Notice. Rest assured, any such use will be in accordance with applicable laws and only when the new purpose is compatible with the original reason for collection. Should there be a need for using your personal information in a significantly different way, we will ask for your consent, especially in cases where it is required by law. This flexibility ensures that our practices evolve alongside our users’ needs and legal standards.

3. Data Retention Principles

Our commitment to responsibly managing your personal information extends to how long we retain it. We hold onto personal data only as long as necessary to fulfill the specific purposes for which it was collected. This includes meeting any legal, accounting, or reporting obligations, defending or establishing legal claims, or for the purposes of preventing fraud.

The duration for which we keep your personal information is determined by a variety of factors. These include the volume, type, and sensitivity of the data we have collected, the potential risk of harm from unauthorized disclosure or use of your personal information, the reasons we process your personal information, and whether these purposes could be achieved by other means, as well as legal requirements that apply to the data.

Once your personal information is no longer needed for its collected purposes, we take steps to either delete it or transform it into a form where it is no longer identifiable to you. This may involve de-identifying, aggregating, or anonymizing the information so that it cannot be linked back to you. Should we choose to de-identify, aggregate, or anonymize your personal data in such a way, we reserve the right to use this non-identifiable information indefinitely without further notification.

4. Sharing Your personal information

We understand the importance of your personal information, and we want to be transparent about how it may be shared. This section outlines the parties with whom your personal information may be shared, in line with the practices detailed in this Privacy Notice, other relevant notices, or as explicitly communicated at the time of collection.

  • Your personal information may be shared with our affiliates, enabling a cohesive service experience and operational efficiency across our group of companies, if any.
  • Service Providers. We collaborate with third-party service providers who perform functions on our behalf or assist us in operating our Service or our business. These services range widely from information technology and software support, mailing, marketing, event management, to cyber and physical security services. Additionally, we engage legal support vendors for tasks such as e-discovery, deposition services, litigation support, and other professional consultations necessary for our client representation.
  • Designated Third Parties. At your direction or with your consent, we may share your personal information with third parties. This is typically to fulfill requests you have made or services you have sought, where sharing of your information is necessary for these third parties to provide the services.
  • Clients and Other Parties. We may share personal information with clients, potential clients, and others involved in our client engagements or potential client interactions. This includes their representatives, vendors, and advisors.
  • Event Co-sponsors. For events that we co-sponsor with third parties, your personal information may be shared with these co-sponsors.
  • Professional Advisors. In the normal course of business, we might share your information with professional advisors such as lawyers, auditors, bankers, and insurers, who provide consultancy, banking, legal, insurance, and accounting services to us.
  • Authorities and Others. We may disclose personal information to law enforcement, government authorities, and private parties if we believe it’s necessary or appropriate. This could be for the purposes of complying with legal obligations, protecting our rights or those of others, or preventing harm.
  • Business Transferees. In the event of a merger, reorganization, dissolution, or similar business transaction, we may need to disclose personal information as part of our business assets. This includes sharing information with prospective counterparties and their advisors, or transferring your personal information to a successor entity to ensure the continuity of our services.

5. Your Privacy Choices

This section outlines the rights and options available to you regarding your personal information. Specific rights may vary based on your residency, with additional details provided for residents of certain states, such as California and Virginia, in the State Privacy Rights Notice section. For individuals in the European Economic Area (EEA) or the United Kingdom (UK), please refer to the Notice to European Users for region-specific information.

Opting Out of Communications. You have the right to opt out of receiving marketing-related emails from us. This can be done by utilizing the opt-out or unsubscribe link found at the bottom of our emails, by contacting us via email at privacy@ishimbayev.com, or by calling us at +1-212-220-6548 (toll-free within the U.S. only). It’s important to note that opting out of marketing communications does not affect your receipt of important service-related and non-marketing communications.

Cookie Preferences. Our Cookie Notice provides detailed information about the cookies utilized by our Service and how you can manage your preferences. For more insight into how cookies work within our Service and the control options available to you, please review the Cookie Notice.

Do Not Track (DNT). Some web browsers offer a DNT option, allowing you to signal to websites your preference not to be tracked. Currently, our Service does not respond to DNT signals. For more information about DNT and how it works, please visit http://www.allaboutdnt.com.

