Effective as of October 14, 2024

This Privacy Notice outlines the practices of Ishimbayev Law Firm, P.C., including our affiliates (collectively referred to as “Ishimbayev Law Firm,” the “Firm,” “we,” “us,” or “our”), regarding the collection, use, and handling of personal information gathered through our digital platforms and services linked to this notice. This encompasses our website located at www.ishimbayev.com (the “Site”), other digital resources provided to our clients and third parties, our social media channels, online data rooms under our operation, and extends to our marketing initiatives, the provision of services to our corporate, institutional, and non-profit clients, participation in live events, any in-person business interactions with us, and other activities as detailed herein (hereafter, the “Service”).

California Notice and State Privacy Rights. For residents of California and other states with applicable privacy laws, please refer to the State Privacy Rights Notice section below for crucial information about your privacy rights under these laws.

Notice for European Users. Individuals located in the European Economic Area (“EEA”) or the United Kingdom (“UK”)—collectively referred to in this document as “Europe” or “European”—are advised to consult the Notice to European Users section below for pertinent information.

Scope of this Privacy Notice. Please be aware that Ishimbayev Law Firm might provide specific privacy policies or notices at the point of collecting personal information related to particular products or services we offer. It is important to note that this Privacy Notice does not encompass personal information collected from Ishimbayev Law Firm’s employees, partners, contractors, or job applicants, which is governed by separate privacy policies.

1. Collection of personal information

Information Provided by You. Ishimbayev Law Firm collects personal information that you voluntarily provide through our Service or other interactions. This information includes, but is not limited to:

• Contact Details.Your name, address, telephone number, email, professional title, and employer details.
• Demographic Information. Your city, state, country of residence, and postal code.
• Records of your correspondence with us, whether through our Service, social media, or other means.
• Online Identifiers. Usernames, passwords, or other account details for accessing our websites.
• Financial Transactions. Details of financial transactions with us, including payment methods, bank account numbers, and transaction history.
• Event-Related Information. Dietary preferences and other personal details you provide when attending events we host.
• Marketing Preferences. Your preferences for receiving marketing communications from us and your interaction with these communications.
• Audiovisual Data. Photographs, videos, voice recordings (with your consent, where required by law), and security footage from our premises.
• Professional and Employment Data. Your job title, employer, work history, and education background.
• Miscellaneous Data. Any other information you provide that is not specifically listed, which will be used in accordance with this Privacy Notice or as disclosed at the time of collection.

Information from Third-Party Sources. In addition to the information you provide, we may enrich our data with information obtained from other sources, which include:

• Public Sources. Government agencies, public records, publicly accessible social media profiles, and other publicly available databases.
• Private Sources. Data providers, social media platforms, data licensors, account intelligence services, and our client entities, which may include your employer.
• Partner Organizations. Collaborative efforts with pro bono groups, non-profit organizations, and other partners.
• Marketing Partners. Relationships with joint marketing partners and event co-sponsors, enhancing our service offerings and events.

Automatic Data Collection Practices. The Firm, alongside our service providers and business partners, engages in the automatic collection of information related to your devices, as well as your activities over time with our Service, communications, and other online services. This collection helps us understand user behavior, improve our Service, and personalize your experience. The types of information automatically collected include:

• Device Information. This includes details about your computing or mobile device such as operating system type and version, device manufacturer and model, browser type, screen resolution, RAM and disk capacity, CPU usage, device category (e.g., smartphone, tablet), IP address, unique device identifiers (including those for advertising), language preferences, mobile network carrier, and radio/network information (e.g., Wi-Fi, LTE, 3G).
• Internet and Network Activity. We track how you interact with our websites, emails, and other online content. This encompasses the pages you visit, the emails you open, the links you click on, the time you spend on specific pages, the paths you take navigating between pages or screens, and your overall activity and preferences on our Site. It also includes access times and how long you access our Service.
• Location Data. With your permission, we may collect general location information to offer location-specific services or content. This can include city, state, or broader geographic area information.
• Key Card and Access Information. For individuals who have physical access to our offices via a key card, fob, or remote access method, we log usage data such as the time and place of access to better secure our premises.
• Communications Interactions. We analyze how you engage with our communications, including email and chat messages. Through technologies like pixel tags (also known as clear GIFs), embedded in our communications, we can determine whether emails have been opened or forwarded and gather other related interaction data.

