privacy notice

The Hoda Law Firm, PLLC (“HLF” or the “Firm) is committed to protecting the privacy of individuals about whom the Firm obtains and holds personal information (each, “you”).

This Privacy Notice explains how our organization collects, uses, and otherwise processes the personal information that we may collect from you when you use our website or during the course of Firm legitimate business interests. In this Privacy Notice, “personal data” means any information that can identify, directly or indirectly, a natural person, including identifiers such as a name, an identification number, location data, an online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.

HLF is a data controller in relation to any personal information that the Firm processes about you and is responsible for ensuring processing complies with applicable laws and regulations, including the European Union (EU) General Data Protection Regulation (the “GDPR”), to the extent applicable to us. Firm personnel are required to comply with this Privacy Notice, as well as any other firm-related data privacy policies and must complete data privacy training where appropriate to their role.

If you have any comments or questions in connection with this Privacy Notice, or for further information on your rights in relation to your personal information, please contact us at admin@thehodalawfirm.com.

What personal data do we collect?

We may collect the following categories of personal data about website visitors, clients, prospective clients, suppliers and other third parties:

  • Identification data: Names, phone numbers, mailing addresses, email addresses, job titles, organization, gender, identifiers (e.g. passport numbers, driver’s license, social security numbers, tax IDs, user IDs), and additional contact details.

  • Client service data: Client contact information (e.g., addresses, identifiers), personal data received from clients in respect of their business and/or services which may include personal data of their staff and/or third parties.

  • Marketing data: Prospective client contacts, newsletter requests, event/seminar registrations, marketing preferences.

  • Financial data: Bank account information, billing address, invoicing details.

  • Job applicant data: Data provided by job applicants or recruiting agencies in connection with partnership and/or employment opportunities.

  • Cookie and device data: Information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting.

  • System data: Usernames, passwords, user system activity, device names, device identifiers.

  • Special categories of data: Religious or other beliefs, racial or ethnic origin, sexual orientation, health data and details of trade union membership.

  • Other sensitive data: Information related to children (under 16) or regarding criminal convictions/investigations or offenses.

How do we collect your data?

We collect personal data from you in the following circumstances:

  • When you sign up to receive Firm news or marketing materials, we will ask you to provide your contact details and other relevant information, as well as your communication preferences. This information is provided to the Firm through our website or directly to a Firm representative.

  • When you give your contact details in whatever form, including on social media platforms and through business cards, we may store your information for the purposes of marketing material. We also use a relationship management platform to identify business relationship data, create new records of potential clients and/or update contact information between us and our clients based on email activity. You will be entitled to unsubscribe from any material or notify us if you want your contact details deleted from the system.

  • When you use our website, we collect information about your visit via cookies and how you interact with our website.

  • When a client uses our legal services, we will ask for the information that we need to provide those services; this information includes contact information, financial data, special categories of data, criminal offence data, and any additional information necessary to conduct pre-clearance checks and information relevant to the services we provide. Information provided may include personal data that relates to persons whose information is relevant to the instruction. In these circumstances, information may be sent directly from the client to the Firm or third parties such as forensic accountants and forensic IT collectors through SFTP, email, physical media, or other alternative means.

  • When you apply for a partnership or job with us, we collect information relevant to your application from you or through a third-party such as a recruiting agency.

  • If you have access to one of the Firm’s systems, user activity and system data is automatically collected by system jobs and logging to support operational functionality.

How will we use your data?

We may use your personal information for the following purposes based on the associated legal basis provided under each:

  • Provision of legal services: The Firm will use personal information that you voluntarily submit to us during the course of our engagement, regardless of the media used. Information including identification data, financial data, client service data, client business data, sensitive data or any other data may be provided and processed by HLF in connection with the provision of services. The Firm’s work for you may also involve providing such information to third parties, such as regulatory authorities, courts, tribunals, government agencies, law enforcement agencies, litigation support advisors, expert witnesses, opposing parties and other professional advisers in order to represent your interest most effectively.

