Privacy statement - July 2020
We at Friedman LLP (“Friedman”) are committed to protecting your personal and financial information. This privacy statement explains what information we gather about you, how we protect that information, how use that information and with whom we may share that information. It also sets out your rights in relation to your information and whom you may contact for more information or queries. What does this privacy statement cover?
What does this privacy statement cover?
This privacy statement explains how we are committed to protecting your privacy and handling your information in an open and transparent manner.
This privacy statement sets out how we will collect, handle, store and protect information about you when:
- you use our Website; or
- we perform any other activities that form part of the operation of this website, and services we may perform for you at your request.
This privacy statement also contains information about when we use your information to provide accounting and financial services to you, and how share your personal information with other third parties (for example, our service providers).
In this privacy statement, your information is sometimes called “personal data” or “personal information." Sometimes, we may collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information. “Website” refers to this site, any other Freidman websites and Friedman platforms on social media.
What information do we collect?
In the course of providing products or services to you, we may collect, receive and store personal information including:
- Your name.
- The IP address of the device(s) you use to contact us.
- Your Email address
- Your national identifier number (i.e., Social Security Number or similar non-US identifiers) and those of family members.
- Your date of birth and dates of birth of family members.
We generally do not collect so-called “sensitive” or ‘special categories’ of personal information (such as gender identification, health information, religious affiliation, etc.), but may do so to provide you with certain services, such as dietary requirements that we would need to order lunch for a meeting you attend. If we were to share that information or other categories of sensitive personal information we would seek your consent before we share that information.
The types of personal information and special categories of personal information that we collect may vary depending on how you use our website. In some rare circumstances, we might also gather other special categories of personal information about you, because you volunteer that data to us. In some instances, we may be required to gather that data as a result of legal requirements imposed on us.
How we use information about you
The legal bases for our uses, sharing and disclosures ("processing") of your personal information include, as pertinent, where:
- the information is necessary to perform the contractual obligations in agreements with you to provide products or services you have requested;
- you have consented to the processing as set out in this Policy, which conset you can revoke at any time;
- the information is required to comply with legal obligation, court order or to exercise or defend a legal claim;
- the information is necessary for the purposes of our or a third-party's legitimate business interests (so long as those interest do not override personal rights as indicated by law);
- you have expressly made your personal information public;
- the information is necessary to protect your vital interests or other of others.
Use of personal information collect via our website
- We may also use your personal information collected vio our Website:to manage and improve our Website;
- to tailor the content of our Website to provide you with a more personalized; experience and draw your attention to information regarding our services that may be of interest to you; and
- to manage and respond to any request you submit through our website
Use of personal information for other activities that form part of the operation of our business
In addition to the purposes connected to the operation of our website above, we may use your personal information for the purposes of, or in connection with:
- services you have requested that we perform (such as tax documentation preparation and financial advice, which services are explicitly governed by the terms of our Engagement Agreement with you)
- applicable legal or regulatory requirements
- requests and communications from competent authorities
- sending you thought leadership or details of products and services provided by us that may be of interest to you (from which you may opt out of receipt by contacting us at firstname.lastname@example.org or by clicking on the unsubscribe button on the communication you receive from us); contacting you to receive feedback on these services; and contacting you for other market or research purposes;
- protecting our rights.
Privacy of minors and children: COPPA
Friedman complies with the Children's Online Privacy Protection Act, (COPPA) which requires the consent of a parent or guardian for the collection of personally identifiable information from children under 13 years of age. Friedman does not knowingly collect, use or disclose personal information from children under 13, or equivalent minimum age in the relevant jurisdiction, without verifiable parental consent. However, it is possible that we may inadvertently receive information pertaining to children under 13. If you believe that we have received information about your child who is under the age of 13, please do not hesitate to notify us at email@example.com. When we receive your notification, we will obtain your consent to retain the information or will delete it permanently.
Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, or to share your information with certain third parties. we will only provide you with such marketing materials or share such information where we have obtained such consent from you. You may revoke this consent at any time, but please note that information shared after the consent has been revoked may not be retrievable (please see certain rights that pertain to you if you are a resident of the European Union, below).
To whom we disclose your information
In connection with one or more of the purposes outlined in the “How we use information about you” section above, we may disclose details about you to: third parties that provide services to us; competent authorities (including courts and authorities regulating us) and other third parties that reasonably require access to personal information relating to you for one or more of the purposes outlined in the “How do we use information about you” section above.
Our Website may host various blogs, forums, wikis and other social media applications that allow you to share content with other users (collectively “Social Media Applications”). Importantly, any personal information that you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any Social Media Applications will be handled in accordance with this privacy statement.
If Friedman is acquired by or merges with another firm or company, we may share your personal information with that firm or company.
The security of your personal information is very important to us. We utilize commercially reasonable information security standards to protect your personal information from unauthorized access, use or disclosure. Friedman supports online security using appropriately secure technology because we want your data to be safe. We bind our employees and data processors to written agreements to observe your privacy and confidentiality rights. Unfortunately, no method of Internet transmission is one hundred percent secure. While we strive to protect your personal information, we cannot guarantee its security.
California Privacy Rights
Individual clients or website visitors who reside in California and have provided personal information to us may request information about our disclosures of certain categories of such information to third parties for their direct marketing purposes. Such a request must be submitted to us at firstname.lastname@example.org. Within thirty (30) days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of those third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted more than once per calendar year or to an address other than that provided in this paragraph.
If you reside in the EU, please note that some of the recipients of your personal information referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal information and that comply with our legal obligations. These adequate safeguards might comprise a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal information to third countries.
Please contact us at email@example.com for further details of the transfers described above and the safeguards used in respect of such transfers.
We may also need to disclose your personal information if required to do so by law, by a regulator or during legal proceedings.
We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.
Protection of your personal information
We use a range of physical, electronic and managerial measures to ensure that we keep your personal information secure, accurate and up to date. These measures include:
- education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information
- administrative and technical controls to restrict access to personal information on a "need to know" basis
- technological security measures, including fire walls, encryption and anti-virus software
- physical security measures, such as staff security passes to access our premises.
Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal information, but we cannot guarantee the security of data transmitted to us or by us.
How long do we keep your information?
We will hold your personal information on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is required by laws and regulations (iii) the end of the period in which litigation or investigations might arise in respect of the services and which law requires us to maintain your personal information. We may also retain log files for internal analysis purposes, though we would retain them for only a brief period except in cases where we are legally required to retain them for longer periods, and in cases where they are used for site safety and security or to improve website functionality.
Your rights: choice and control
You have various rights in relation to your personal information. In particular, you have a right to:
- obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you in a form you can read and provide to another organization electronically
- ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete
- ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information
- withdraw consent or otherwise object to our processing of your personal information.
Your right to have your personal information deleted does not apply, however, where the information is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance.
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claim
You also have the right to have Friedman cease processing your personal information, for reasons that include: (i) you state that the personal information Friedman has about you is incorrect; but Friedman may retain the information for as long as it requires to check the accuracy of the relevant personal information; (ii) you believe there is no legal basis for Friedman's processing of your personal information and you demand that Friedman restrict your personal information from further processing,; (iii) you contend that Friedman no longer requires your personal information but you claim that you require such data in order to claim or exercise legal rights or to defend against third party claims; or (iv) in case you object to the processing of your personal information by Friedman on another basis, Friedman may retain and process the information for as long as it is required to review as to whether Friedman has a prevailing interest or legal obligation in continuing to process your personal information.
You may inquire about the exercise of these rights and, if the laws of your jurisdiction permit, exercise them as permitted by law by contacting firstname.lastname@example.org.
Right to complain
If you are in the EU and are unhappy with the way we have handled your personal information, or with our response to any privacy query or request that you have raised with us, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us at email@example.com
Change to this privacy statement
We may modify or amend this privacy statement from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.