Cookies and Similar Technologies. Our utilization of automatic data collection is significantly supported by cookies and similar tracking technologies. These tools are employed to enhance user experience, understand user preferences, and improve our services by analyzing how users interact with our Service. When you visit or log in to our website, these technologies may be utilized by our online data partners or vendors, and can link your activities on our site to other personal information they or third parties may have about you, including your email address. Based on this information, we (or service providers acting on our behalf) may send you communications or marketing materials. For a comprehensive understanding of how we use cookies and your options regarding them, please refer to our Cookie Notice. 

Information on Third Parties. In instances where you refer others to our services or share their contact information with us, it is imperative that you have their explicit consent before doing so. We commit to responsibly managing the contact details of individuals you introduce to us, ensuring their privacy and consent are respected.

2. How We Use personal information

Your personal information is crucial to us for delivering and enhancing our services, as well as ensuring a secure and efficient operational environment. Below are the key ways we might use your information, or as specifically outlined at the point of collection:

Service delivery and operations, including:

• Delivering Our Service. We leverage your personal data to facilitate the provision and functioning of our Service to you.
• Operational Excellence. Your personal information supports the essential day-to-day functions of our firm. This includes maintaining security, managing facility access, ensuring the smooth running of our systems, adhering to compliance requirements, and utilizing databases effectively.
• Client Support. To offer our clients top-notch legal services, manage their records, and handle billing and payment collections, we utilize personal data.
• Event Management. When you sign up for our events, we use your personal data to process your registration, communicate event details, and provide a welcoming and organized event experience.
• Office Security and Access. Should you visit our premises, we employ your personal information to manage your visit efficiently and ensure the security of our office spaces.
• Staying in Touch. We use your personal data to stay in touch with you. This includes supporting the services we offer you and responding to any inquiries, requests, or feedback you may have.

Innovation and Enhancement. We value the role your personal information plays in the continuous improvement and innovation of our services. It’s instrumental in our research and development efforts aimed at enhancing the quality of our Service, refining our business operations, and crafting new offerings. In the pursuit of these objectives, we may transform the personal information we gather into a format that cannot be linked back to you as an individual. This transformation is achieved by removing identifiers, thus creating aggregated, de-identified, or anonymized data sets. Such data, devoid of personal identifiers, allows us to conduct comprehensive analyses and improve our Service, all while maintaining your privacy. Additionally, we may share these anonymized data sets with third parties for legitimate business purposes. These activities can include, but are not limited to, enhancing our Service, fostering business growth, and developing new products and services. Rest assured, in this process, we strictly adhere to our commitment to privacy by ensuring these data sets cannot and will not be used to re-identify any individual..

Tailored Marketing Communications. Our commitment to keeping you informed about relevant offerings involves utilizing your personal information for direct marketing purposes. This task is carried out not only by us but also by our service providers and partners with whom we organize joint events. Our goal is to ensure that the marketing messages we send are aligned with your preferences and interests, making them as relevant and valuable to you as possible. To achieve this, we may personalize our communications based on the information you’ve shared with us and your interactions with our services. It’s important to us that you have control over these communications, and if at any point you decide that you no longer wish to receive them, you have the freedom to opt out. Details on how to do this are provided in the Opt-out of Communications section below, ensuring you can easily manage your preferences.

Enhancing Services and Analytics. To continuously improve and tailor our Service to your needs, we leverage your personal information for in-depth analysis of how you use our Service. This analysis helps us enhance the overall quality of our Service, refine our business strategies, and understand user behavior within our Service more accurately. By examining which areas of our Service receive the most attention and tracking how visitors navigate through our platform, including their engagement with our emails, we gain valuable insights that guide our improvements and the development of new products and services.

