1. Introduction
This Privacy Policy outlines how Tingen Law, PLLC (“Tingen Law,” “we,” or “us”) collects, uses, and protects the personal information of users (“you” or “your”) when visiting our websites at https://www.tingen.law and its related subdomains (collectively, the “Websites”).
Your privacy is important to us, and we are committed to safeguarding your personal information in compliance with applicable laws and professional standards.
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us using the details below:
Contact Information
Tingen Law, PLLC
1503 Santa Rosa Road, Suite 120
Richmond, VA 23229
Phone: (804) 477-1720
Fax: (804) 505-0997
Contact Form: https://www.tingen.law/contactus
Data Protection Officer
Jacob Tingen, Managing Partner of Tingen Law, PLLC, serves as the Data Protection Officer for our Websites. You may contact Jacob using the information provided above for any inquiries regarding your data rights or this policy.
2. Data Collection
Types of Data Collected
We collect personal and technical data from you to provide superior legal services, facilitate user interactions, and improve your experience on our Websites. The types of data we collect include:
- Personal Data: Information you voluntarily provide when interacting with us through forms, emails, or account registrations:
- Name
- Email address
- Phone number
- Physical address
- Uploaded documents
- Messages or inquiries sent via the Websites
- Technical Data: Automatically collected information that helps us analyze and optimize our Websites:
- IP address
- Browser type and version
- Operating system
- Device type
- Referral URLs and search queries
- Client and Case Data: For clients engaging Tingen Law for legal services, we may collect and store additional information specific to your case, including sensitive documents or case details.
- Marketing Data: Information gathered for communication and marketing purposes, such as email addresses and phone numbers, provided via contact forms or when subscribing to newsletters.
Methods of Collection
- Website Forms: We use various forms to gather information, including intake forms, client contact forms, and subscription forms. These forms are used to:
- Process inquiries.
- Gather client data for case management.
- Collect marketing opt-ins for newsletters or updates.
- Cookies: Our Websites use cookies to enhance your browsing experience, track website performance, and collect analytics data.
- Embedded Content: Articles on our Websites may include embedded content (e.g., videos, images) that may collect data as if you visited the third-party source directly.
- Communication Platforms: Data may also be collected through communications made via WhatsApp, SMS, or email, depending on the nature of the interaction.
Purpose of Data Collection
The data we collect is used for the following purposes:
- To provide legal services, including case management and communication.
- To improve website functionality, monitor performance, and analyze user interactions.
- To send marketing messages and updates via email, WhatsApp, and SMS (with your consent).
- To process payments and subscriptions using secure third-party gateways.
- To comply with legal obligations, including confidentiality requirements for attorney-client relationships.
3. Data Usage
Purpose of Data Collection and Usage
The information we collect is used to ensure efficient operation of our Websites, provide legal services, and engage with users effectively. Specifically, we use your data for the following purposes:
- Providing Legal Services:
- Case management, document review, and communication related to your legal matter.
- Ensuring confidentiality and compliance with attorney-client privilege.
- Website Functionality:
- Enhancing user experience through personalized interactions and tailored content.
- Facilitating secure logins and access to client portals.
- Marketing and Communication:
- Sending updates, newsletters, and promotions via email and WhatsApp.
- Using collected contact information for event invitations, webinar announcements, and course promotions.
- Payment Processing:
- Handling transactions through Stripe and Confido Legal for e-commerce and subscription billing.
- Analytics and Performance Monitoring:
- Aggregating data to track website performance and user engagement using Google Analytics and Google Tag Manager.
How Data is Used in Client Relationships
When a user becomes a client of Tingen Law, additional protections apply to the data provided during the course of legal representation:
- This “Client Information” is used strictly to deliver legal services and remains protected under attorney-client confidentiality.
- Information shared for legal purposes may be disclosed only as required by law or to further your legal interests (e.g., court filings).
4. Third-Party Integrations
We work with third-party providers to offer high-quality services. The following services may process your data as part of their integration with our Websites. We ensure these providers comply with strict privacy standards.
Payment Processing
- Stripe: Processes payments made via credit or debit cards for subscriptions, consultations, and other services.
Stripe Privacy Policy - Confido Legal: Manages IOLTA-compliant payment processing for legal retainers and recurring billing. Confido Legal follows legal and ethical standards for safeguarding client funds.
Data Storage
- Google Drive: Secure storage for client documents and files.
- Odoo CRM: Central platform for managing client data, communications, billing, and portal interactions. Odoo complies with high standards for data protection and integrates security features such as encryption.
Marketing Tools
- WhatsApp: Used for client communication and marketing purposes, adhering to user consent.
- Brevo and Mailjet: Platforms for sending email newsletters and marketing campaigns.
Analytics
- Google Analytics and Google Tag Manager: Tracks and aggregates site performance metrics. Users can opt out using Google’s opt-out tool
5. Cookies and Analytics
Cookies
Cookies are small data files stored on your device that help our Websites function effectively and provide a personalized experience. We use cookies for:
- User Authentication: Ensuring secure logins and access to client portals.
- Performance Tracking: Monitoring website usage patterns and optimizing performance.
- E-Commerce Features: Storing cart contents and managing checkout processes for online services.
Types of Cookies We Use
- Essential Cookies: Necessary for basic website functionality, such as account logins and payment processing.
