Privacy Policy for Heydasch Law PLLC

Last Updated: July 12, 2025

1. Introduction

Heydasch Law PLLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy applies to:

• Visitors of our website (www.heydaschlaw.com)
• Clients, prospective clients, and job applicants
• Individuals in the EU, UK, Switzerland, and U.S. states with privacy laws (e.g., CA, VA, CO, CT, UT)

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other applicable laws. By using our services, you agree to this policy.

The privacy laws of some jurisdictions (e.g., California, Virginia, and the European Union) define personally identifying information broadly to include de-identified feedback provided to us, even when it is impractical to reveal your identity with such information. Some jurisdictions (e.g., the EU, UK, CA, VA, CO, CT, UT) also recognize "sensitive personal information" or "special categories of personal data," such as ethnicity, religious beliefs, or sexual preferences. You may exercise your privacy rights as outlined below.

2. Information We Collect

A. Personal Data

• Contact details (name, email, phone, address)
• Case-related information (e.g., immigration status, legal history)
• Payment information (processed via secure third-party providers)
• Sensitive personal data (e.g., ethnicity, health data, only when necessary and with explicit consent)
• Business contact information (for clients, vendors, or partners)
• Systems/device details (e.g., IP address, device type, for security purposes)

B. Automated Collection

• Cookies and tracking technologies (see our Cookie Policy)
• Usage data (e.g., IP address, browser type, pages visited, date and time of visit, Internet service provider, referring web pages, and user behavior such as clicked links)

C. Third-Party Data

We may obtain personal data from clients, third-party vendors, or partners who have the right to provide it to us. Such data may include personal identifiers to facilitate communication or case-related activities. We may also receive de-identified third-party data (e.g., demographic, interest, or behavioral information) to enhance our services through segmentation. We use good faith efforts to ensure such data remains de-identified using methods like Research IDs, encryption, hashing, pixel tagging, or cookies.

3. How We Use Your Data

Purpose	Legal Basis (GDPR)	U.S. Basis
Providing legal services	Contract (Art. 6(1)(b))	Performance of contract
Client communications	Legitimate interest (Art. 6(1)(f))	Business operations
Marketing and newsletters	Consent (Art. 6(1)(a))	Consent or legitimate business interest
Security and fraud prevention	Legitimate interest (Art. 6(1)(f))	Business operations

We do not process personal data in a way incompatible with the purposes for which it was collected or subsequently authorized without your consent or a compelling legal basis.

4. Data Sharing

We may share data with:

• Service providers (e.g., cloud storage, payment processors, CRM systems) under strict confidentiality agreements.
• Legal authorities (when required by law, such as in response to subpoenas or legal requests).
• Affiliates (for cross-border cases, with EU-US safeguards like Standard Contractual Clauses or Data Privacy Framework certification).
• Among our affiliated entities for business enablement, administrative, or operational purposes.

We do not sell personal data in the traditional sense, nor do we rent, sell, or share it for direct marketing purposes. However, certain laws (e.g., CCPA) define "sale" broadly, and some activities may fall under this definition. California residents may submit a "do not sell" request, which we treat as a request to delete personal information.

5. Your Rights

A. GDPR/UK Rights

• Access, rectification, or erasure of your personal data
• Restriction of processing
• Data portability
• Object to processing
• Withdraw consent (where processing is based on consent)
• File a complaint with a data protection authority

B. U.S. Rights (CCPA/CPRA)

• Know/access personal information collected, its sources, purposes, and third parties with whom it is shared
• Request deletion of personal information
• Opt-out of "sales" or sharing for cross-context behavioral advertising (we do not sell data)
• Correct inaccurate personal information
• Limit use and disclosure of sensitive personal information
• Non-discriminatory treatment for exercising privacy rights
• Initiate a private cause of action for data breaches

To exercise these rights, contact our Privacy Officer at Axel@heydaschlaw.com or call (305) 897-6763. We may verify your identity by requesting basic contact information and details about your last interaction with us. Authorized agents may submit requests on your behalf with written authorization, subject to identity verification. If we cannot match your information due to de-identification, we will use good faith efforts to process your request in accordance with applicable laws.

