EFFECTIVE DATE: November 11, 2019
Your privacy is important to CAL Insurance & Associates (the “Firm,” “we,” “us,” or “our”). Our main objective is to provide you with excellent legal services while keeping you informed of how your data is being handled by us. By accessing or using the Firm’s website or Services, you acknowledge that you accept the practices and policies outlined in this Privacy Statement.
Read this Privacy Statement to learn how we collect, store, share, process, and use Personal Data about: visitors to our websites, mobile applications, and other online properties (each, a “Site”); contact persons for our clients and prospective clients; contact persons for suppliers of goods and services to the Firm; and any other individuals about whom the Firm obtains Personal Data. In this Privacy Statement, “Personal Data” means information that (either in isolation or in combination with other information held by the Firm) enables you to be identified as an individual or recognized directly or indirectly.
If you have any questions or concerns regarding our Privacy Statement or privacy practices, please contact us at: INFO@CAL-INSURE.COM
THE INFORMATION THE FIRM COLLECTS:
Information You Provide to Us Through Use of Our Website and Services
We receive and store any information that you enter into the website. We also receive and store all information that you share with any Firm employee or contractor during the course of receiving legal services from the Firm (the “Services”) including Personal Data. The information you provide may include Personal Data and any other information necessary for us to provide excellent quality Services to you to resolve any litigation, dispute, or transaction.
We may collect the following categories of Personal Data about Site visitors, clients, prospective clients, suppliers and other third parties:
- Basic Data:name, gender, title, organization, job responsibilities, phone number, mailing address, email address, contact details and information about family life
- Special Categories of Data:in limited circumstances, where you have provided us with such information as it is necessary for a specific aspect of our Services, we may collect information regarding your religious or other beliefs, racial or ethnic origin, sexual orientation, health data and details of trade union or other membership
- Registration Data:newsletter requests, event/seminar registrations, subscriptions, downloads and username/passwords
- Client Service Data:Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback
- Marketing Data:data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences
- Compliance Data:government identifiers, passports or other identification documents, dates of birth, beneficial ownership data, and due diligence data
- Device Data:Computer Internet Protocol (IP) address, unique device identifiers (UDID), cookies and other data linked to a device, and data about usage of our Sites (“Usage Data”)
We collect Personal Data from a number of sources, either directly from the data subjects, or from clients, colleagues and publicly available sources. Where the Firm receives data from clients about employees, customers or other individuals, the client is responsible for ensuring that such data is transferred to us in compliance with applicable data protection laws.
HOW THE FIRM USES YOUR INFORMATION:
The Firm processes and uses Personal Data as follows:
- To provide legal advice and respond to inquiries, the Firm uses Basic Data, Registration Data, Client Service Data, and Device Data. Processing your information in this way enables the Firm to perform our obligations under our contracts with our clients.
- To manage our business operations and administer our client relationships we use Basic Data, Special Categories of Data, Registration Data, Marketing Data and Client Service Data. This processing enables the Firm to perform our obligations under our contracts with our clients, as well as with our suppliers.
- To make our Sites more intuitive and easy to usewe use Device Data.
- To protect the security and effective functioning of our Sites and information technology systemswe use Basic Data, Registration Data, and Device Data. Doing so enables the Firm to monitor, detect and prevent fraud or other crimes and misuse of our Sites. This ensures that you can safely use our Sites.
- To provide relevant marketing informationto you. For example, sharing information about events or services that may be of interest to you including, legal updates, client conferences or networking events, and groups of specific interest. We use Marketing Data, Basic Data, Special Categories of Data, Registration Data, Client Service Data and Device Data to provide you with tailored and relevant marketing information, and invitations.
- To address compliance and legal obligations, such as checking the identify of new clients, to prevent money laundering and/or fraud, we use Compliance Data, Basic Data, Registration Data and Device Data.
You have the right to choose not to receive marketing communications at any time. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, please follow the instructions in the relevant communication or contract to unsubscribe.
Cookies on our Sites are generally divided into the following categories:
- Strictly Necessary Cookies:These are required for the operation of our Sites. They include, for example, Cookies that enable you to log into secure areas. These Cookies are session Cookies that are erased when you close your browser.
- Analytical/Performance Cookies: These allow us to recognize and count the number of users of our Sites and understand how such users navigate through our Sites. This helps to improve how our Sites work, for example, by ensuring that users can find what they are looking for easily. These Cookies are session Cookies which are erased when you close your browser. We use Google Analytics.
- Functional Cookies:These improve the functional performance of our Sites and make it easier for you to use. For example, Cookies are used to remember that you have previously visited the Sites and asked to remain logged in it. These Cookies qualify as persistent Cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these Cookies via your browser settings.
- Targeting Cookies:These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These Cookies qualify as persistent Cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these Cookies via your browser settings. See below for further details on how you can control third party targeting Cookies.
HOW THE FIRM SHARES YOUR INFORMATION:
The Firm may share Personal Data with the following categories of recipients:
- Suppliers and Service Providers– The Firm shares Personal Data with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions to carry out the purposes identified above. These include: infrastructure and IT service providers such as our client intake system, financial systems and our customer relationship management database; third party consultants who provide us with support; and the providers of external venues where we host conferences and events. We require such parties, pursuant to our contracts with them, to provide reasonable security for Personal Data processed and used on our behalf.
- Financial Institutions – The Firm shares Personal Data with financial institutions and service providers in connection with invoicing and payments.
- Corporate Purchasers – The Firm may share Personal Data with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of Firm assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which Personal Data would be transferred as an asset of the Firm.
- Mandatory Disclosures and Legal Claims – The Firm shares Personal Data in order to comply with any subpoena, court order or other legal process, to comply with a request from our regulators, governmental request of any other legally enforceable demand. We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
HOW THE FIRM STORES YOUR INFORMATION:
We have implemented technical and organizational measures in an effort to safeguard the Personal Data in our custody and control. Such measures include restricting access to Personal Data to staff and service providers on a need-to-know basis; securing Personal Data behind two-factor authentication credentials; and relying on third party service providers such as Clio and Dropbox who encrypt the Personal Data we share with them in order to provide the Services by implementing 256 bit AES. However, the Firm does not encrypt your information while it is housed on the Firm’s local machines and devices at our office.
Your information is stored on our servers for the duration of your matter with the Firm. After the full and final resolution of your legal issue and the end of your need for our Services, we will store your information for a period 90 days. While your matter is active and you continue to receive the Services, we will not share, delete, or otherwise eliminate your data from our servers or storage without obtaining your prior written authorization.
THE FIRM ENDEAVORS TO KEEP YOUR INFORMATION PRIVATE, HOWEVER, WE CANNOT GUARANTEE SECURITY. UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, OR OTHER INCIDENTS MAY COMPROMISE THE SECURITY OF YOUR INFORMATION.
Under California Civil Code sections 1798.83 and 1798.84, California residents are entitled to know the categories of personal information which we share with our affiliates and/or third parties. If you are a California resident and would like this information, or would like to learn additional information concerning our data storage and security practices, please contact us via email at INFO@CAL-INSURE.COM, or mail an inquiry to:
President/Commercial Insurance Broker
CAL INSURANCE & ASSOCIATES
2311 TARAVAL STREET
SAN FRANCISCO, CA 94116
THIS PRIVACY STATEMENT IS SUBJECT TO UNILATERAL CHANGE BY THE FIRM. However, our use of your information is subject to the terms of the version of this Privacy Statement in place at the time that we collect your information. Our use of your information is also subject to the laws of the State of California including, but not limited to, the laws of professional conduct and ethics governing attorneys and attorney-client-confidentiality.