Declining to Provide Information. While we require certain personal information to offer specific services, the choice to provide this information is always yours. However, please be aware that if you choose not to provide information we deem necessary or mandatory, it may prevent us from delivering those specific services to you.

6. Interactions with Third-Party Sites and Services

Our Service provides pathways to third-party websites, mobile applications, and various online platforms through links and content integrations. These connections are designed to enrich your experience and provide additional resources. It’s important to clarify, however, that the presence of such links and content integrations on our Service does not imply our endorsement or affiliation with these third-party entities.

We exercise no control over the privacy practices, content, or operations of third-party sites and services. Their inclusion in our Service is not an assurance of their quality, safety, or reliability. We take your trust in us seriously and aim to be cautious in our associations, but the independent nature of these third-party entities means their practices and policies are beyond our direct influence.

As you navigate these external sites and services, we strongly encourage you to remain informed about your privacy by reviewing their privacy policies and terms of use. Understanding how your information may be collected, used, and shared by these third parties can help you make more informed decisions about your interactions with them.

Your digital activities often intersect with various online entities, and while we strive to curate meaningful connections within our Service, we encourage you to approach these third-party sites and services with an informed perspective. 

7. Security Measures

We implement a comprehensive array of technical, organizational, and physical security measures. These measures are meticulously designed to shield against unauthorized access, alteration, disclosure, or destruction of personal data.

We acknowledge, however, that no internet or information technology system can be made entirely impenetrable. As such, while we strive to employ the most robust security protocols, the inherent vulnerabilities of digital and information technologies mean we cannot assure absolute security of your personal information.

We continuously refine our security practices in response to evolving threats and advancements in technology, aiming to maintain the highest level of protection for your personal data. Your understanding and cooperation in protecting your own information, by practicing safe internet habits, are vital components of our shared security efforts.

8. International Data Transfer Policy

Our operations are primarily based in the United States, and in conducting our business, we may engage with service providers and partners who operate across the globe. As a result, your personal information could be transferred to, stored, and processed in the United States or other countries outside of your own. It’s important to note that the data protection laws in these countries may not offer the same level of protection as those in your jurisdiction.

For users residing in the European Economic Area (EEA) or the United Kingdom (UK), specific provisions and protections are outlined in the Notice to European Users section to address the transfer of data from the EEA or the UK to other countries.

We are committed to ensuring the protection of your personal information regardless of where it is processed. We employ appropriate safeguards, including standard contractual clauses approved by the European Commission, to ensure that your personal information remains protected according to the standards described in this privacy notice and in accordance with applicable law. Our aim is to maintain the integrity and security of your data, irrespective of geographic boundaries.

9. Policy on Children’s Privacy

Our Site and services are designed for and directed towards users who are 18 years of age or older. We do not knowingly collect or solicit personal information from individuals under the age of 18. In alignment with our commitment to comply with laws protecting children’s privacy, we urge parents and guardians to monitor their children’s internet usage and to help enforce our privacy policy by instructing their children never to provide personal information on our website without their permission.

Should a parent or guardian become aware that their child has provided us with personal information without their consent, we encourage them to contact us immediately. Upon confirmation, if personal information has been collected from a child under 18 without appropriate parental or guardian consent, we will take the necessary steps to remove such information from our records in accordance with applicable legal requirements, ensuring the protection of the child’s privacy.

10. Amendments to This Privacy Notice

We maintain the discretion to update or amend this Privacy Notice at any given time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Should there be a material change to our Privacy Notice, we will take steps to inform you by updating the notice’s date and making the revised version available on our Service, or through other suitable communication channels.

The effectiveness of any modifications to this Privacy Notice will commence from the moment they are posted on the Service or as explicitly stated at the time of posting. It is important for you to review the updated Privacy Notice to stay informed about our data protection practices.

By continuing to use the Service subsequent to any changes, you accept and consent to the terms of the revised Privacy Notice. We encourage you to periodically review this notice to ensure you are aware of any updates and understand how your information may be used.

How to Contact Us

If you have any questions or concerns about our Privacy Notice, or how we handle your personal information, please don’t hesitate to get in touch with us through the following means:

State Privacy Rights Notice

This section is dedicated to residents of states that have enacted robust privacy legislation, affording them additional rights concerning their personal data. Specifically, it addresses the provisions under the California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“CDPA”), the Colorado Privacy Act (“CPA”), and the Connecticut Personal Data Privacy and Online Monitoring Act. These laws, collectively referred to as the “State Privacy Laws,” represent a significant advancement in the protection of personal information, offering residents of these states enhanced control over their data.