Compliance and Protection. We may use your personal information to:

• Adhere to Legal Obligations. We use your data to comply with applicable laws, respond to lawful requests, and participate in legal processes, such as responding to subpoenas or cooperating with government investigations.
• Safeguard Rights and Safety. We are committed to protecting the rights, privacy, and safety of our users, ourselves, and others. This includes making and defending legal claims when necessary.
• Perform Internal Audits. To ensure compliance with legal, contractual, and internal policy requirements, we conduct audits of our processes.
• Enforce Our Terms. We use your information to enforce the terms and conditions that govern our Service, maintaining its integrity and security.
• Prevent Misuse. Part of our responsibility includes using your information to prevent, identify, and take action against fraudulent, unauthorized, or illegal activities, such as cyberattacks and identity theft.

Adaptability for New Purposes. There might be instances where we use your personal information for purposes not previously disclosed in this Privacy Notice. Rest assured, any such use will be in accordance with applicable laws and only when the new purpose is compatible with the original reason for collection. Should there be a need for using your personal information in a significantly different way, we will ask for your consent, especially in cases where it is required by law. This flexibility ensures that our practices evolve alongside our users’ needs and legal standards.

3. Data Retention Principles

Our commitment to responsibly managing your personal information extends to how long we retain it. We hold onto personal data only as long as necessary to fulfill the specific purposes for which it was collected. This includes meeting any legal, accounting, or reporting obligations, defending or establishing legal claims, or for the purposes of preventing fraud.

The duration for which we keep your personal information is determined by a variety of factors. These include the volume, type, and sensitivity of the data we have collected, the potential risk of harm from unauthorized disclosure or use of your personal information, the reasons we process your personal information, and whether these purposes could be achieved by other means, as well as legal requirements that apply to the data.

Once your personal information is no longer needed for its collected purposes, we take steps to either delete it or transform it into a form where it is no longer identifiable to you. This may involve de-identifying, aggregating, or anonymizing the information so that it cannot be linked back to you. Should we choose to de-identify, aggregate, or anonymize your personal data in such a way, we reserve the right to use this non-identifiable information indefinitely without further notification.

4. Sharing Your personal information

We understand the importance of your personal information, and we want to be transparent about how it may be shared. This section outlines the parties with whom your personal information may be shared, in line with the practices detailed in this Privacy Notice, other relevant notices, or as explicitly communicated at the time of collection.

• Your personal information may be shared with our affiliates, enabling a cohesive service experience and operational efficiency across our group of companies, if any.
• Service Providers. We collaborate with third-party service providers who perform functions on our behalf or assist us in operating our Service or our business. These services range widely from information technology and software support, mailing, marketing, event management, to cyber and physical security services. Additionally, we engage legal support vendors for tasks such as e-discovery, deposition services, litigation support, and other professional consultations necessary for our client representation.
• Designated Third Parties. At your direction or with your consent, we may share your personal information with third parties. This is typically to fulfill requests you have made or services you have sought, where sharing of your information is necessary for these third parties to provide the services.
• Clients and Other Parties. We may share personal information with clients, potential clients, and others involved in our client engagements or potential client interactions. This includes their representatives, vendors, and advisors.
• Event Co-sponsors. For events that we co-sponsor with third parties, your personal information may be shared with these co-sponsors.
• Professional Advisors. In the normal course of business, we might share your information with professional advisors such as lawyers, auditors, bankers, and insurers, who provide consultancy, banking, legal, insurance, and accounting services to us.
• Authorities and Others. We may disclose personal information to law enforcement, government authorities, and private parties if we believe it’s necessary or appropriate. This could be for the purposes of complying with legal obligations, protecting our rights or those of others, or preventing harm.
• Business Transferees. In the event of a merger, reorganization, dissolution, or similar business transaction, we may need to disclose personal information as part of our business assets. This includes sharing information with prospective counterparties and their advisors, or transferring your personal information to a successor entity to ensure the continuity of our services.