    This processing is necessary for us to perform our contract with you. We will only process special category data, including transferring any such data to third parties, where the processing is necessary for the purposes of providing our client with advice and where it is necessary to do so in order to establish, exercise or defend legal claims.

  • Administration of client and vendor relationships: The Firm will use identification data, financial data, and client business data for the provision of our legal services to include the processing of invoices,the updating of client records, and the management of our vendor relationships. This processing is necessary to perform our contract with you.

  • Sending relevant marketing messages and Firm news updates: The Firm will use identification data, cookie and device data, contact lists and mailing list data to communicate with you to provide you with information about our events, seminars, or services that may be of interest to you. This processing is necessary for our legitimate interests to send you tailored marketing messages, client newsletters, and invitations to relevant events and seminars.

  • Complying with legal or regulatory inquiries/requests: The Firm will use identification data, financial data, client service data, system data, job applicant data, cookie and device data, and other data as necessary for the purpose of complying with legal requirements that apply to the Firm.

  • Recruitment:: The Firm will use applicant data for purposes of screening, identifying, and evaluating candidates for positions. This data will be processed at the request of the applicant. The Firm will also process applicant data in order to conduct background checks, which the Firm deems to be a necessary part of its recruitment process to protect its business interests. In addition, this data may be used as necessary to comply with legal, regulatory, and corporate governance requirements.

  • Improving our website: The Firm will use cookie and device data to improve the functionality and user- friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and services to you. It is also necessary for our legitimate interests to monitor how our website is used to detect and prevent fraud, other crimes and misuse.

  • Security of our systems: The Firm will use system data in order to properly safeguard and secure the Firm’s systems. This processing is necessary for our legitimate interests to monitor and enforce the confidentiality, integrity, and availability of our systems and data.

How do we share your data?

We may share and/or disclose your personal data in the following circumstances:

  • With other HLF entities: We may disclose your personal data to other HLF entities for the purpose of our internal business processes (such as administration, billing) and for the purpose of providing legal advice and services, wherever the entity and/or attorney is located.

  • Providing professional services: We may disclose personal data relating to our clients, their employees and agents and/or third parties they engage with to other professional advisers, attorneys, consultants or experts engaged in a matter. We may also disclose personal data to third party law firms for the purpose of obtaining foreign legal advice.

  • Law enforcement: We may share personal information when any court, tribunal, law enforcement and/or regulatory authorities request information in connection with any inquiry, subpoena, court order, and/or other legal or regulatory procedures, with which we would need to comply or it is in our legitimate interests to comply with. We may also share personal information to investigate, establish and/or protect the Firm's legal rights, property, or safety, or the rights, property, or safety of others, or to bring and/or defend against legal claims.

  • Third-party business vendors: We may share personal information with vendors that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as infrastructure and IT service providers, financial institutions, business analytics firms, and other cloud-based solutions. We contract with such vendors to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information by implementing the appropriate technical and organizational measures for such processing.

  • Financial institutions: We share personal data with financial institutions in connection with invoicing and payments.

What is cross-border data transfer protection?

Your personal information may be transferred to or shared across our integrated computer networks in the United States and other countries that may not be subject to the GDPR data protection laws or other applicable data protection legislation. It is necessary to transfer personal information from an Economic European Area (EEA) country to a country outside of the EEA to provide our attorneys with access to the necessary information to enable them to provide legal services. All of our offices, regardless of country, adhere to relevant data protection laws and legal and regulatory mandated procedures with respect to your personal information, including this Privacy Notice.

When we transfer personal information from HLF offices within the UK and/or EEA to HLF entities, service providers, or third parties outside the EEA that have not received an adequacy decision from the European Commission, we have implemented adequate safeguards such as standard data transfer agreements which includes the European Commission’s contractual clauses. These safeguards are designed to protect your privacy rights and provide you with the remedies in the unlikely event that your personal information is misused.

You may ask for further information on the safeguards and procedures we have put in place regarding transfers of your personal data by contacting us at admin@thehodalawfirm.com.