This portion of our Privacy Notice outlines our practices in relation to the collection, utilization, and dissemination of personal information (as defined below) pertaining to residents of states with comprehensive privacy statutes. It aims to inform you about the specific rights you might hold regarding your personal information, contingent upon the state in which you reside. It’s crucial to recognize that the rights discussed herein may not apply universally. Residents outside the jurisdictions of the stated State Privacy Laws might find certain rights inapplicable. Moreover, the ability to exercise these rights is predicated on our capacity to verify your identity and understand the nature of your request comprehensively. Without sufficient information to conduct this verification, we may be limited in our ability to process your request effectively. This section is designed to provide clarity on how your personal information is managed and to ensure you are aware of your rights and our responsibilities under the State Privacy Laws.

Within this section, the term “personal information” aligns with the definitions of “personal data,” “personal information,” and similar terms as delineated by the relevant State Privacy Laws. It’s important to note, however, that this definition explicitly excludes data that falls outside the regulatory scope of these laws, including information that is publicly accessible. Moreover, there might be instances where an alternative privacy notice is provided to specific groups within these states, such as job applicants. For those individuals, the alternative notice will supersede the guidelines outlined in this section. The classification of “Sensitive personal information” is determined in accordance with State Privacy Laws, adhering to the definitions and protections designated for such data. This distinction underscores our commitment to the heightened care and protection required for handling sensitive information, reflecting the rigorous standards set by state-specific regulations.

Clarification of Your Privacy Rights Under State Privacy Laws. The State Privacy Laws afford residents certain privacy rights, though the extent and applicability of these rights may vary based on jurisdiction. Not all rights are universally guaranteed, and in specific instances, we reserve the right, as permitted by law, to decline requests that conflict with our legal obligations or operational capabilities. It is important to emphasize that our practices do not involve the “sale” or “sharing” of personal information as defined under these laws, including the absence of such activities concerning the data of individuals under 16 years of age in the past 12 months. Additionally, we do not participate in “Profiling” activities that have a legal or similarly significant effect on individuals, in accordance with the stringent requirements of applicable State Privacy Laws. Where necessary, including under the California Consumer Privacy Act (CCPA), we seek explicit consent before collecting Sensitive personal information and adhere to the stipulated limitations on its use and disclosure.

Detailed Rights Under State Privacy Laws:

  • Right to Know. You may inquire if we process your personal information and request details on our practices over the past 12 months, including:
    • Types of personal information collected.
    • Sources from which personal information was gathered.
    • Purposes for collecting personal information.
    • Third parties with whom we have shared personal information.
    • Categories of personal information disclosed for business purposes and the corresponding third parties.
  • Right to Access. You are entitled to request copies of the personal information we hold about you.
  • Right to Appeal. Should we deny a valid request, you have the right to appeal our decision.
  • Right to Correction. You can request the correction of any inaccurate personal information we hold about you.
  • Right to Deletion. You may request the deletion of your personal information under certain conditions.
  • Right to Non-Discrimination. Exercising any of the aforementioned rights shall not result in discriminatory treatment as prohibited by State Privacy Laws.

Procedure for Exercising Your Privacy Rights. To exercise your rights under State Privacy Laws, including the right to know, access, appeal, correct, and delete your personal information, you may initiate a request by contacting us through the following channels:

  • Telephone: Reach out to us at +1-212-220-6548 (toll-free within the United States) to submit your request directly.
  • Email: Send your request to privacy@ishimbayev.com, detailing the specific right you wish to exercise.

Verification of Identity and Residency. To ensure the security and privacy of the information being requested, we must verify your identity before processing your request. This verification may involve requesting government-issued identification, a sworn declaration under penalty of perjury, or other legally permissible information to confirm your identity and residency.

Authorized Agents. Under certain State Privacy Laws, you have the option to appoint an authorized agent to act on your behalf in exercising your privacy rights. In such cases, we will require verification of the authorized agent’s identity and proof of their legal authority to act on your behalf. This may include:

  • A valid power of attorney in accordance with applicable law.
  • If a formal power of attorney is not provided, we may request additional steps to confirm the request’s legitimacy. This might involve providing your agent with written and signed permission to act on your behalf, alongside the necessary information for us to verify your identity, and explicit confirmation of your permission for the authorized agent to submit the request.

