Privacy and Data Protection Policy
- Introduction
THE BRAMMER FIRM is committed to protecting the privacy and security of personal information entrusted to us. This policy outlines our practices concerning the collection, use, storage, and protection of personal information in compliance with TCR (Telephonic Communications Rules) regulations and other applicable data protection laws.
- Collection and Storage of Personal Information
2.1 Types of Information Collected
We collect and process the following types of personal information:
– Contact information (name, address, email, phone number)
– Client identifiers (case numbers, client IDs)
– Legal case information
– Financial information for billing purposes
2.2 Collection Methods
Personal information is collected through:
– Client intake forms
– Communications with clients (email, phone, in-person meetings)
– Our website
– Third-party referrals (with consent)
2.3 Storage
All personal information is stored securely on our third-party software platforms, which employ robust security measures. We regularly review and assess the security of these platforms to ensure ongoing protection of your data.
- Use and Sharing of Personal Information
3.1 Primary Uses
We use personal information to:
– Provide legal services
– Communicate with clients about their cases
– Manage our client relationships
– Comply with legal and regulatory obligations
3.2 Sharing of Information
We do not share personal information with third parties except:
– When necessary to provide legal services (e.g., with courts, opposing counsel)
– When required by law or regulation
– With your explicit consent
3.3 No Sale of Personal Information
We do not sell, rent, or lease your personal information to any third parties under any circumstances.
3.4 SMS Consent and Phone Numbers
We obtain explicit consent for SMS communications. Your SMS consent and phone number will never be shared with any third party.
- Protection of Personal Information
4.1 Security Measures
We employ industry-standard security measures, including:
– Encryption of data in transit and at rest
– Multi-factor authentication for access to systems
– Regular security audits and penetration testing
– Employee training on data protection and privacy
4.2 Third-Party Software
While we rely on third-party software for many of our operations, we carefully vet these providers to ensure they maintain robust security measures. We regularly review their security practices and compliance certifications.
4.3 Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
4.4 Minimization of Data Collection
We collect only the personal information that is necessary for the provision of our legal services.
- Access and Correction of Personal Information
5.1 Individual Rights
You have the right to:
– Access your personal information
– Request corrections to inaccurate or incomplete information
– Request deletion of your information (subject to legal retention requirements)
– Withdraw consent for certain processing activities
– Restrict processing of your personal information
– Request data portability
5.2 How to Exercise Your Rights
To exercise these rights, please contact our Data Protection Officer at [email protected].
- TCR Compliance
6.1 Consent for Calls and Messages
We obtain explicit consent before making any marketing calls or sending marketing messages to clients or prospects.
6.2 Do-Not-Call List
We maintain and honor an internal do-not-call list and respect the National Do Not Call Registry.
6.3 Call and Message Frequency
We limit the frequency of our calls and messages in accordance with TCR regulations.
6.4 Opt-Out Mechanisms
We provide clear and easy-to-use opt-out mechanisms for all marketing communications.
- Staff Training and Compliance
7.1 Regular Training
All staff members undergo regular training on data protection, privacy laws, and TCR compliance.
7.2 Compliance Audits
We conduct regular internal audits to ensure compliance with this policy and relevant regulations.
- Data Breach Procedures
8.1 Detection and Reporting
We have procedures in place to detect, report, and investigate personal data breaches.
8.2 Notification
In the event of a data breach affecting personal information, we will notify affected individuals and relevant authorities as required by law, without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
- International Data Transfers
We do not transfer personal data outside of [Country/Region] unless necessary for the provision of our services. In such cases, we ensure appropriate safeguards are in place to protect your information.
- Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies. For more information, please refer to our separate Cookie Policy .
- Children’s Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
- Policy Updates
We review this policy annually and update it as necessary. Any significant changes will be communicated to clients and staff.
- Accountability
We are accountable for maintaining and protecting the personal information under our control. We have designated a Data Protection Officer to ensure compliance with this policy and relevant data protection laws.
- Contact Information
For any questions or concerns regarding this policy or our data protection practices, please contact:
Data Protection Officer
561-823-1515
4400 N Federal Hwy Ste 210
Boca Raton FL 33431
Last Updated: 09/30/2024
