BROOKS KUSHMAN P.C. PRIVACY POLICY

Privacy Notice

Effective: December 2, 2024

Brooks Kushman, P.C. (“BK,” “we,” or “us”) is committed to respecting and protecting your privacy.

BK is a global law firm, providing intellectual property and technology related services to domestic and international clients. Information that we collect on our website, and elsewhere, from overseas, including personal information, may be transferred to the US to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, personal information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the information was initially collected. In all such instances, we use, transfer, and disclose personal information solely for the purposes described in this Privacy Policy.

This Privacy Notice, is intended to be consistent with (and supplement) our obligations under applicable laws and the EU General Data Protection Regulation (“GDPR”), and explains how we collect, use, share, and protect personal information you share with us in connection with our website as detailed in the following sections:

  1. Changes to This Privacy Notice
  2. Information We Collect
  3. How We Use Your Information
  4. Sharing Your Information
  5. Cookies and Tracking Technologies
  6. Data Security and Retention
  7. Your Privacy Rights
  8. International Data Transfers
  9. Children’s Privacy
  10. Jurisdiction-Specific Notices
  11. Contacting Us

1. Changes to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in our practices or to comply with new legal and regulatory requirements. Updates will be effective upon posting the revised version on our website. For significant changes, we may provide additional notice, such as email notifications or website banners. We encourage you to review this Privacy Notice regularly to stay informed.

2. Information We Collect

Personal Information

Personal Information may refer to any information that relates to an identified or identifiable individual. An identifiable individual is one who can be directly or indirectly identified by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

We may collect Personal Information that identifies you or could be used to identify you. Categories of Personal Information we collect include:

  • Contact Information: Name, email address, postal address, phone number, and Fax number.
  • Services Information: Business information necessary for us to assess potential services requested by prospective clients.
  • Technical Data: IP address, browser type, device information, and website activity.
  • Marketing Preferences: Information regarding your preferences for receiving updates or legal news.

Non-Personal Information

We also collect aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. This includes non-personal data automatically collected during your visit to our site, such as:

  • Browser type.
  • Operating system.
  • The domain name of your Internet service provider.

Sources of Information

We collect information:

  • Directly from you: When you provide it via forms, emails, or other direct communications.
  • Automatically : Through cookies and similar tracking technologies on our website.

3. How We Use Your Information

We may use and disclose personal information to provide professional services to our clients, support legitimate business purposes (such as operational, administrative, or marketing activities), or with your consent. The specific uses of personal information depend on the nature of our relationship with you and your interactions with us, and may include:

  • Responding to Inquiries: Addressing your questions and fulfilling your requests.
  • Providing Services: Delivering the information or services you request, including sending confirmations and receipts.
  • Client Services: Contacting individuals (e.g., clients, their employees, or other parties) to provide professional services, manage client files, and maintain client relationships.
  • Communications: Sending newsletters, legal updates, publications, or information about our seminars and events, as well as discussing our services and updates about our firm.
  • Compliance: Confirming identity to meet “Know Your Customer” requirements, perform conflict checks, and respond to data subject access requests.
  • Operational Improvements: Enhancing our services and website through data analysis, monitoring usage trends, and improving efficiency.
  • Security: Detecting and preventing security risks, such as cyberattacks or identity theft.
  • Auditing: Conducting audits to ensure internal processes meet legal, regulatory, and contractual standards.
  • Legal and Regulatory Obligations: Meeting our responsibilities under applicable laws and regulations.
  • Fraud Prevention and Dispute Resolution: Detecting or preventing fraud, protecting rights, complying with legal obligations, and pursuing remedies in disputes.
  • Other Purposes: Using personal information for purposes permitted by law or as disclosed to you with your consent.

We only use personal information as reasonably necessary and appropriate to fulfill these purposes while ensuring compliance with legal and ethical obligations.

4. Sharing Your Information

We share your information only as necessary for the purposes described in the following or otherwise provided in this Privacy Notice:

  • Service Providers: Vendors supporting our business operations, such as IT services, payment processors, or marketing providers.
  • Legal Partners: Co-counsel, local counsel, or other parties engaged in your legal matter.
  • Compliance: To meet regulatory or legal obligations, including audits and investigations.
  • With Your Consent:  At your direction, including if we notify you that your personal information will be shared in a particular manner and you provide such personal information.

We do not sell personal information or use it for cross-context behavioral advertising.

5. Cookies and Tracking Technologies

Cookies

“Cookies” are small files stored on your computer by your browser, often used to enable website functionality and provide information to the website operator. In some cases, cookies may collect personal information about your use of the website, such as your IP address. You can manage your browser settings to accept or decline cookies; however, disabling cookies may limit your ability to access certain features of our website.

We may use cookies for various purposes, including:

  • Authentication: To identify you when you visit and navigate our website.
  • Security: As part of the security measures used to protect our website and services.
  • Cookie Consent: To store your preferences regarding the use of cookies.

Your Choices

You can manage cookies through your browser settings. Please note that disabling cookies may affect website functionality.

Google Analytics

We use Google Analytics to generate website usage and analytics reports, which requires sharing aggregated or de-identified data. If you prefer not to share your data with Google Analytics, you can install the Google Analytics opt-out browser add-on. This tool prevents your browser from sharing website usage data with Google Analytics. To opt out, visit https://tools.google.com/dlpage/gaoptout.