How long do we keep your data?

We will only retain personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Notice, or to comply with any legal, regulatory, or reporting obligations, or as otherwise specified in applicable record retention policies and procedures. Please note that the Firm may retain your personal data for a longer period in the event of a complaint or if the Firm reasonably believes there is a prospect of litigation in respect to the Firm’s relationship with you or the material at issue.

How do we secure your data?

We protect your personal data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damages. We implement a “defense-in-depth” approach to protect the confidentiality, integrity, and availability of data. Such security measures include:

  • Policies and procedures: Enforcing a comprehensive set of policies and procedures for deploying, managing and securing the Firm's IT environment and data.

  • Access control mechanisms: Restricting access to systems and personal data by partners, employees, contractors, staff and service providers on a need-to-know basis.

  • Accredited encryption solutions: Where technically appropriate, encrypting personal data at-rest, being processed, and in-transit.

  • Restore and recoverability of data: Developing and implementing plans and procedures to restore the availability and access to data in a timely manner in the event of a physical or technical incident.

  • Assessment and continuous monitoring:Testing, assessing, evaluating the effectiveness of safeguards and remediating to ensure uninterrupted security of data.

    While we strive to always protect our systems, website, operations and information against unauthorized access, use, modification and disclosure, due to the inherent risk nature of business operations, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

    You also have an important role in protecting Personal Data. You should not share any username, password or other authentication data provided to you with anyone, and we recommend that you do not re-use passwords across more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.

What are your data protection rights?

Subject to certain conditions data protection laws give you various rights with respect to our use of your personal data.

If you are in the Economic European Area (EEA) or the United Kingdom (UK) you have the following rights:

  • The right to access: You have the right to request for copies of your personal data.

  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request HLF to complete the information you believe is incomplete.

  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.

  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

  • The right to withdraw consent: If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • The right to access your personal information: You have the right to request access to the personal information we hold about you. We will provide you this information for the 12-month period preceding your request.

  • The right to opt out: You have the right to opt out of the sale of your personal information

  • The right to know: You have the right to know what personal information we collect, share and use. Specifically, you may request that we disclose:

    • The categories of personal information collected

    • Specific pieces of personal information collected

    • The categories of sources from which we collected personal information

    • The purposes for which we use the personal information

    • The categories of third parties with whom we share the personal information

    • The categories of personal information we have disclosed for a business purpose or sold

  • The right to deletion: You have the right to request that we delete your personal information

  • The right against discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.

You can exercise these rights by contacting us at admin@thehodalawfirm.com. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.

What are cookies?

Cookies are text files with small pieces of data placed on your computer to collect standard internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology.

How do we use cookies?

We may use cookies in a range of ways to improve your experience on our website. Cookies on our website are divided into the following categories:

  • Strictly Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies that are erased when you close your browser.

  • Analytical/Performance Cookies: These allow us to recognize and count the number of users of our website and understand how such users navigate through our website. This helps to improve how our website works, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser.

  • Functional Cookies: These improve the functional performance of our website and make it easier for you to use. For example, cookies are used to remember that you have previously visited the website and asked to remain logged into it. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our website. You can delete these cookies via your browser settings.

  • Targeting Cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the website and other websites you visit. These cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Website. You can delete these cookies via your browser settings.

How to manage cookies?

You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result. For more information on how to control cookies, check your internet browser settings or visit https://www.allaboutcookies.org/.

Marketing preferences

QE may send you marketing information and newsletters, regarding our products and services, and where required by law, we will obtain your consent to do so. You have the right at any time to stop HLF from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email admin@thehodalawfirm.com.

Changes to our privacy notice

HLF keeps its Privacy Notice under regular review and places any updates on this web page. Please check this page occasionally for any changes to the Privacy Notice.

Contact us

If you have any questions about this Privacy Notice, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: admin@thehodalawfirm.com

Call us: (832) 848-0036

Or write to us at:

The Hoda Law Firm, PLLC

12333 Sowden Road

Suite B, PMB 51811

Houston, TX 77080