Privacy Statement
XL Law & Consulting P.A. (“XL Law”) is committed to protecting and respecting the privacy rights of all individuals who use its websites, products, and services, primarily including but not limited to legal or other professional advising and related products and services provided by XL Law (the “Services”). This XL Law Privacy Statement (“Statement”) provides a general description of the Personal Information that XL Law collects and explains how XL Law uses the information.
Scope of this Privacy Statement
This Statement covers all individuals who are natural persons (not a corporation, partnership, or other legal entity) and XL Law handles their Personal Information. XL Law’s websites, including https://www.xllawconsulting.com and https://pipl.xllawconsulting.com (the “Websites”), may contain links to and from various third-party websites (e.g., sharefile.com, XL Law’s subscription content platform service provider). When following a link to any of these websites, please note that these websites may have their own privacy statements. XL Law does not accept any responsibility or liability for the policies of third-party websites; please check these policies before submitting any Personal Information to third-party websites.
Personal Information We Collect and Handle
XL Law may collect Personal Information from you when you use XL Law’s Websites or Services, as described below. XL Law will take all reasonable and practical measures to ensure that unnecessary Personal Information is not collected.
Definition: Personal Information
Generally, Personal Information is any information that relates to an identifiable person and may be defined more specifically by applicable laws and regulations. For example, if you are located in the European Economic Area (“EEA”), United Kingdom (“UK”), or China, “Personal Information” includes all Personal Data or Personal Information as defined in the European Union General Data Protection Regulation, UK General Data Protection Regulation, or People’s Republic of China Personal Information Protection Law, respectively. Personal Information does not include information that has been fully anonymized to make it impossible to identify specific natural persons and impossible to restore.
Information Provided by You
-
Communications. When you contact XL Law via a contact form, email, or other means, you provide us with Personal Information. You may also ask XL Law to contact you, for example, when you speak with an XL Law representative at an event. Personal Information you may provide includes:
-
Basic identity information (e.g., name, employer, title or position, professional relationships)
-
Contact information (e.g., e-mail address, postal address, phone number)
-
Information you provide in relation to attending meets or events (e.g., accessibility needs or dietary restrictions)
-
Any other information relating to you that you provide
-
-
Account Information. When you engage XL Law’s Services, we will create a client account and will collect Personal Information related to its creation and your usage of our Services, including your name, contact information, billing information, and Services provided to you. This may include:
-
Basic identity and contact information as described above
-
Financial information, which may be regarded as sensitive Personal Information under some laws or regulations (e.g., credit card or bank account information, billing account details, transaction histories, accounts receivable information)
-
Background information you provide as part of XL Law’s business acceptance processes
-
Information Collected from Other Sources
-
Public or Private Databases. If you ask XL Law to contact you, we may obtain your contact information from public or private databases, such as online directories. We may also use such databases to keep your contact information up to date.
-
Clients and Other Third Parties. In the course of providing our Services, XL Law’s clients or other third parties may provide us with your Personal Information, which may include sensitive Personal Information, as it relates to the Services being provided.
Information Collected by Automated Means
Like most other website operators, XL Law also collects Personal Information through the use of automated web cookies. XL Law will never attempt to identify you through the use of cookies. For additional information regarding how XL Law uses cookies, please read our Cookie Policy.
How We Use Personal Information
XL Law will only collect, store, access, use or otherwise handle your Personal Information when permitted or required by applicable law and there is a legitimate reason and legal basis for doing so:
-
When you engage XL Law’s Services, we will handle your Personal Information on the basis that it is necessary to enter into and perform a contract.
-
As applicable, we may handle your Personal Information for the establishment, exercise, or defense of legal claims or proceedings.
-
As applicable, we may handle your Personal Information to comply with legal and regulatory obligations.
XL Law will also handle your Personal Information for the following legitimate business purposes; when required by applicable law, we will obtain your consent prior to handling your Personal Information for these purposes:
-
When you communicate with us outside a contractual engagement, we will handle your Personal Information on the basis that it is necessary for our legitimate interest in responding to you.
-
When you sign up to receive notifications from XL Law (e.g., when you join XL Law’s mailing list, or register for an account on our website), we will handle your Personal Information on the basis that it is necessary for our legitimate interests in delivering the notifications you requested and providing you with other information we believe may interest you; you can update your notification preferences at any time to stop receiving notifications.
