Allan S. Lolly & Associates APC
Thank you for choosing to be part of our community at Allan S. Lolly & Associates APC (“Company”, “we”, “us”, or “our”). We as the controller of your personal data are committed to protecting your personal data and your right to privacy within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”). Please contact us at email@example.com if you have any questions or concerns about our policy, or our practices with regards to your personal data.
Please note that if you are providing us any personal data of your employees, co-workers, or other third persons, you agree to provide each of them with all information set out herein.
Table of contents
- What personal data do we process?
- Why do we process personal data?
- Do we share personal data with anyone?
- How long do we keep personal data?
- How do we keep personal data safe?
- Do we collect personal data from minors?
- What are your privacy rights?
- Data breach
- Controls for do-not-track features
- Do residents of other countries have specific privacy rights?
- Do we make updates to this policy?
- How can you contact us about this policy?
1. What personal data do we process?
In Short: We process personal data that you provide to us and if we have a proper legal basis also data that we have obtained from other public or private sources.
We process personal data that you voluntarily provide to us when expressing an interest in obtaining information about us or our products and Services, when using our Services or otherwise contacting us.
We also process personal data which we obtain from publicly available resources such as your or your company’s webpage, social networks, public registers and from providers of databases of business contacts who have a valid legal basis for listing such personal data.
The personal data that we process depends on the context of your interactions with us and the Services, the choices you make and the products and features you use. Generally, we process the following personal data: full name; postal address; phone numbers; email addresses; and other similar identification and contact details related to your occupation or professional activities such as function or area of responsibility within your company.
We also process personal data regarding the goods or services you purchased from us or you were interested in.
Please note that all personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.
2. Why do we process personal data?
In Short: We process personal data for business and marketing purposes and to comply with our legal obligations.
In cases where you have specifically ordered any services or goods from us we are processing personal data in order to fulfill our contractual obligations towards you. We also process personal data after the contract was duly performed for the purpose of providing guarantee services, handling any complaints, or defending our rights and legal claims which we consider to be our legitimate interest.
If you have expressed your consent we also use personal data in order to send our business offers and other commercial communication. We may also send such commercial communication without your consent where and to the extent allowed by applicable law.
Where we are required to do so by applicable law (e.g. tax law, KYC and AML regulations, etc.) we also process personal data in order to fulfil our legal obligations in that regard.
3. Do we share personal data with anyone?
In Short: We only share personal data if required by applicable law, where necessary to provide you with our Services, and to secure our legitimate interests.
We may need to share your personal data in the following situations:
Provision of Services. For the provision of our Services and related business offers to you or your company we use third-party service providers such as CRM systems, mailing systems, web hosting providers and other standard office software providers with whom if necessary, for the provision of the Services we may sometimes share the personal data we process. In such cases we only share the personal data to the extent that such data must be stored in cloud or otherwise hosted on the servers of the respective provider.
Third-Party Advertisers. We may use third-party advertising companies and their services such as Google Ads, Bing Ads, etc. to serve ads when you use our Services. These companies may use information about your visits to our website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
Transfers to state bodies. In cases provided for by law we might be required to transfer the personal data to the competent state authorities such as trade inspection authorities, tax authorities, police or other public bodies.
Business Transfers. We may share or transfer personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
5. How long do we keep personal data?
In cases where there is a contract between us we keep the necessary personal data for the term of the contract and for a further period of time which equals the statutory limitation period of the rights and obligations stemming from such contract.
Where we process personal data on the basis of consent the processing will take place only until the consent is revoked.
Once we have no legitimate legal basis to process the personal data, we will either delete or anonymize it, or, if this is not possible (for example, because it has been stored in backup archives), then we will securely store the personal data and isolate it from any further processing until deletion is possible.
6. How do we keep personal data safe?
In Short: We aim to protect personal data through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal data we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect all personal data by using state-of-the-art security technologies, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
7. Do we collect personal data from minors?
In Short: We do not knowingly collect personal data from or market to children under 18 years of age.
We do not knowingly solicit personal data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data, we have collected from children under age 18, please contact us at firstname.lastname@example.org.
8. What are your privacy rights?
In Short: You may review, change, or request deletion of your data as outlined below.
You have the following rights:
The right to access your personal data. If you wish to know whether, how and to what extent we are processing your personal data you have the right to require such information from us. If we are processing your personal data, you have the right to access your personal data. In cases of unjustified, disproportionate or repetitive requests we may be entitled to charge you an adequate fee or to decline such request (this apply also to exercising your other rights below);
The right to rectification of your personal data. If you feel that we are processing your personal data which is inaccurate or incomplete you have the right to require the rectification or completion of such personal data. We will do so without undue delay with regard to our technical capabilities;
The right to erase your personal data: In case you will request the erasure of your personal data we will do so where (i) the data is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you will object to the processing and no overriding reasons for the processing of such personal data exist or (iv) further processing of the personal data is not required by a provision of law;
The right to restriction of the processing of your personal data. Where you will request the restriction of processing of your personal data, we will make such data inaccessible, temporarily remove or retain the data or undertake other steps of processing which will be necessary in order to duly exercise your right;
The right to data portability. Where your personal data is processed on the basis of consent or a contract and by automated means you may request such data to be handed over to a third party. Where the exercise of this right would adversely affect the rights and freedoms of other persons we are entitled to limit or refuse your request;
The right to object. The right to object to the processing of your personal data concerns any personal data processed for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of our legitimate interests. Where we will not be able to provide a legitimate ground for the processing which overrides your interests or fundamental rights and freedoms, we will terminate the processing of personal data on the basis of the objection without undue delay. If the only reason for processing are marketing purposes (and you may exercise this right directly by clicking the opt-out link in any commercial communication you receive from us), we will cease the processing and delete the respective data immediately upon your request.
If you want to exercise any of the mentioned rights, please contact us at email@example.com or by post. We will respond to your request within 30 days.
The right to file a complaint.
9. Data breach
A data breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal data. You will be notified about data breaches when we believe you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that we become aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal data we will promptly investigate the matter and notify the competent supervisory authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
10. Controls for do-not-track features
11. Do residents of certain countries have specific privacy rights?
In Short: Yes, if you are a resident of one of the following countries, you may be granted specific rights.
The United States of America
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
Under Article 31 of the Japanese Act on the Protection of Personal Information if you are a Japanese resident you also have a specific right to obtain an Explanation of Reasons if you exercise any of your rights and we refuse to exercise them as requested by you or if we deem appropriate to exercise them differently or if we take any other action than specifically requested by you.
Republic of Korea
Under Article 4 paragraph 3 of the South Korean Personal Information Protection Act if you are a South Korean resident you also have a specific right to demand and obtain from us a certificate confirming our processing of your personal data.
Also, given the fact that we also process your personal data which we collected from other sources than just from you, under Article 20 paragraph 1 of the South Korean Personal Information Protection Act, if you are a South Korean resident, you have the right to demand suspension of the processing of such personal data.
12. Do we make updates to this policy?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
13. How can you contact us about this policy?
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org or by post to:Allan S. Lolly & Associates APC Attention: Privacy Statement Personnel 4655 Cass Street, Suite 408 San Diego, CA 92109 United States