Overview of personal information Collection, Use, and Disclosure. Our commitment to transparency extends to how we handle personal information. Below, we outline the types of personal information we collect and may share with third parties. This overview references both:

  • The categories outlined in the personal information We Collect section of this Privacy Notice.
  • The categories defined under the California Consumer Privacy Act (CCPA, Cal. Civ. Code §1798.140).

We utilize these categories of personal information for various purposes, as detailed in the How We Use Your personal information section of this Privacy Notice. It’s important to note, however, that Sensitive personal information is treated with additional care and is processed strictly for the purposes for which it was collected, in full compliance with applicable laws, including State Privacy Laws.

This section reflects our practices both at present and in the 12 months leading up to the effective date of this Privacy Notice. It’s also worth mentioning that personal information you provide voluntarily, such as through free-form fields on web forms, may encompass categories not explicitly listed below. For a more detailed understanding of the sources from which we collect personal information and the reasons behind collecting or disclosing this information, please refer back to the relevant sections of this Privacy Notice.

Personal information (“PI”) we collect

CCPA Statutory Category

Categories of third-party entities with whom we share PI to fulfill business objectives

Contact data

  • Identifiers
  • Commercial information
  • California customer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Demographic data

  • Identifiers
  • California customer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Online identifiers and account information  

  • Identifiers
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Communications data

  • Identifiers
  • Commercial information
  • California consumer records 
  • Internet or Network Information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Payment and transactional data

  • Commercial information
  • California consumer records
  • Financial information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Marketing data

  • Identifiers
  • Commercial information
  • California customer records
  • Internet or Network Information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Dietary information

  • Identifiers
  • Commercial information
  • California customer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Professional advisors
  • Authorities and others
  • Business transferees

Audio, electronic, and visual information 

  • Sensory Information
  • Identifiers
  • California consumer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Professional advisors
  • Authorities and others
  • Business transferees

Professional / Employment-related data

  • Identifiers
  • California consumer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Third Parties’ Data

  • Identifiers
  • California consumer records
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Device data

  • Identifiers
  • Internet or Network Information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Online activity data

  • Identifiers
  • Commercial information
  • Internet or Network Information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

General location data

  • Geolocation data
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Communication interaction data

  • Identifiers
  • Commercial information
  • California consumer records 
  • Internet or Network Information
  • Affiliates
  • Service providers
  • Third parties designated by you
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Data derived from the above

  • Inferences
  • Affiliates
  • Service providers
  • Clients and other parties
  • Professional advisors
  • Authorities and others
  • Business transferees
  • Business and marketing co-sponsors

Other Sensitive personal information[1]

  • Characteristics of Protected Classifications
  • N/A

Notice to European Users

This section, “Notice to European Users,” specifically addresses individuals within the United Kingdom (UK) and the European Economic Area (EEA), collectively referred to here as “Europe” as defined earlier in this Privacy Notice.

Definition of personal information. In this Privacy Notice, “personal information” aligns with the term “Personal Data” as defined under European data protection laws, including General Data Protection Regulation (GDPR). It pertains to any information related to an identifiable person. This definition excludes data from which the individual’s identity has been irreversibly removed (anonymous data).

Data Controller. The entity responsible for your personal data is Ishimbayev Law Firm P.C., organized under the laws of the State of New York, USA.

Data Protection Officer. For any inquiries regarding your personal data, you can contact our Data Protection Officer via email at privacy@ishimbayev.com, or by mail at 1 World Trade Center, Suite 8500 New York, NY 10007, USA.

Legal Grounds for Processing. European data protection legislation mandates that we establish a lawful basis for processing your personal data. The foundation for using your personal information as outlined in this Privacy Notice varies depending on the nature of the information and the context of processing. The primary legal bases we rely on are detailed in a subsequent section. For further questions about our processing’s legal grounds, please reach out to us at privacy@ishimbayev.com.

Clarification on Processing Purposes

Categories of personal information

Legal Basis for Processing

For a comprehensive understanding of the purposes behind our processing of your personal data, please refer to the previously outlined details in the section “How We Use personal information.