5. Your Privacy Choices

This section outlines the rights and options available to you regarding your personal information. Specific rights may vary based on your residency, with additional details provided for residents of certain states, such as California and Virginia, in the State Privacy Rights Notice section. For individuals in the European Economic Area (EEA) or the United Kingdom (UK), please refer to the Notice to European Users for region-specific information.

Opting Out of Communications. You have the right to opt out of receiving marketing-related emails from us. This can be done by utilizing the opt-out or unsubscribe link found at the bottom of our emails, by contacting us via email at privacy@ishimbayev.com, or by calling us at +1-212-220-6548 (toll-free within the U.S. only). It’s important to note that opting out of marketing communications does not affect your receipt of important service-related and non-marketing communications.

Cookie Preferences. Our Cookie Notice provides detailed information about the cookies utilized by our Service and how you can manage your preferences. For more insight into how cookies work within our Service and the control options available to you, please review the Cookie Notice.

Do Not Track (DNT). Some web browsers offer a DNT option, allowing you to signal to websites your preference not to be tracked. Currently, our Service does not respond to DNT signals. For more information about DNT and how it works, please visit http://www.allaboutdnt.com.

Declining to Provide Information. While we require certain personal information to offer specific services, the choice to provide this information is always yours. However, please be aware that if you choose not to provide information we deem necessary or mandatory, it may prevent us from delivering those specific services to you.

6. Interactions with Third-Party Sites and Services

Our Service provides pathways to third-party websites, mobile applications, and various online platforms through links and content integrations. These connections are designed to enrich your experience and provide additional resources. It’s important to clarify, however, that the presence of such links and content integrations on our Service does not imply our endorsement or affiliation with these third-party entities.

We exercise no control over the privacy practices, content, or operations of third-party sites and services. Their inclusion in our Service is not an assurance of their quality, safety, or reliability. We take your trust in us seriously and aim to be cautious in our associations, but the independent nature of these third-party entities means their practices and policies are beyond our direct influence.

As you navigate these external sites and services, we strongly encourage you to remain informed about your privacy by reviewing their privacy policies and terms of use. Understanding how your information may be collected, used, and shared by these third parties can help you make more informed decisions about your interactions with them.

Your digital activities often intersect with various online entities, and while we strive to curate meaningful connections within our Service, we encourage you to approach these third-party sites and services with an informed perspective. 

7. Security Measures

We implement a comprehensive array of technical, organizational, and physical security measures. These measures are meticulously designed to shield against unauthorized access, alteration, disclosure, or destruction of personal data.

We acknowledge, however, that no internet or information technology system can be made entirely impenetrable. As such, while we strive to employ the most robust security protocols, the inherent vulnerabilities of digital and information technologies mean we cannot assure absolute security of your personal information.

We continuously refine our security practices in response to evolving threats and advancements in technology, aiming to maintain the highest level of protection for your personal data. Your understanding and cooperation in protecting your own information, by practicing safe internet habits, are vital components of our shared security efforts.

8. International Data Transfer Policy

Our operations are primarily based in the United States, and in conducting our business, we may engage with service providers and partners who operate across the globe. As a result, your personal information could be transferred to, stored, and processed in the United States or other countries outside of your own. It’s important to note that the data protection laws in these countries may not offer the same level of protection as those in your jurisdiction.

For users residing in the European Economic Area (EEA) or the United Kingdom (UK), specific provisions and protections are outlined in the Notice to European Users section to address the transfer of data from the EEA or the UK to other countries.

We are committed to ensuring the protection of your personal information regardless of where it is processed. We employ appropriate safeguards, including standard contractual clauses approved by the European Commission, to ensure that your personal information remains protected according to the standards described in this privacy notice and in accordance with applicable law. Our aim is to maintain the integrity and security of your data, irrespective of geographic boundaries.

9. Policy on Children’s Privacy

Our Site and services are designed for and directed towards users who are 18 years of age or older. We do not knowingly collect or solicit personal information from individuals under the age of 18. In alignment with our commitment to comply with laws protecting children’s privacy, we urge parents and guardians to monitor their children’s internet usage and to help enforce our privacy policy by instructing their children never to provide personal information on our website without their permission.