-
When we initiate communication with you outside a contractual engagement, we will handle your Personal Information on the basis that is necessary for our legitimate interest in providing you with information we believe may interest you, based on the Services we have provided you in the past.
-
When clients or others provide us with your Personal Information in relation to our Services, we will handle your Personal Information on the basis that it is necessary for our legitimate interest in providing legal or other professional advice.
-
When we obtain your Personal Information from public or private databases, we will handle your Personal Information on the basis that it is necessary for our legitimate interest in contacting you or updating your contact information or, when permitted under applicable law, on the basis that your Personal Information was legally disclosed and reasonably handled in accordance with applicable law.
How We Disclose and Share Personal Information
When Personal Information is required or permitted to be disclosed, XL Law will disclose the least amount of Personal Information reasonably necessary to fulfill the relevant obligations or to achieve the relevant goals. XL Law may disclose Personal Information about you in the following circumstances:
Internal Use
XL Law shares Personal Information with its employees and contractors to provide its Services.
Sharing with Your Consent
XL Law will share your Personal Information when we have your consent to do so.
Third Parties
XL Law does not rent, sell, or trade Personal Information to third parties. XL Law may share Personal Information with third parties that provide services or products, support operations, or otherwise help XL Law carry out activities in furtherance of its Services. Examples include XL Law’s subscription content platform service provider, e-mail marketing platform provider, cloud storage service providers, and web hosting service providers. These third parties are prohibited from using your Personal Information for their own purposes. To the extent applicable law requires XL Law to obtain individual consent and/or provide notice to Personal Information Subjects prior to sharing Personal Information, XL Law will obtain the necessary individual consent and/or provide the necessary notice in accordance with applicable law and prior to sharing. Any sharing of Personal Information will be consistent with this consent and notice.
Law Enforcement and Government Agencies
XL Law may share Personal Information with law enforcement or government agencies when required to do so by law or regulation, court order, or other legal process, or when required to exercise XL Law’s legal rights or establish or defend legal claims.
Anonymized Information
XL Law may provide anonymized information developed from Personal Information to third parties. Such anonymized information, which cannot identify specific natural persons and is impossible to restore, is outside the scope of this Statement.
Cross-Border Transfer
XL Law may conduct cross-border transfers of Personal Information to and from the United States of America, where data protection laws may differ from those of an individual’s home country. In the event of a cross-border transfer, XL Law will comply with applicable data protection laws regarding the protection of Personal Information and will notify individuals about applicable safeguards and the means by which to obtain a copy of them.
Rights and Choices
As provided under applicable law and subject to any limitations in such law, you may have certain rights and choices with respect to your Personal Information. Your rights and choices will vary depending on the laws and regulations that apply in relation to the Services XL Law provides to you.
PIPL Rights
If XL Law handles your Personal Information subject to the Personal Information Protection Law of the People’s Republic of China (“PIPL”), you have the following rights, which you may also exercise on behalf of a deceased person to whom you are the next of kin, for the sake of your own lawful and legitimate interests, except where the deceased has arranged otherwise before death:
-
Right to Know and Limit. You have the right to know and make decisions about the processing of your Personal Information, and the right to limit or refuse the handling of your Personal Information by others unless otherwise provided for by law.
If the purpose or method of processing your Personal Information or the type of Personal Information or who has access to your Personal Information changes, you will be notified and asked to re-consent to the change(s).
-
Right to Consult and Copy. You have the right to consult and copy your Personal Information, except when it is necessary for the University to maintain confidentiality or when otherwise provided for by applicable law. The University will respond to your requests to consult or copy your Personal Information in a timely manner.
-
Right to Transfer. You may request that the University transfer your Personal Information to another Personal Information handler. If the University is permitted to make the transfer under applicable law, the University will facilitate the transfer.
-
Right to Correct or Supplemented. You have the right to request that the University correct any inaccurate Personal Information that it maintains about you. You also have the right to request that the University complete any incomplete Personal Information that it maintains about you, which could be accomplished by incorporating a supplementary statement that you submit. If the University concurs that the Personal Information is incorrect or incomplete, the University will correct or complete it in a timely manner.