Insights into the specific categories of personal information we process can be found in the earlier section “Collection of personal information.”

The legal justification for processing your personal information is anchored in the principles discussed in this Privacy Notice. For an in-depth exploration of these legal bases, please review the information provided in the sections mentioned above.

1. Operational Efficiency and Service Delivery: To ensure the seamless operation of our Service and to fulfill your specific requests or inquiries effectively, it is necessary for us to process your personal information. This encompasses providing you with access to the content, information, or services you have sought from us, among other operational needs.

  • Contact data
  • Demographic data
  • Communications data
  • Online identifiers and account information
  • Payment and transactional data
  • Dietary information
  • Audio, electronic, and visual information
  • Professional or employment-related information
  • Device data
  • Internet activity or electronic network activity information 
  • Other data

The processing of your personal information is essential for fulfilling the contractual obligations related to the delivery of our Service, or to carry out pre-contractual measures at your request before you formally engage with our Service.

2. Research and Development Considerations: Your personal information might be utilized for research and development to enhance our Service and overall business operations. Such usage aligns with our legitimate interests in innovating and improving our offerings.

Any and all data types relevant in the circumstances

We ensure that these activities are conducted with a balanced approach, where our legitimate interests do not outweigh your rights and impacts.

3. Extended Purposes for Processing Your personal information:

To ensure the comprehensive management and security of our Service, we may process your personal information for a variety of additional purposes, including but not limited to:

  • Service Accessibility and Maintenance: Facilitating access to, and the maintenance of, the Service to guarantee its optimal functionality.
  • Compliance and Security: Implementing measures for compliance with legal obligations, prevention of fraud, and safeguarding the safety of our Service and users.
  • Third-Party Sharing: Distributing your personal information to third parties as outlined in this Privacy Notice for specified purposes.
  • Business Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be disclosed to prospective or actual buyers or sellers.
  • Statistical Analysis: Gathering statistical data concerning the usage of our Service to better understand user engagement and improve our offerings.
  • Protecting Our Interests: We may use your personal information to protect our corporate interests, which include, but are not limited to:
  • Enforcing our Terms of Service.
  • Evaluating claims regarding content that may infringe upon the rights of third parties.
  • Establishing, exercising, or defending our legal rights and claims.
  • Contact data
  • Demographic data
  • Communications data
  • Online identifiers (including social media) and account information
  • Payment and transactional data
  • Audio, electronic, and visual information
  • Professional or employment-related information
  • Device data
  • Internet activity or electronic network activity information 
  • Other data

Our processing of your personal information for the purposes outlined is grounded in our legitimate interests. These interests include ensuring the efficient operation and management of our Service, maintaining compliance and security, engaging in business transactions, and protecting our legal rights and interests. We carefully balance these legitimate interests against any potential impact on you to ensure that your rights and interests are not unduly affected. Should our interests be outweighed by the impact on you, we refrain from using your personal information for these specific purposes.

4. Marketing and Advertising Practices: To inform you about and engage you with our latest products, services, and offers, we, along with our third-party advertising partners, may collect and utilize your personal information specifically for marketing and advertising purposes.

  • Contact data
  • Demographic data
  • Communications data
  • Device data
  • Internet activity or electronic network activity information 
  • Marketing data
  • Other data 

Consent-Based Processing: Where applicable law mandates, we obtain your explicit consent to use your personal information for marketing and advertising activities. This ensures that we engage with you in compliance with legal standards and respect your preferences.

Legitimate Interests: In jurisdictions where your consent is not a prerequisite for such activities, our processing is driven by our legitimate interests in promoting our business and enhancing our service offerings. This approach balances our business objectives with your rights and interests, ensuring that our marketing efforts align with reasonable expectations and do not infringe upon your privacy.

5. Legal Obligations and Protective Measures: In certain circumstances, we are bound by legal requirements that necessitate the disclosure of your personal information to courts, law enforcement agencies, or regulatory bodies.

Any and all data types relevant in the circumstances.

Compliance with Legal Obligations: Our primary basis for processing your personal information in these instances is the need to comply with our legal obligations. This ensures that our operations adhere to the legal standards and regulations applicable to our business.

Legitimate Interests in Legal Processes: In situations where specific legal obligations do not mandate compliance, both we and any relevant third parties engage in the processing of your personal information based on legitimate interests. These interests include participating in and supporting legal processes and requests, as well as cooperating with authorities as necessary.