Should a parent or guardian become aware that their child has provided us with personal information without their consent, we encourage them to contact us immediately. Upon confirmation, if personal information has been collected from a child under 18 without appropriate parental or guardian consent, we will take the necessary steps to remove such information from our records in accordance with applicable legal requirements, ensuring the protection of the child’s privacy.

10. Amendments to This Privacy Notice

We maintain the discretion to update or amend this Privacy Notice at any given time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Should there be a material change to our Privacy Notice, we will take steps to inform you by updating the notice’s date and making the revised version available on our Service, or through other suitable communication channels.

The effectiveness of any modifications to this Privacy Notice will commence from the moment they are posted on the Service or as explicitly stated at the time of posting. It is important for you to review the updated Privacy Notice to stay informed about our data protection practices.

By continuing to use the Service subsequent to any changes, you accept and consent to the terms of the revised Privacy Notice. We encourage you to periodically review this notice to ensure you are aware of any updates and understand how your information may be used.

How to Contact Us

If you have any questions or concerns about our Privacy Notice, or how we handle your personal information, please don’t hesitate to get in touch with us through the following means:

• Email: privacy@ishimbayev.com
• Phone: +1-212-220-6548 (toll-free in the U.S. only)

State Privacy Rights Notice

This section is dedicated to residents of states that have enacted robust privacy legislation, affording them additional rights concerning their personal data. Specifically, it addresses the provisions under the California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“CDPA”), the Colorado Privacy Act (“CPA”), and the Connecticut Personal Data Privacy and Online Monitoring Act. These laws, collectively referred to as the “State Privacy Laws,” represent a significant advancement in the protection of personal information, offering residents of these states enhanced control over their data.

This portion of our Privacy Notice outlines our practices in relation to the collection, utilization, and dissemination of personal information (as defined below) pertaining to residents of states with comprehensive privacy statutes. It aims to inform you about the specific rights you might hold regarding your personal information, contingent upon the state in which you reside. It’s crucial to recognize that the rights discussed herein may not apply universally. Residents outside the jurisdictions of the stated State Privacy Laws might find certain rights inapplicable. Moreover, the ability to exercise these rights is predicated on our capacity to verify your identity and understand the nature of your request comprehensively. Without sufficient information to conduct this verification, we may be limited in our ability to process your request effectively. This section is designed to provide clarity on how your personal information is managed and to ensure you are aware of your rights and our responsibilities under the State Privacy Laws.

Within this section, the term “personal information” aligns with the definitions of “personal data,” “personal information,” and similar terms as delineated by the relevant State Privacy Laws. It’s important to note, however, that this definition explicitly excludes data that falls outside the regulatory scope of these laws, including information that is publicly accessible. Moreover, there might be instances where an alternative privacy notice is provided to specific groups within these states, such as job applicants. For those individuals, the alternative notice will supersede the guidelines outlined in this section. The classification of “Sensitive personal information” is determined in accordance with State Privacy Laws, adhering to the definitions and protections designated for such data. This distinction underscores our commitment to the heightened care and protection required for handling sensitive information, reflecting the rigorous standards set by state-specific regulations.

Clarification of Your Privacy Rights Under State Privacy Laws. The State Privacy Laws afford residents certain privacy rights, though the extent and applicability of these rights may vary based on jurisdiction. Not all rights are universally guaranteed, and in specific instances, we reserve the right, as permitted by law, to decline requests that conflict with our legal obligations or operational capabilities. It is important to emphasize that our practices do not involve the “sale” or “sharing” of personal information as defined under these laws, including the absence of such activities concerning the data of individuals under 16 years of age in the past 12 months. Additionally, we do not participate in “Profiling” activities that have a legal or similarly significant effect on individuals, in accordance with the stringent requirements of applicable State Privacy Laws. Where necessary, including under the California Consumer Privacy Act (CCPA), we seek explicit consent before collecting Sensitive personal information and adhere to the stipulated limitations on its use and disclosure.