- Analytics Cookies: Used to track visitor behavior and improve website features.
- Marketing Cookies: Enable personalized ads and remarketing campaigns.
Managing Cookies
Our Websites implement Odoo’s GDPR-compliant cookie notification module, which allows users to:
- Accept or decline non-essential cookies upon visiting the site.
- Change cookie preferences at any time via browser settings.
Opting Out of Analytics
To opt out of Google Analytics tracking, users can utilize the Google Analytics Opt-Out Browser Add-On.
6. Data Sharing
Internal Data Sharing
We limit internal access to your personal and client information to employees and contractors who require it to:
- Provide legal services.
- Process payments.
- Manage marketing campaigns.
- Maintain and improve website functionality.
Access to sensitive client data is restricted to team members directly involved in your legal representation and protected by attorney-client privilege.
External Data Sharing
We only share your data with third parties in limited and necessary circumstances:
- Service Providers: Data may be shared with providers such as Stripe, Confido Legal, and Google Drive to process payments and manage client files securely.
- Legal Obligations: If required by law, regulation, or court order, we may disclose your information to comply with applicable legal requirements.
- Client-Authorized Sharing: Information may be shared with third parties only at your explicit request or as necessary to advance your legal interests (e.g., filing with courts or communicating with opposing counsel).
We never sell your data to third parties for marketing purposes.
Aggregate Data
We may share non-personally identifiable information in the aggregate (e.g., website analytics data) with service providers or business partners to improve our services and marketing strategies.
7. Data Retention
Retention Periods
We retain personal data and client information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:
- General Website Data: Marketing data (e.g., email addresses) is retained indefinitely unless you request deletion.
- Client Information: Retained indefinitely for legal, administrative, and archival purposes, unless a client requests its deletion and no legal or ethical obligations require further retention.
- Payment Data: Retained per the requirements of payment processors like Stripe and Confido Legal, typically for compliance and recordkeeping purposes.
Deletion Requests
Users and clients may request that their personal or client data be deleted by contacting us via our contact form. Deletion requests will be honored except where data must be retained for:
- Legal compliance (e.g., tax or trust account regulations).
- Professional responsibility (e.g., retaining records necessary to defend against potential claims).
All deletion requests will be processed within 30 days unless otherwise stated.
8. Data Security
Security Measures
We take the security of your personal and client information seriously. Our measures include:
- Encryption: Sensitive data stored in Odoo and Google Drive is encrypted both in transit and at rest.
- Access Control: Client data is accessible only to authorized personnel using unique identifiers to link client profiles in Odoo with files stored in Google Drive.
- Secure Payment Processing: Payments processed via Stripe and Confido Legal comply with industry standards, including PCI DSS (Payment Card Industry Data Security Standards).
Incident Response
In the event of a data breach involving personal or client information:
- We will notify affected users promptly, in accordance with applicable laws.
- Steps will be taken to mitigate the breach and prevent future occurrences.
Third-Party Provider Security
We work exclusively with providers that maintain high standards of security:
- Google Drive: Ensures encrypted storage and file access.
- Odoo: Implements robust security features for client data.
- Stripe and Confido Legal: Use secure APIs and encryption to process payments.
9. User Rights
Access to Personal Data
You have the right to request access to the personal data we collect and store about you. This includes:
- A detailed explanation of the data categories we hold.
- An exported file of your personal data in a commonly used format.
To make a request, contact us through our contact form. We will respond within 30 days of receiving your request.
Correction of Data
If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request corrections. We will make necessary updates promptly upon verifying your request.
Data Deletion
You may request the deletion of your personal data by contacting us through our contact form. Deletion requests will be honored unless:
- The data is required to comply with legal, ethical, or administrative obligations.
- Retention is necessary to protect our legal rights (e.g., defending against claims).
Opt-Out of Marketing
You may opt out of receiving marketing communications (e.g., newsletters, WhatsApp messages) at any time by:
- Using the unsubscribe link in marketing emails.
- Contacting us via the contact form.
10. Embedded Content and External Links
Embedded Content
Articles or pages on our Websites may include embedded content such as videos, images, or articles from third-party websites. Embedded content behaves as if you have visited the third-party site directly and may collect the following:
- Data about your interaction with the embedded content.
- Cookies or additional tracking information.
- Your IP address and browser details.
We encourage you to review the privacy policies of any third-party websites you interact with through embedded content on our site.
External Links
Our Websites may contain links to third-party websites. While we strive to link to reputable sources, Tingen Law is not responsible for the privacy practices of these external sites. We recommend reviewing their privacy policies to understand how they collect and use your data.
11. Changes to This Privacy Policy
Policy Updates
We reserve the right to update or revise this Privacy Policy at any time to reflect changes in our practices, the law, or technology. Updates will be posted on this page, with the “Effective Date” updated accordingly.
Notification of Changes
Significant changes to this Privacy Policy may be communicated through one or more of the following methods:
- A notification banner on our Websites.
- An email sent to registered users or subscribers, where applicable.
By continuing to use our Websites after changes are posted, you acknowledge and agree to the revised terms of this Privacy Policy.
Effective Date
This Privacy Policy is effective as of the date listed below and supersedes all previous versions.
Last Updated: 11/25/2024