6. International Transfers

Data collected from the EU, UK, or Switzerland and transferred to the U.S. is protected via:

• Standard Contractual Clauses (SCCs)
• Data Privacy Framework (DPF) certification (EU-U.S. DPF, UK Extension to the EU-U.S. DPF, Swiss-U.S. DPF)

We comply with DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. For more information, visit www.dataprivacyframework.gov.

7. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with contractual, legal, or regulatory obligations. The retention period depends on the purpose of collection, industry standards, and our legal rights.

8. Information Security

We maintain physical, electronic, and procedural safeguards to protect personal data, including:

• Encryption (TLS 1.2+ for data in transit, AES-256 at rest)
• Access controls (role-based permissions, multi-factor authentication)
• Periodic self-assessments, third-party assessments, and penetration tests
• Data breach incident management procedures

Third parties receiving personal data are required to maintain similar safeguards. While we use commercially reasonable efforts to protect data, no system is completely secure, and we cannot guarantee absolute security.

9. Children and Minors

We comply with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose information from children under 13 without parental consent. We do not "sell" personal information of persons under 16 without affirmative authorization (opt-in from consumers aged 13-16 or parental consent for those under 13). To opt out of such sales, contact us as outlined in Section 5. For more information on COPPA, visit www.ftc.gov/ogc/coppa1.htm.

10. Informational and Marketing Communication

If you sign up for newsletters, white papers, or mailing lists, we collect the information you provide for marketing purposes. To unsubscribe, email info@heydaschlaw.com or use the "unsubscribe" link in our emails.

11. Links to Third-Party Websites

Our Site may contain links to third-party websites. We are not responsible for their privacy practices or content. Review their privacy policies before providing personal information.

12. Compliance and Enforcement

We are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC) and the California Privacy Protection Agency. We adhere to guidelines from the Insights Association and ESOMAR. For unresolved DPF-related complaints, contact us or visit www.insightsassociation.org for binding arbitration. EU, UK, or Swiss individuals may also contact their local data protection authority.

13. Changes to This Privacy Policy

We may update this Privacy Policy by posting an amended version on our Site. Please review it regularly.

14. Contact Us

For general inquiries: info@heydaschlaw.com

For privacy-related requests or complaints: Axel@heydaschlaw.com

Privacy Officer (EU/UK): Axel Heydasch, axel@heydaschlaw.com

Phone: (305) 897-6763

Address: Heydasch Law PLLC, 28 West Flagler Street, Suite 330, Miami, FL 33130

Cookie Policy

Cookie Type	Purpose	Duration
Essential	Site functionality	Session
Analytics	Usage statistics	1 year

Manage preferences via browser settings or our Cookie Settings. Our systems do not respond to browser do-not-track signals, and we do not treat such signals as "do not sell" requests under CCPA. Cookies, pixels, or web beacons from service providers or partners do not collect data revealing your identity.

Please review our complete Cookie Policy Here

GDPR Data Processing Addendum

1. Roles

Heydasch Law PLLC acts as both Controller and Processor under GDPR, depending on the context of data processing.

2. Security Measures

• Encryption (TLS 1.2+ for data in transit, AES-256 at rest)
• Access controls (role-based permissions, MFA)
• Regular security audits and penetration tests

3. Subprocessors

We use GDPR-compliant subprocessors, including:

• Cloud storage providers (EU/US with SCCs)
• Payment processors (e.g., Stripe, PayPal)
• CRM systems (e.g., Salesforce)

California Resident Privacy Notice

This section applies to California residents engaged with us as clients, vendors, employees, contingent workers, independent contractors, or job applicants ("California BSPs").

Information We Collect

We collect:

• Name and contact information (for business services, communication, or administration)
• Photo, video, or audio (e.g., for security or business activities)
• Demographic details (when coupled with identifying information)
• Systems/device details (e.g., IP address, for security or analytics)

Sources include the California BSP, third parties related to business operations, or automated collection. Purposes include business services, security, human resources, and marketing analytics.

Data Sharing

We share data with business support vendors, technology infrastructure vendors, and human resource vendors for the purposes outlined above.

Your Rights

California BSPs have the rights listed in Section 5.B, subject to exceptions (e.g., contractual or legal obligations).
To exercise these rights or appeal a decision, email Axel@heydaschlaw.com or call (305) 897-6763.