Detailed Rights Under State Privacy Laws:

• Right to Know. You may inquire if we process your personal information and request details on our practices over the past 12 months, including:
  • Types of personal information collected.
  • Sources from which personal information was gathered.
  • Purposes for collecting personal information.
  • Third parties with whom we have shared personal information.
  • Categories of personal information disclosed for business purposes and the corresponding third parties.

• Right to Access. You are entitled to request copies of the personal information we hold about you.
• Right to Appeal. Should we deny a valid request, you have the right to appeal our decision.
• Right to Correction. You can request the correction of any inaccurate personal information we hold about you.
• Right to Deletion. You may request the deletion of your personal information under certain conditions.
• Right to Non-Discrimination. Exercising any of the aforementioned rights shall not result in discriminatory treatment as prohibited by State Privacy Laws.

Procedure for Exercising Your Privacy Rights. To exercise your rights under State Privacy Laws, including the right to know, access, appeal, correct, and delete your personal information, you may initiate a request by contacting us through the following channels:

• Telephone: Reach out to us at +1-212-220-6548 (toll-free within the United States) to submit your request directly.
• Email: Send your request to privacy@ishimbayev.com, detailing the specific right you wish to exercise.

Verification of Identity and Residency. To ensure the security and privacy of the information being requested, we must verify your identity before processing your request. This verification may involve requesting government-issued identification, a sworn declaration under penalty of perjury, or other legally permissible information to confirm your identity and residency.

Authorized Agents. Under certain State Privacy Laws, you have the option to appoint an authorized agent to act on your behalf in exercising your privacy rights. In such cases, we will require verification of the authorized agent’s identity and proof of their legal authority to act on your behalf. This may include:

• A valid power of attorney in accordance with applicable law.
• If a formal power of attorney is not provided, we may request additional steps to confirm the request’s legitimacy. This might involve providing your agent with written and signed permission to act on your behalf, alongside the necessary information for us to verify your identity, and explicit confirmation of your permission for the authorized agent to submit the request.

Overview of personal information Collection, Use, and Disclosure. Our commitment to transparency extends to how we handle personal information. Below, we outline the types of personal information we collect and may share with third parties. This overview references both:

• The categories outlined in the personal information We Collect section of this Privacy Notice.
• The categories defined under the California Consumer Privacy Act (CCPA, Cal. Civ. Code §1798.140).

We utilize these categories of personal information for various purposes, as detailed in the How We Use Your personal information section of this Privacy Notice. It’s important to note, however, that Sensitive personal information is treated with additional care and is processed strictly for the purposes for which it was collected, in full compliance with applicable laws, including State Privacy Laws.

This section reflects our practices both at present and in the 12 months leading up to the effective date of this Privacy Notice. It’s also worth mentioning that personal information you provide voluntarily, such as through free-form fields on web forms, may encompass categories not explicitly listed below. For a more detailed understanding of the sources from which we collect personal information and the reasons behind collecting or disclosing this information, please refer back to the relevant sections of this Privacy Notice.

Notice to European Users

This section, “Notice to European Users,” specifically addresses individuals within the United Kingdom (UK) and the European Economic Area (EEA), collectively referred to here as “Europe” as defined earlier in this Privacy Notice.

Definition of personal information. In this Privacy Notice, “personal information” aligns with the term “Personal Data” as defined under European data protection laws, including General Data Protection Regulation (GDPR). It pertains to any information related to an identifiable person. This definition excludes data from which the individual’s identity has been irreversibly removed (anonymous data).

Data Controller. The entity responsible for your personal data is Ishimbayev Law Firm P.C., organized under the laws of the State of New York, USA.

Data Protection Officer. For any inquiries regarding your personal data, you can contact our Data Protection Officer via email at privacy@ishimbayev.com, or by mail at 1 World Trade Center, Suite 8500 New York, NY 10007, USA.

Legal Grounds for Processing. European data protection legislation mandates that we establish a lawful basis for processing your personal data. The foundation for using your personal information as outlined in this Privacy Notice varies depending on the nature of the information and the context of processing. The primary legal bases we rely on are detailed in a subsequent section. For further questions about our processing’s legal grounds, please reach out to us at privacy@ishimbayev.com.