For more details on how Google processes and protects data collected through Google Analytics, please refer to the Google Analytics Privacy Policy at https://policies.google.com/privacy.

By continuing to use our website, you consent to the processing of your data by Google as described above.

Aggregate Data

We may collect non-personal data on an individual basis and in aggregated (or anonymized) form from all site visitors. This non-personal aggregate data may be used for the following purposes:

  • To compile statistical insights and improve our website and overall user experience.
  • To perform analytics on user interactions with the site, ensuring the data remains aggregated and does not identify you or your personal information.

Some content or applications on our website are provided by third parties who may use cookies, web beacons, or other tracking technologies present in your browser to gather information about your visit. These third-party cookies and tracking technologies are managed by our third-party partners and are not governed by this Privacy Notice. For questions about their practices, please contact the third party directly.

6. Data Security and Retention

Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect your personal information. However, no system is completely secure, and we cannot guarantee absolute protection against unauthorized access.

Retention Period

We retain personal information as long as necessary to fulfill the purposes outlined in this Privacy Notice, comply with legal obligations, and resolve disputes.

7. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access: Request a copy of your personal data.
  • Correct: Request corrections to inaccurate or outdated information.
  • Delete: Request deletion of personal information, subject to legal exceptions.
  • Restrict: Limit how your data is processed or potentially limit usage or disclosure.
  • Object: Opt-out of certain data processing activities.
  • Withdraw Consent: Revoke consent for processing where applicable.

To exercise these rights, contact our DPO at the address above.

8. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. Such transfers are subject to appropriate safeguards, such as Standard Contractual Clauses under GDPR where applicable.

9. Children’s Privacy

We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact our DPO to have it removed.

10. Jurisdiction-Specific Notices

California, Colorado, Connecticut, Utah, and Virginia Residents

Residents of these states have specific privacy rights under applicable laws, including:

  • The right to know, access, and delete personal data.
  • The right to opt-out of data processing for targeted advertising.
  • The right to correct inaccurate information.

Rights Related to Sensitive Personal Information: Certain types of personal information are considered “sensitive” and may require additional data privacy rights and obligations under applicable laws. We collect this sensitive information only when necessary to provide the services for which we were retained or for business intake and conflicts checking purposes. Since we use sensitive personal information solely for permitted purposes and do not use it to infer characteristics about individuals, we are not required to provide you with the ability to limit its use or disclosure.

Non-Discrimination: We will not discriminate against you for exercising any applicable data privacy rights.

Right to Opt-Out Using Preference Signals: You may have the right to request that your personal information not be sold or shared through the use of an opt-out preference signal. However, we do not sell personal information or share it with third parties for marketing purposes.

To exercise your rights as described above, you may contact us by emailing us at DPO@brookskushman.com

Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also submit a request on behalf of your child.

Your request must:

  1. Provide sufficient information to reasonably verify your identity or your authority to act on behalf of someone else, and
  2. Describe your request with enough detail to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide information if we cannot verify your identity, your authority to make the request, or confirm that the information pertains to you.

We will use personal information provided in the request solely to verify the requestor’s identity or authority.

Other California Privacy Rights

Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of their personal information to third parties for direct marketing purposes. However, we do not sell, transfer, or disclose personal data collected from or about you for such purposes. Additionally, BK does not use automated decision-making processes involving your personal data and does not share personal information with third parties for their direct marketing purposes.

EU and UK Residents

Under the European Union’s General Data Protection Regulation (“GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”), which incorporates the GDPR into UK domestic law, transfers of personal data (as defined in GDPR) from the United Kingdom and European Economic Area (EEA) may only occur to jurisdictions that provide adequate protections for the rights of data subjects. The United States has not been deemed to provide such protections, and we typically rely on the standard contractual clauses adopted by the European Commission and applicable derogations, such as contractual necessity or consent, as lawful bases for cross-border transfers from the EEA to jurisdictions not covered by an adequacy decision.

Additionally, when we transfer personal data subject to GDPR or UK GDPR to third parties, we generally enter into data protection agreements with those third parties that incorporate, when applicable, the standard contractual clauses approved by the European Commission.

We may process your personal data only when we have a lawful basis to do so, such as:

  • A legitimate interest (e.g., providing services, responding to inquiries, or sending marketing communications).
  • The necessity of processing for the performance of a contract (e.g., to provide legal services).
  • Compliance with a legal obligation to which we are subject.
  • Your consent, where applicable.

If processing is based on your consent, you have the right to withdraw that consent at any time.

Residents of the European Union and the United Kingdom may have additional rights under the GDPR and/or UK GDPR, including the rights to:

  • Access a copy of your personal data.
  • Correct inaccuracies in your personal data.
  • Object to or restrict the processing of your personal data.
  • Request the erasure of your personal data.

To discuss or exercise these rights or for additional questions about our compliance with GDPR and/or UK GDPR, please contact us at DPO@brookskushman.com.

11. Contacting Us

If you have any questions about this Privacy Notice or our privacy practices, please contact our Data Protection Officer (DPO) at the following address:

Brooks Kushman, P.C.

Attention: Data Protection Officer

150 W. Second Street, Suite 400N

Royal Oak, Michigan 48067

Email: DPO@brookskushman.com