-
Right to Delete. In certain situations, you may ask to have your Personal Information anonymized or deleted, as appropriate. You can submit a request to delete your Personal Information to us under the following circumstances:
-
Our handling purposes have been achieved or cannot be achieved, or your Personal Information is no longer necessary for achieving the purposes of handling;
-
We no longer provide you with our Services, or the retention period has expired;
-
Our handling was based on your consent, and you withdraw your consent;
-
Our handling of Personal Information violates applicable laws or regulations; or
-
Other circumstances as provided by applicable laws or regulations.
-
When you delete Personal Information from our Services, we might not immediately delete the corresponding information from our backup system, but will delete it when the backup system is updated.
-
Right to Withdraw Consent. You may withdraw any consent you previously provided to us regarding the handling of your Personal Information at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the handling before you withdrew your consent.
-
Right to Explanation. You have the right to request the University to explain our Personal Information handling rules.
GDPR Rights
If XL Law handles your Personal Information subject to the EEA or UK General Data Protection Regulation, you have the following rights:
-
Right to Access. You have the right to ask us for copies of your Personal Information.
-
Right to Rectification. You have the right to ask us to rectify Personal Information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
-
Right to Erasure. You have the right to ask us to erase your Personal Information in certain circumstances.
-
Right to Restriction of Handling. You have the right to ask us to restrict the handling of your Personal Information in certain circumstances.
-
Right to Object to Processing. You have the right to object to the handling of your Personal Information in certain circumstances.
-
Right to Data Portability. You have the right to ask that we transfer the Personal Information you gave us to another organization, or to you, in certain circumstances.
How to Exercise Your Rights
You may exercise the rights described above by contacting us using the contact details at the end of this Statement, and we will respond. We will not charge you for your reasonable requests in principle. However, a fee to reflect the cost will be imposed as appropriate on repeated requests beyond the reasonable scope. We may reject repeated requests that are groundless and need excessive technological means (e.g., developing a new system or fundamentally changing the current practices) to fulfill, bring about risks to others’ legitimate rights and interests, or are downright impractical (e.g., involving information stored on a backup disk).
Note that applicable laws contain certain exceptions and limitations to each of these rights. We will not be able to respond to your request when it: affects our compliance with obligations under applicable laws and regulations; directly relates to national security or defense security; directly relates to public security, public health, or major public interests; directly relates to criminal investigations, prosecutions, trials, and enforcement of court decisions, etc.; or involves trade secrets.
We also will not respond to requests when we have sufficient proof that you have subjective malice or are abusing your rights; for the purpose of safeguarding your life, property, or your other important legal rights and interests or those of other individuals from whom it is difficult to obtain consent; or when responding to your request would cause serious harm to your legitimate rights and interests, or those of other individuals or organizations.
If we do not grant your rights request, we will explain the reason for doing so. For security, we may require you to submit your request in writing, and we will also need to verify your identity before you exercise these rights to ensure that your Personal Information is not inappropriately disclosed.
Data Protection and Retention
XL Law takes appropriate security measures according to industry standards including physical, managerial, organizational, and technical safeguards designed to protect your Personal Information and prevent unauthorized access to, disclosure, use, modification, damage, or loss of information. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While XL Law strives to use commercially reasonable means to protect Personal Information, XL Law cannot guarantee its absolute security.
XL Law deletes or anonymizes Personal Information when it is no longer needed for the purposes for which it was collected unless required or allowed by policy or law to keep it for a longer period.
Personal Information of Minors
Consistent with the Children’s Online Privacy Protection Act (COPPA), XL Law does not knowingly collect Personal Information from children under 13 years of age on its general website.
As a provider of legal and other professional services, XL Law’s Services are mainly adult-oriented. A child should not provide us with their Personal Information without the consent of their parents or guardians. Children’s Personal Information that is collected with their parents’ or guardians’ consent will only be used or publicly disclosed when it is required or permitted by applicable laws, explicitly consented to by their parents or guardians, or essential to protecting the children. Although the definition of children varies in local laws and customs, we regard anyone below 16 years old as a child. If we find that a child’s Personal Information has been collected without their parents’ or guardians’ prior consent, we will delete relevant information as soon as possible.
Contact Information
For further information about our collection or use of Personal Information, please contact privacy@xllawconsulting.com or (954) 885-9588.
Changes and Updates to this Privacy Statement
XL Law may update this Statement periodically to reflect changes in our privacy practices. Any changes become effective upon publication, and we will follow all applicable laws and regulations regarding notifications of such changes. Your continued use of the Services constitutes agreement with this policy and any updates.
Last updated: Jan. 25, 2023