Protection of Rights and Safety: Additionally, there exists a legitimate interest in ensuring the protection and enforcement of our rights, property, and safety, as well as those of third parties. This includes taking necessary steps to safeguard our legal interests and defend against potential legal claims or disputes..

6. Additional Uses of personal information: In certain instances, we may find it necessary to use your personal information for purposes that extend beyond those detailed in this Privacy Notice.

This encompasses any and all categories of personal information that may be relevant, depending on the specific circumstances at hand.

Compatible Purposes: If the new use of your personal information is deemed compatible with the original purpose for which it was collected, we will rely on the original legal basis for processing. This approach ensures that our further use of your data remains aligned with the expectations set at the time of collection and adheres to applicable legal standards.

Consent for New Purposes: In situations where the further use of your personal information is not compatible with the initial purposes, we will seek your consent before proceeding.

 

Your Data Protection Rights. Under data protection laws, you are afforded specific rights concerning your personal information, although these rights may be subject to certain conditions and exemptions depending on the processing activities we undertake. These rights include:

  1. Right of Access. You are entitled to request copies of the personal information we hold about you, ensuring transparency in how your data is handled.
  2. Right to Rectification. If you believe any of the personal information we possess is inaccurate or incomplete, you have the right to request a correction or completion of your data.
  3. Right to Erasure. Under certain conditions, you can request the deletion of your personal information from our records.
  4. Right to Restriction of Processing. You may request a limitation on the processing of your personal information in specific scenarios.
  5. Right to Object to Processing. You have the liberty to object to our processing of your personal information under certain circumstances.
  6. Right to Data Portability. If applicable, you can ask for the transfer of your personal information to another entity or directly to you in a structured, commonly used, and machine-readable format.
  7. Right to Withdraw Consent. Where our processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. It’s important to note that withdrawing consent does not compromise the legality of any processing that occurred prior to the withdrawal.

How to Exercise Your Data Protection Rights. If you wish to exercise any of the rights mentioned regarding your personal information, you can initiate your request through the following methods:

  • Email: Direct your requests to privacy@ishimbayev.com.
  • Postal Mail: Send your requests to the Data Protection Officer (DPO) at 1 World Trade Center, Suite 8500 New York, NY 10007, USA.

To ensure the security and privacy of your information, we may need to request additional details from you to verify your identity before we can proceed with your request.

The ability for us to fulfill your request may depend on several factors, such as the reasons behind our processing of your personal information and the manner in which it is processed. In cases where we decide not to comply with a request, either in whole or in part, we will provide you with our reasons for doing so, barring any legal constraints that prevent us from disclosing this information.

Your Right to File a Complaint with a Supervisory Authority. Beyond the rights specified above, should you find our response to your request unsatisfactory, or have concerns about the way we process your personal information, you are entitled to lodge a complaint with the data protection authority in your country or region of residence. This provides an additional layer of oversight and ensures that your concerns regarding personal data handling are addressed appropriately by regulatory bodies dedicated to protecting your privacy rights.

Cross-Border Data Transfer Information. Our headquarter is situated in the U.S., and we collaborate with service providers, advisers, partners, and other entities that are also predominantly U.S.-based. Consequently, utilizing our Service entails that your personal information will be accessed and processed within the U.S. Additionally, there may be instances where your personal information is shared with recipients in countries outside of Europe, which could involve transferring your data to jurisdictions where privacy protections may not be as comprehensive as those in your locality.

In scenarios where your personal information is transferred to third parties located outside Europe, we commit to implementing appropriate measures to ensure such transfers comply with applicable legal standards, safeguarding your privacy rights.

Should you require more details about these practices or wish to review the safeguards we have in place for transferring personal information outside of the European Economic Area (EEA) and/or the United Kingdom (UK), please feel free to reach out to us at privacy@ishimbayev.com.

[1] Providing this information is not mandatory on your part, yet it may be inferred from the identity data or other information we gather, or through your voluntary disclosure.

Submit Inquiry or Schedule Consultation

Empowering 1,000+ Businesses Worldwide
Serving Clients Across 25+ Nations
Securing Over $1 Billion for Our Clients

Submit Your Request

FREE GUIDE

Please click the link below to download the Guide